Commits on Aug 8, 2024

1. Switch Windows Signing to GoogleCloud KMS …

   The goal of this switch is to save costs
   (only paying for a key in KMS instead of
   a full running hardware HSM), increase
   flexibility (by being able to authenticate
   via Identity Federation from e.g. running
   AWS node or GHA runner), without reducing
   security (key is still stored in hardware
   HSM in backend, non-exportable).
   
   - windows-msi: Switch signing to use jsign.jar
     instead of signtool to allow more flexibility
     in key stores.
   - windows-msi: Switch sign-openvpn.bat
     to only sign one architecture. (Cleanup)
   - windows-msi: Fix sign-openvpn.bat to
     sign openvpnmsica.dll instead of non-existant
     openvpnmsica.exe. (Bugfix)
   - windows-msi: Fix sign-openvpn.bat to not
     sign unit tests executables and cmocka.dll.
     (Cleanup)
   - windows-msi: Remove sign-binaries.bat intermediate
     script. Didn't seem to serve any purpose anymore.
     (Cleanup)
   - release: Remove AWS CloudHSM support and add
     GoogleCloud KMS instead. Adapt to changes in
     windows-msi.
   - .github: Implement signing of snapshot builds.
   
   Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>

   

   flichtenheld committed Aug 8, 2024
   Configuration menu

   • View commit details
   • Copy full SHA for 4f08a3f
   • Browse repository at this point

   Copy the full SHA

   4f08a3f View commit details

   Browse the repository at this point in the history