From 02e819fc0044443c69b13dbfb883599df8ee4a0b Mon Sep 17 00:00:00 2001 From: Jan De Dobbeleer Date: Sat, 16 Nov 2024 20:16:04 +0100 Subject: [PATCH] fix(inno): sign installer with signtool this effectively disables signing the uninstaller as somehow inno setup doesn't forward environment variables to the subshell used to run signtool. As we can't authenticate using environment variables that way, we also can't sign with our new certificate. Future thought will need to be given. --- packages/inno/build.ps1 | 10 +++++++++- packages/inno/oh-my-posh.iss | 2 -- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/packages/inno/build.ps1 b/packages/inno/build.ps1 index b8449e3a7c82..e94c4ecd3b3d 100644 --- a/packages/inno/build.ps1 +++ b/packages/inno/build.ps1 @@ -31,9 +31,17 @@ $content = $content.Replace('', $Version) $ISSName = ".oh-my-posh-$Architecture-$Version.iss" $content | Out-File -Encoding 'UTF8' $ISSName +# clean paths +$signtool = $signtool -Replace '\\', '/' +$signtoolDlib = $signtoolDlib -Replace '\\', '/' + # package content $installer = "install-$Architecture" -ISCC.exe /F$installer "/Ssigntool=$signtool sign /v /debug /fd SHA256 /tr http://timestamp.acs.microsoft.com /td SHA256 /dlib $signtoolDlib /dmdf ./metadata.json `$f" $ISSName +ISCC.exe /F$installer $ISSName + +# sign installer +& "$signtool" sign /v /debug /fd SHA256 /tr 'http://timestamp.acs.microsoft.com' /td SHA256 /dlib "$signtoolDlib" /dmdf ../../src/metadata.json "./Output/$installer.exe" + # get hash $zipHash = Get-FileHash "Output/$installer.exe" -Algorithm SHA256 $zipHash.Hash | Out-File -Encoding 'UTF8' "Output/$installer.exe.sha256" diff --git a/packages/inno/oh-my-posh.iss b/packages/inno/oh-my-posh.iss index b5ecbfb8127c..9db7e8a7d345 100644 --- a/packages/inno/oh-my-posh.iss +++ b/packages/inno/oh-my-posh.iss @@ -13,8 +13,6 @@ UninstallDisplayIcon={app}\bin\oh-my-posh.exe PrivilegesRequired=lowest PrivilegesRequiredOverridesAllowed=dialog ChangesEnvironment=yes -SignTool=signtool -SignedUninstaller=yes CloseApplications=no [Files]