I am working on the code signing aspect of InstallBuilder. Initially I am using signtool for Windows but will also need to sign Mac & Linux .exe & .jar files. I can sign my main install file that I build with InstallBuilder (aka setup.exe). I have read about the postBuildActionList concept, so I can run signtool from there.
I just want to make sure that if I want a customer's final application executable to be signed (MyApp.exe), then I cannot sign it until they have run the setup.exe on their system. Therefore, I need to include a .pfx certificate file as part of the build? And I should probably include the signtool.exe so a customer does not have to install Microsoft SDK themselves? Not sure if signtool.exe depends on other .dlls that would also need to be present.
The .pfx file is password protected so seems like it's OK to distribute it. Can I define it (and signtool.exe) as a hidden file in the customer's install directory so they will not see it?
Please let me know if I am missing something here. I do not see a place when running InstallBuilder where I can sign the MyApp.exe file while building the install package.
Please sign in to leave a comment.