Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Codesigning tclkit based applications

70 views
Skip to first unread message

s-imai

unread,
Nov 3, 2007, 3:22:07 AM11/3/07
to
Hi.

Do you know how to make codesigning tclkit based applications in a
breeze?
Is it impossible? Do you know any solutions?

AFAIK. The following procedure wouldn't work.

sdx wrap tkchat.exe -runtime tclkit-gui.exe
sdx mksplit tkchat.exe
upx -9 tkchat.head
signtool sign /f signing.p12 tkchat.head
copy /b tkchat.head + tkchat.tail tkchat.exe

Best Regards,
-----
Satoshi Imai
s-i...@japan.interq.or.jp


--
Message posted using http://www.talkaboutprogramming.com/group/comp.lang.tcl/
More information at http://www.talkaboutprogramming.com/faq.html

Pat Thoyts

unread,
Nov 3, 2007, 10:27:21 PM11/3/07
to
"s-imai" <s-i...@japan.interq.or.jp> writes:

>Do you know how to make codesigning tclkit based applications in a
>breeze?
>Is it impossible? Do you know any solutions?
>
>AFAIK. The following procedure wouldn't work.
>
> sdx wrap tkchat.exe -runtime tclkit-gui.exe
> sdx mksplit tkchat.exe
> upx -9 tkchat.head
> signtool sign /f signing.p12 tkchat.head
> copy /b tkchat.head + tkchat.tail tkchat.exe

No it wouldn't, becuase you mofified the exe by appending stuff after
signing it. It doesn't work to sign the whole starpack either because
metakit expects to be at the end of the file and the authenticode
certificate is appended.

What you need is a modified tclkit. There is one at
http://www.patthoyts.tk/tclkit/

I have a patch for vqtcl that will make its way into the main trunk
for this at some point. I've so far failed to get it to work with
metakit itself as metakit doesn't pay attention to the necessary
internal variables to limit the extent of the database and always
makes use of the file size.

--
Pat Thoyts http://www.patthoyts.tk/
To reply, rot13 the return address or read the X-Address header.
PGP fingerprint 2C 6E 98 07 2C 59 C8 97 10 CE 11 E6 04 E0 B9 DD

s-imai

unread,
Nov 5, 2007, 7:51:46 PM11/5/07
to
Hi.

> What you need is a modified tclkit. There is one at
> http://www.patthoyts.tk/tclkit/

It failed in code signing. Why?
A digital signature doesn't become effective.

sdx wrap tkchat.exe -runtime tclkit8416.exe
sdx mksplit tkchat.exe


signtool sign /f signing.p12 tkchat.head
copy /b tkchat.head + tkchat.tail tkchat.exe

-----

Pat Thoyts

unread,
Nov 6, 2007, 5:49:37 PM11/6/07
to
"s-imai" <s-i...@japan.interq.or.jp> writes:

>Hi.
>
>> What you need is a modified tclkit. There is one at
>> http://www.patthoyts.tk/tclkit/
>
>It failed in code signing. Why?
>A digital signature doesn't become effective.
>
>sdx wrap tkchat.exe -runtime tclkit8416.exe
>sdx mksplit tkchat.exe
>signtool sign /f signing.p12 tkchat.head
>copy /b tkchat.head + tkchat.tail tkchat.exe

No. You just modified the binary after signing again by appending a
metakit tail.

If you use my modified tclkit.exe:
sdx wrap yourapp.exe -runtime tclkit-signable.exe
signtool /v /f signing.p12 youradd.exe

The certificate needs to be code signing certificate issued by a
certificate authority whose key is held in your local machine trusted
root certification authority collection.>

s-imai

unread,
Nov 6, 2007, 11:20:40 PM11/6/07
to
Hi

>If you use my modified tclkit.exe:
> sdx wrap yourapp.exe -runtime tclkit-signable.exe
> signtool /v /f signing.p12 youradd.exe

I downloaded the tclkit8416.exe from your site.
and I performed the following commands.

sdx wrap myapp.exe -runtime tclkit8416.exe
signtool /v /f signing.p12 myadd.exe

but when I perform the myadd.exe,
The following error occurs. Why?

[Error in TclKit]
couldn't open "setup.tcl": no such file or directory

Are your specified tclkit-signable.exe and tclkit8416.exe the same one?

Pat Thoyts

unread,
Nov 8, 2007, 9:08:58 AM11/8/07
to
"s-imai" <s-i...@japan.interq.or.jp> writes:

>Hi
>
>>If you use my modified tclkit.exe:
>> sdx wrap yourapp.exe -runtime tclkit-signable.exe
>> signtool /v /f signing.p12 youradd.exe
>
>I downloaded the tclkit8416.exe from your site.
>and I performed the following commands.
>
>sdx wrap myapp.exe -runtime tclkit8416.exe
>signtool /v /f signing.p12 myadd.exe
>
>but when I perform the myadd.exe,
>The following error occurs. Why?
>
>[Error in TclKit]
>couldn't open "setup.tcl": no such file or directory
>
>Are your specified tclkit-signable.exe and tclkit8416.exe the same one?

The 8.4 kits use metakit and I've been unable to fix metakit for
this. The 8.5 exes on that site use vqtcl and that I have patched.
It is possible to build an 8.4 tclkit with this patch. The current
code for all this is at
http://www.patthoyts.tk/tclkit/kitgen.zip
Note this is patched in various ways and is not quite an 'official'
release of kitgen (though they will likely all go into the main kitgen
code).

s-imai

unread,
Nov 15, 2007, 1:31:01 AM11/15/07
to
Hi.

Thanks for your help.

I succeeded in code signing of Tclkit application.
I used the tclkit-gui-85b2.exe of your site.

0 new messages