Recent

Author Topic: [SOLVED] How to code sign using a commercial certificate  (Read 2871 times)

Gizmo

  • Hero Member
  • *****
  • Posts: 831
[SOLVED] How to code sign using a commercial certificate
« on: August 11, 2017, 04:56:38 pm »
Can anyone point me in the direction of a HOW TO guide or explain the steps needed in order to code sign my compiled executable using a commercially provided code signing certificate?

I've read https://developer.apple.com/support/code-signing/ and https://www.digicert.com/code-signing/mac-os-codesign-tool.htm both of which are APple Mac OSX specific. I'm seeking to discover how I can make all my compiled binaries (Windows, OSX, Linux binaries, Linux DEB packages etc) code signed using the same code sign signature? I intend to buy the certificate from GlobalSign, unless anyone can tell me where to get legitimate free ones from (GlobalSign only offer free SSL certs for websites for open source projects, and LetsEncrypt do not offer code sign certs according to the last articles I read).

Thanks
« Last Edit: August 11, 2017, 06:51:08 pm by Gizmo »

Phil

  • Hero Member
  • *****
  • Posts: 2737
Re: How to code sign using a commercial certificate
« Reply #1 on: August 11, 2017, 05:14:17 pm »
Can anyone point me in the direction of a HOW TO guide or explain the steps needed in order to code sign my compiled executable using a commercially provided code signing certificate?

On Mac, just use your Developer ID with codesign on both the .app bundle and the .dmg installer. You can also use spctl on both to assess the status of the codesigning.

On Windows, import your certificate into the Windows store. In IE, Internet Options | Content | Certificates | Import. Once imported, you can use MS's signtool.exe on the app .exe and the installer .exe. See Inno Setup docs for how to integrate it into your .iss file if you use Inno Setup.

There's also a package for Lazarus that helps with this. Install OPM and have it install codesigningtool (or something like that).

Gizmo

  • Hero Member
  • *****
  • Posts: 831
Re: [SOLVED] How to code sign using a commercial certificate
« Reply #2 on: August 11, 2017, 06:51:45 pm »
Thanks Phil. I didn't realise it was something that was done externally of Lazarus. I thought it was a step that had to be incorporated into the compile step, but I know little about it so your reply is very helpful. Thanks

Phil

  • Hero Member
  • *****
  • Posts: 2737
Re: [SOLVED] How to code sign using a commercial certificate
« Reply #3 on: August 11, 2017, 06:56:54 pm »
Thanks Phil. I didn't realise it was something that was done externally of Lazarus. I thought it was a step that had to be incorporated into the compile step, but I know little about it so your reply is very helpful. Thanks

Try codesigninghelper - I believe that package attempts to integrate signing more into Laz, although the signing tools themselves remain external.

On Mac, you could also export your Laz project to Xcode and compile it there - that is, you enter your signing ID into Xcode and Xcode always signs with each build, although again it too is using the external codesign utility.

https://macpgmr.github.io/ObjP/ProjectXC.html


 

TinyPortal © 2005-2018