Metadata-Version: 2.4
Name: winsign
Version: 2.3.0
Summary: Utilities to support code signing Windows executable files
Author-email: Mozilla Release Engineering <releng@mozilla.com>
License-File: LICENSE
Classifier: Development Status :: 2 - Pre-Alpha
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: Mozilla Public License 2.0 (MPL 2.0)
Classifier: Natural Language :: English
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Programming Language :: Python :: 3.13
Classifier: Programming Language :: Python :: 3.14
Requires-Python: >=3.11
Requires-Dist: aiohttp
Requires-Dist: construct
Requires-Dist: cryptography>=39
Requires-Dist: pyasn1
Requires-Dist: pyasn1-modules>=0.2.6
Requires-Dist: rsa
Description-Content-Type: text/x-rst

=======
winsign
=======

.. image:: https://img.shields.io/pypi/v/winsign.svg
        :target: https://pypi.python.org/pypi/winsign

.. image:: https://readthedocs.org/projects/winsign/badge/?version=latest
        :target: https://winsign.readthedocs.io/en/latest/?badge=latest
        :alt: Documentation Status

`winsign` is a python module for signing and manipulating `Authenticode
<https://en.wikipedia.org/wiki/Code_signing#Implementations>`_ signatures in PE and MSI files.

* Works on Python 3.11 and up.
* Free software: MPL2

Requirements
============
Most dependencies are specified in pyproject.toml, however, currently
you also need `osslsigncode` installed to perform signing. This utility can be
fetched from your distribution's package repository, or from e.g.
https://github.com/mtrojnar/osslsigncode

Signing MSIX/APPX files currently requires Mozilla's fork of `msix-packaging
<https://github.com/mozilla/msix-packaging/tree/johnmcpms/signing>`_.

Installation
============
`pip install winsign`

CLI Usage
=========
::

   usage: winsign [-h] --certs CERTS --key PRIV_KEY [-n COMMENT] [-i URL] -d
                  {sha1,sha256} [-t {old,rfc3161}] [-v] [-q]
                  infile [outfile]

   positional arguments:
     infile            unsigned file to sign
     outfile           where to write output to. defaults to infile

   optional arguments:
     -h, --help        show this help message and exit
     --certs CERTS     certificates to include in the signature
     --key PRIV_KEY    private key used to sign
     -n COMMENT        comment to include in signature
     -i URL            url to include in signature
     -d {sha1,sha256}  digest to use for signing. must be one of sha1 or sha256
     -t {old,rfc3161}
     -v, --verbose
     -q, --quiet

Future plans
============
* Stop using osslsigncode for PE signatures
* Refactor code so that osslsigncode functionality is in its own module
* Add python support for MSI, then we can drop dependency on osslsigncode

Development
===========
Highly recommended to create a virtualenv, then run:
 * *pip install -e .*
 * make your changes to the source files
 * run local tests: *tox*

upon successful r+ and merging to *master* branch, you need to release a new version on PyPi.
 * edit pyproject.toml to adjust the version
 * generate .whl file locally: *python setup.py bdist_wheel*
 * file will exist in: *./dist/winsign-{version}-py3-none-any.whl*
 * (assuming you have pypi access to upload)
 * upload to pypi: *twine upload --verbose dist/winsign-{version}-py3-none-any.whl*

Credits
=======

* Chris AtLee
* Ben Hearsum <bhearsum@mozilla.com>
* Joel Maher <jmaher@mozilla.com>
