Signing an Uninstaller: Difference between revisions
From NSIS Wiki
Jump to navigationJump to search
No edit summary |
No edit summary |
||
Line 4: | Line 4: | ||
The answer is to run the installer on the development machine in a special mode which *only* writes the uninstaller to some known location, then sign that binary in the usual way, and finally package the signed uninstaller using a normal File command rather than WriteUninstaller. | The answer is to run the installer on the development machine in a special mode which *only* writes the uninstaller to some known location, then sign that binary in the usual way, and finally package the signed uninstaller using a normal File command rather than WriteUninstaller. | ||
<highlight-nsis> | |||
!ifdef INNER | |||
!echo "Inner invocation" ; just to see what's going on | |||
OutFile "$%TEMP%\tempinstaller.exe" ; not really important where this is | |||
SetCompress off ; for speed | |||
!else | |||
!echo "Outer invocation" | |||
!system "$\"${NSISDIR}\makensis$\" /DINNER <name_of_script>.nsi" = 0 | |||
!system "$%TEMP%\tempinstaller.exe /z" = 2 | |||
!system "SIGNCODE <signing options> $%TEMP%\uninstaller.exe" = 0 | |||
OutFile "my_real_installer.exe" | |||
SetCompressor /SOLID lzma | |||
!endif | |||
... | |||
Function .onInit | |||
!ifdef INNER | |||
WriteUninstaller "$%TEMP%\uninstaller.exe" | |||
Quit ; just bail out quickly when running the "inner" installer | |||
!endif | |||
...[the rest of your normal .onInit]... | |||
FunctionEnd | |||
... | |||
Section "Files" ; or whatever | |||
... | |||
; where you would normally put WriteUninstaller ${INSTDIR}\uninstaller.exe put instead: | |||
!ifndef INNER | |||
SetOutPath $INSTDIR | |||
File $%TEMP%\uninstaller.exe | |||
!endif | |||
... | |||
SectionEnd | |||
!ifdef INNER | |||
Section "Uninstall" | |||
; your normal uninstaller section or sections (they're not needed in the "outer" installer | |||
SectionEnd | |||
!endif | |||
</highlight-nsis> |
Revision as of 16:57, 19 April 2007
Especially under Windows Vista, installer/uninstaller binaries need to be signed to avoid alarming looking dialog boxes with dire warnings about "unknown publishers" etc.
This presents a difficulty in that the uninstaller binary would normally never be present on your development/packaging machine, only being written onto the target machine at install time. So how can you sign it?
The answer is to run the installer on the development machine in a special mode which *only* writes the uninstaller to some known location, then sign that binary in the usual way, and finally package the signed uninstaller using a normal File command rather than WriteUninstaller.
!ifdef INNER !echo "Inner invocation" ; just to see what's going on OutFile "$%TEMP%\tempinstaller.exe" ; not really important where this is SetCompress off ; for speed !else !echo "Outer invocation" !system "$\"${NSISDIR}\makensis$\" /DINNER <name_of_script>.nsi" = 0 !system "$%TEMP%\tempinstaller.exe /z" = 2 !system "SIGNCODE <signing options> $%TEMP%\uninstaller.exe" = 0 OutFile "my_real_installer.exe" SetCompressor /SOLID lzma !endif ... Function .onInit !ifdef INNER WriteUninstaller "$%TEMP%\uninstaller.exe" Quit ; just bail out quickly when running the "inner" installer !endif ...[the rest of your normal .onInit]... FunctionEnd ... Section "Files" ; or whatever ... ; where you would normally put WriteUninstaller ${INSTDIR}\uninstaller.exe put instead: !ifndef INNER SetOutPath $INSTDIR File $%TEMP%\uninstaller.exe !endif ... SectionEnd !ifdef INNER Section "Uninstall" ; your normal uninstaller section or sections (they're not needed in the "outer" installer SectionEnd !endif