Re: Unable to code sign metakit based tcl exe
Pat Thoyts
> When I code-sign a metakit based tcl interpreter, the tcl exe fails to
> load the metakit.
>
> Metakit seeks to the end of the binary to locate the terminating
> metakit signature and the size of the metakit image. Metakit looks at
> the end of the specified database for information about the remainder
> of the db and in theory you can feed it an offset from the end.
> However when I created a version that used an offset it failed and I
> never was able to make a metakit-based tclkit that could be signed.
>
> Please let me know your suggestions for getting around this problem?
>
> Harsh
There is no solution for this using a tclkit executable that has
Metakit as the database access library. If you use a tclkit executable
that has vlerq as the database reading component then you can sign a
starpack and it will work. Vlerq is a different library that can read
metakit databases without requiring C++.
If you create a simple virtual filesystem (hello.vfs/main.tcl) and
maybe add in some extensions under (hello.vfs/lib/*) then wrap it into
a starpack using tclkit-gui as the executable you can sign it.
ie:
tclkitsh sdx.kit wrap hello.exe -runtime tclkit-gui.exe
signtool sign /n "Your Certificate Name" hello.exe
(Although you should add a timestamp too as mentioned previously).
There are some prebuilt tclkit executables using vlerq at
http://www.patthoyts.tk/tclkit/ -- read the readme file but *-gui.exe
and *-cli.exe are vlerq based.
You can obtain the sourcecode to build it all. Some is at
http://tclkit.googlecode.com/ (vlerq and sdx) and what I use is at
http://www.patthoyts.tk/gitweb.cgi?p=kitgen;a=summary although it
needs work on how to setup the various sub-projects to build it.
In brief: you need to use a vlerq-based executable if you want to
code-sign a starpack.
Pat Thoyts
