Archive: How to add vista Digital Signatures for my installer?


How to add vista Digital Signatures for my installer?
I was asked to support vista, but i don't know how to use Digital Signatures to sign the installer,

can anybody give me a favor?


Use a opensource tool like http://sourceforge.net/projects/osslsigncode

For this you need ofcourse an Authenticode sign [key] and [cert] you buy e.g. at http://www.thawte.com/

When you buy this Thawte has documentation on how to sign.

See also my post:
http://forums.winamp.com/showthread....t=authenticode


i have read your post,
but
How can i create the uninstaller only? use VC++?

i don't know how to use !system to replace the WriteUninstaller,
can you explain more clearly?

Thank you!


Write special code in your .onInit that'd parse the command line. If it finds a special flag, e.g. /writeuninstaller, it'd use WriteUninstaller to create the uninstaller in a known location and exit. As part of your build process, create the installer, run it with that flag to create the uninstaller, sign the uninstaller, and finally create the real installer which will extract the signed uninstaller instead of using WriteUninstaller.

You can also combine it all into one makensis run if you call another makensis to compile another script that'd just call WriteUninstaller and the run that installer to get the uninstaller and sign it. This can be done using !system which can execute makensis, the installer and the signing tool.


Could be useful to add an option to WriteUninstaller to make such adjustments to uninstaller. makensis could create the uninstaller save it to a temp file, run some command, load the temp file and then store the uninstaller into the installer.


My thoughts exactly.


BTW: This might be useful for installer, too. I don't know whether changes to the installer (like signing) could break CRC. So the same technique could be used as option for OutFile (if CRC is added later...)