rustypwneddownloader
AzureSignTool
rustypwneddownloader | AzureSignTool | |
---|---|---|
4 | 4 | |
6 | 242 | |
- | - | |
5.5 | 6.8 | |
23 days ago | 9 days ago | |
Rust | C# | |
MIT License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
rustypwneddownloader
-
The Windows installer of ImageMagick will no longer be signed
Just throwing in that the dollar value isn't the only cost. I've been using an automated release workflow tomanage signing, eg
https://github.com/technion/rustypwneddownloader/blob/main/....
This worfklow isn't usable with these new rules, and I'm having a hard time with the assertion that moving builds to my desktop to use a hardware signing key and uploading them in a non automated, non transparent fashion is an improvement on security.
-
Google open-sources Rust crate audits
I just grabbed my (very basic app)[https://github.com/technion/rustypwneddownloader] and ran a cargo vet init. Out of the box there were 145 dependencies found (ouch.. that already feels like a bad trajectory).
- Show HN: Rust Port of Pwnpasswordsdownloader
-
What's everyone working on this week (21/2023)?
I've written and released a Rust port of the pwnedpasswordsdownloader: https://github.com/technion/rustypwneddownloader
AzureSignTool
-
ClickOnce
I never had much luck with ClickOnce, so I was using Squirrel.Windows. I've recently switched to the Clowd.Squirrel fork, since I needed support for AzureSignTool in the build process.
-
The Windows installer of ImageMagick will no longer be signed
[2] https://github.com/vcsjones/AzureSignTool
-
One Game, by One Man, on Six Platforms: The Good, the Bad and the Ugly
The token requirement is a pain. We settled on using Azure Key Vault and AzureSignTool [1]. It costs $5 a month for a HSM key and you can sign things from anywhere.
It's not a protection racket...
[1] https://github.com/vcsjones/AzureSignTool
-
Code signing in Azure DevOps
You can use any certificate authority to generate the security certificate, get a hardware security module (HSM). Then upload your new code signing certificate to Azure Key Vault and use the excellent Azure Sign Tool to pull the certificate from Azure Key Vault into your Azure Pipelines.
What are some alternatives?
journals-web-server - Backend server for the TUI-Journal app
sic1 - Single-instruction (subleq) programming game
tpr - An anonymous and decentralized routing protocol. The code will be up once it is done, but the paper is already available.
pyvips - python binding for libvips using cffi
promise_out - promiseOut version for rust
PowerShell-OpenAuthenticode - Cross platform PowerShell implementation of Authenticode signing and verification
KeenWrite
ImageMagick - 🧙♂️ ImageMagick 7
syno-photo-frame - Build a digital photo frame for Synology Photos with Raspberry Pi
Avalonia - Develop Desktop, Embedded, Mobile and WebAssembly apps with C# and XAML. The most popular .NET UI client technology
launchthing - 🏵️ Minimalist application launcher for linux