Fixed an issue where windows installer is not signing tmp files gener…

[adityatoshniwal]

…ated by InnoSetup. #8420

[stephannn]

Sorry, I forgot to mention, when this signing change works, this part will be obsolete

:SIGN_INSTALLER
    ECHO Attempting to sign the installer...
    CALL "%PGADMIN_SIGNTOOL_DIR%\signtool.exe" sign /fd certHash /tr http://timestamp.digicert.com /td SHA256 "%DISTROOT%\%INSTALLERNAME%"
    IF %ERRORLEVEL% NEQ 0 (
        ECHO.
        ECHO ************************************************************
        ECHO * Failed to sign the installer
        ECHO ************************************************************
        PAUSE
    )

    EXIT /B 0

[adityatoshniwal]

@stephannn We got the below logs on our build machine. Note that I didn't add SignTool=signtool in .iss file

Creating new signed uninstaller file: <[http://jenkins.buildfarm.pgadmin.org:8080/job/pgadmin4-windows-x64-qa/ws/pkg\win32\Output\uninst-6.2.2-c89243dec7.e32](http://jenkins.buildfarm.pgadmin.org:8080/job/pgadmin4-windows-x64-qa/ws/pkg%5Cwin32%5COutput%5Cuninst-6.2.2-c89243dec7.e32)>
Error in <[http://jenkins.buildfarm.pgadmin.org:8080/job/pgadmin4-windows-x64-qa/ws/pkg\win32\installer.iss](http://jenkins.buildfarm.pgadmin.org:8080/job/pgadmin4-windows-x64-qa/ws/pkg%5Cwin32%5Cinstaller.iss)>: Signed uninstaller mode is enabled. Using an external code-signing tool, please attach your digital signature to the following executable file:

[stephannn]

Hi @adityatoshniwal ,
the issue probably is that only SignedUninstaller=yes was added, but this has a dependency to SignTool=signtool. SignTool signs the installer, but SignedUninstaller also the uninstall.exe in case the user would like to remove the program.

[adityatoshniwal]

Hi @adityatoshniwal , the issue probably is that only SignedUninstaller=yes was added, but this has a dependency to SignTool=signtool. SignTool signs the installer, but SignedUninstaller also the uninstall.exe in case the user would like to remove the program.

So you're suggesting adding SignTool=signtool should make it work?

[stephannn]

yes, but signtool is just a variable name, but it has to be consistent with the command one. You can also name it SignPGAdmin.

Btw. here the output if I only add SignedUninstaller:

[adityatoshniwal]

yes, but signtool is just a variable name, but it has to be consistent with the command one. You can also name it SignPGAdmin.

Btw. here the output if I only add SignedUninstaller:

But how can set the variable value? Sure We can set SignTool=SignPGAdmin, but SignPGAdmin should also be set right.

[stephannn]

SignTool=signtool has just be a matching between the command line /S/signtool=%PGADMIN_SIGN

if you name both signtool names, which are in bold and Italic, for example SignPGAdmin it will also work. If one is different you will get:

I hope it is understandable.

PS.
I had to add another / after /S because I don't know the escape character

[adityatoshniwal]

@stephannn I've added SignTool=signtool as is and pushed the changes.