I have a problem with committing a .exe installer, that is signed using a code signing certificate, to svn. I compile the program and the output is a .exe windows installer binary, I sign the file using the code signing certificate and verify the signature.
I sign the file using the following command:
codesign --verify --verbose --deep --timestamp --sign "<certificate-name" <path-to-the-file-that-should-be-signed>
I verify the signature using the following command:
codesign --verbose=4 --display --deep -r- <path-to-the-signed-file>
the output looks something like this:
Executable=path-to.exe
Identifier=<file name>
Format=generic
CodeDirectory v=20100 size=168 flags=0x0(none) hashes=1+2 location=embedded
Hash type=sha256 size=32
CandidateCDHash sha1=a1d3855d9c469f8a1297583485d533f8fa8b9aaf
CandidateCDHash sha256=13d2a8112b513831f1ce8773103c30df12d08496
Hash choices=sha1,sha256
Page size=none
CDHash=13d2a8112b513831f1ce8773103c30df12d08496
Signature size=8912
Authority=companyname
Authority=DigiCert SHA2 Assured ID Code Signing CA
Authority=DigiCert Assured ID Root CA
Timestamp=10 jan. 2018 12:43:46
Info.plist=not bound
TeamIdentifier=not set
Sealed Resources=none
designated => identifier "file name" and certificate leaf = H"a97b16d7951d71de5f7c09ce7b086b9c512b2391"
Everything seems in order and I commit the file to a SVN repository. When I later checkout the file, it does not contain any certificate information.
The output from codesign --verify is as follows:
file.exe: code object is not signed at all
I have tried google and searching stackoverflow to find information about wether this is a SVN related problem or if this is OS related.
I am able to circumvent the issue by wrapping the installer into a zip file but that isn't user friendly when using the installer.
Has anyone else experienced this problem and if so, (how) did you manage to get it to work?
svn status)? – Chris