none
How to sign a Setup Project automatically in Visual Studio 2008 ?

    Question

  • Hello !

    I have a "Setup Project" that makes a MSI file for my application.
    Nowadays, If I need rebuild my MSI file, after the "rebuild process" finishes, I need manually use signtool.exe to sign my MSI file.

    There are a way to sign a MSI file automatically, after rebuild in "Visual Studio 2008 SP1" ?

    Thanks,
    Andre Abrantes.

    Saturday, April 18, 2009 10:14 AM

Answers

  • Hi Andre,

    You can call the signtool.exe command from the post-build event of the Setup project. Thus the resultd MSI file can be automatically signed every time the Setup project is rebuilt.

    For more information on how to specify build events, please read the following MSDN document:
    "How to: Specify Build Events (C#)"
    http://msdn.microsoft.com/en-us/library/ke5z92ks.aspx

    Hope this helps.
    If you have any question, please feel free to let me know.

    Sincerely,
    Linda Liu

    Monday, April 20, 2009 9:09 AM
  • Only for sample:

    Here is my makeSign.bat, placed in the Setup Project directory.

    We need add the follow line in PostEvent in "Properties Tab" of Setup Project in "VS2008 SP1".

    call $(ProjectDir)makeSign.bat $(ProjectDir) $(Configuration) $(BuiltOuputPath)

    ------
    @echo off

    "C:\Program Files\Microsoft SDKs\Windows\v6.0A\bin\signtool.exe" sign /i "MyCertificate" /d "Digital Sign of My Company" /du "http://www.mycompany.com" /q  %1%2\setup.exe
    IF NOT ERRORLEVEL 0 GOTO ERRORSIGNING

    "C:\Program Files\Microsoft SDKs\Windows\v6.0A\bin\signtool.exe" sign /i "MyCertificate" /d "Digital Sign of My Company" /du "http://www.mycompany.com" %3
    IF NOT ERRORLEVEL 0 GOTO ERRORSIGNING

    exit /B 0

    :ERRORSIGNING
    exit /B 1
    ------

    Monday, April 20, 2009 2:51 PM

All replies

  • Hi Andre,

    You can call the signtool.exe command from the post-build event of the Setup project. Thus the resultd MSI file can be automatically signed every time the Setup project is rebuilt.

    For more information on how to specify build events, please read the following MSDN document:
    "How to: Specify Build Events (C#)"
    http://msdn.microsoft.com/en-us/library/ke5z92ks.aspx

    Hope this helps.
    If you have any question, please feel free to let me know.

    Sincerely,
    Linda Liu

    Monday, April 20, 2009 9:09 AM
  • Hi Linda.

    Thanks for your answer.
    Andre Abrantes.

    Note: The way to access Pre and Post Build Events in SetupProject is only in "Properties Tab". Different from WinApp, that we can access from Right-Click in Project Icon.

    Monday, April 20, 2009 11:49 AM
  • Only for sample:

    Here is my makeSign.bat, placed in the Setup Project directory.

    We need add the follow line in PostEvent in "Properties Tab" of Setup Project in "VS2008 SP1".

    call $(ProjectDir)makeSign.bat $(ProjectDir) $(Configuration) $(BuiltOuputPath)

    ------
    @echo off

    "C:\Program Files\Microsoft SDKs\Windows\v6.0A\bin\signtool.exe" sign /i "MyCertificate" /d "Digital Sign of My Company" /du "http://www.mycompany.com" /q  %1%2\setup.exe
    IF NOT ERRORLEVEL 0 GOTO ERRORSIGNING

    "C:\Program Files\Microsoft SDKs\Windows\v6.0A\bin\signtool.exe" sign /i "MyCertificate" /d "Digital Sign of My Company" /du "http://www.mycompany.com" %3
    IF NOT ERRORLEVEL 0 GOTO ERRORSIGNING

    exit /B 0

    :ERRORSIGNING
    exit /B 1
    ------

    Monday, April 20, 2009 2:51 PM
  • hi there,

    I stopped to this thread finding this sample.

    I used as reference Andre Abrantes's sample to write necessary code and what to implement in order to do sign the .exe and the .msi for our Visual Studio 2008 Setup Project and I joined the 2 contents at the end of this post.

    I hope that will help anyone!

    Let me know,

    Regards,

    Jean-Guillaume Isabelle

    ______________________________


    Content of the "PostBuildEvent"  (this setting is in "Deployment Project Properties")

    set BuiltOuputPath=$(BuiltOuputPath)
    set ProjectDir=$(ProjectDir)
    call $(ProjectDir)makeSign.bat 

    Content of "makeSign.bat" located on my project root [ $(ProjectDir) ]

    @echo off
    
    rem Signing tool and SDKs part.
    set MSSDKsRoot=c:\Program Files\Microsoft SDKs
    set signtoolexe="%MSSDKsRoot%\Windows\v6.0A\bin\signtool.exe"
    
    rem Certificate part.
    rem This .pfx is an Export from my Certificate Store of a Signing Certificate 
    rem issued from the Intranet Certificate Service that include the private key encrypted using password 12345
    set mycert="%ProjectDir%RAjgisabelle_CodeSigningIII.pfx"
    set mycertpasswd="12345"
    
    rem Signing information Part.
    set mySigningDescription="Jgisabelle MyProduct Environment Installer"
    set mySigningDescriptionUrl="http://intranet.jgisabellesoft.com/EnvironmentInstaller"
    
    rem note. "BuiltOuputPath" and "ProjectDir" batch variables has to come from the PostBuildEvent $(BuiltOuputPath) and $(ProjectDir)
    rem which look like that:
    rem PostBuildEvent start {
    rem set BuiltOuputPath=$(BuiltOuputPath)
    rem set ProjectDir=$(ProjectDir)
    rem call $(ProjectDir)makeSign.bat 
    rem PostBuildEvent end  }
    
    rem signing part. 
    rem WE USUALLY SHOULDN'T CHANGE THAT UNLESS YOU KNOW WHAT YOU ARE DOING ;)
    
    rem sign the .exe
    %signtoolexe% sign /f %mycert% /p %mycertpasswd% /d %mySigningDescription% /du %mySigningDescriptionUrl% /q  %1%2\setup.exe
    
    rem sign the .msi
    %signtoolexe% sign /f %mycert% /p %mycertpasswd% /d %mySigningDescription% /du %mySigningDescriptionUrl% /q  %BuiltOuputPath%
    
    IF NOT ERRORLEVEL 0 GOTO ERRORSIGNING
    
    rem sign the .exe
    %signtoolexe% sign /f %mycert% /p %mycertpasswd% /d %mySigningDescription% /du %mySigningDescriptionUrl% %3
    
    rem sign the .msi
    %signtoolexe% sign /f %mycert% /p %mycertpasswd% /d %mySigningDescription% /du %mySigningDescriptionUrl% %BuiltOuputPath%
    
    IF NOT ERRORLEVEL 0 GOTO ERRORSIGNING
    
    exit /B 0
    
    :ERRORSIGNING
    exit /B 1


    JGI
    Sunday, June 28, 2009 3:46 AM