Skip to content

feat: add code signing for Go binaries#3491

Draft
zackverham wants to merge 3 commits intomainfrom
feat/code-signing-3484
Draft

feat: add code signing for Go binaries#3491
zackverham wants to merge 3 commits intomainfrom
feat/code-signing-3484

Conversation

@zackverham
Copy link
Collaborator

Add signing workflow for Windows, macOS, and Linux binaries to address antivirus false positives (Norton quarantining Publisher).

Signing approach:

  • Windows: Authenticode via osslsigncode with timestamping
  • macOS: codesign with Developer ID and hardened runtime
  • Linux: GPG detached signatures (.sig files)

Updated workflows to include signing step:

  • main.yaml
  • nightly.yaml
  • publish.yaml
  • pull-request.yaml
  • release.yaml

Required secrets:

  • WINDOWS_SIGNING_CERT / WINDOWS_SIGNING_CERT_PASSWORD
  • MACOS_SIGNING_CERT / MACOS_SIGNING_CERT_PASSWORD
  • LINUX_SIGNING_KEY / LINUX_SIGNING_KEY_PASSPHRASE

Fixes #3484

Intent

Type of Change

    • Bug Fix
    • New Feature
    • Breaking Change
    • Documentation
    • Refactor
    • Tooling

Approach

User Impact

Automated Tests

Directions for Reviewers

Checklist

  • I have updated the root CHANGELOG.md to cover notable changes.

zackverham and others added 3 commits February 11, 2026 14:58
Add signing workflow for Windows, macOS, and Linux binaries to address
antivirus false positives (Norton quarantining Publisher).

Signing approach:
- Windows: Authenticode via osslsigncode with timestamping
- macOS: codesign with Developer ID and hardened runtime
- Linux: GPG detached signatures (.sig files)

Updated workflows to include signing step:
- main.yaml
- nightly.yaml
- publish.yaml
- pull-request.yaml
- release.yaml

Required secrets:
- WINDOWS_SIGNING_CERT / WINDOWS_SIGNING_CERT_PASSWORD
- MACOS_SIGNING_CERT / MACOS_SIGNING_CERT_PASSWORD
- LINUX_SIGNING_KEY / LINUX_SIGNING_KEY_PASSPHRASE

Fixes #3484

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Positron gets Quarantined by Norton Security

1 participant