Add DownloadTemporaryFileWithISSigVerify + doc tweaks.

ISHelp/isxfunc.xml

@@ -1817,7 +1817,7 @@ end;</pre></example>
       </function>
       <function>
         <name>DownloadTemporaryFile</name>
-        <prototype>function DownloadTemporaryFile(const Url, FileName, RequiredSHA256OfFile: String; const OnDownloadProgress: TOnDownloadProgress): Int64;</prototype>
+        <prototype>function DownloadTemporaryFile(const Url, BaseName, RequiredSHA256OfFile: String; const OnDownloadProgress: TOnDownloadProgress): Int64;</prototype>
         <description><p>Downloads the file from the specified URL to a temporary directory using the specified name. To find the location of the temporary directory, use <tt>ExpandConstant('{tmp}')</tt>.</p>
 <p>If RequiredSHA256OfFile is set it will compare this to the SHA-256 of the downloaded file and raise an exception if the hashes don't match.</p>
 <p>An exception will be raised if there was an error. Otherwise, returns the number of bytes downloaded. Returns 0 if RequiredSHA256OfFile is set and the file was already downloaded.</p>
@@ -1828,6 +1828,7 @@ end;</pre></example>
 <p><tt>TOnDownloadProgress = function(const Url, FileName: String; const Progress, ProgressMax: Int64): Boolean;</tt></p>
 <p>ProgressMax will be 0 if the file size is still unknown. Return True to allow the download to continue, False otherwise.</p></remarks>
         <seealso><p><link topic="isxfunc_SetDownloadCredentials">SetDownloadCredentials</link><br />
+<link topic="isxfunc_DownloadTemporaryFileWithISSigVerify">DownloadTemporaryFileWithISSigVerify</link><br />
 <link topic="isxfunc_DownloadTemporaryFileSize">DownloadTemporaryFileSize</link><br />
 <link topic="isxfunc_DownloadTemporaryFileDate">DownloadTemporaryFileDate</link><br />
 <link topic="isxfunc_CreateDownloadPage">CreateDownloadPage</link><br />
@@ -1856,12 +1857,39 @@ begin
   end;
 end;</pre>
 <p>See <i>CodeDownloadFiles.iss</i> for another example which uses <link topic="isxfunc_CreateDownloadPage">CreateDownloadPage</link> instead.</p></example>
+      </function>
+      <function>
+        <name>DownloadTemporaryFileWithISSigVerify</name>
+        <prototype>function DownloadTemporaryFileWithISSigVerify(const Url, IssigUrl, BaseName: String; const AllowedKeysRuntimeIDs: TStringList; const OnDownloadProgress: TOnDownloadProgress): Int64;</prototype>
+        <description><p>Like <link topic="isxfunc_DownloadTemporaryFile">DownloadTemporaryFile</link>, but downloads an .issig signature file first from the specified second URL and uses it to verify the main file downloaded from the first URL.</p>
+<p>Verification uses the specified allowed keys, looked up using <link topic="issigkeyssection">[ISSigKeys] section</link> parameter <tt>RuntimeID</tt>. To allow all keys set AllowedKeysRuntimeIDs to <tt>nil</tt>.</p>
+<p>An exception will be raised if there was an error. Otherwise, returns the number of bytes downloaded for the main file from the first URL. Returns 0 if the main file was already downloaded and still verified.</p></description>
+        <seealso><p><link topic="isxfunc_DownloadTemporaryFile">DownloadTemporaryFile</link><br/>
+<link topic="issig">.issig Signatures: Introduction</link><br/>
+<link topic="isxfunc_ISSigVerify">ISSigVerify</link></p></seealso>
+        <example><pre>
+[Code]
+function InitializeSetup: Boolean;
+begin
+  try
+    DownloadTemporaryFileWithISSigVerify(
+      'https://jrsoftware.org/download.php/myprog-extrareadmes.7z',
+      'https://jrsoftware.org/download.php/myprog-extrareadmes.7z.issig',
+      'myprog-extrareadmes.7z', nil, nil);
+    Result := True;
+  except
+    Log(GetExceptionMessage);
+    Result := False;
+  end;
+end;</pre></example>
       </function>
       <function>
         <name>SetDownloadCredentials</name>
         <prototype>procedure SetDownloadCredentials(const User, Pass: String);</prototype>
-        <description><p>Sets username and password for all following downloads. Set an empty string to delete the previous setting.</p>
-<seealso><p><link topic="isxfunc_DownloadTemporaryFile">DownloadTemporaryFile</link><br/><link topic="isxfunc_DownloadTemporaryFileSize">DownloadTemporaryFileSize</link><br/><link topic="isxfunc_DownloadTemporaryFileDate">DownloadTemporaryFileDate</link></p></seealso></description>
+        <description><p>Sets username and password for all following downloads. Set an empty string to delete the previous setting.</p></description>
+        <seealso><p><link topic="isxfunc_DownloadTemporaryFile">DownloadTemporaryFile</link><br/>
+<link topic="isxfunc_DownloadTemporaryFileSize">DownloadTemporaryFileSize</link><br/>
+<link topic="isxfunc_DownloadTemporaryFileDate">DownloadTemporaryFileDate</link></p></seealso>
       </function>
       <function>
         <name>DownloadTemporaryFileSize</name>
@@ -1916,7 +1944,7 @@ end;</pre>
       <function>
         <name>ISSigVerify</name>
         <prototype>function ISSigVerify(const AllowedKeysRuntimeIDs: TStringList; const Filename: String; const KeepOpen: Boolean): TFileStream;</prototype>
-        <description><p>Verifies the signature of the specified file using the specified allowed keys, looked up using [ISSigKeys] section parameter <tt>RuntimeID</tt>. To allow all keys set AllowedKeysRuntimeIDs to <tt>nil</tt>. An exception will be raised upon failure.</p>
+        <description><p>Verifies the signature of the specified file using the specified allowed keys, looked up using <link topic="issigkeyssection">[ISSigKeys] section</link> parameter <tt>RuntimeID</tt>. To allow all keys set AllowedKeysRuntimeIDs to <tt>nil</tt>. An exception will be raised upon failure.</p>
 <p>Returns a handle to the still open file if True is specified in the KeepOpen parameter, <tt>nil</tt> otherwise. It is recommended that you always specify True if you plan to use the file for anything after verification. Otherwise, you risk creating a Time-Of-Check to Time-Of-Use (TOCTOU) problem.</p></description>
         <example><pre>var
   F: TFileStream;
@@ -1928,7 +1956,8 @@ begin
     F.Free;
   end;
 end;</pre></example>
-        <seealso><p><link topic="issig">.issig Signatures: Introduction</link></p></seealso>
+        <seealso><p><link topic="issig">.issig Signatures: Introduction</link><br/>
+<link topic="isxfunc_DownloadTemporaryFileWithISSigVerify">DownloadTemporaryFileWithISSigVerify</link></p></seealso>
       </function>
     </subcategory>
     <subcategory>

Projects/Src/Setup.ScriptDlg.pas

@@ -1113,6 +1113,7 @@ end;
 function TDownloadWizardPage.AddExWithISSigVerify(const Url, IssigUrl, BaseName, UserName,
   Password: String; const AllowedKeysRuntimeIDs: TStringList): Integer;
 begin
+  { Also see Setup.ScriptFunc DownloadTemporaryFileWithISSigVerify }
   const ISSigAllowedKeys = ConvertAllowedKeysRuntimeIDsToISSigAllowedKeys(AllowedKeysRuntimeIDs);
   DoAdd(IssigUrl, BaseName + ISSigExt, '', UserName, Password, False, '');
   Result := DoAdd(Url, BaseName, '', UserName, Password, True, ISSigAllowedKeys);

Projects/Src/Setup.ScriptFunc.pas

@@ -802,13 +802,30 @@ var
     begin
       Stack.SetInt(PStart, ExtractTemporaryFiles(Stack.GetString(PStart-1)));
     end);
-    RegisterScriptFunc('DownloadTemporaryFile', sfNoUninstall, procedure(const Caller: TPSExec; const OrgName: AnsiString; const Stack: TPSStack; const PStart: Cardinal)
+    RegisterScriptFunc(['DownloadTemporaryFile', 'DownloadTemporaryFileWithISSigVerify'], sfNoUninstall, procedure(const Caller: TPSExec; const OrgName: AnsiString; const Stack: TPSStack; const PStart: Cardinal)
     begin
-      Stack.SetInt64(PStart, DownloadTemporaryFile(Stack.GetString(PStart-1), Stack.GetString(PStart-2), Stack.GetString(PStart-3), False, '', TOnDownloadProgress(Stack.GetProc(PStart-4, Caller))));
-    end);
-    RegisterScriptFunc('SetDownloadCredentials', sfNoUninstall, procedure(const Caller: TPSExec; const OrgName: AnsiString; const Stack: TPSStack; const PStart: Cardinal)
-    begin
-      SetDownloadCredentials(Stack.GetString(PStart),Stack.GetString(PStart-1));
+      const ISSigVerify = OrgName = 'DownloadTemporaryFileWithISSigVerify';
+      var Url, ISSigUrl, BaseName, RequiredSHA256OfFile: String;
+      var ISSigAllowedKeys: AnsiString;
+      var OnDownloadProgress: TOnDownloadProgress;
+
+      if ISSigVerify then begin
+        Url := Stack.GetString(PStart-1);
+        ISSigUrl := Stack.GetString(PStart-2);
+        BaseName := Stack.GetString(PStart-3);
+        ISSigAllowedKeys := ConvertAllowedKeysRuntimeIDsToISSigAllowedKeys(TStringList(Stack.GetClass(PStart-4)));
+        OnDownloadProgress := TOnDownloadProgress(Stack.GetProc(PStart-5, Caller));
+      end else begin
+        Url := Stack.GetString(PStart-1);
+        BaseName := Stack.GetString(PStart-2);
+        RequiredSHA256OfFile := Stack.GetString(PStart-3);
+        OnDownloadProgress := TOnDownloadProgress(Stack.GetProc(PStart-4, Caller));
+      end;
+
+      { Also see Setup.ScriptDlg TDownloadWizardPage.AddExWithISSigVerify }
+      if ISSigVerify then
+        DownloadTemporaryFile(IssigUrl, BaseName + ISSigExt, '', False, '', OnDownloadProgress);
+      Stack.SetInt64(PStart, DownloadTemporaryFile(Url, BaseName, RequiredSHA256OfFile, ISSigVerify, ISSigAllowedKeys, OnDownloadProgress));
     end);
     RegisterScriptFunc('DownloadTemporaryFileSize', sfNoUninstall, procedure(const Caller: TPSExec; const OrgName: AnsiString; const Stack: TPSStack; const PStart: Cardinal)
     begin
@@ -818,6 +835,10 @@ var
     begin
       Stack.SetString(PStart, DownloadTemporaryFileDate(Stack.GetString(PStart-1)));
     end);
+    RegisterScriptFunc('SetDownloadCredentials', sfNoUninstall, procedure(const Caller: TPSExec; const OrgName: AnsiString; const Stack: TPSStack; const PStart: Cardinal)
+    begin
+      SetDownloadCredentials(Stack.GetString(PStart),Stack.GetString(PStart-1));
+    end);
   end;
 
   procedure RegisterInstFuncScriptFuncs;

Projects/Src/Shared.ScriptFunc.pas

@@ -316,7 +316,8 @@ initialization
   [
     'procedure ExtractTemporaryFile(const FileName: String);',
     'function ExtractTemporaryFiles(const Pattern: String): Integer;',
-    'function DownloadTemporaryFile(const Url, FileName, RequiredSHA256OfFile: String; const OnDownloadProgress: TOnDownloadProgress): Int64;',
+    'function DownloadTemporaryFile(const Url, BaseName, RequiredSHA256OfFile: String; const OnDownloadProgress: TOnDownloadProgress): Int64;',
+    'function DownloadTemporaryFileWithISSigVerify(const Url, IssigUrl, BaseName: String; const AllowedKeysRuntimeIDs: TStringList; const OnDownloadProgress: TOnDownloadProgress): Int64;',
     'function DownloadTemporaryFileSize(const Url: String): Int64;',
     'function DownloadTemporaryFileDate(const Url: String): String;',
     'procedure SetDownloadCredentials(const User, Pass: String);'

whatsnew.htm

@@ -148,10 +148,10 @@ issigtool --key-file="MyKey.ispublickey" verify "MyProg.dll"</pre>
   </li>
   <li>Other related changes:
   <ul>
-    <li>The compiler now verifies that precompiled files like <i>SetupLdr.e32</i> and <i>Setup.e32</i> remain unchanged before using them. Can be disabled using new [Setup] section directive <tt>VerifyPrecompiledFiles</tt>.</li>
+    <li>The compiler now verifies that precompiled files like <i>SetupLdr.e32</i> and <i>Setup.e32</i> remain unchanged before using them. Can be disabled using new [Setup] section directive <tt>VerifyPrecompiledFiles</tt>. Doing so is <i>not</i> recommended.</li>
     <li>Pascal Scripting:
       <ul>
-        <li>Added new <tt>ISSigVerify</tt> support function.</li>
+        <li>Added new <tt>ISSigVerify</tt> and <tt>DownloadTemporaryFileWithISSigVerify</tt> support functions.</li>
         <li>Added new <tt>AddWithISSigVerify</tt> and <tt>AddExWithISSigVerify</tt> functions to support class <tt>TDownloadWizardPage</tt>. See updated example script <i>CodeDownloadFiles.iss</i> for an example.</li>
       </ul>
     </li>