feat: add SignTool to the Inno Setup script #7
Conversation
| @@ -117,6 +117,7 @@ All attributes should be under `inno_bundle` in `pubspec.yaml`. | |||
| - `false`: Don't require elevated privileges during installation. App will | |||
| install into user-specific folder. | |||
| - `license_file`: A path relative to the project that points to a text license file, if not provided, `inno_bundle` will look up for `LICENSE` file in your project root folder. Otherwise, it is set to an empty string. | |||
| - `sign_tool`: Specifies the name and parameters of the Sign Tool to be used to digitally sign the installer. The name of the sign tool can be added in Inno Setup's `Tools > Configure Sign Tools...`. | |||
There was a problem hiding this comment.
Your PR is much appreciated ❤️,
Been reading more about sign tools for Windows to understand how to better integrate this attribute before another release, I'm curious here where you wrote "Specifies the name and parameters of the Sign Tool", can you elaborate more with some values you would give to sign_tool attribute so I can better understand about the parameters part of the description.
Thanks again!
There was a problem hiding this comment.
Sure. To summaries, in Inno Setup's Configure Sign Tools configuration, user can assign a named variable with the command line and parameters as its value.
Here is the sample of the "SampleCodeSign" that run signtool.exe sign with parameters /tr {TIMESTAMP_URL} /td sha256 /fd sha256 /a $p $f
In pubspec.yaml, user can use the named variable or the complete command like below:
# sign_tool: SampleCodeSign
# or
# sign_tool: "signtool.exe sign /tr http://timestamp.digicert.com /td sha256 /fd sha256 /a $p $f"
I've just added the sign_tool attribute sample in the example app's pubspec.yaml with the complete command as
There was a problem hiding this comment.
Thanks for the thorough explanation, correct me if I'm wrong, according to inno setup docs and my own testing:
This works ✅ if you added SampleCodeSign to the Sign Tools list in the UI.
sign_tool: SampleCodeSignThis doesn't work ❌
sign_tool: "signtool.exe sign /tr http://timestamp.digicert.com /td sha256 /fd sha256 /a $p $f"Inno cannot contain the full signtool.exe sign ... command in its .iss file,
I think to overcome this is a bit more complicated, something like this should be implemented:
sign_tool:
command: "signtool.exe sign /tr http://timestamp.digicert.com /td sha256 /fd sha256 /a $p $f"This way the command is appended to the compiler as
iscc /SMyCodeSign="signtool.exe sign ..." "/path/to/my_script.iss"then the .iss file will have this
SignTool=MyCodeSignIf you have the capacity to implement this it would be awesome, otherwise, your code is great as it is rn, I can merge your PR and do these changes myself later. let me know.
| @@ -92,3 +92,4 @@ inno_bundle: | |||
| license_file: assets/LICENSE.txt | |||
| languages: | |||
| - french | |||
| sign_tool: "signtool.exe sign /tr http://timestamp.digicert.com /td sha256 /fd sha256 /a $p $f" | |||
There was a problem hiding this comment.
This added line results to the following when I try to run dart run inno_bundle:build
|
I'm merging this PR, I will fine tune this feature a bit to make clear separation between sign-tool command and sign-tool name. If you have more thoughts to add later, let me know, cheers 👍 . |
SignToolby addingsign_toolunderinno_bundlein thepubspec.yamlfileSignToolwon't be added to the script, otherwise the script will become invalid.