Home Explore Help
Sign In
pascal
/
innosetup
mirror of https://github.com/jrsoftware/issrc.git
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

Updates.

Martijn Laan 9 years ago
parent
6ea2b8fac9
commit
7fb9dc8b48
2 changed files with 2 additions and 2 deletions
Split View Show Diff Stats
  1. 1 1
      ishelp/isetup.xml
  2. 1 1
      whatsnew.htm

+ 1 - 1
ishelp/isetup.xml
View File 

@@ -4946,7 +4946,7 @@ SignTool=byparam signtool.exe sign /a /n $qMy Common Name$q /t http://timestamp.
 
 [Setup]

 SignTool=mycustom sign /a /n $qMy Common Name$q /fd sha1 /t http://timestamp.comodoca.com/authenticode /d $qMy Program$q $f

 ;the /as parameter in the following SignTool requires a recent signtool.exe version

-SignTool=mycustom sign /a /n $qMy Common Name$q /as /fd sha256 /tr http://timestamp.comodoca.com/rfc3161 /d $qMy Program$q $f

+SignTool=mycustom sign /a /n $qMy Common Name$q /as /fd sha256 /td sha256 /tr http://timestamp.comodoca.com/rfc3161 /d $qMy Program$q $f

 </pre>

 <p>Note: for security reasons you should give a unique name to any Sign Tool set to <tt>$p</tt>, and not use a <tt>byparam</tt> name copied from this example. Consider what happens if you #include a third-party file that says:</p>

 <pre>

+ 1 - 1
whatsnew.htm
View File 

@@ -28,7 +28,7 @@ For conditions of distribution and use, see <a href="http://www.jrsoftware.org/f
 
 

 <p><a name="5.5.8"></a><span class="ver">5.5.8 </span><span class="date">(2016-01-13)</span></p>

 <ul>

-<li>The [Setup] section many now list multiple <tt>SignTool</tt> directives which will be executed in order of appearance. This can be used to dual sign (SHA1 &amp; SHA256) Setup and Uninstall. This requires a recent signtool.exe version. Inno Setup's own installer is now also dual signed. See the help file for a dual sign example. <b>Without dual signing Windows will no longer trust any of your new installers if they are downloaded</b>. See <a href="http://social.technet.microsoft.com/wiki/contents/articles/32288.windows-enforcement-of-authenticode-code-signing-and-timestamping.aspx">http://social.technet.microsoft.com/wiki/contents/articles/32288.windows-enforcement-of-authenticode-code-signing-and-timestamping.aspx</a> for more information.</li>

+<li>The [Setup] section many now list multiple <tt>SignTool</tt> directives which will be executed in order of appearance. This can be used to dual sign (SHA1 &amp; SHA256) Setup and Uninstall. This requires a recent signtool.exe version. Inno Setup's own installer is now also dual signed. See the help file for a <a href="http://www.jrsoftware.org/ishelp/index.php?topic=setup_signtool">dual sign example</a>. <b>Without dual signing Windows will no longer trust any of your new installers if they are downloaded</b>. See <a href="http://social.technet.microsoft.com/wiki/contents/articles/32288.windows-enforcement-of-authenticode-code-signing-and-timestamping.aspx">http://social.technet.microsoft.com/wiki/contents/articles/32288.windows-enforcement-of-authenticode-code-signing-and-timestamping.aspx</a> for more information.</li>

 <li>The console-mode compiler (ISCC) now accepts multiple /S command line parameters (to specify a Sign Tool) instead of ignoring all but the last.</li>

 </ul>