I wonder if they get away with it somehow because they use two-pass execution (huge performance drain in my experience, especially with small, quick scripts). 

On Tue, May 27, 2014 at 2:36 PM, Werner <wernerfbd@gmx.ch> wrote:
Hi Thomas,

On 5/27/2014 21:09, Thomas Heller wrote:
> Am 27.05.2014 11:09, schrieb Werner:
>> Hi Thomas,
>> Does the new version allow code signing of the generated .exe?
> Yes and no.
> I tested it and debugged it and found out some interesting things:
> Yes - the exe can be signed when the library zip archive is NOT appened
> to the exe itself but a separate file.
> No - when the library zip archive IS appended to the exe it will no
> longer work after having been signed.
> The interesting thing is that even in the first case the code-signing
> will not have the desired effect - the bad boys can still replace the
> library zip archive by another one containing malicious code.
> (This could possibly by fixed by including a secure hash of the library
> archive into the exe itself and checking it at runtime).
> The reason why the exe does no longer work in the second case is that
> Python's zipimporter (which is used to import modules from the library
> archive appended to the exe) does not recognize it any longer as a valid
> zip-file since the code-signing stuff is appended at the end of the zip.
> Damn.
Have you had a chance to look at how pyInstaller does it?  Haven't tried
it but they claim that it supports code signing.


The best possible search technologies are now affordable for all companies.
Download your FREE open source Enterprise Search Engine today!
Our experts will assist you in its installation for $59/mo, no commitment.
Test it for FREE on our Cloud platform anytime!
Py2exe-users mailing list