I have recently purchased EV Code signing certificate from DigiCert...
Now i am having issues to sign my installer executable files.
Currently (Till now) below is the process to make the installer:
Step-1:
My installer is configured in a way so, it will load all common files from it's child support directory.
like below files structure:
Setup.exe (it's only have application exe file and few other configuration file that changes time to time)
Support (Directory)
Support\DLL (Has DLL files that is required by my application)
Support\Others (Any Other files)
Support\ETC (Just for example purpose)
All those support files is resided on my server as they don't change frequently
so, i have created a wrapper installer.exe file and a script to handle the wrapper..
That wrapper installer.exe file also resides on my server
Step-2:
My script does below steps:
a) make the setup.exe with the updated application files.
b) upload setup.exe file to server
c) add (append) that setup.exe and all others required files at the end of wrapper installer.exe file
d) I Provide That wrapper installer.exe (single file) to my clients/users.
Step-3:
When that wrapper executes, it creates a temp folder in temp directory. extract all the files that is appended in itself. and run the setup.exe from that temp directory
I make this process, as i only have to change application file that is few kilobytes only (always below 1mb), but those support files are huge in size.
So, instead of having to upload all those files from my local computer each time.
i make this wrapper process to make update/upload process much faster.
Now, The Problem:
If i sign the wrapper.exe file and put it to server, but when my script append data to that file, it looses the certificate settings (it's no longer signed :( )
so, how can i overcome this situation..
Update-1:
As asked, below is the php code that used to append setup.exe file:
//Appending Setup.exe file...
$archive_File = 'files/' . $strFileID . '.exe';
if (is_file($archive_File) == 1)
{
$strSize = filesize($archive_File);
$strData = 'Setup.exe' . chr(0) . $strSize . chr(0) . file_get_contents($archive_File) ;
file_put_contents($strArchiveFile, $strData, FILE_APPEND | LOCK_EX);
}
else
{
exit ('following file does not exits: ' . $archive_File);
}
best regards
You can't modify wrapper.exe after you've code signed it. That's the whole point of code-signing - to validate that a virus or other tampering didn't occur on the signed executable.
I'm not sure why you are code signing wrapper.exe first, then appending the files to it afterwards. You need to do the following steps:
Code sign setup.exe and all other binaries first except for wrapper.exe
Append setup.exe and all other files to wrapper.exe.
Then code-sign wrapper.exe after it's been fully built.
There are a lot of free tools that will generate a self-extracting archive that when run will prompt the user to run the setup.exe within it. 7Zip will do this for free.
But it sounds like you need to build your wrapper.exe on demand right before it's downloaded. If that's the case, add the code signing script to your server code that builds the final wrapper.exe