Remove authenticode check

src/Rust/Cargo.toml

@@ -129,7 +129,7 @@ windows-sys = { version = "0.52", default-features = false, features = [
     "Win32_System_SystemServices",
 ] }
 normpath = "1.0.1"
-codesign-verify = { git = "https://github.com/caesay/codesign-verify-rs.git" }
+# codesign-verify = { git = "https://github.com/caesay/codesign-verify-rs.git" }
 
 [dev-dependencies]
 tempfile = "3.9"

src/Rust/src/commands/start.rs

@@ -63,8 +63,6 @@ pub fn start(wait_for_parent: bool, exe_name: Option<&String>, exe_args: Option<
         bail!("Unable to find executable to start: '{}'", exe_to_execute.to_string_lossy());
     }
 
-    crate::windows::assert_can_run_binary_authenticode(&exe_to_execute)?;
-
     info!("About to launch: '{}' in dir '{}'", exe_to_execute.to_string_lossy(), current);
 
     if let Some(args) = exe_args {

src/Rust/src/shared/util_windows.rs

@@ -159,8 +159,6 @@ pub fn start_package<P: AsRef<Path>>(app: &Manifest, root_dir: P, exe_args: Opti
         bail!("Unable to find executable to start: '{}'", exe_to_execute.to_string_lossy());
     }
 
-    crate::windows::assert_can_run_binary_authenticode(&exe_to_execute)?;
-
     let mut psi = Process::new(&exe_to_execute);
     psi.current_dir(&current);
     if let Some(args) = exe_args {

src/Rust/src/windows/util.rs

@@ -349,55 +349,3 @@ pub fn test_x64_and_x86_is_supported_but_not_arm64_or_invalid() {
     assert!(is_cpu_architecture_supported("x64").unwrap());
     assert!(is_cpu_architecture_supported("x86").unwrap());
 }
-
-pub fn check_authenticode_signature<P: AsRef<Path>>(path: P) -> Result<bool> {
-    let path = path.as_ref();
-    let v = codesign_verify::CodeSignVerifier::for_file(path)
-        .map_err(|e| anyhow!("Unable to open authenticode verifier for '{}' ({:?})", path.to_string_lossy(), e))?;
-    let sig = v.verify().map_err(|e| anyhow!("Unable to verify binary signature '{}' ({:?})", path.to_string_lossy(), e))?;
-
-    info!("Code signature for '{}' is valid", path.to_string_lossy());
-    debug!("Subject Name: {:?}", sig.subject_name());
-    debug!("Issuer Name: {:?}", sig.issuer_name());
-    debug!("SHA1 Thumbprint: {}", sig.sha1_thumbprint());
-    debug!("Serial: {:?}", sig.serial());
-
-    Ok(true)
-}
-
-pub fn assert_can_run_binary_authenticode<P: AsRef<Path>>(path: P) -> Result<()> {
-    let path = path.as_ref();
-
-    info!("Verifying authenticode signatures of prospective launch binary...");
-    let target = check_authenticode_signature(path).unwrap_or(false);
-    let myself = check_authenticode_signature(std::env::current_exe()?).unwrap_or(false);
-
-    debug!("Target ({}) Signature = {}", path.to_string_lossy(), if target { "PASS" } else { "FAIL" });
-    debug!("My Signature = {}", if target { "PASS" } else { "FAIL" });
-
-    if myself && !target {
-        bail!("This binary is signed, and the target binary is not. Refusing to run.")
-    }
-
-    Ok(())
-}
-
-#[test]
-#[ignore]
-fn test_authenticode() {
-    fn verify_authenticode_against_powershell(path: &str) -> bool {
-        let command = format!("Get-AuthenticodeSignature \"{}\" | select Status -expandproperty Status", path);
-        let args = command.split_whitespace().collect();
-        let ps_output = super::run_process_no_console_and_wait("powershell", args, std::env::current_dir().unwrap(), None).unwrap();
-        let ps_result = ps_output.trim() == "Valid";
-        let my_result = check_authenticode_signature(path).unwrap_or(false);
-        assert!(ps_result == my_result);
-        return my_result;
-    }
-
-    assert!(verify_authenticode_against_powershell(r"C:\Windows\System32\notepad.exe"));
-    assert!(verify_authenticode_against_powershell(r"C:\Windows\System32\cmd.exe"));
-    assert!(verify_authenticode_against_powershell(r"C:\Users\Caelan\AppData\Local\Programs\Microsoft VS Code\Code.exe"));
-    assert!(!verify_authenticode_against_powershell(r"C:\Users\Caelan\AppData\Local\Clowd\Update.exe"));
-    assert!(!verify_authenticode_against_powershell(r"C:\Users\Caelan\.cargo\bin\cargo.exe"));
-}