Align Windows signing with MrTrust contract
This commit is contained in:
MrSphay
@@ -8,7 +8,7 @@ Release artifacts are not published yet.
|
||||
|
||||
- Connected Library can track public Git-hosted modpack manifests.
|
||||
- Per-pack auto-update can be enabled after a pack is connected.
|
||||
- Windows release artifacts are signed with the MrTrust code-signing certificate.
|
||||
- Windows release artifacts are signed with the MrTrust code-signing certificate using `osslsigncode` on the Ubuntu Gitea runner.
|
||||
- Gitea Actions are used as the verification runner.
|
||||
|
||||
## Security
|
||||
@@ -16,7 +16,7 @@ Release artifacts are not published yet.
|
||||
- Dependency audit: pending runner/toolchain confirmation.
|
||||
- Secret handling: no tokens are stored by Connected Library v1.
|
||||
- External network calls: public HTTPS manifest and `.mrpack` downloads.
|
||||
- Windows trust: MrTrust-installed users can trust Modrinth Plus only when artifacts are signed with the matching MrSphay certificate chain.
|
||||
- Windows trust: MrTrust-installed users can trust Modrinth Plus only when artifacts are signed with the matching MrSphay certificate chain. MrTrust is distributed separately at `https://git.wilkensxl.de/MrSphay/MrTrust/releases`.
|
||||
|
||||
## Verification
|
||||
|
||||
@@ -25,7 +25,7 @@ Release artifacts are not published yet.
|
||||
| Gitea Actions build | Must pass before release |
|
||||
| Frontend lint | Covered by Gitea build workflow |
|
||||
| Rust clippy | Covered by Gitea build workflow |
|
||||
| MrTrust signing | Required by Gitea build workflow |
|
||||
| MrTrust signing | Required by Gitea build workflow with `MRTRUST_CODESIGN_PFX_BASE64` and `MRTRUST_CODESIGN_PFX_PASSWORD` |
|
||||
| Artifact download | Pending release packaging |
|
||||
|
||||
## Notes
|
||||
|
||||
Reference in New Issue
Block a user