0.1.3

Added Ubuntu-runner signing support through osslsigncode and PFX secrets.

docs/integration-prompt.md

@@ -32,10 +32,12 @@ Implementation requirements:
 - Only offer LocalMachine installation when the user explicitly chooses an all-users install and the process is elevated.
 - Add an uninstall path or documentation that opens MrTrust again and tells the user to choose "Remove trust".
 - Keep the UI wording clear: the user is trusting MrSphay signed software, not bypassing Windows security.
-- If this project produces an .exe, .msi, .dll, .ps1, .psm1, .psd1, or .cat release artifact, sign it with:
-  .\MrTrust\MrTrust.exe sign -Path <artifact-path> -CertificateThumbprint A024A89200469F099EC4A172B4F96F6428AFD41B
+- If this project produces an .exe, .msi, .dll, or .cat release artifact on an Ubuntu Gitea runner, sign it with:
+  bash ./MrTrust/scripts/Sign-MrTrustProjectLinux.sh <artifact-path>
 - Treat the certificate thumbprint as public metadata, but never commit private signing material.
-- If the target project needs automated signing, call MrTrust's signing script from CI or a secure local release machine where the private certificate is already installed or supplied through secrets. Do not put private signing material into the target repository or user-facing release ZIP.
+- Configure Gitea secrets `MRTRUST_CODESIGN_PFX_BASE64` and `MRTRUST_CODESIGN_PFX_PASSWORD` for Ubuntu runner signing.
+- If the target project needs .ps1, .psm1, or .psd1 signing, use a Windows signing environment or document that script signing is not available on the current Ubuntu-only runners.
+- Do not put private signing material into the target repository or user-facing release ZIP.
 
 Verification:
 - Confirm the target project's user-facing release contains either a link to the MrTrust release ZIP or a bundled copy of `MrTrust.exe`.