Inno setup code signing?

1

Hi, I’m using something like the example script I found on this forum somewhere, I can’t find it now, but I think it may have been a github link someone posted:
Code signing works fine if I do it manually, by the way, so it’s all good there.
Anyway, adding the signTool bit, it says:

   Running Sign Tool signtool: "C:\Program Files (x86)\Windows Kits\8.1\bin\x86\signtool.exe" sign /f "E:\Plug-ins\QuikQuak_JUCE\Signing\Windows\Certificates.p12" /t http://timestamp.comodoca.com "E:\Plug-ins\QuikQuak_JUCE\MyPluygin\Inno Setup\uninst.e32.tmp"
   Sign Tool command failed (Sign Tool command failed with exit code 0x1). Will retry (2 tries left).

I don’t know why uninst.e32.tmp is being looked for. And yes, a lot of that seems not needed, but never mind.

This is the Inno Script…

[Setup]
#define MyApp "MyPlugin"
AppName={#MyApp}
AppVersion=5.0.3
WizardStyle=modern
ArchitecturesInstallIn64BitMode=x64
OutputDir= ..\\Inno Setup
DefaultDirName={commoncf}
DefaultGroupName={#MyApp}
OutputBaseFilename={#MyApp}-windows
//SignTool=signtool

[Components]
Name: "vst2_64"; Description: "64-bit VST2 Plugin (.dll)"; Types: full custom; Check: Is64BitInstallMode;
Name: "vst3_64"; Description: "64-bit VST3 Plugin (.vst3)"; Types: full custom; Check: Is64BitInstallMode;
Name: "aax_64"; Description: "64-bit AAX Plugin (.aaxplugin)"; Types: full custom; Check: Is64BitInstallMode; 
[Files]
Source: "C:\Program Files\Steinberg\vstplugins\{#MyApp}.dll"; DestDir: {code:GetVST2Dir_64}; Check: Is64BitInstallMode; Components:vst2_64; Flags: ignoreversion;
Source: "C:\Program Files\Common Files\VST3\{#MyApp}.vst3"; DestDir: "{commoncf64}\VST3\"; Check: Is64BitInstallMode; Components:vst3_64; Flags: ignoreversion;
Source: "C:\Program Files\Common Files\Avid\Audio\Plug-Ins\{#MyApp}.aaxplugin\*.*"; DestDir: "{commoncf64}\Avid\Audio\Plug-Ins\{#MyApp}.aaxplugin\"; Components:aax_64; Flags: ignoreversion recursesubdirs;

[Dirs]

Name: {commoncf64}\Avid\Audio\Plug-Ins\{#MyApp}.aaxplugin; Attribs: readonly

[Code]
var
  OkToCopyLog : Boolean;
  VST2DirPage_64: TInputDirWizardPage;

procedure InitializeWizard;
begin
  if IsWin64 then begin
    VST2DirPage_64 := CreateInputDirPage(wpSelectDir,
    'Confirm 64-Bit VST2 Plugin Directory', '',
    'Select the folder in which setup should install the 64-bit VST2 Plugin, then click Next.',
    False, '');
    VST2DirPage_64.Add('');
    VST2DirPage_64.Values[0] := ExpandConstant('{reg:HKLM\SOFTWARE\VST,VSTPluginsPath|{commonpf64}\Steinberg\VSTPlugins}\');

  end
end;

function GetVST2Dir_64(Param: String): String;
begin
  Result := VST2DirPage_64.Values[0]
end;
2

It looks like it’s not passing the certificate password. There should be a /p YourPasswordGoesHere flag passed to signtool.exe. Maybe you’re passing it when calling manually, but InnoSetup doesn’t?

1 Like
3

Brilliant thanks, that was certainly a strange error. Manual calling just needs the file and timestamp, it looks like Inno Setup needs everything.
So I’m now using along these lines this if it helps anyone…
BTW. signtool is on my Path settings.

signtool.exe sign /f “MycertFolder\Certificates.p12” /p myPassword /t http://timestamp.comodoca.com $f