-
Notifications
You must be signed in to change notification settings - Fork 712
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
make screenpipe not killed / deleted by windows defender ($150) #321
Comments
💎 $150 bounty • Screenpi.peSteps to solve:
Thank you for contributing to mediar-ai/screenpipe! Add a bounty • Share on socials
|
@louis030195 Did some research a code signing certificate is actually required for this... And it isn't really free https://federicoterzi.com/blog/automatic-codesigning-on-windows-using-github-actions/ |
Since this is an open source project, you can get signing for free |
if for some reason you don't qualify for SignPath's free signing and you only care about Windows Defender, you can submit the builds to Defender XDR with a description about the program. My program was incorrectly marked as malicious by Defender, and by submitting it there, explaining what the program did, I got defender to remove the false positive, so its worth a try. |
cool |
@louis030195 contact signpath here, as screenpipe seems fill the requirements for free signing https://about.signpath.io/product/open-source |
Since the requirements to storing Private Keys for Code Signing Certificates were updated in June 2023, the new security practice (and requirement) is to store it on a hardware token secured for that purpose. As far as I know, it is no longer possible to purchase Code Signing Certificates and integrate them directly into the CI without using a Cloud solution. As this project is backed by a company, it should be suitable to apply to a regular code signing certificate. CodeSigningStore provides cheap code signing certificates, and an access to DigiCert One (https://www.digicert.com/digicert-one). If you decide to opt for one of these two solutions, I could write the CI part, as I already have the code to integrate these cloud services. |
i received an OSS certificate from signpath btw, if anyone wants to help, dont have the bandwidth to work on this i can share the cert somehow i guess |
/attempt #321 As for #435 it is being worked on, currently I'm working on fixing some issues regarding Rusty V8 build, because they don't provide pre-built binaries for Windows ARM64 - however this can make build time considerably longer, tell me your thoughts.
|
The goal here is to possibly merge both changes - adding both signing and Windows ARM64 builds - but we might need to do just one if build time is a concern, please tell me what you think. |
will send you the cert regarding the build, can i give custom runner, can pay if necessary, how much time would it take? |
Using a custom runner would work, but firstly I'd like to try without one Also it's possible that one build would take some hours, but after it's cached or stored in the custom runner, 30mins max. |
@Neptune650 |
I can confirm I've got access, but one issue is that it says the release certificate isn't valid yet, not sure why is that, but we can use the test one for now. And I wanted to ask if we should sign both the CLI and app or just the app. |
I've done some research and I believe we might need to use another CA to sign with the release certificate instead of the test one. |
@louis030195 could you check this? also tell me what to sign |
@Neptune650 when i do apple signing it signs all the files recursively i think: screenpipe/.github/workflows/release-app.yml Line 199 in 5839087
https://v2.tauri.app/distribute/sign/windows/ just let me know what i need to do? this issue becoming more priority now, increasing bounty additional context: tauri-apps/tauri#2486 |
Thanks, then I'll sign files recursively too |
no idea i will just pay for one that work, any recommended service? signpath seems to predate dinosaur age, isn't microsoft having a paid license like apple? |
One of the cheaper and most trusted ones out there is https://shop.globalsign.com/en/code-signing |
Also do note that we need an "EV" certificate to avoid the malware warning, not an "OV" one. |
@louis030195 any update on this? |
@louis030195 okay |
💡 @Neptune650 submitted a pull request that claims the bounty. You can visit your bounty board to reward. |
🎉🎈 @Neptune650 has been awarded $150! 🎈🎊 |
@louis030195 |
https://github.com/mediar-ai/screenpipe/actions/runs/12038039741/job/33562801087 lets use different signing auth |
@louis030195 Okay then, consider GlobalSign, according to my research it's one of the more affordable ones while also working with GitHub Actions, preferably an EV certificate. Let me know when it's ready. |
/bounty 150
not sure why, check tauri discord they have some conversation about it, maybe need windows signing
https://tauri.app/v1/guides/distribution/sign-windows
The text was updated successfully, but these errors were encountered: