Following our meeting with Kitware team, we identified a way forward

While we have an internal document with a lot more details and comments, I will share here only few notes and comments.

Roughly, the plan would be to have:

• a windows and a macOS workstation
  • these would NOT be connected to the internet while the dongle with the signing key is plugged.
  • these would only be visible from Kitware internal network.
• a server to manage the request to sign.
• only dashboard in either internal network or DMZ will be able to communicate with the signing server.
  • artifacts to sign are either uploaded or copied into a shared space (exact workflow to be defined)
  • the two machines responsible to run the signing scripts will be pulling from the signing server / shared space (nothing is pushed to the signing machine)
  • once signing is completed, dashboard are either stopping their active wait loop to resume the build process (or are notified to take action) . And then copy the mutated artifact.

There is also some complexity to update the operating system of the signing machine (e.g updating firewall rule, ... )

While I do not have an exact date of completion, we are making progress. We already bought the two machine responsible for running the signing scripts.

References:

• https://www.slicer.org/wiki/Documentation/Nightly/Developers/ReleaseProcess#Sign_packages
• https://www.slicer.org/wiki/Documentation/Nightly/Developers/Windows_Code_Signing
• https://www.slicer.org/wiki/Documentation/Nightly/Developers/Mac_OS_X_Code_Signing