Innosetup codesign?

I use Innosetup for creating Windows installers, and usually codesign the main app and the installer with external batch scripts using signTool. That works so far, but I always have to enter the dongle password at first run manually. And as I have an app using internal console helpers, I’d like to code sign them too because when I try to run them with elevated permissions, Windows will warn twice: 1) about the permission elevation and 2) for a console app by an unknown developer.

I thought I could make it easier with the internal codesign of InnoSetup, but I fail setting up Setup … It tells me it could not sign the content for a file that does not exists (Appname/uninst.e32.tmp) – I do not create an uninstaller.

Could also be I marked the password incorrectly. It uses a quotation mark and so I wonder how to escape such one correctly? Using two of them seems to work, but maybe it doesn’t.

Sigh – isn’t there one good source on Innosetup where screenshots look like the GUI and that gets a bit more into depth than just explaining the features without examples …?

Do you have this line in the script?

SignedUninstaller=yes


No! But thanks for the hint!

You can automate the password entry thing, but the instructions won’t make sense until you’ve successfully got normal code signing working.

BTW: Anyone who knows what these funny boxes at Tools are about? I can move mySign between them but did not find any hint what that means.

There are two different tools. Inno Setup Compiler and Inno Script Studio. The later is a better IDE for developing your scripts in. Be sure you have the latest version of both. Set up your code signing tool in Inno Script Studio.

Yes, oh, I got Script Studio. The screenshot is from their signing setup.

That’s not what I’m seeing here :grimacing:

Update:
And then set up automatic signing like this:

You may need to tweak the placeholders to work with the way you design your signtool.exe command.

Yes. When I see 6.3.1 in your screenshots, I got the feeling my version is a chronic liar … :rofl:

Aha! I found it. You’re using this menu item:

That’s part of the Script Wizard, not the Inno Setup Studio options. Please use the menu item from my screenshot above to configure your sign tool. Then, add a SignTool= line to the script. The wizard is really only good for a first-run setup. Scripts are much easier to maintain by hand after you get the initial template started.

Thanks, Tim. It wasn’t the Code Signing option in the setup options tab, but the password which I had to remove. Now (after setting it once on each session) it signs! Great!