Release build
Build a release binary for distribution
# Optimised release build:
PS> cargo build --release
# Output: target\release\your-app.exe
# With full optimisation (smaller, faster):
[profile.release]
lto = true # link-time optimisation
codegen-units = 1 # single codegen unit
opt-level = 3 # maximum optimisation
strip = true # strip debug symbols
MSI packaging
Create an MSI installer with WiX
# Install cargo-wix:
PS> cargo install cargo-wix
# Initialise WiX for your project:
PS> cargo wix init
# Build the MSI:
PS> cargo wix
# Output: target\wix\your-app-x.y.z-x86_64.msi
Code signing
Sign your Rust binary on Windows
Unsigned Windows executables trigger SmartScreen warnings on download. Options:
- OV/EV Code Signing Certificate — purchase from DigiCert, Sectigo etc. (~$200-400/year). EV certificates suppress SmartScreen immediately; OV requires reputation building
- Azure Trusted Signing — Microsoft's managed signing service, cheaper than traditional CA
- signtool.exe — included in Windows SDK, use to sign after packaging
# Sign with a PFX certificate:
PS> signtool sign /f cert.pfx /p password /t http://timestamp.sectigo.com your-app.exe
# Verify the signature:
PS> signtool verify /pa your-app.exe
FAQ
Packaging questions
How to reduce Rust binary size for Windows distribution?
Enable LTO and strip in your release profile (see above). Also try: opt-level = "s" for size optimisation, the upx packer, and the cargo-bloat tool to find large dependencies. A typical "Hello World" Rust binary is 150–300 KB; a release binary with LTO and strip is often under 500 KB.
Windows SmartScreen blocks my Rust .exe — how to fix?
SmartScreen blocks executables from unknown publishers. Short-term: sign with any code signing certificate (even a self-signed one helps). Long-term: buy an OV code signing certificate from a trusted CA. An EV certificate suppresses SmartScreen immediately; OV certificates build reputation over time based on download count.