From b31c8f78c53f8679ce6799c40b0ba9792f37d5f2 Mon Sep 17 00:00:00 2001 From: Aditya Toshniwal Date: Mon, 14 Jul 2025 10:57:46 +0530 Subject: [PATCH] Fixed windows signature issue and specify SignTool in installer.iss file instead of calling signtool directly --- Make.bat | 11 ++++++----- pkg/win32/installer.iss.in | 6 +++++- 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/Make.bat b/Make.bat index 8cb77563c..dd7bab89e 100644 --- a/Make.bat +++ b/Make.bat @@ -28,7 +28,7 @@ CALL :CREATE_PYTHON_ENV || EXIT /B 1 CALL :CREATE_RUNTIME_ENV || EXIT /B 1 CALL :GENERATE_SBOM || EXIT /B 1 CALL :CREATE_INSTALLER || EXIT /B 1 -CALL :SIGN_INSTALLER || EXIT /B 1 +CALL :VERIFY_SIGNATURE || EXIT /B 1 EXIT /B %ERRORLEVEL% REM Main build sequence Ends @@ -373,13 +373,14 @@ REM Main build sequence Ends EXIT /B 0 -:SIGN_INSTALLER - ECHO Attempting to sign the installer... - CALL "%PGADMIN_INNOTOOL_DIR%\ISCC.exe" "%WD%\pkg\win32\installer.iss" "/Ssigntool=%PGADMIN_SIGNTOOL_DIR%\signtool.exe sign /fd certHash /tr http://timestamp.digicert.com /td SHA256 "%DISTROOT%\%INSTALLERNAME%" $f" +:VERIFY_SIGNATURE + ECHO Verifying the installer signature... + + CALL "%PGADMIN_SIGNTOOL_DIR%\signtool.exe" verify /pa /v "%DISTROOT%\%INSTALLERNAME%" IF %ERRORLEVEL% NEQ 0 ( ECHO. ECHO ************************************************************ - ECHO * Failed to sign the installer + ECHO * Failed to verify signature of the installer ECHO ************************************************************ PAUSE ) diff --git a/pkg/win32/installer.iss.in b/pkg/win32/installer.iss.in index e9f91c671..02c5bba5e 100644 --- a/pkg/win32/installer.iss.in +++ b/pkg/win32/installer.iss.in @@ -36,9 +36,13 @@ ArchitecturesInstallIn64BitMode={#MyAppArchitecturesMode} AllowNoIcons=yes WizardImageFile=sidebar.bmp MinVersion={#MinimumWindowsVer} -SignTool=signtool +SignTool=pgAdminSigntool SignedUninstaller=yes +[SignTool] +Name: "pgAdminSigntool"; \ + Command: "{#GetEnv('PGADMIN_SIGNTOOL_DIR')}\signtool.exe sign /fd certHash /tr http://timestamp.digicert.com /td SHA256 $f" + [Languages] Name: "english"; MessagesFile: "compiler:Default.isl"