2. NSIS Discussion
  3. Signing an installer

Archive: Signing an installer


beaglelander
1st December 2009 11:31 UTC

Signing an installer
In order to avoid the 'unknown publisher' messages when running the installer I am signing the installer with our certifcate.

You still get the 'Program wishes to make changes to your computer' message (as you'd expect) but at least it displays our company name so it looks genuine.

The problem is, the file it says on the warning dialog is not the setup.exe, it's a .tmp file like "RJ42.tmp". Which I guess is the tmp file the installer creates to unpack. Is there a way around this, or a way to specify the tmp file name?

I'm not sure what would be more concerning to a person installing; a 'unknown publisher' warning or a warning about some obscure file that wants to make changes to their computer...

Thoughts?

Anders
1st December 2009 18:27 UTC

We need some more info...
OS version?
are you using the UAC plugin?
And just to double check, we are talking about the _installer_ and _not_ the _uninstaller_?

beaglelander
2nd December 2009 12:16 UTC

Hi Anders,

I get the same message on Vista and Win7.

I am not using the UAC plugin. I'll give it a try to see if it changes anything. What does the UAC plugin do?

Yes it's the installer.

Wizou
2nd December 2009 12:38 UTC

did you add a RequestExecutionLevel admin
in your script ?

beaglelander
2nd December 2009 13:42 UTC

Yes I have the RequestExecutionLevel admin line, and that stopped the 'program failed to install' message.

The problem I have is different and happens when you first run the installer.

I may be wrong, I don't think it's an issue with UAC.

Does anyone else sign their install.exe who can see if they get the same problem?

Or does anyone know of an NSIS installer I can download that might be signed to see if it has the same message?

Wizou
2nd December 2009 14:02 UTC

try to not use /SOLID compression

beaglelander
2nd December 2009 14:50 UTC

Thanks for the suggestion, I tried that and it didn't make a difference :-(

Anders
2nd December 2009 15:02 UTC

how do you sign? could that random name come from !packhdr ? (check compiler output for the random name you see at runtime)

Wizou
2nd December 2009 15:04 UTC

AFAIK, NSIS doesn't create such a tmp file so there must be something else going on...
It can however create a temporary directory ~nsXXX.tmp, and extract files there, but usually, not an executable file under the name *.tmp and then execute it (unless your installer script tell it to do so)

mmh Anders might be right about a !packhdr related problem...

beaglelander
4th December 2009 09:05 UTC

Sorry for wasting your time, but it may have been a false alarm. After I upgraded to 2.4.5 the problem seems to have gone away. Looks like 2.4.5 fixed quite a few problems with UAC.

Fork me on GitHub