Re: Windows dev anyone? [was: Re: Signed DMD binaries]
On 19/08/2018 7:16 AM, Manu wrote: He genuinely believes OMF+OPTLINK should be the deliberate and preferred default that everyone should be confronted with as their first experience. It clearly improves new users experience with D. Has something changed? Yes. We're adding support (experimental) for LLD (LLVM linker) with MinGW import libraries and VC2010 as of 2.079. Which gives out of the box support for PE-COFF. Long term this should mean we can drop OMF altogether. But like 64bit support took, it'll be a while before its ready to go primary.
Re: Windows dev anyone? [was: Re: Signed DMD binaries]
On Fri, 17 Aug 2018 at 09:45, Martin Nowak via Digitalmars-d wrote: > > Well from my point of view the most important outstanding Windows tasks are: > > - help to test, debug, and fix the experimental lld/mingw toolchain > (https://dlang.org/changelog/2.079.0.html#lld_mingw) > > Once this is ready for production use it would simplify the Windows > installation and allowed us to drop optlink and OMF. Is there any reason to believe Walter would accept that? It's come up countless times. He rejects it in principle. https://github.com/dlang/dmd/pull/8347 He genuinely believes OMF+OPTLINK should be the deliberate and preferred default that everyone should be confronted with as their first experience. It clearly improves new users experience with D. Has something changed?
Re: Windows dev anyone? [was: Re: Signed DMD binaries]
On Friday, 17 August 2018 at 16:42:08 UTC, Martin Nowak wrote: - help to test, debug, and fix the experimental lld/mingw toolchain (https://dlang.org/changelog/2.079.0.html#lld_mingw) I'd be happy to test this, but where are the instructions for using it?Do I need to uninstall Visual Studio first (please no)? Mike
Re: Windows dev anyone? [was: Re: Signed DMD binaries]
On Friday, 17 August 2018 at 16:42:08 UTC, Martin Nowak wrote: On 08/17/2018 01:24 AM, Mike Franklin wrote: Well from my point of view the most important outstanding Windows tasks are: [...] Thanks. I'm currently working on getting build.d to work on Windows. https://github.com/dlang/dmd/pull/8570 https://github.com/dlang/dmd/pull/8568 https://github.com/dlang/dmd/pull/8566 https://github.com/dlang/dmd/pull/8546 I think once that's done it won't be such a huge burden to set up a development environment for Windows, and hopefully we'll see more participation. I'd be happy to add anyone remotely interested in Windows-support to our #Windows channel on slack (https://dlang.slack.com/messages/C6D5FEJ78). It's unfortunately fairly quiet atm. Joined. Mike
Windows dev anyone? [was: Re: Signed DMD binaries]
On 08/17/2018 01:24 AM, Mike Franklin wrote: > On Thursday, 16 August 2018 at 17:06:27 UTC, Martin Nowak wrote: > >> A review would be helpful. > > It looks fine to me, though, that's not saying much. If you need > someone to test something, contact me on Slack. > >> And more Windows dev-volunteers for upcoming features. > > To do what exactly? Well from my point of view the most important outstanding Windows tasks are: - help to test, debug, and fix the experimental lld/mingw toolchain (https://dlang.org/changelog/2.079.0.html#lld_mingw) Once this is ready for production use it would simplify the Windows installation and allowed us to drop optlink and OMF. - help Benjamin Thaut with the export feature This is intended to cover dllimport/dllexport, but in a single keyword without macros (more info https://dconf.org/2016/talks/thaut.html). It's a necessity for full DLL support on Windows and we also want to use explicitly exported symbols to speed up Posix binaries (by avoiding PLT indirections). - get a 64-bit VC dmd.exe into the release 64-bit builds should be fully CI-integrated (mostly already done via AppVeyor AFAIK). Integrate build script/makefile with existing Windows release build (https://github.com/dlang/installer/blob/f7ee5aeab79a800317d875b5ee2e34ec2ad8803c/create_dmd_release/build_all.d#L41-L43, and https://github.com/dlang/installer/blob/f7ee5aeab79a800317d875b5ee2e34ec2ad8803c/create_dmd_release/create_dmd_release.d#L444). I'd be happy to add anyone remotely interested in Windows-support to our #Windows channel on slack (https://dlang.slack.com/messages/C6D5FEJ78). It's unfortunately fairly quiet atm. -Martin
Re: Signed DMD binaries
On Thursday, 16 August 2018 at 17:06:27 UTC, Martin Nowak wrote: A review would be helpful. It looks fine to me, though, that's not saying much. If you need someone to test something, contact me on Slack. And more Windows dev-volunteers for upcoming features. To do what exactly? Mike
Re: Signed DMD binaries
On 08/16/2018 04:13 PM, Andrei Alexandrescu wrote: > On 8/15/18 7:44 PM, Manu wrote: >> Indeed, it's the installer that's in critical need of being signed... >> but all the binaries are worth signing if that's convenient. >> But the installer is definitely priority #1!:) > > Any chance we could delegate some of the effort of working on this to > you? > > Are other Windows users interested in helping? > > Martin has spent a fair amount of time dealing with this, and he's not > a Windows expert. We could definitely use some help here. > A review would be helpful. https://github.com/dlang/installer/pull/339 And more Windows dev-volunteers for upcoming features.
Re: Signed DMD binaries
On 8/15/18 7:44 PM, Manu wrote: Indeed, it's the installer that's in critical need of being signed... but all the binaries are worth signing if that's convenient. But the installer is definitely priority #1!:) Any chance we could delegate some of the effort of working on this to you? Are other Windows users interested in helping? Martin has spent a fair amount of time dealing with this, and he's not a Windows expert. We could definitely use some help here.
Re: Signed DMD binaries
On Wednesday, 15 August 2018 at 09:39:42 UTC, Radu wrote: The say this: ``` Note: Apple uses the industry-standard form and format of code signing certificates. Therefore, if your company already has a third-party signing identity that you use to sign code on other systems, you can use it with the macOS codesign command. Similarly, if your company is a certificate issuing authority, contact your IT department to find out how to get a signing certificate issued by your company. However, while these valid certificates allow you to sign your code, you can only distribute through the App Store or through the Developer ID program when you sign with a certificate issued by Apple. ``` Cool, I didn't know that. /Jacob Carlborg
Re: Signed DMD binaries
On Mon, 13 Aug 2018 at 18:00, Mike Franklin via Digitalmars-d wrote: > > On Monday, 13 August 2018 at 18:48:21 UTC, Seb wrote: > > > Feedback is welcome ;-) > > Thanks a lot for doing this. Honestly, I think this small > change, if we can keep it maintained, will make a significant > impact in users' perception of D. > > I don't think the issue is actually with the DMD executables, but > with the DMD installer package. I'm speaking somewhat in > ignorance here, but I think what's most important is to sign the > installer package. I asked about what installer packaging > software we are using (InstallShield, InnoSetup, etc...) at > https://issues.dlang.org/show_bug.cgi?id=18786, but didn't get a > response. > > When you try to run the installer on a recent Windows machine, > you see this > (https://cdn1.tekrevue.com/wp-content/uploads/2017/09/windows-protected-your-pc.jpg). > That is what's scaring people. User's have to click the "More info" link, > and then a "Run anyway" button appears > (https://www.autoitscript.com/site/wp-content/uploads/2018/01/SmartScreen_Windows_Protected_Your_PC_Run_Anyway.png) > > So, I think the solution is to sign the installer package. I've > never done that before, but a quick search on the Internet > yielded: > > http://www.samlogic.net/visual-installer/tips/tips-pages/code-sign-setup-package/code-sign-setup-package.htm > https://learn.adafruit.com/how-to-sign-windows-drivers-installer/making-an-installer#sign-the-installer-5-28 > > I don't think that will solve the virus problem, but it should at > least remove the scary *Windows is protecting you* popup message. > > For the virus problem, it would be helpful to know what software > we are using to create the installer package. Is it legit? > > Mike Indeed, it's the installer that's in critical need of being signed... but all the binaries are worth signing if that's convenient. But the installer is definitely priority #1! :)
Re: Signed DMD binaries
On Monday, 13 August 2018 at 18:48:21 UTC, Seb wrote: As a few of you might have noticed, we bought a Code Signing Certificate a few days ago and while we're still investigating on how to integrate the code signing best into the release process, I thought a share a first preview of signed DMD binaries with you. So I semi-officially repacked 2.081.2 and signed the released binaries and libraries: http://files.wilzba.ch/dlang/releases sha256sum dmd.2.081.2.windows.7z 598a477e3692fb43c2bf010d62620506e0d0169e5dbaaa909ab9fca84204f751 dmd.2.081.2.windows.7z In the future, the official releases will come with signed binaries, but as there are a few people running into troubles with their company software policy or virus scanner, I thought I share this semi-official release with you. Feedback is welcome ;-) :) Thanks!
Re: Signed DMD binaries
On Tuesday, 14 August 2018 at 16:10:41 UTC, Jacob Carlborg wrote: On Tuesday, 14 August 2018 at 14:42:54 UTC, Seb wrote: On Monday, 13 August 2018 at 19:09:55 UTC, Jacob Carlborg wrote: Any plans for doing the same thing for the installer on macOS? It complains that it's from an unidentified developer and forces the user to go into System Preferences and reopen the installer. Yes, the certificate allows signing binaries for OSX too. On macOS the certificate needs to be obtained from Apple through the developer program [1]. [1] https://developer.apple.com/library/archive/documentation/Security/Conceptual/CodeSigningGuide/Procedures/Procedures.html#//apple_ref/doc/uid/TP40005929-CH4-SW30 — /Jacob Carlborg The say this: ``` Note: Apple uses the industry-standard form and format of code signing certificates. Therefore, if your company already has a third-party signing identity that you use to sign code on other systems, you can use it with the macOS codesign command. Similarly, if your company is a certificate issuing authority, contact your IT department to find out how to get a signing certificate issued by your company. However, while these valid certificates allow you to sign your code, you can only distribute through the App Store or through the Developer ID program when you sign with a certificate issued by Apple. ```
Re: Signed DMD binaries
On Tuesday, 14 August 2018 at 14:42:54 UTC, Seb wrote: On Monday, 13 August 2018 at 19:09:55 UTC, Jacob Carlborg wrote: Any plans for doing the same thing for the installer on macOS? It complains that it's from an unidentified developer and forces the user to go into System Preferences and reopen the installer. Yes, the certificate allows signing binaries for OSX too. On macOS the certificate needs to be obtained from Apple through the developer program [1]. [1] https://developer.apple.com/library/archive/documentation/Security/Conceptual/CodeSigningGuide/Procedures/Procedures.html#//apple_ref/doc/uid/TP40005929-CH4-SW30 — /Jacob Carlborg
Re: Signed DMD binaries
On Monday, 13 August 2018 at 19:09:55 UTC, Jacob Carlborg wrote: Any plans for doing the same thing for the installer on macOS? It complains that it's from an unidentified developer and forces the user to go into System Preferences and reopen the installer. Yes, the certificate allows signing binaries for OSX too. However, as we still haven't fully figured out how to integrate the binary signing for Windows in the release process (and this can be done on Linux) and OSX binary signing can only be done on OSX AFAICT, this might take a bit until it gets integrated. Also I think Martin is the only one who currently has the VirtualBox image for OSX setup which is required by the create_dmd_release build tool. In case someone wants to have a look, the relevant steps happen/should happen here: https://github.com/dlang/installer/blob/master/create_dmd_release/build_all.d#L329
Re: Signed DMD binaries
On 15/08/2018 2:14 AM, Timoses wrote: On Monday, 13 August 2018 at 19:09:55 UTC, Jacob Carlborg wrote: Any plans for doing the same thing for the installer on macOS? It complains that it's from an unidentified developer and forces the user to go into System Preferences and reopen the installer. Can't you just usually right-click the file and select "Open" which enables something like the "Open anyway" option to be displayed (usually not visible when just double clicking the file...)? Only after you have disabled said check.
Re: Signed DMD binaries
On Monday, 13 August 2018 at 19:09:55 UTC, Jacob Carlborg wrote: Any plans for doing the same thing for the installer on macOS? It complains that it's from an unidentified developer and forces the user to go into System Preferences and reopen the installer. Can't you just usually right-click the file and select "Open" which enables something like the "Open anyway" option to be displayed (usually not visible when just double clicking the file...)?
Re: Signed DMD binaries
Feedback is welcome ;-) The latest DMD installer seems not to be flaged by Kaspersky Antivirus, thanks!
Re: Signed DMD binaries
On 14/08/2018 12:58 PM, Mike Franklin wrote: I don't think the issue is actually with the DMD executables, but with the DMD installer package. I'm speaking somewhat in ignorance here, but I think what's most important is to sign the installer package. I asked about what installer packaging software we are using (InstallShield, InnoSetup, etc...) at https://issues.dlang.org/show_bug.cgi?id=18786, but didn't get a response. https://github.com/dlang/installer/tree/master/windows NSIS so yes fairly standard. And no, there are popups that can happen because it isn't signed/trusted. So we should sign everything that we can.
Re: Signed DMD binaries
On Monday, 13 August 2018 at 18:48:21 UTC, Seb wrote: Feedback is welcome ;-) Thanks a lot for doing this. Honestly, I think this small change, if we can keep it maintained, will make a significant impact in users' perception of D. I don't think the issue is actually with the DMD executables, but with the DMD installer package. I'm speaking somewhat in ignorance here, but I think what's most important is to sign the installer package. I asked about what installer packaging software we are using (InstallShield, InnoSetup, etc...) at https://issues.dlang.org/show_bug.cgi?id=18786, but didn't get a response. When you try to run the installer on a recent Windows machine, you see this (https://cdn1.tekrevue.com/wp-content/uploads/2017/09/windows-protected-your-pc.jpg). That is what's scaring people. User's have to click the "More info" link, and then a "Run anyway" button appears (https://www.autoitscript.com/site/wp-content/uploads/2018/01/SmartScreen_Windows_Protected_Your_PC_Run_Anyway.png) So, I think the solution is to sign the installer package. I've never done that before, but a quick search on the Internet yielded: http://www.samlogic.net/visual-installer/tips/tips-pages/code-sign-setup-package/code-sign-setup-package.htm https://learn.adafruit.com/how-to-sign-windows-drivers-installer/making-an-installer#sign-the-installer-5-28 I don't think that will solve the virus problem, but it should at least remove the scary *Windows is protecting you* popup message. For the virus problem, it would be helpful to know what software we are using to create the installer package. Is it legit? Mike
Re: Signed DMD binaries
On 8/13/2018 11:48 AM, Seb wrote: Feedback is welcome ;-) Thank you!
Re: Signed DMD binaries
On 2018-08-13 20:48, Seb wrote: As a few of you might have noticed, we bought a Code Signing Certificate a few days ago and while we're still investigating on how to integrate the code signing best into the release process, I thought a share a first preview of signed DMD binaries with you. So I semi-officially repacked 2.081.2 and signed the released binaries and libraries: http://files.wilzba.ch/dlang/releases sha256sum dmd.2.081.2.windows.7z 598a477e3692fb43c2bf010d62620506e0d0169e5dbaaa909ab9fca84204f751 dmd.2.081.2.windows.7z In the future, the official releases will come with signed binaries, but as there are a few people running into troubles with their company software policy or virus scanner, I thought I share this semi-official release with you. Feedback is welcome ;-) Any plans for doing the same thing for the installer on macOS? It complains that it's from an unidentified developer and forces the user to go into System Preferences and reopen the installer. -- /Jacob Carlborg
Signed DMD binaries
As a few of you might have noticed, we bought a Code Signing Certificate a few days ago and while we're still investigating on how to integrate the code signing best into the release process, I thought a share a first preview of signed DMD binaries with you. So I semi-officially repacked 2.081.2 and signed the released binaries and libraries: http://files.wilzba.ch/dlang/releases sha256sum dmd.2.081.2.windows.7z 598a477e3692fb43c2bf010d62620506e0d0169e5dbaaa909ab9fca84204f751 dmd.2.081.2.windows.7z In the future, the official releases will come with signed binaries, but as there are a few people running into troubles with their company software policy or virus scanner, I thought I share this semi-official release with you. Feedback is welcome ;-)
