Signing cygwin.com binaries with signtool by default ?
Roland Mainz
roland.mainz@nrubsig.org
Sat May 3 18:49:48 GMT 2025
On Sat, May 3, 2025 at 8:21 PM Roland Mainz <roland.mainz@nrubsig.org> wrote:
> Is it somehow possible that the CI+Release binaries (*.exe, *.dll) can
> be signed with signtool
> (https://learn.microsoft.com/en-us/windows/win32/seccrypto/signtool) ?
> It seems that Microsoft Defender has become overly aggressive to some
> Cygwin binaries (mostly /usr/bin/hostname, /usr/bin/find, /usr/bin/tar
> etc.) in the last couple of weeks and just blocks them.
>
> Our IT supports that they can "whitelist" binaries based on their
> cryptographic signature... but neither the binaries from the CI nor
> the Release binaries have any signatures...
BTW: The Windows Defender rule which causes /usr/bin/find.exe,
/usr/bin/hostname.exe etc. to be blocked is "Block use of copied or
impersonated system tools" (C0033C00-D16D-4114-A5A0-DC9B3A7D2CEB) ...
----
Bye,
Roland
--
__ . . __
(o.\ \/ /.o) roland.mainz@nrubsig.org
\__\/\/__/ MPEG specialist, C&&JAVA&&Sun&&Unix programmer
/O /==\ O\ TEL +49 641 3992797
(;O/ \/ \O;)
More information about the Cygwin
mailing list