InnoScript and code signing

  1. 8 months ago

    Hi everybody!

    I'm using InnoScript studio to create installer packages. The basic template is working fine. But now I want to automate the code signing procedure. However, I don't know where to start.

    I have added a new entry at "configure signing tools" within "tools" menu of ISS. Command: "c:\path to signtool.exe" sign /n "My name" /v /fd sha256 /tr "urltotimeserver" /td sha256

    This command works well for me when signing apps on command line (it is followed by a lost of files - the main .exe as well as contents of the libs and resources folders).

    But I completely hang where to implement code signing into the ISS script. According documentation it must be placed at [Setup], but don't have an idea on how to proceed.

    Are you willing to provide me with some insights or even share a (partial) ISS script where you implemented code signing? I will really appreciate your help.

    Bye!

    In tools/configure sign tools, I have entered ksign as the signer

    Then the command is
    "C:\Program Files (x86)\kSign\kSignCMD.exe" /f C:\somepath\Certificates.p12 /p THEPASSWORD $p

    in the setup section I have:

    SignTool=kSign /d $qMySoft Software$q /du $qhttp://www.mywebsite.com$q $f

    That seems to be it.
    It signs any exes, and it signs the installer

  2. Jeff T

    21 Apr 2017 Answer Midlands of England, Europe
    Edited 8 months ago

    In tools/configure sign tools, I have entered ksign as the signer

    Then the command is
    "C:\Program Files (x86)\kSign\kSignCMD.exe" /f C:\somepath\Certificates.p12 /p THEPASSWORD $p

    in the setup section I have:

    SignTool=kSign /d $qMySoft Software$q /du $qhttp://www.mywebsite.com$q $f

    That seems to be it.
    It signs any exes, and it signs the installer

  3. Beatrix W

    21 Apr 2017 Pre-Release Testers Europe (Germany)

    And use IDE scripting to automate everything. This came up recently for the Mac. For Windows you just have to exchange the shell command.

  4. According to Jeff Tullin's suggestion, I made it even easier by putting the parameters into the tools/configure menu of the IDE and so in setup section of the script I just have the line
    signtool=mysigntool1

    Until yet I signed all files (including files located within the ./libs and ./resources folders of the app. I'm not sure... in which cases is it required to sign all files and in which just the .exe?

    @Beatrix W : What do you mean by "IDE scripting"? After implementing InnoSetup my workflow is also completely automated: Compiling is done by Xojo on Mac and creating the software package is done on a Windows 7 Pro virtual machine within "Parallels Desktop" environment. Is there a method to make it even more easier, like just hitting the "build" button on Xojo?

  5. Beatrix W

    22 Apr 2017 Pre-Release Testers Europe (Germany)

    Check out http://developer.xojo.com/userguide/ide-scripting . You can copy files, sign and do a lot of other stuff from within the IDE. What you want to do is not possible as far as I know. Except if you could script Parallels.

or Sign Up to reply!