DMARC-Filter: OpenDMARC Filter v1.4.2 delorie.com 543IMSGV3783472
Authentication-Results: delorie.com; dmarc=pass (p=none dis=none) header.from=cygwin.com
Authentication-Results: delorie.com; spf=pass smtp.mailfrom=cygwin.com
DKIM-Filter: OpenDKIM Filter v2.11.0 delorie.com 543IMSGV3783472
Authentication-Results: delorie.com;
	dkim=pass (1024-bit key, unprotected) header.d=cygwin.com header.i=@cygwin.com header.a=rsa-sha256 header.s=default header.b=xwTK8cNw
X-Recipient: archive-cygwin@delorie.com
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 1040C3858406
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com;
	s=default; t=1746296546;
	bh=bnnEHhJd2Rc0JVFx/iHIxLjGemFh0q5HYkLCzUlxeNE=;
	h=Date:Subject:To:List-Id:List-Unsubscribe:List-Archive:List-Post:
	 List-Help:List-Subscribe:From:Reply-To:From;
	b=xwTK8cNwZOyldtZCN8UY3IcxP0umd/48VpUoGqOtd4SKiXxbAyLTfhi6fBlnRJGVd
	 jyAQ2D7dpGaHHy/vENwUPSxK9VvVG67cBIHhUkwCWTpQwVfaTb1clMzVV2aIirOPI4
	 t1tPWqOP6hMAJ7wH/jIrUtoV0uuEy228RD9MXft0=
X-Original-To: cygwin@cygwin.com
Delivered-To: cygwin@cygwin.com
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 4ABB93858D21
ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 4ABB93858D21
ARC-Seal: i=2; a=rsa-sha256; d=sourceware.org; s=key; t=1746296519; cv=pass;
 b=lkpYJWrKGEfAxjRLgcKK7ZtY1XBMo5muaAj4b0+z2sLmKnsf6eR2etktVxiXIaTvlUNcwjgZsJT6D/1XifWeQpZTv0BQ/x1xqb7pNrgnCzLaJoPagi5lVMdPhor0AvlIzkHHH+MNYWdw528ZPcF8XG5VJ+n1Me1OcffTUpLLdhM=
ARC-Message-Signature: i=2; a=rsa-sha256; d=sourceware.org; s=key;
 t=1746296519; c=relaxed/simple;
 bh=t7uQGIJeDHfa7Z7lregBk1cOnObqgk7cSuz425PMEmM=;
 h=DKIM-Signature:MIME-Version:From:Date:Message-ID:Subject:To;
 b=WYvf7Y8JlaeLp/2CXYiaKYtree+L7j+8XLRPhDIIWg1kTR5/gpLcgutjNLWc04PvkCG9lDPnP+CQQ9Ort1XTaccIv09TuKrb49VLhqunMvWzH4PHs6FP7TKLpM5ie5+FtRUDTNSfYu6rPlZk2xIhtvwmNEggLniBv2lSUF8eU2I=
ARC-Authentication-Results: i=2; server2.sourceware.org
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 4ABB93858D21
X-Sender-Id: dreamhost|x-authsender|gisburn@nrubsig.org
ARC-Seal: i=1; s=arc-2022; d=mailchannels.net; t=1746296517; a=rsa-sha256;
 cv=none;
 b=48syIwLS9L14zLVtvShLtNDjIMCqimGzJMoapyxhDXkBDt479Kf4JN+GiLj5f52+E3vx7p
 zjyF/4Y2tON1FH27hNpOc6Is9BWzmBZpEBJ1IsEIs9uZcKcOlfHUu/mngGppWrNhwZvdfg
 9TW2vUc0MaqHmkEBYrVKX4CitKM4RKlmFEiDj3DPJ9h/DYS6NTZLlY1CYUXf14gQNC2Dmj
 NJp/w/l5KVxhnJJf/0uFf+4tl1ptMXVv3Y/V/C5jWKsazCzTVCuNMG1bD3U6dDUp0JIdZl
 LznKQYScQjKR0utYo/BoqqdgwZ35HurUpPISjFebfS8lO9RH5OsvjxP6vCuhSQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
 d=mailchannels.net; s=arc-2022; t=1746296517;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:mime-version:mime-version:content-type:content-type:
 dkim-signature; bh=mq3aDz6IUoV2ETXcUH2kTfyzEXXNmkk7Ii4C7vqe27U=;
 b=UIL/7Vsw/5XNHjpi9q3xQlOVLW5LyFByp3Z+EJhlftimNPaJ6IWABbpUJ8qglacpLRB9km
 y+BfqA7OlaxTkVT9z0NutB79XnSeNeBK9J9uELEuCL87aQFG67IYIF/h5BcMdPKhTY2cQY
 6jL1A2tt6Tde9K1fFU43F130lUbokTYEr04e/mHayVDFKoM7zzmCNi62sJFY20MtiYIpyf
 qUj9i8hbRZVmlRTn55DmegEZU3bjUYqEBYjfYuD6IfnqXoDchsuikz9KsQYd7HrfC2DIao
 jCQAiaj2zugJEvzbSEWAqMG7zlxf2ANmByL86Eod3ZT8JT3ygjSRTaRsKb17dw==
ARC-Authentication-Results: i=1; rspamd-56c68c6fd9-tjnhh;
 auth=pass smtp.auth=dreamhost smtp.mailfrom=roland.mainz@nrubsig.org
X-Sender-Id: dreamhost|x-authsender|gisburn@nrubsig.org
X-MC-Relay: Bad
X-MailChannels-SenderId: dreamhost|x-authsender|gisburn@nrubsig.org
X-MailChannels-Auth-Id: dreamhost
X-Chief-Keen: 494d9b2c2c12e5d6_1746296517832_531995812
X-MC-Loop-Signature: 1746296517832:1843686332
X-MC-Ingress-Time: 1746296517831
X-Gm-Message-State: AOJu0YzPNoJlXsZ3w5+f5sNuVTfRpheY0VKxXjdzkxHQRait/Jgfq3Ar
 wvzeUSawl1HgdQR6vidYmcuKPGAwcKYsNCwnNTj8VoJY7NdtEwdWk7EZKhTe6tCW/eE0SR9hwL0
 q4/01R3q06jG/wmxTFo/OILCenL8=
X-Google-Smtp-Source: AGHT+IFUeiJVfsfSxLktyQXW+SBG7ogzCB6XfBMP0zIKR10S/nyasMTUtmb4p7zGcf1MsMemXlRkadEdTRHLMtqYojg=
X-Received: by 2002:a05:6000:1ac9:b0:38f:2ddd:a1bb with SMTP id
 ffacd0b85a97d-3a09fd7a1b7mr1173086f8f.8.1746296515806; Sat, 03 May 2025
 11:21:55 -0700 (PDT)
MIME-Version: 1.0
Date: Sat, 3 May 2025 20:21:19 +0200
X-Gmail-Original-Message-ID: <CAKAoaQn=-jVLnrO1hmM_4JAPodO-YnUuw+fcnDScHa=d2G48=A@mail.gmail.com>
X-Gm-Features: ATxdqUG98k3TSZIypOnZ13vB15RYJ0XRTk1XORsy_RVrAY81VWJYpEAaJowGAI8
Message-ID: <CAKAoaQn=-jVLnrO1hmM_4JAPodO-YnUuw+fcnDScHa=d2G48=A@mail.gmail.com>
Subject: Signing cygwin.com binaries with signtool by default ?
To: cygwin@cygwin.com
X-BeenThere: cygwin@cygwin.com
X-Mailman-Version: 2.1.30
List-Id: General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Archive: <https://cygwin.com/pipermail/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-request@cygwin.com?subject=help>
List-Subscribe: <https://cygwin.com/mailman/listinfo/cygwin>,
 <mailto:cygwin-request@cygwin.com?subject=subscribe>
From: Roland Mainz via Cygwin <cygwin@cygwin.com>
Reply-To: Roland Mainz <roland.mainz@nrubsig.org>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: "Cygwin" <cygwin-bounces~archive-cygwin=delorie.com@cygwin.com>

Hi!

----

Is it somehow possible that the CI+Release binaries (*.exe, *.dll) can
be signed with signtool
(https://learn.microsoft.com/en-us/windows/win32/seccrypto/signtool) ?
It seems that Microsoft Defender has become overly aggressive to some
Cygwin binaries (mostly /usr/bin/hostname, /usr/bin/find, /usr/bin/tar
etc.) in the last couple of weeks and just blocks them.

Our IT supports that they can "whitelist" binaries based on their
cryptographic signature... but neither the binaries from the CI nor
the Release binaries have any signatures...

----

Bye,
Roland
-- 
  __ .  . __
 (o.\ \/ /.o) roland.mainz@nrubsig.org
  \__\/\/__/  MPEG specialist, C&&JAVA&&Sun&&Unix programmer
  /O /==\ O\  TEL +49 641 3992797
 (;O/ \/ \O;)

-- 
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple