How do I code-sign an executable created by a python wheel?

Asked Jan 04 '22 at 10:19

Active Jan 04 '22 at 10:19

Viewed 299 times

I'm creating a python package with an executable as a wheel using setuptools. My simplified setup.py file looks like this:

setup(
    name="mypackage",
    version="1.0.0",
    entry_points={"console_scripts": {"mypackage = mypackage.cli:cli"}}
)

Command to create the python package:

python setup.py bdist_wheel

When installing the resulting wheel, a mypackage.exe file is created in the scripts directory as expected.

How can I make sure, that the created executable is code-signed with a given certificate? I know how to code sign an existing executable using signtool.exe or Powershell, but since the executable seems to be created on the client machine when the wheel is installed, I don't know how to do it.

asked Jan 04 '22 at 10:19

Stephan

AFAIK this isn't supported by the wheel spec, so I doubt it's doable. Maybe precreating the signed executable and packaging it via the `scripts` keyword? But then again, IIRC you can't package binaries via `scripts`, so you'll need some `distutils` magic to avoid that first (custom packaging command etc) – hoefling Jan 04 '22 at 17:25

How do I code-sign an executable created by a python wheel?

0 Answers0