I am trying to automate my code signing process in these setups. Unfortunately we have a strict protocol on .pfx and password delivery, and only one person can access the project.
It will not be a problem at all if all installs are compiled, that can be installed in the SignTool IDE on that machine, and password users will be safe on PC. However, we use a shared machine to compile our build, so we can not set SignTool because we are unable to access that password so easily. There are many reasons for this and it can not be changed.
What I want to do after compilation is completed. "The .px password" ink pops up.
Currently, my idea is either to request an authentication to get Inno Setup, which I do not know, or write a small script that compiles the setup, and Ino Setup Signs outside of I can do relatively later, but due to the nature of our workflow, it would be better if these setups can be used for it.
Can anyone help me in setting up this setup for Synchronous password for the PPX file?
If the key holder is okay, compared to your actual permissions, , Which signatures, and instead of closing the program on its network in INTO, the command can be changed to call directly to signolole. In this way only his machine will know the password and / or the private key.
Alternatively, before leaving the reality until QA is passed and the customer is actually being released. Remove the setting and replace it with settings.
When the signed uninstaller is used without SignTool , the keyholder will need to manually sign the uninstall file once, And then it can be reused from the shared space and without resigning (unless you upgrade them, then you need to do it again). The script created will have to uninstall a signed installation but there will be an unsigned output installer. Then you can pass it in QA and later manually sign it when the key holder is available (or cancel it if the QA fails).
No comments:
Post a Comment