Difference between revisions of "Signing Kiwix"

Jump to navigation Jump to search

Signing Kiwix (view source)

Revision as of 06:57, 29 November 2022

38 bytes added ,  1 year ago
m
no edit summary
(Created page with "In most OS nowadays, signed software are the standard and non-signed ones are flagged as insecure. It is important that Kiwix signs its binaries so that beginners (one of our ...")
 
m
Line 1: Line 1:
In most OS nowadays, signed software are the standard and non-signed ones are flagged as insecure.
In most OSes nowadays, signed software is the standard and non-signed software are flagged as insecure.
It is important that Kiwix signs its binaries so that beginners (one of our main targets) feel safe when using Kiwix.
It is important that Kiwix signs its binaries so that beginners (one of our main targeted audiences) feel safe when using Kiwix.


It is important to note that signing software doesn't bring much more security. Still it brings to information to the user:
It is important to note that signing software doesn't bring that much more security. It brings some to information to the user:
# The software being executed has been produced by the entity who signed it. In our case, user will know that this version of Kiwix has been made by Kiwix developers and not someone else.
# The software being executed has been produced by the entity who signed it. In our case, the user will know that this version of Kiwix has been made by Kiwix developers and not someone else.
# The software being executed has not been altered. It is the released version.
# The software being executed has not been altered. It is the officially released version.


How to sign packages vary depending on the target system.
The methods to sign packages vary depending on the target system.


== Mac OS X ==
== Mac OS X ==
In OSX, starting with version 10.7, not signing an application results in a big warning when the software is launched. It completely prevents the user to open it unless he does one of the following:
In OSX, starting with version 10.7, an unsigned application results in a big warning when the software is launched. It completely prevents the user from launching it unless he does one of the following:
* Right click to specifically request opening (must happen every time the software is launched)
* Right click to specifically request opening (must happen every time the software is launched)
* Edit System Preferences and allow all non-signed packages to be executed.
* Edit System Preferences and allow all non-signed packages to be executed.
Line 26: Line 26:


== Windows ==
== Windows ==
Windows is a little more permissive than OSX. In Windows, the default behavior is to display a warning dialog asking the user if he really wants to launch an unknown software.
Windows is a little more permissive than OSX. In Windows, the default behavior is to display a warning dialog asking the user if he really wants to launch unknown software.


In Windows, most of the time, only the installer is signed because every action conducted by a signed binary inherits its ''authorization''.
On Windows, most of the time, only the installer is signed because every action conducted by a signed binary inherits its ''authorization''.


For Kiwix, we will still need to sign both the installer and ''kiwix.exe'' since we also use ''kiwix.exe'' directly in Live/Portable mode. Should we want to have an additional program for autorun or else, we would have to sign it too.
For Kiwix, we will still need to sign both the installer and ''kiwix.exe'' since we also use ''kiwix.exe'' directly in Live/Portable mode. Should we want to have an additional program for autorun, we would have to sign that too.


=== Required ===
=== Required ===
GPG7rb3li
40

edits

Retrieved from "https://wiki.kiwix.org/wiki/Special:MobileDiff/38042"

Navigation menu