[bug] nsis plugins aren't signed #11673
Labels
platform: Windows
priority: 1 high
scope: bundler
The bundler used in our cli to make installers
status: needs triage
This issue needs to triage, applied to new issues
type: bug
Describe the bug
Nsis plugins inside nsis installer aren't signed with code signing though I enabled code signing.
The app was signed, the DLLs and the installer. but the DLLs inside
$PLUGINSDIR
are not signed.as a result AVs flag them as virus immediately.
Reproduction
Download sigcheckGUI https://www.majorgeeks.com/mg/getmirror/sigcheckgui,1.html
Download https://github.com/thewh1teagle/vibe/releases/download/v2.6.6/vibe_2.6.6_x64-setup.exe
Extract the app with 7zip and check the signatures of the files
Expected behavior
It should be signed by my certificate or by yours (official?)
Full
tauri info
outputStack trace
No response
Additional context
I noticed that virustotal flag the nsis plugins as a virus.
By the way signing with self signed certificate is better than unsigned! now windows defender didn't blocked it and virus total has less false positives
https://code.videolan.org/videolan/vlc/-/issues/27469
The text was updated successfully, but these errors were encountered: