Now only the installers are signed. This is needed because
DigiCert now only allows a thousand files to be a signed a year.
And charges $800 per year for the privilege. There is an alternative of
using a HSM (hardware security module) but that doesnt work with
my remote VM based signing workflow.
There are over 200 exes and dlls in a single calibre install.
Until a better provider is found, dont sign them.
The old one is about to expire. The new keylocker based service is
highway robbery some 800 dollars a year. Migrate to Azure Trust based
signing once that leaves beta for $120 a year instead, assuming it was
not designed by incompetent buffoons, which is always a possibility.
I am tired of all the bug reports about SSL cerificate verify failures
on windows caused by the windows certificate store not having needed
intermediate certificates. So use the bundled certificates instead which
are the set of certificates trusted by Firefox and curl.
Can be turned off via CALIBRE_USE_SYSTEM_CERTIFICATES=1 env var
Python assumes a stack size of 2MB on windows. The windows default is
1MB. Presumably whoever builds python.exe changes it. Do the same to
avoid crashes due to too much recursion. Fixes#2000888 [BS4 str(soup) crashes Calibre instead of raising RecursionError](https://bugs.launchpad.net/calibre/+bug/2000888)
Apparently Microsoft's latest pointless bit of security theatre now wants
DLLs signed in addition to EXEs. Because of course, executable code can
only be in DLLs and EXEs. Roll eyes.
Fixes#1997486 [calibre does not start when Win 11´s smart app control is activated](https://bugs.launchpad.net/calibre/+bug/1997486)
This is a second commit, removing the white space processing my editor did.
I thought I had made a PR but there is no record of it. Apologies if this is a duplicate.
