Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Build support for Windows code signing #203

Open
anthony-tuininga opened this issue Sep 5, 2016 · 5 comments
Open

Build support for Windows code signing #203

anthony-tuininga opened this issue Sep 5, 2016 · 5 comments
Labels
enhancement major

Comments

@anthony-tuininga
Copy link
Collaborator

Originally reported by: Micah Lee (Bitbucket: micahflee, GitHub: micahflee)

Right now cx_Freeze already supports Apple code signing with the bdist_mac command, but there's no support for Microsoft Authenticode code signing. Right now, in Windows, if you run python setup.py build it creates unsigned .exe files, and if you run python setup.py bdist_msi it creates unsigned .exe files, and then it packages them inside of an unsigned .msi file. As far as I can tell, there's no way to actually code sign the .exe files if you want to use cx_Freeze's feature to build a .msi.

It would be great if there were bdist_msi options for code signing using Microsoft's codesign.exe tool: https://msdn.microsoft.com/en-us/library/8s9b9yaz(v=vs.110).aspx

If the options are present, it just needs to subprocess out to: signtool.exe sign /v /d [software name] /a /tr [timestamp server url] /fd sha256 [path to .exe or .msi] each time it builds a Windows executable.
@anthony-tuininga
Copy link
Collaborator Author

Original comment by Anthony Tuininga (Bitbucket: anthony_tuininga, GitHub: Unknown):

If you can create a pull request for this based on the equivalent Mac code I'd be happy to integrate it. I have no real way of testing the code as I am not a Windows developer.

@kierun
Copy link
Contributor

kierun commented Feb 8, 2018

As far as I can tell, there's no way to actually code sign the .exe files if you want to use cx_Freeze's feature to build a .msi.

A "fix"/enhancement for that would be welcome too! ☺

@voglster
Copy link
Contributor

I would use this as well, and would not mind writing the PR. Doesn't seem too difficult to implement a shell out but If there is someone that can help me navigate the cx_freeze code base it would be appreciated, I am pretty unfamiliar with the project.

@luciussilanus
Copy link

Looks like this has been idle for some time. I did find a work-around for anyone else who happens across this:

  1. Add 'skip_build': True option to the bdist_msi_options.
  2. Run python setup.py build to generate the exe.
  3. Code Sign the built exe using your favorite method, such as the signtool.exe mentioned above.
  4. Run python setup.py bdist_msi to build the windows installer from the previously built exe.

@Dennis-Asamoah
Copy link

Looks like this has been idle for some time. I did find a work-around for anyone else who happens across this:

  1. Add 'skip_build': True option to the bdist_msi_options.
  2. Run python setup.py build to generate the exe.
  3. Code Sign the built exe using your favorite method, such as the signtool.exe mentioned above.
  4. Run python setup.py bdist_msi to build the windows installer from the previously built exe.

It worked like charm ,thank you

@marcelotduarte marcelotduarte mentioned this issue Aug 12, 2021
Closed
@marcelotduarte marcelotduarte mentioned this issue Jul 16, 2022
Closed
@marcelotduarte marcelotduarte mentioned this issue Nov 19, 2023
Open
@marcelotduarte marcelotduarte mentioned this issue Oct 15, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement major
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@voglster @kierun @anthony-tuininga @luciussilanus @Dennis-Asamoah