bitcoin-0.21.0-win64-setup installer blocked by UAC, Digital Signature certificate revoked. #252

issue user7228 openend this issue on March 19, 2021

user7228 commented at 6:14 am on March 19, 2021: none

The latest versions (0.21.0 to 0.19.1 tested) of the installers are all blocked by Windows UAC:

The installer’s certificates seems revoked:

The above steps are performed with an user account which is a member of Administrators.
user7228 added the label Bug on Mar 19, 2021
fanquake added the label windows on Mar 19, 2021
MarcoFalke commented at 6:19 am on March 19, 2021: contributor

cc @achow101 @jonasschnelli
fanquake commented at 6:22 am on March 19, 2021: member

From IRC:

2021-03-18T19:21:15 achow101 Note that the windows signing certificate expires next week. I’m in the process of renewing it currently, but it’s a process that takes some time
achow101 commented at 6:30 am on March 19, 2021: member

For some reason, it appears that when I went to renew the certificate, Comodo decided that the appropriate course of action was to revoke the current one (it expires next week). I’ll contact their support tomorrow to see if they can un-revoke it, but I suspect that won’t be possible.

My understanding of the windows code signing was that it is timestamped as well, so Windows should’ve seen that it was signed prior to the revocation date and not given this error. But I guess that understanding is incorrect.

In the meantime, we could direct users to use the unsigned binary?
Bosch-0 commented at 7:50 am on March 19, 2021: none

Also experiencing this issue
achow101 commented at 8:11 pm on March 25, 2021: member

This issue affects 0.21.0, 0.20.0, 0.20.1, and 0.19.2 as they all use the same code signing key.

For those versions, the warning looks like (same as the one in the OP):

For comparison, a valid code signed version looks like:

Clicking “Yes” runs the installer.

If we choose to upload a non-code signed version, users will see:

Clicking “More info” shows:

Clicking “Run anyway” shows:

Then clicking “Yes” runs the installer in the same way the valid code signed one does.

This is obviously a very scary warning so we should continue to code sign future releases, but for now, the non code signed installer at least allows people to install.
jonasschnelli commented at 9:23 pm on March 25, 2021: contributor

Why did they revoke the current, already payed for, code signing certificate. Even once it expires, existing signatures should still be valid.

It might be that the signing association we founded does no longer check all boxes in their rollout process.

Since - usually pretty restrictive - Apple has not the slightest issue with our signing setup and would only under extreme circumstances revoke a signing certificate, I question the CA (comodo) we are using.

Maybe it is time to reevaluate. Costs should not matter much.
laanwj commented at 10:00 pm on March 25, 2021: member

I have for https://bitcoincore.org/bin/bitcoin-core-0.21.0/ and https://bitcoincore.org/bin/bitcoin-core-0.20.1/ moved the -setup.exe to an “archived” directory, uploaded the setup-unsigned.exe instead, also created and signed a new SHA256SUMS.asc with the alternative exe in it.

This should make it at least possible to install while we resolve the signing key issues.
laanwj referenced this in commit 5762856ef4 on Mar 26, 2021
harding referenced this in commit 5d7ba57112 on Mar 26, 2021
hebasto added the label UX on May 1, 2021
hebasto commented at 7:38 am on August 4, 2021: member

Closing.

See https://github.com/bitcoin/bitcoin/pull/22017.
hebasto closed this on Aug 4, 2021
bitcoin-core locked this on Nov 5, 2022

Contributors
user7228 MarcoFalke fanquake achow101 Bosch-0 jonasschnelli laanwj hebasto

Labels
Bug Windows UX