https://github.com/osquery/osquery logo
#core
Title
# core
t

thor

06/23/2021, 4:35 AM
The MSI itself is signed, but the binaries are not
s

seph

06/23/2021, 11:35 AM
Er, what? I think I downloaded the msi from GitHub and checked that the inner binary was signed. Which one did you download? Possible the website one was different
t

thor

06/23/2021, 6:31 PM
yeah likely, I think the one on the website is pointing to the S3 bins, the one I grabbed was from the GitHub release
s

seph

06/23/2021, 6:51 PM
Seems weird. We should understand how that happened and remediate.
I sorta wonder if we can make all the downloads single sourced.
t

thor

06/23/2021, 8:53 PM
I think the issue with this, was that while I was testing things out, we have logic to not overwrite the GH release artifacts, as attempting to re-submit is what was causing the stack-traces and failures, so the MSI had been stale from testing those flows, and I forgot to delete it and re-run the whole submission pipeline after we had all the kinks worked out
I think...