Singing with Ensymble

[leban]

Overjoyed by the fact that Nokia released new capabilities in latest version of PythonForSymbian I started the work with 3rd edition version of our software but run into the problem of signing the pys60 sis-package.

Having a limited access to a Windows box, a great help for me would be if it could be possible just to sign the Python package with Ensymble? It does the job of signsis in the prosess of converting the py into a sis, but is it possible to use Ensymble for just to add the devcert signature to already compiled pythonfors60_1_3_14_3rded_unsigned_freedevcert.SIS?

Any ideas or documentation to look for?

[jethro.fn]

...

Having a limited access to a Windows box, a great help for me would be if it could be possible just to sign the Python package with Ensymble? It does the job of signsis in the prosess of converting the py into a sis, but is it possible to use Ensymble for just to add the devcert signature to already compiled pythonfors60_1_3_14_3rded_unsigned_freedevcert.SIS?

Hello. Looks like there is a genuine need for Ensymble to support the signing of SIS packages. It is not very complicated to do, Ensymble already has functions to load and save arbitrary SIS files. I will add such a command in Ensymble in the near future.

If you're impatient, here's a very crude version of it. Only flat SIS files (i.e. PyS60 v1.3.14 or newer) are supported. You need to download and unpack Ensymble (v0.15) source and save the code below as signsis.py. You need to run signsis.py from the main Ensymble directory for it to work:

Code:

#!/usr/bin/env python
# -*- coding: iso8859-1 -*-

# signsis.py - A quickly hacked version of signsis using Ensymble
# Copyright 2006 Jussi Ylänen
#
# Warning! No error handling of any kind! Or resource tracking...

import sys
import sisfield
import sisfile
import cryptutil


if len(sys.argv) != 6:
    print "Usage: signsis.py infile outfile certificate privatekey passphrase"
    sys.exit(1)

infile, outfile, certfile, privkeyfile, passphrase = sys.argv[1:]

instring = file(infile, "rb").read()
certstring = file(certfile, "r").read()
privkeystring = file(privkeyfile, "r").read()

# Convert string to SISFields.
insis = sisfield.SISField(instring[16:])

# Temporarily remove the SISDataIndex SISField from SISController.
ctrlfield = insis.Controller.Data
didxfield = ctrlfield.DataIndex
ctrlfield.DataIndex = None

# Remove old signatures.
for n in xrange(8):
    ctrlfield.__dict__["Signature%d" % n] = None

# Calculate a signature of the SISController.
string = ctrlfield.tostring()
string = sisfield.stripheaderandpadding(string)
signature, algoid = sisfile.signstring(privkeystring, passphrase, string)

# Create a SISCertificateChain SISField from certificate data.
sf1 = sisfield.SISBlob(Data = cryptutil.certtobinary(certstring))
sf2 = sisfield.SISCertificateChain(CertificateData = sf1)

# Create a SISSignature SISField from calculated signature.
sf3 = sisfield.SISString(String = algoid)
sf4 = sisfield.SISSignatureAlgorithm(AlgorithmIdentifier = sf3)
sf5 = sisfield.SISBlob(Data = signature)
sf6 = sisfield.SISSignature(SignatureAlgorithm = sf4, SignatureData = sf5)

# Create a new SISSignatureCertificateChain SISField.
sa  = sisfield.SISArray(SISFields = [sf6])
sf7 = sisfield.SISSignatureCertificateChain(Signatures = sa,
                                            CertificateChain = sf2)

# Set certificate, restore data index.
ctrlfield.Signature0 = sf7
ctrlfield.DataIndex = didxfield

# Convert SISFields to string.
outstring = insis.tostring()

file(outfile, "wb").write(instring[:16] + outstring)

To use (assuming pass phrase 1234):

Code:

./signsis.py pythonfors60_1_3_14_3rded_unsigned_freedevcert.SIS pythonfors60_1_3_14_3rded_mycert.SIS mycert.cer mykey.key 1234

[leban]

Thank you! Your script seemed to work like a SONG!
The resulted file is somewhat bigger so I assume that the script did something to it.

But I still get "constrained by the certificate" in install

Have I missed something?
1) I got free devcert from Symbian for my IMEI with all caps
2) Signed the freedevcert with you signsis.py
3) Allowed all installs from App.manager settings
4) Uploaded to E70 and tried to install
5) got the error and installation aborted

What could I do to debug this problem?

EDIT:
I actually repeated this prosess with signsis.exe on a Windows box I got my hands onto, but with the same result! So maybe there is a problem with my sertificate. Should this be a trivial matter?

[jethro.fn]

All I can say is, it works with my free DevCert. I've signed both the Script Shell and the Python DLL and successfully installed them to my N80. Maybe the IMEI is incorrect, after all?

To check which IMEI a certificate is for, you can use OpenSSL (tested with "OpenSSL 0.9.8c 05 Sep 2006"):

Code:

openssl x509 -in mycert.cer -text -noout

Look for a line after "X509v3 extensions:". It should contain "1.2.826.0.1.1796587.1.1.1.1: critical". After that is a line of form "0...XXXXXXXXXXXXXXX", where the XXX... part is the actual IMEI.

[leban]

You were right! A typo in the IMEI.
New devcert and it worked! Now to debug my application!

Signsis command for Ensymble would be very usefull hope you get to it soon. Thanks anyway for the preview.

[andersnc]

As someone who's been quite happy just using text editors and Ensymble for development, thanks a ton for the temp script. Worked for me too, now I can get at the GSM information and other such goods.