Signing Windows templates
bruvzg opened this issue · 1 comments
bruvzg commented
Currently, export template are signed (at least 3.2 betas and 3.1.2), which causes multiple problems on export:
- Using
rcedit, ie setting project icon or application info (name, version, etc), will result in corrupted binary, sincerceditunable to remove signatures gracefully. - Embedding PCK in the exported executable result in corrupted binary.
- Ability to sign executable on export is unusable (it should be possible to have multiple signatures by adding
-nestflag toosslsigncode, but if any of first two issues occurs, executable can't be re-signed at all)
For me signing something that's intended to be modified and used as the part of the other's project doesn't look like a right thing to do.
Probably it's better to sign only editor binaries and leave export templates unsigned.
Or on the other hand, it should be possible to remove signatures during export if any modification of the executable is required, but this will make export process more complicated and require use both osslsigncode and rcedit (on or both of which might be missing on uses machine).