Release pause - updating our code signing certificate
January 09, 2024 in bliss by Dan Gravell
You might have noticed a delay in new releases of bliss. It’s not the New Year blues; it’s because our code signing certificate has come up for renewal and there are a number of changes in code signing which necessitate updates in our build process.
We use code signing certificates in two of our installers: for Windows and for macOS.
Code signing certificates verify that the software you run on your computer has been built by the organisation or person that the certificate says, and it has not been edited since. When you download software on the Internet and install it, Windows (for instance) checks whether the software has a code signing certificate. If not, it will show a mildly-scary message that the software is untrusted. However, if the software is signed, you get a nicer (or at least branded) popup:
We’ve shipped with a code signing certificate for almost a decade now.
In the past year there have been changes to how code signing certificates are permitted to work. There are now restrictions on how code signing certificates can be installed and stored; whereas once the certificate was a file you downloaded and then applied to each build, there are now requirements on how the certificate is stored so it will not be compromised.
This, in addition to my decision to purchase a higher grade certificate that requires extra verification of our business, has meant a delay in issuing the new certificate. We don’t have the new certificate yet, and until we receive the new certificate we cannot build new versions of bliss.
As soon as we receive the new certificate we’ll build a new release but this might take a week or two to be finalised, plus we have to integrate it into our build process. Due to the changes in how certificates are stored we will have to change the build process to sign the code in a different way.
We just wanted to let you know what was going on and the reason for the delay in new builds.
Stay tuned!