I wonder if they get away with it somehow because they use two-pass execution (huge performance drain in my experience, especially with small, quick scripts). 


On Tue, May 27, 2014 at 2:36 PM, Werner <wernerfbd@gmx.ch> wrote:
Hi Thomas,

On 5/27/2014 21:09, Thomas Heller wrote:
> Am 27.05.2014 11:09, schrieb Werner:
>> Hi Thomas,
>>
>> Does the new version allow code signing of the generated .exe?
>
> Yes and no.
>
> I tested it and debugged it and found out some interesting things:
>
> Yes - the exe can be signed when the library zip archive is NOT appened
> to the exe itself but a separate file.
>
> No - when the library zip archive IS appended to the exe it will no
> longer work after having been signed.
>
> The interesting thing is that even in the first case the code-signing
> will not have the desired effect - the bad boys can still replace the
> library zip archive by another one containing malicious code.
> (This could possibly by fixed by including a secure hash of the library
> archive into the exe itself and checking it at runtime).
>
> The reason why the exe does no longer work in the second case is that
> Python's zipimporter (which is used to import modules from the library
> archive appended to the exe) does not recognize it any longer as a valid
> zip-file since the code-signing stuff is appended at the end of the zip.
>
> Damn.
Have you had a chance to look at how pyInstaller does it?  Haven't tried
it but they claim that it supports code signing.

Werner


------------------------------------------------------------------------------
The best possible search technologies are now affordable for all companies.
Download your FREE open source Enterprise Search Engine today!
Our experts will assist you in its installation for $59/mo, no commitment.
Test it for FREE on our Cloud platform anytime!
http://pubads.g.doubleclick.net/gampad/clk?id=145328191&iu=/4140/ostg.clktrk
_______________________________________________
Py2exe-users mailing list
Py2exe-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/py2exe-users