You will need to have code sign cert named Acme corp
installed.
Apple allows you to generate your certifcate using Keychain, follow this link for instructions.
Once you have generate your certifcate, using the following command:
codesign -f -s "Acme Corp" hello --deep
openssl genrsa -out ca.key 4096
openssl req -config openssl.cfg -new -x509 -days 1826 -key ca.key -out ca.crt -subj '/CN=Acme Corp CA'
openssl genrsa -out codesign.key 4096
openssl req -config openssl.cfg -new -key codesign.key -reqexts v3_req -out codesign.csr -subj '/CN=Acme Corp'
openssl x509 -req -days 1826 -in codesign.csr -CA ca.crt -CAkey ca.key -extfile openssl.cfg -set_serial 01 -out codesign.crt
openssl pkcs12 -export -out codesign.pfx -inkey codesign.key -in codesign.crt -passout pass:1
Make sure you have configured your npm
npm config set prefix ~/.local
Also make sure ~/.local/bin
is included in your path, then proceed to install signcode using npm
.
npm install --global signcode
Once you have generated your certifcate, you can use it with signcode
to sign your Windows binary.
signcode sign hello.exe \
--cert codesign.pfx \
--prompt \
--name 'Acme Corp's App' \
--url 'http://AcmeCorp.corp'
After the file is signed you can do a very basic verification using
signcode verify hello.exe
Note that it would not say anything for a valid signature. An unsigned file will results in this error:
signcode verify hello.exe no signature found
Make sure you have Go installed.
Cross compile go binary on mac with windows
target operating system.
set -x GOOS windows;set -x GOARCH 386; go build -o hello.exe hello.go
when you compile on macOS for native app, you don't need to set the GOOS
variable.
Unset the variable using set -e GOOS
and then use go build -o hello hello.go
to build the binary.
Use goversioninfo to embed some version information into the file.