Signing Innosetup Uninstaller

FinalBuilder Discussion
1

Hi,

I'm trying to sign an innosetup 5 unistaller. Everything works find when compiling via Innosetup, but when I run the script via FinalBuilder I get:

 

Error on line 36 in c:\myscript.iss: Value of [Setup] section directive "SignTool" is invalid.

The offending script line looks like this:

SignTool=MSSignTool sign /f $qPath to my cert$q /p $f

"MSSignTool" is defined as:

"C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\Bin\signtool.exe" $p

Like I say, it works fine in InnoSetup, just not in FinalBuilder. Do I need to add the MSSignTool property somewhere in FB?

Cheers,
Paul

 

 

 

2

You need to turn on the option to use the command line compiler, or turn on the pre-processor. BTW, you can also sign the installer using the Signtool action as well.

3

Singing through InnoSetup is perfered as you will also sign your uninstall.    If you use the SignTool action it only signs the install.

 

4

 Hi,

As a workaround I am signing the installer via FinalBuilder. As Robert says though, this does not sign the UNinstaller.

I have tried every combination of Command Line/Preprocessor options and get the same error every time. 

In Innosetup, the signtool definition is not stored in the script. You need to define it via the Tools | Configure Sign Tools option. Could it be that when FinalBuilder is executing the script it is not finding the sign tool definition?

InnoSetup: 5.4.1
FinalBuilder: 7.0.0.1283

Cheers,
Paul
 

5

Ok, this build includes a SignTool option :

https://www.finalbuilder.com/downloads/finalbuilder/aex6/FB700_1302.exe

6

BTW, one downside I can see with signing from Inno is that if the signtool fails, you have to run your setup compiler again. We often get failures while timestamping files, the timestamp servers sometimes do not respond, so we set the timestamp action to retry a few times (which seems to work most of the time).

7

Hi,

I have downloaded the new build, but it doesn't seem to make any difference. I still get the same error. Can you explain what you do with the signtool property in FinalBuilder? Do I need to change my InnoSetup script?

Cheers,
Paul

 

8

This is how I get it to work.

In my installer script, under [Setup], I have :

SignTool=MySignTool

Then under Code Signing in the Action properties dialog :

MySignTool=C:\Program Files\Microsoft SDKs\Windows\v6.0A\Bin\signtool.exe sign  /f c:\certs\mycert.pfx /p MYPASSWORD -t http://timestamp.verisign.com/scripts/timstamp.dll $f

HTH

 

9

Hi,

I've managed to get code signing working. I'd missed the new option in the action properties.

What is the purpose of the "Signtool Executable" in the Sign Tool Options? The signing works whether or not this property is set.

A small feature request. Is it possible to suppress the signing console window that pops up while FB is running the inno script?

Thanks for your hard work.

Cheers,
Paul

10

If you specify to use the command line compiler you will not see the window popup. When not using the command line compiler we have no control over that.

I would recommend always using the command line compiler, as the Inno team broke our Pre-processor support in 5.4.1 when calling the compiler dll. Also if you are running on a 64bit machine then the command line compiler will get it’s own 2Gb memory address space, which can be important for larger install scripts.

11

The Signtool options are only used for the SignTool actions at this time.