From 4476432d0b5cd8c48041255167295dde31be21ee Mon Sep 17 00:00:00 2001 From: SinghRajenM Date: Sun, 3 Sep 2023 13:14:52 +0530 Subject: [PATCH] Security enhancement: Sign uninstall.exe Fix #4120, fix #5806, fix #4443, close #14087 --- PowerEditor/installer/nppSetup.nsi | 4 ++++ PowerEditor/installer/packageAll.bat | 8 -------- PowerEditor/installer/sign-installers.bat | 19 +++++++++++++++++++ 3 files changed, 23 insertions(+), 8 deletions(-) create mode 100644 PowerEditor/installer/sign-installers.bat diff --git a/PowerEditor/installer/nppSetup.nsi b/PowerEditor/installer/nppSetup.nsi index 439b1e673..36a001531 100644 --- a/PowerEditor/installer/nppSetup.nsi +++ b/PowerEditor/installer/nppSetup.nsi @@ -43,6 +43,10 @@ OutFile ".\build\npp.${APPVERSION}.Installer.arm64.exe" OutFile ".\build\npp.${APPVERSION}.Installer.exe" !endif +; Sign both installer and uninstaller +!finalize 'sign-installers.bat "%1"' = 0 ; %1 is replaced by the installer exe to be signed. +!uninstfinalize 'sign-installers.bat "%1"' = 0 ; %1 is replaced by the uninstaller exe to be signed. + ; ------------------------------------------------------------------------ ; Version Information VIProductVersion "${Version}" diff --git a/PowerEditor/installer/packageAll.bat b/PowerEditor/installer/packageAll.bat index 3cbbadf85..84b368965 100644 --- a/PowerEditor/installer/packageAll.bat +++ b/PowerEditor/installer/packageAll.bat @@ -542,14 +542,6 @@ ren npp.portable.minimalist.7z !7zvarMin! ren npp.portable.minimalist.x64.7z !7zvarMin64! ren npp.portable.minimalist.arm64.7z !7zvarMinArm64! -if %SIGN% == 0 goto NoSignInstaller -%signBinary% !nppInstallerVar! -If ErrorLevel 1 goto End -%signBinary% !nppInstallerVar64! -If ErrorLevel 1 goto End -%signArmBinary% !nppInstallerVarArm64! -If ErrorLevel 1 goto End -:NoSignInstaller cd .. diff --git a/PowerEditor/installer/sign-installers.bat b/PowerEditor/installer/sign-installers.bat new file mode 100644 index 000000000..1f6729ef1 --- /dev/null +++ b/PowerEditor/installer/sign-installers.bat @@ -0,0 +1,19 @@ +@ECHO OFF + +if [%SIGN%] == [] goto NoSignInstaller +if not %SIGN% == 1 goto NoSignInstaller + +ECHO Start signing file: %1 +%signBinary% "%1" + +if errorlevel 1 goto SigningFailed +goto SigningOK + +:SigningFailed +echo Failed to sign file %1 +exit 1 + +:NoSignInstaller +ECHO Signing skipped for file: %1 + +:SigningOK