search

marcelotduarte / cx_Freeze

cx_Freeze creates standalone executables from Python scripts, with the same performance, is cross-platform and should work on any platform that Python itself works on.
https://marcelotduarte.github.io/cx_Freeze/
Other
1.36k stars 220 forks source link

Build support for Windows code signing #203

Open anthony-tuininga opened 8 years ago

anthony-tuininga commented 8 years ago

Originally reported by: Micah Lee (Bitbucket: micahflee, GitHub: micahflee)

Right now cx_Freeze already supports Apple code signing with the bdist_mac command, but there's no support for Microsoft Authenticode code signing. Right now, in Windows, if you run python setup.py build it creates unsigned .exe files, and if you run python setup.py bdist_msi it creates unsigned .exe files, and then it packages them inside of an unsigned .msi file. As far as I can tell, there's no way to actually code sign the .exe files if you want to use cx_Freeze's feature to build a .msi.

It would be great if there were bdist_msi options for code signing using Microsoft's codesign.exe tool: https://msdn.microsoft.com/en-us/library/8s9b9yaz(v=vs.110).aspx

If the options are present, it just needs to subprocess out to: signtool.exe sign /v /d [software name] /a /tr [timestamp server url] /fd sha256 [path to .exe or .msi] each time it builds a Windows executable.

anthony-tuininga commented 8 years ago

Original comment by Anthony Tuininga (Bitbucket: anthony_tuininga, GitHub: Unknown):

If you can create a pull request for this based on the equivalent Mac code I'd be happy to integrate it. I have no real way of testing the code as I am not a Windows developer.

kierun commented 6 years ago

As far as I can tell, there's no way to actually code sign the .exe files if you want to use cx_Freeze's feature to build a .msi.

A "fix"/enhancement for that would be welcome too! ☺

voglster commented 6 years ago

I would use this as well, and would not mind writing the PR. Doesn't seem too difficult to implement a shell out but If there is someone that can help me navigate the cx_freeze code base it would be appreciated, I am pretty unfamiliar with the project.

luciussilanus commented 3 years ago

Looks like this has been idle for some time. I did find a work-around for anyone else who happens across this:

  1. Add 'skip_build': True option to the bdist_msi_options.
  2. Run python setup.py build to generate the exe.
  3. Code Sign the built exe using your favorite method, such as the signtool.exe mentioned above.
  4. Run python setup.py bdist_msi to build the windows installer from the previously built exe.
Dennis-Asamoah commented 3 years ago

Looks like this has been idle for some time. I did find a work-around for anyone else who happens across this:

  1. Add 'skip_build': True option to the bdist_msi_options.
  2. Run python setup.py build to generate the exe.
  3. Code Sign the built exe using your favorite method, such as the signtool.exe mentioned above.
  4. Run python setup.py bdist_msi to build the windows installer from the previously built exe.

It worked like charm ,thank you