Windows MSI installer replaced with EXE installer

This commit is contained in:
Ross Scroggs
2026-03-03 20:35:06 -08:00
parent 096eef3f59
commit f10fca04c9
3 changed files with 23 additions and 23 deletions

View File

@@ -11,7 +11,7 @@ It's important to confirm you are always running an official GAM7 release. The f
# GitHub Attestation (Linux/MacOS/Windows)
GitHub offers [artifict attestations](https://docs.github.com/en/actions/security-for-github-actions/using-artifact-attestations/using-artifact-attestations-to-establish-provenance-for-builds) which prove if a given GAM binary or archive was built by the [GAM-team/GAM](https://gitHub.com/GAM-team/GAM) project and links to the build job. This offers you certainty that the GAM executable you are running or the GAM package you downloaded were officially generated by the [GAM-team/GAM](https://gitHub.com/GAM-team/GAM) project.
To verify a given GAM executable file or package (.zip, .msi or .tar.xz) is legitimate, use the following steps:
To verify a given GAM executable file or package (.zip, .exe or .tar.xz) is legitimate, use the following steps:
1. Install the [GitHub CLI command line tool](https://github.com/cli/cli#installation).
2. Login to the tool with the command. You need a [free GitHub account](https://gitHub.com/join) for this.
```
@@ -27,7 +27,7 @@ gh attestation verify --repo GAM-team/GAM --format=json \
4. If the GAM file or package is legit you'll see output like:
```
Loaded digest sha256:a63dc5e71c0b3335865877fc7dc9248bbf7481d22995c18253a2ae71fcb9793a for file://gam-7.00.00-windows-x86_64.msi
Loaded digest sha256:a63dc5e71c0b3335865877fc7dc9248bbf7481d22995c18253a2ae71fcb9793a for file://gam-7.00.00-windows-x86_64.exe
Loaded 1 attestation from GitHub API
✓ Verification succeeded!
@@ -77,7 +77,7 @@ origin=Developer ID Application: Jay Lee (GZ85H2DRLM)
If you do not see "accepted" and "Jay Lee" as the developer ID, there may be a problem. Please report any suspicious files or concerns to the [GAM Group](https://groups.google.com/g/google-apps-manager) or the [GAM Chat Space](https://git.io/gam-chat).
# Windows Code Sign
On Windows, Official gam.exe files and MSI installer packages are signed by a [Certum Open Source code signing certificate](https://shop.certum.eu/open-source-code-signing.html). You can validate the signature and thus be sure you are running official GAM7 from the command line and GUI:
On Windows, Official gam.exe files and EXE installer packages are signed by a [Certum Open Source code signing certificate](https://shop.certum.eu/open-source-code-signing.html). You can validate the signature and thus be sure you are running official GAM7 from the command line and GUI:
# Command Line
From PowerShell, run the following command:
@@ -113,6 +113,6 @@ SignerCertificate : [Subject]
confirm that status is "Valid" and the SignerCertificate says "Open Source Developer, James Lee" (yes, James is Jay's legal name, now you know).
## GUI
From File Manager, you can right click on gam.exe or the MSI package and go to the Digital Signatures tab. From there you'll see the signing certificate which should show "Open Source Developer, James Lee".
From File Manager, you can right click on gam.exe or the EXE installer package and go to the Digital Signatures tab. From there you'll see the signing certificate which should show "Open Source Developer, James Lee".
![image](https://github.com/user-attachments/assets/dceb8cb8-36e0-4ed7-8b03-09322b49b06a)