Monday, November 09, 2009

Executable Signing with Inno Setup

As I discussed a couple of years ago, code signing your executables is important for a variety of reasons. Our installation creation tool of choice is Inno Setup and version 5.2.4 released in March 2009 made it easier to sign the setup executable through the new Signtool directive in the [Setup] section.

This directive works like this (assuming you already have a digital certificate):

  • Run the Inno Setup UI and choose Configure Sign Tools in the Tools menu.
  • Create a new “sign tool” by clicking Add and specifying a name and the command line to execute your signing application. For example, I created one called “Standard” with the following command line to call Microsoft’s SIGNTOOL.EXE:

"C:\Program Files\Microsoft Visual Studio 8\SDK\v2.0\Bin\signtool.exe" sign /f CertPath\mycert.pfx /p MyPassword

where CertPath\mycert.pfx is the name and location of the PFX file and MyPassword is the password.

  • In the [Setup] section of your Inno Setup script (ISS) file, add the following:

SignTool=Standard /d $qStonefield Query Installer$q $f

Specify the name of your “sign tool” in place of “Standard” and a descriptive name for your setup program in place of “Stonefield Query Installer.” $q is an Inno Setup constant representing a quote and $f is a constant containing the name and path of the setup EXE created by Inno Setup.

Now, every time you build your setup using the Inno Setup UI, your setup executable is automatically signed.

However, I also like to build setups as part of a build process, so I call the Inno Setup compiler via the command line. Once I added the SignTool directive in my ISS files, my command line builds failed.

Here’s the solution: you need to add the same “sign tool” definition you did to the UI to the command line. For example:

"C:\Program Files\Inno Setup 5\iscc" "/sStandard=C:\Program Files\Microsoft Visual Studio 8\SDK\v2.0\Bin\signtool.exe sign /f CertPath\mycert.pfx /p MyPassword $p" sfquery.iss

Now, whether I build using the UI or through a build process, my setup executable is always signed.

Friday, November 06, 2009

Previewing PDF Attachments in Outlook 2007

One thing that’s always annoyed me about Outlook is that there’s no built-in previewer for PDF attachments on emails. I always had to double-click the attachment to write it out to a temporary file and then open the application (Adobe Reader or whatever) to view it.

If necessity is the mother of invention, annoyance is the mother of Google (or Bing or whatever) searches. Tim Heuer’s Foxit PDF Preview Handler sounded pretty good, so after installing Foxit (ya gotta love a tool with “Fox” in its name), I installed Tim’s previewer and voila, PDF preview in Outlook. Thanks, Tim!