[patch] Sign Windows Installer for Inkscape (to prevent SmartScreen complaints)
Steps to reproduce:
- the .exe installer for Windows (NSIS) is suspected by Windows SmartScreenas potentially harmful. This is because the installer is not signed (no info about the author and origin):
To to this, the installer can easily be signed, using the !finalize command.
I do this for the installer of the Program FreeCAD the following way (last 2 lines): https://github.com/FreeCAD/FreeCAD/blob/master/src/WindowsInstaller/FreeCAD-installer.nsi
The signing itself is done by this one-liner batch file: https://github.com/FreeCAD/FreeCAD/blob/master/src/WindowsInstaller/Signing.bat
All you need to do is to create your own *.pfx file.
To do this, you can use these 4 commands subsequently to create the necessary files:
makecert.exe ^
-n "CN=CARoot,O=Inkscape Developers" ^
-r ^
-pe ^
-a sha512 ^
-len 4096 ^
-cy authority ^
-sv CARoot.pvk ^
CARoot.cer
pvk2pfx.exe ^
-pvk CARoot.pvk ^
-spc CARoot.cer ^
-pfx CARoot.pfx ^
-po InkscapeIsCool
makecert.exe -n "CN=inkscape.org,O=Inkscape Developers" -r -pe -a sha512 -len 4096 -cy authority -sv Inkscapeorg.pvk Inkscapeorg.cer
pvk2pfx.exe -pvk Inkscapeorg.pvk -spc Inkscapeorg.cer -pfx Inkscapeorg.pfx -po InkscapeIsCool
You find the programs signtool.exe, makecert.exe etc. in a subfolder of C:\Program Files (x86)\Windows Kits\10\bin
(also if you have Win 10 64bit)
Edited by Jonathan Neuhauser