dash/contrib
PastaPastaPasta cbef7f2116
feat: use a self-signed windows code signing certificate instead of e… (#5814)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

## Issue being fixed or feature implemented
Implement a new code-singing certificate for windows. 

Previously we used a certificate issued by DigiCert, however that
certificate recently expired. A renewed certificate would cost roughly
$200/year at the cheapest CAs and $370/year with DigiCert. EV
certificates are relatively novel types of certificates that start out
with positive reputation, reducing smart screen popups for users. EV
certificates start at $270/year.

As a result we had (/have) 4 options:
1. Get a new code signing certificate from a trusted CA
- - Pro: Certificate gains reputation over time in smart screen and
binaries are signed
- - Pro: Shows "Verified Publisher" and "Dash Core Group Inc" on install
- - Con: Costs, feels manipulative to pay at least $600 simply for
someone to sign a certificate
2. Get a new EV code signing certificate
- - Pro: Certificate starts with good reputation and gains reputation
over time
- - Con: Even greater costs for a signature that says that we are from
Dash Core Group
3. Continue signing with the expired certificate
- - Con: This is, it has been discovered, a terrible idea and these
binaries are treated worse than unsigned binaries
4. Deliver unsigned windows binaries
- - Pro: Binary will gain reputation over time as users download it
- - Pro: Easy, is what it says on the tin
- - Con: Binaries are completely unsigned, could be tampering or
corruption issues that go undetected
- - Con: Will visibly state "Unknown Publisher"
5. Deliver self-signed windows binaries
- - Pro: Binary will gain reputation over time as users download it
- - Pro: *Possibility* that certificate will gain reputation over time
as users download binaries signed by it. It may also be that only
certificates issued by a CA will gain reputation over time.
- - Pro: Binaries are still signed
- - Pro: Users have the option to import certificate into keychain to
remove "Unknown Publisher"
- - Pro: In limited testing, install is sometimes is treated better than
unsigned, otherwise is treated the same
- - Con: may appear sketchy, as Root CA is not a trusted Root CA
- - Con: will display "Unknown Publisher" to most users
- - Con: greater potential uncertainty around future changes to
treatment of self signing systems

Based on the above discussion and testing, the best route currently is
option 5; that is what this PR implements. In the future it may make
sense to move towards a codesigning certificate issued by a trusted CA.

The root certificate authority has the following information

![image](https://github.com/dashpay/dash/assets/6443210/66a90588-9bd9-4fe5-902c-04e8d1e47b6f)
with a sha256 fingerprint of `46 84 FF 27 11 D7 C8 C5 BB FA D1 55 41 B3
F0 43 77 97 AC 67 4C 32 19 AE B4 E7 15 11 1F BB 42 A0`

The code signing certificate is issued by the root CA, has a common name
of "Dash Core Windows Signing" and a sha256 fingerprint of `1A 09 54 6E
D3 81 E9 FC AD 62 44 32 35 40 39 FF 5F A7 30 0E 5E 03 C4 E0 96 5A 62 AA
19 2B 79 EE`. This certificate is only authorized for the purpose of
code signing.

## What was done?

## How Has This Been Tested?
Multiple users installing binaries of type 1,3,4 and 5. 

## Breaking Changes
This new windows signing certificate should be documented in the release
notes.

## Checklist:
_Go over all the following points, and put an `x` in all the boxes that
apply._
- - [x] I have performed a self-review of my own code
- - [ ] I have commented my code, particularly in hard-to-understand
areas
- - [ ] I have added or updated relevant unit/integration/functional/e2e
tests
- - [ ] I have made corresponding changes to the documentation
- - [x] I have assigned this pull request to a milestone _(for
repository code-owners and collaborators only)_


-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEKVkDYuyHioH9PCArUlJ77avoeYQFAmWfAbUACgkQUlJ77avo
eYTSCBAAuDEoWABdonIMs/4RaYP+DGTULltRu9CHBAqYuksXrl/4iV0r17DPSWWW
L/5vLNAUTI47Tsa7R45ZPb0hR8VPMBkvxTQipKBYK7vZpwefcR4VOprEBJJ0Bl3g
ZHtAVjZbcANEIAW3SlaiOgWbxWGKfDyM7gN3aNfoidMFBefbcYKEttuAGCnktWRI
Y3eLMGPCpxOVB0O1nLU+pzwixAWXOeVChiK31ecFfQrF3JmUc12yiFUI+OJTogg4
0G2GMIQYHiVwclj8hSWT/yZfjcyxXdLYqkmH4Nr5mye39hRI2aUQEkmkYOy8pjcB
ykKLg8JpUg/zg6GSuS6mFJnd5NHq5iSBxSRHPfR8xij1xFpmdgAaNCw4/6j9PEXB
l8cfuJ7hgX3yX09L4p2E4t7MYpM8igaenAIWAK37hmKs1WADBmaj/nf6ThKhjvzI
2GR0FOzm6Is36KYvdUQJDE0g70g31SvGy+qjlcK49MtX6BvecYt+dg8AaNZ5FIn7
d1kFI4NXM6JX2WdiHMenz5d+oFYRS/P1sXjQ1wtl9HSkiZQQkEBbgiWXfh+EXjpW
fNc8cej2LLCNZlhVcpffF8UaINsMTZVQsEGWGInjSi5eCs/YNrqL8XDdC/8mmZCu
cNvp0QBtQ+4lpbUSdhFUdgic0MRCsdeHuYIBfvPJN9tl8McbknA=
=kL6E
-----END PGP SIGNATURE-----
2024-01-11 22:49:10 +07:00
..
auto_gdb chore: add missing copyrights via copyright_header.py insert 2023-01-13 00:49:04 +03:00
builder-keys Merge pull request #5797 from knst/builder-keys 2024-01-10 21:54:44 +07:00
containers ci: Bump Guix build timeout and implement cacheing (#5727) 2023-12-04 17:05:52 +02:00
debian Merge #17801: doc: Update license year range to 2020 2023-04-25 23:14:25 +03:00
devtools Merge #18673: scripted-diff: Sort test includes 2023-08-29 22:00:59 -05:00
gitian-descriptors merge bitcoin#22930: remove glibc back compat 2023-08-01 12:07:31 -05:00
guix build: Disable miner for Windows binaries built via Guix (#5801) 2024-01-10 19:49:34 +07:00
init Merge #16556: Fix systemd service file configuration directory setup 2023-04-06 20:14:58 +03:00
linearize Merge #18673: scripted-diff: Sort test includes 2023-08-29 22:00:59 -05:00
macdeploy Merge pull request #5718 from knst/mac-improvements 2023-12-04 17:04:30 +02:00
qos Partial Merge #14831: Scripts and tools: Use #!/usr/bin/env bash instead of #!/bin/bash. 2021-08-15 11:08:08 -04:00
seeds chore: update mainnet seeds 2023-11-13 10:13:12 -06:00
shell Merge #21375: guix: Misc feedback-based fixes + hier restructuring 2023-03-26 16:50:26 -05:00
testgen Merge #16812: doc: Fix whitespace errs in .md files, bitcoin.conf, and Info.plist.in 2022-01-20 13:09:17 -05:00
verify-commits Merge #18673: scripted-diff: Sort test includes 2023-08-29 22:00:59 -05:00
verifybinaries partial merge #16327: scripts and tools: Update ShellCheck linter 2021-12-03 18:13:01 +03:00
windeploy feat: use a self-signed windows code signing certificate instead of e… (#5814) 2024-01-11 22:49:10 +07:00
zmq Merge bitcoin#14060: ZMQ: add options to configure outbound message high water mark, aka SNDHWM (#4360) 2021-09-08 12:39:06 -04:00
dash-cli.bash-completion Merge #17282: contrib: remove accounts from bash completion 2022-05-31 12:06:32 -04:00
dash-qt.pro merge bitcoin#15450: Create wallet menu option 2022-04-06 13:49:58 +05:30
dash-tx.bash-completion
dashd.bash-completion merge #17165: Remove BIP70 support (#4023) 2022-04-25 12:01:47 +03:00
filter-lcov.py Merge #18673: scripted-diff: Sort test includes 2023-08-29 22:00:59 -05:00
gitian-build.py merge bitcoin#21851: support cross-compiling for arm64-apple-darwin 2023-06-29 12:31:03 -05:00
install_db4.sh merge bitcoin#22526: use newer config.guess & config.sub in depends 2023-06-29 12:31:03 -05:00
README.md Merge bitcoin/bitcoin#21711: guix: Add full installation and usage documentation 2023-04-15 12:13:27 -05:00
valgrind.supp Merge #19669: contrib: Fixup valgrind suppressions file 2023-06-07 01:50:18 -05:00

Repository Tools

Developer tools

Specific tools for developers working on this repository. Contains the script github-merge.py for merging GitHub pull requests securely and signing them using GPG.

Verify-Commits

Tool to verify that every merge commit was signed by a developer using the above github-merge.py script.

Linearize

Construct a linear, no-fork, best version of the blockchain.

Qos

A Linux bash script that will set up traffic control (tc) to limit the outgoing bandwidth for connections to the Dash network. This means one can have an always-on dashd instance running, and another local dashd/dash-qt instance which connects to this node and receives blocks from it.

Seeds

Utility to generate the pnSeed[] array that is compiled into the client.

Build Tools and Keys

Debian

Contains files used to package dashd/dash-qt for Debian-based Linux systems. If you compile dashd/dash-qt yourself, there are some useful files here.

Gitian-descriptors

Notes on getting Gitian builds up and running using KVM.

Builder keys

PGP keys used for signing Dash Core release results.

MacDeploy

Scripts and notes for Mac builds.

Gitian-build

Script for running full Gitian builds.

Test and Verify Tools

TestGen

Utilities to generate test vectors for the data-driven Dash tests.

Verify Binaries

This script attempts to download and verify the signature file SHA256SUMS.asc from bitcoin.org.