2. NSIS Discussion
  3. Howto sign un-installer

Archive: Howto sign un-installer


onad
8th May 2006 12:00 UTC

Howto sign un-installer
To sign a NSIS created installer with authenticode is easy like regular,(at least easy for me ;)

* but now I want to sign the un-installer also.

I know I can install on a test PC the get the uninst.exe ofcourse, but how do I get this into the installer again? hmmm... cannot sign the STUB since it is not final when compiling NSIS script.

MY IDEA:
I would like to have an option just before the uninstaller exe is "glued" to the intaller to sign this executable. Is there a mistery option? e.g. the un-install is writen as temp file on build machine so I can just before it is "glued" sign the application

kichik
8th May 2006 20:05 UTC

The uninstaller is pieced together only on the user's machine. When the installer writes the uninstaller, it doesn't just extract a precompiled executable. It copies itself, patches the icons and appends the data.

What you can do is to create the uninstaller on the build machine, sign it, and use File to extract it instead of WriteUninstaller. It can all be done in a batch file called using !system.

onad
8th May 2006 22:40 UTC

Ah, some light im my darkness! Thanks for the tip.
I realize I will just puzzle along again on my quest for the ultimate build system.

BTW
I succesfully signed an Win32 installer on FreeBSD with opensource http://sourceforge.net/projects/osslsigncode

For this you need ofcourse an Authenticode sign key and cert you buy e.g. at http://www.thawte.com/

NEHOG
21st January 2008 17:55 UTC

Originally posted by kichik
The uninstaller is pieced together only on the user's machine. When the installer writes the uninstaller, it doesn't just extract a precompiled executable. It copies itself, patches the icons and appends the data.

What you can do is to create the uninstaller on the build machine, sign it, and use File to extract it instead of WriteUninstaller. It can all be done in a batch file called using !system.
Any 'tricks' to getting the uninstaller to uninstall itself? Or should one just use the /REBOOTOK when removing...

Red Wine
21st January 2008 17:59 UTC

http://nsis.sourceforge.net/SelfDel_plug-in

NEHOG
22nd January 2008 00:41 UTC

Originally posted by Red Wine
http://nsis.sourceforge.net/SelfDel_plug-in
Close, but not quite what I was wanting. I'm thinking that if I write my own uninstaller completely, (so I can sign it) then it must be able to delete itself. In that case, the main installer won't have an uninstall section.

I guess the traditional delete on reboot is the way to go in that case...

mauvecloud
26th March 2008 16:28 UTC

Here's what I do for signing an uninstaller:
1. Have an "uninstall maker" script that doesn't install any files; it silently performs the WriteUninstaller step to put an uninstaller in the application directory. It includes the uninstall section and whatever "un." functions you need.
2. Run the "uninstall maker".
3. Sign the resulting uninstaller.
4. Use the "File" command to extract the uninstaller during installation.

onad
1st April 2008 13:05 UTC

Thanks but:

> 2. Run the "uninstall maker".

Exactly this part is my problem, this strategy will not work if you make your Win32 builds on a Linux/Solaris build Machine.

Thanks anyhow for the idea, might help someone else whou build on a Windows OS not Linux(Or Apple OSX for that matter ;).

Fork me on GitHub