I use py2exe 0.9.2.2 to pack all my python script into a Windows binary. I'm trying to apply a code sign to the binary. Using signtool directly produces a broken binary.
Is it possible to sign a binary produced with py2exe? How?
This is just a reminder of the solution I found by myself, because I can't find a specific information on StackOverflow.
The solution is valid for any version of py2exe.
It is possible to apply a sign certificate but it is needed to detach the zip library from the exe loader of py2exe. So in the setup.py of your py2exe project put the "zipfile" specification, i.e.:
setup(name="name",
# console based executables
console=[],
# windows subsystem executables (no console)
windows=[myapp],
# py2exe options
zipfile = "myapp.lib", # this is the detached zip library code
data_files = DATA,
options={"py2exe": py2exe_options},
)
Than you can apply your ".pfx" certificate to the binary loader:
signtool sign /d "my_description" /du "www.mysite.eu" ^
/f my_certificate.pfx ^
/v myapp.exe