Difference between revisions of "Documentation/Nightly/Developers/Windows Code Signing"

From Slicer Wiki
Jump to: navigation, search
(Created page with "==Overview== This page contains information on code signing on Windows and on integrating code signing into the Slicer packaging process. Some useful external references fro...")
 
Line 1: Line 1:
==Overview==
 
 
 
This page contains information on code signing on Windows and on integrating code signing into the Slicer packaging process.
 
This page contains information on code signing on Windows and on integrating code signing into the Slicer packaging process.
 
Some useful external references from the Mac Developer Library include:
 
* [https://developer.apple.com/library/mac/documentation/Security/Conceptual/CodeSigningGuide/Introduction/Introduction.html About Code Signing]
 
* [https://developer.apple.com/library/mac/documentation/IDEs/Conceptual/AppDistributionGuide/DistributingApplicationsOutside/DistributingApplicationsOutside.html#//apple_ref/doc/uid/TP40012582-CH12-SW2 Distributing Apps Outside the Mac App Store]
 
* [https://developer.apple.com/library/mac/technotes/tn2206/_index.html OS X Code Signing In Depth]
 
* [https://developer.apple.com/developer-id/ Developer ID and Gatekeeper]
 
  
 
==Prerequisites==
 
==Prerequisites==

Revision as of 19:51, 29 September 2016

Home < Documentation < Nightly < Developers < Windows Code Signing

This page contains information on code signing on Windows and on integrating code signing into the Slicer packaging process.

Prerequisites

Acquire and install a code signing certificate

Follow the procedure described in Acquire a Code Signing Certificate to acquire a code signing certificate from a commercial vendor recognized by Microsoft. Some example vendor links include:

It may be necessary to install the code signing certificate on the machine that will be used to sign the code. Regardless, it is necessary to export the certificate to a .pfx file to be used by SignTool.exe.

Sign files using SignTool.exe

SignTool.exe digitally signs files, verifies signatures in files, and time-stamps files. See SignTool.exe documentation.

For Slicer, at least the following files should be signed before creating the installer:

  • Slicer.exe (launcher)
  • bin/SlicerApp-real.exe (application)

Other candidate files to sign include:

  • other exe files in bin/
  • other .exe files outside bin/, such as CLI modules
  • .dll files in bin/ and for modules

After creating the installer, the installer .exe should also be signed.

CMake integration

Currently, CMake/CPack doesn't include any built-in functionality to automatically call SignTool.exe to digitally sign files or installers. Therefore, integrating code signing into Slicer requires adding custom steps for the targets chosen to be signed.

MySQL's implementation could be a useful example; see https://github.com/mysql/mysql-server/blob/67d52e7c7a1a23424e39273cbb6f5f9d56fda8d1/cmake/install_macros.cmake#L155.

Additional references

Introduction to Code Signing (MSDN) Windows Enforcement of Authenticode Code Signing and Timestamping (Microsoft TechNet)

Retrieved from "https://www.slicer.org/w/index.php?title=Documentation/Nightly/Developers/Windows_Code_Signing&oldid=47123"