No. We will no longer be publishing compiled version of the axCommunity application because of the signature requirement. Anyone that needs it will have to compile it themselves with their own code signing certificate.
Going to have to point this one back to the folks at Tridium. The decision to move to only signed code was theirs. Don't take this personally - I don't have the free time to teach non developers how to do development with Tridium. It is not a lighthearted subject that can be put into a couple of paragraphs - and even worse if it doesn't work for you who do you ask for tech support?
I hope someone from Tridium steps up and helps with this issue - I know a lot of developers use the axCommunity module and that is now going to be significantly more complicated for most.
Mike would you be opposed to continuing to release compiled unsigned versions?
The users could then sign that with there own cert using WB.
Myself I will get the source and get back up to speed on compiling it its been a while since I have tried it.
I really hope Axcommunity sticks around and dose not die off because of these certs.
Marcello have a look in your 4.9 workbench system.properties file there is a commented line that may be of intrest to you.
Ken
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
@arnottm, as @kpyro2 has pointed out, you could continue building the modules without signing, and then let your users sign the modules using the Workbench tool that we provide. A better solution would be sign the modules yourself with a self-signed code signing certificate, and distribute the public key of your PEM file. The best solution is, of course to have your code signing certificate signed by a trusted CA. But that does cost money. In leiu of that, users can trust your self-signed certificate by importing your public key into their user trust store, as documented here: https://docs.niagara-community.com/bundle/ModuleSigning/page/ImportingCertificateIntoPlatform-291075CC.html
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
The simple issue with that is, I work for a software company. I did not write all of the code in the axCommunity module. I am therefor not putting our signing cert on code I did not create or even test. If someone would like to volunteer to use their cert to sign the code and make it public they are welcome to do so, I will promote them to an administrator in the project.
@arnottmhttps://sourceforge.net/u/arnottm/, as @kpyro2https://sourceforge.net/u/kpyro2/ has pointed out, you could continue building the modules without signing, and then let your users sign the modules using the Workbench tool that we provide. A better solution would be sign the modules yourself with a self-signed code signing certificate, and distribute the public key of your PEM file. The best solution is, of course to have your code signing certificate signed by a trusted CA. But that does cost money. In leiu of that, users can trust your self-signed certificate by importing your public key into their user trust store, as documented here: https://docs.niagara-community.com/bundle/ModuleSigning/page/ImportingCertificateIntoPlatform-291075CC.html
Hey everyone, per Mike's latest comment, NiagaraMods is volunteering to sign the community modules with our code signing certificate and host downloads of the signed files. You can download the signed modules at https://nmx.to/niagaramods/ax-community-module
We will not be forking the code base or officially or supporting the modules in any capacity, we just want to provide a signed download of the latest source code as a courtesy to our users. If we contribute to this code base we will do so on this repository as open source contributions.
As Mike mentioned, we cannot validate the integrity or quality of code we haven't written, so our signing of the modules is only to certify that they were downloaded and compiled from this repository without modification and it's up to users to deterimine if the code in the modules is right for their use case.
Thanks,
Adam
👍
1
Last edit: Adam Bergman 2020-10-15
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi Guys
Is possible to have this module in 4.9. sig?
Let me know
MR,
Marcello
No. We will no longer be publishing compiled version of the axCommunity application because of the signature requirement. Anyone that needs it will have to compile it themselves with their own code signing certificate.
From: Marcello cello@users.sourceforge.net
Sent: Friday, September 4, 2020 5:40 AM
To: [niagaraaxcommun:discussion] 898552@discussion.niagaraaxcommun.p.re.sourceforge.net
Subject: [niagaraaxcommun:discussion] N4.9
Hi Guys
Is possible to have this module in 4.9. sig?
Let me know
MR,
Marcello
N4.9https://sourceforge.net/p/niagaraaxcommun/discussion/898552/thread/cffe68d06f/?limit=25#755a
Sent from sourceforge.net because you indicated interest in https://sourceforge.net/p/niagaraaxcommun/discussion/898552/
To unsubscribe from further messages, please visit https://sourceforge.net/auth/subscriptions/
I was able to use these instructions to self sign it and get it to load.
https://docs.niagara-community.com/bundle/ModuleSigning/page/index.html
Ken
Hi,
Any help with how to compile with the current V4.9 gradle version would be much appreciated.
As a non developer I have tried to build the module but alas can't seem to get it to work :-(
Thanks
Tony
Going to have to point this one back to the folks at Tridium. The decision to move to only signed code was theirs. Don't take this personally - I don't have the free time to teach non developers how to do development with Tridium. It is not a lighthearted subject that can be put into a couple of paragraphs - and even worse if it doesn't work for you who do you ask for tech support?
I hope someone from Tridium steps up and helps with this issue - I know a lot of developers use the axCommunity module and that is now going to be significantly more complicated for most.
From: Tony Hogg tonyhogg@users.sourceforge.net
Sent: Tuesday, September 15, 2020 2:31 PM
To: [niagaraaxcommun:discussion] 898552@discussion.niagaraaxcommun.p.re.sourceforge.net
Subject: [niagaraaxcommun:discussion] N4.9
Hi,
Any help with how to compile with the current V4.9 gradle version would be much appreciated.
As a non developer I have tried to build the module but alas can't seem to get it to work :-(
Thanks
Tony
N4.9https://sourceforge.net/p/niagaraaxcommun/discussion/898552/thread/cffe68d06f/?limit=25#216d
Sent from sourceforge.net because you indicated interest in https://sourceforge.net/p/niagaraaxcommun/discussion/898552/
To unsubscribe from further messages, please visit https://sourceforge.net/auth/subscriptions/
Mike would you be opposed to continuing to release compiled unsigned versions?
The users could then sign that with there own cert using WB.
Myself I will get the source and get back up to speed on compiling it its been a while since I have tried it.
I really hope Axcommunity sticks around and dose not die off because of these certs.
Marcello have a look in your 4.9 workbench system.properties file there is a commented line that may be of intrest to you.
Ken
@arnottm, as @kpyro2 has pointed out, you could continue building the modules without signing, and then let your users sign the modules using the Workbench tool that we provide. A better solution would be sign the modules yourself with a self-signed code signing certificate, and distribute the public key of your PEM file. The best solution is, of course to have your code signing certificate signed by a trusted CA. But that does cost money. In leiu of that, users can trust your self-signed certificate by importing your public key into their user trust store, as documented here:
https://docs.niagara-community.com/bundle/ModuleSigning/page/ImportingCertificateIntoPlatform-291075CC.html
The simple issue with that is, I work for a software company. I did not write all of the code in the axCommunity module. I am therefor not putting our signing cert on code I did not create or even test. If someone would like to volunteer to use their cert to sign the code and make it public they are welcome to do so, I will promote them to an administrator in the project.
From: Patrick Cunningham patrickc@users.sourceforge.net
Sent: Tuesday, October 6, 2020 3:51 PM
To: [niagaraaxcommun:discussion] 898552@discussion.niagaraaxcommun.p.re.sourceforge.net
Subject: [niagaraaxcommun:discussion] N4.9
@arnottmhttps://sourceforge.net/u/arnottm/, as @kpyro2https://sourceforge.net/u/kpyro2/ has pointed out, you could continue building the modules without signing, and then let your users sign the modules using the Workbench tool that we provide. A better solution would be sign the modules yourself with a self-signed code signing certificate, and distribute the public key of your PEM file. The best solution is, of course to have your code signing certificate signed by a trusted CA. But that does cost money. In leiu of that, users can trust your self-signed certificate by importing your public key into their user trust store, as documented here:
https://docs.niagara-community.com/bundle/ModuleSigning/page/ImportingCertificateIntoPlatform-291075CC.html
N4.9https://sourceforge.net/p/niagaraaxcommun/discussion/898552/thread/cffe68d06f/?limit=25#e1a0
Sent from sourceforge.net because you indicated interest in https://sourceforge.net/p/niagaraaxcommun/discussion/898552/
To unsubscribe from further messages, please visit https://sourceforge.net/auth/subscriptions/
Hey everyone, per Mike's latest comment, NiagaraMods is volunteering to sign the community modules with our code signing certificate and host downloads of the signed files. You can download the signed modules at https://nmx.to/niagaramods/ax-community-module
We will not be forking the code base or officially or supporting the modules in any capacity, we just want to provide a signed download of the latest source code as a courtesy to our users. If we contribute to this code base we will do so on this repository as open source contributions.
As Mike mentioned, we cannot validate the integrity or quality of code we haven't written, so our signing of the modules is only to certify that they were downloaded and compiled from this repository without modification and it's up to users to deterimine if the code in the modules is right for their use case.
Thanks,
Adam
Last edit: Adam Bergman 2020-10-15