PDA

View Full Version : Feature request - code signing



NewsArchive
01-26-2007, 05:29 AM
Friedrich,
This was a reply to another thread, but I thought it might be better to
start a new one.

I understand your sticking with signcode.exe to be compatible with Win98...
Afraid I'm always going to consider the MS window popping up and (knock on
wood) getting the password filled in as a kludge. <G> It doesn't work
reliably on my machine, and apparently I'm not the only one.

If I don't enable digital signature on the Project | Settings tab, I can
just use #run to run a signing batch file after the script compiles.

The problem is that if I DO tick the Enable Installer Integrity Check box
and then sign the installer using my batch file, the integrity check fails
when I run the installer.

If I tell SB6 to sign the installer, hit cancel when the password window
pops up, then run my batch file... everything is fine.

So... would it be possible to add a check box to the digital signature tab
in Project | Settings... to run my own signing batch file after the script
finishes compiling rather than invoking signcode.exe? That way, those of
use who aren't having great success with the fill-in-the-window trick would
have an alternative.

Jane

NewsArchive
01-26-2007, 05:29 AM
Jane,

Thank you for your suggestion!!!

All installation tool vendors use signcode.exe - only SetupBuilder provides
built-in password field automation. Today I compiled 200 test installers
and password automation failed twice on a machine whith IE7 is installed.

The problem with SIGNTOOL.EXE is that you have to download a 400MB
(megabyte!!!!!!) Platform SDK to get your hands on this little tool. So our
own full SetupBuilder 6 install image (including a 6MB documentation) is 10
MB. The Platform SDK to receive signtool.exe is 400 MB. Argh...

I'll give this some thoughts.

Thanks again,
Friedrich

--
Friedrich Linder
Lindersoft
www.lindersoft.com
+1.954.252.3910

"point. click. ship" - that's SetupBuilder 6
Create Windows Vista ready installations in minutes

NewsArchive
01-26-2007, 05:29 AM
Argh indeed. I remember how much stuff I used to be able to store on a 140K
single-sided 5.25 inch Apple II floppy disk.. :rolleyes:

My suggestion was just to keep doing things the way you are, but to allow
the option for the user to do the signing instead. Where SB6 would be
invoking signcode.exe, it could optionally run a user-supplied batch file
instead. Those of us who've clogged the Internet downloading gazillionbytes
from Microsoft could do our own thing... and presumably not disrupt the
installer integrity check because whatever workaround you supply for your
use of signcode.exe should work here as well.

JAT

Jane

NewsArchive
01-26-2007, 05:29 AM
:)

Thank you Jane. I'll see what we can do...

Friedrich