Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Provide a release with signed executable for Windows #1031

Open
codemuse opened this issue Nov 25, 2022 · 8 comments
Open

Provide a release with signed executable for Windows #1031

codemuse opened this issue Nov 25, 2022 · 8 comments

Comments

@codemuse
Copy link

I love Neovim and I used it personally as well as professionally. I use a multitude of platforms; macOS on my personal laptop, Arch Linux and RedHat Linux for work, and I would love to use it also on my Windows 10 laptop provided by my employer. Of course, it's a completely locked down laptop as it is from a big co.

I can download the .zip distro, but when I unpack and try to run I get the following error:

image

Unfortunately my Windows machine cannot install from any other source as it is prohibited. According to my research the issue is that nvim-qt.exe is unsigned, and by using Microsofts SignTool.exe it should be possible to fix this issue.

Is it possible to create a .zip release with signed executables for us who want to Neovim on their corporate laptops?

@jgehrig
Copy link
Collaborator

jgehrig commented Dec 8, 2022

Disclaimer: I'm not very familiar with the Windows executable signing process

Unfortunately -- I don't think there is a good way for us to do this; we'd need to purchase a non-free CA.

I don't think we can self-sign with something like SignTool because every user would need to mark our self-created CA as trusted on their computer.

There's also the issue of other executables bundled with neovim-qt.

Do you know if nvim.exe is signed?

From some quick searching it looks like no, and that would block us even if we were able to buy a CA and sign nvim-qt.exe.

@justinmk
Copy link
Contributor

justinmk commented Dec 8, 2022

vim uses signpath.io :

not sure what the state of that is.

@jgehrig
Copy link
Collaborator

jgehrig commented Dec 8, 2022

@justinmk That is a very helpful point of reference!

Does Neovim provide a signed executable?

It looks like SignPath might provide a free key to open source projects:
https://about.signpath.io/product/open-source

@justinmk
Copy link
Contributor

justinmk commented Dec 8, 2022

Does Neovim provide a signed executable?

Not yet, old backlog item: neovim/neovim#5433

@codemuse
Copy link
Author

codemuse commented Dec 9, 2022

Thanks for looking into this! Indeed I now use standard vim, which does work on my work-laptop. It seems that the signpath.io approach is good enough, although I too am not an expert on Windows signing (or Windows in particular, my main drivers are Linux systems and Macs). Unfortunately I do not have access to a Windows system that allows me to compile/contribute to neovim-qt otherwise I'd look into and would try to use a similar approach as Vim myself.

@xvim64
Copy link

xvim64 commented Dec 12, 2022

It's a WARNING, not an ERROR.

Have you tried clicking 'unerline [More info]' ?

You can run unsigned executables without signing.

@codemuse
Copy link
Author

Yes, you can run unsigned executables, but only if you are Administrator. However, this is a big-co provided laptop, and as such I do not have Administrator rights.

More info does not give much more insight:

image

@codemuse
Copy link
Author

I was missing nvim so much on Windows, that I desperately tried again today to see if maybe something changed in terms of security settings. I stumbled upon the following setting when opening the nvim-qt.exe:

image

If I click that it works!

Just wanted to post it here in case anyone has the same issue. I'll leave it to the repo maintainers to decide whether to resolve this issue based on this or not.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants