Native executables created with dart2native do not support signing

[mit-mit]

NOTE: This issue specifically refers to dart2native tool, it does not refer to Flutter on Desktop, as Flutter does not use dart2native

The executables created with bin/dart2native use a format that as discussed in the original issue is not compatible with signing tools such as codesign and signtool.

[anaisbetts]

Confirmed this on Windows 10 - signing a binary with signtool on Windows will cause it (strangely enough) to act like dart.exe

C:\Users\ana\code> cat .\test.dart
main() {
        print("Hello world!");
}

C:\Users\ana\code> dart2native -k exe -o test.exe .\test.dart
Generated: c:\users\ana\code\test.exe
C:\Users\ana\code> .\test.exe
Hello world!

C:\Users\ana\code>signtool.exe sign /f mycert.pfx /p sekritPassword .\test.exe
Done Adding Additional Store
Successfully signed: .\test.exe

C:\Users\ana\code> .\test.exe
Usage: dart [<vm-flags>] <dart-script-file> [<script-arguments>]

Executes the Dart script <dart-script-file> with the given list of <script-arguments>.

Common VM flags:
--enable-asserts
  Enable assert statements.
--help or -h
  Display this message (add -v or --verbose for information about
  all VM options).
--package-root=<path> or -p<path>
  Where to find packages, that is, "package:..." imports.

[knopp]

Are there any plans of addressing this? Distributing binaries on Mac and Windows that are not codesigned is not feasible (on Windows you will not get through smart screen, on Mac since Catalina you need hardened runtime and notarization, before catalina there's gatekeeper).

[dnfield]

I was hoping to use this to be able to ship a tool from the Flutter engine repo to the Flutter tool. I won't be able to do so without this feature.

[tonosama-atlacatl]

I WANT IT!!!! I Need IT!! I wrote a tool to organize photos/videos/etc... take it from someone that has spent hours helping others install the SDK over the phone... just so they can test my script.

[MichaelCharles]

Is this a planned feature? It seems like there's been relatively silence on this for the past few months.

[alexgoussev]

I very hope this feature will be implemented in the future! I need it!

[stephantual]

Adding a vote for this feature, massively important if desktop dart wants to get into the big leagues.

Windows desktop apps without signning, most of people or security software will not trust them.
Hope fix it quickly.

[jodinathan]

is there a workaround to this?

[Timmmm]

I WANT IT!!!! I Need IT!! I wrote a tool to organize photos/videos/etc... take it from someone that has spent hours helping others install the SDK over the phone... just so they can test my script.

It is still possible to run unsigned binaries on Mac and Windows. On Mac you have to right-click the App and select Open (rather than double clicking it), and on Windows you have to click "More info" and then "Run anyway". Completely not obvious, but you shouldn't need to install the SDK just to get a friend to run something!

Plenty of free software is still distributed unsigned on both platforms, though it would obviously be great if code signing was supported.

[knopp]

I WANT IT!!!! I Need IT!! I wrote a tool to organize photos/videos/etc... take it from someone that has spent hours helping others install the SDK over the phone... just so they can test my script.

It is still possible to run unsigned binaries on Mac and Windows. On Mac you have to right-click the App and select Open (rather than double clicking it), and on Windows you have to click "More info" and then "Run anyway". Completely not obvious, but you shouldn't need to install the SDK just to get a friend to run something!

Plenty of free software is still distributed unsigned on both platforms, though it would obviously be great if code signing was supported.

None of these is feasible. Especially if you want to distribute commercial software to general public.