-
Notifications
You must be signed in to change notification settings - Fork 161
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add the signing certificate to the ISO on top level #17
Comments
The certs might be here already, so possibly automatable with network access: https://fedorapeople.org/groups/virt/unattended/drivers/postinst/spice-guest-tools/0.141/ Shortly we are looking to add an installer on the iso too which will do it automatically. But yes I think it's fair to also add the cert files directly on the iso too |
Thanks for that that link, but that virtio-0.141.cer Certificate expired on 30.12.2018 (12/30/2018, 2018-12-30). I can import it using certutil.exe, but the PopUp still appears... I just extracted the current RedHat Certificate from the NetKVM\2k16\amd64\netkvm.cat file and used
to install it to the cert store before installing the drivers silently. Works, but the extraction process is IMHO additional and unnecessary work... |
Maybe also have a look at |
@fidencio I'm kinda ignorant here. Didn't you have to track down a cert for libosinfo stuff recently? Can you provide some input? |
So, what I've done in the past with certificates was:
Ideally, we should have the certificates shipped, as its own file, as part of the drivers. However, I'm not exactly sure how easy would be to do that but that's totally worth investigation. Does my reply answer the question raised? |
I think so. Sounds like the cert rarely changes so maybe it's fine to keep a copy in the virtio-win-pkg-scripts repo and stuff it into the iso/rpm |
Hi, If you have a look at this we are currently extracting the certificate from an installation file: It is important to be in sync with the actual installation files. And on another note: If you change the ISOs content, give it a new version... |
Hi,
I would like to automate the installation and upgrade of VirtIO-drivers.
To get past the "Accept the RedHat-Certificate to install"-Popup I want to use certutil.exe to import the required certificate before running pnputil.
(see https://community.spiceworks.com/how_to/24713-silent-install-of-software-that-has-an-unsigned-driver ).
Can you please add the certificate in a folder or top-level on the ISO so it is easier to script the import/installation?
Best regards and Thanks
Rainer
The text was updated successfully, but these errors were encountered: