I've had a lot of trouble getting Inno Setup's SignTool
feature to work on our Windows install.
I'm thinking now of doing the code signing myself outside of Inno Setup.
If I manually code sign our exe before using Inno Setup to build the installer, and then manually code sign the resulting Setup.exe
, does that give the same degree of code signing that using SignTool
does?
Does SignTool
sign the Setup.exe
as well as whatever .exe
we specify on the signtool screen?
Does SignTool
also sign other internal .exe
's that Inno Setup perhaps produces? (I ask this because I recall from years ago that there's a filename.tmp
exe that gets run by the Setup.exe
. Does SignTool
do anything to that?)
I believe that the very reason Inno Setup has the SignTool
directive at all is the fact, that you cannot completely code sign the installer externally.
The reason being that there are indeed two internal executable files generated during compilation:
That is in addition to signing:
sign
or signonce
flag (those you can indeed sign yourself before compiling the installer).So maybe you should actually ask a new question about your problem with SignTool
directive. It's not really difficult to set up.
See also these questions to learn, how to debug problems with SignTool
: