PyUpdater
PyUpdater copied to clipboard
How does pyupdater support Windows digital certificate signing when building EXE files?
There is a system warning that content is "Unverified publisher: Do you want to allow this app from an unknow publisher to make changes to your device?" shown When user executes the exe file on Windows7 and Windows10. How does pyupdater support for sign Windows digital certificate on exe files?
Anything certificate-related would be the responsibility of PyInstaller. It's what builds the .exe.
Yes, pyinstaller builds the .exe, and then somebody (pyinstaller? pyupdater?) has to sign it before it goes into the .zip file. I haven't found any information about either entity having a step which runs signtool.
From https://www.pyupdater.org/usage-cli/ - I think you would want to do your signing of the binary between steps 7 and 8.
I've found a not-exactly-workaround workaround: sign it in the pyinstaller .spec file. It's Python after all. Since writing this comment, I've found that I can insert these two lines after EXE finishes: `import subprocess subprocess.run("signtool sign -f cert.pfx -p PASSWORD -fd sha256 myapp.exe".split("/"))
This causes pyupdater to run a pyinstaller which is configured to sign the executable, all hunky-dory!