I use py2exe 0.9.2.2 to pack all my python script into a Windows binary. I'm trying to apply a code sign to the binary. Using signtool directly produces a broken binary.

Is it possible to sign a binary produced with py2exe? How?

This is just a reminder of the solution I found by myself, because I can't find a specific information on StackOverflow.

The solution is valid for any version of py2exe.

It is possible to apply a sign certificate but it is needed to detach the zip library from the exe loader of py2exe. So in the setup.py of your py2exe project put the "zipfile" specification, i.e.:

setup(name="name",
      # console based executables
      console=[],

      # windows subsystem executables (no console)
      windows=[myapp],

      # py2exe options
      zipfile = "myapp.lib", # this is the detached zip library code
      data_files = DATA,
      options={"py2exe": py2exe_options},
      )

Than you can apply your ".pfx" certificate to the binary loader:

signtool sign /d "my_description" /du "www.mysite.eu" ^
   /f my_certificate.pfx ^
   /v myapp.exe