Geek Answers Handbook

Sign the NSIS installer on Linux box

I am currently creating an installer for a program using NSIS on a Linux machine. NSIS binaries have been compiled for Ubuntu, and using a .nsi script is straightforward. However, the resulting file setup.exeis unsigned. This leads to scary warnings for our users who download the installer through most common web browsers, as well as warnings from Windows itself at startup.

We would like to avoid these warnings, and if I did not miss something, this requires using the Windows tool to sign the generated setup.exe file. Is there a way to do this on a machine other than Windows?

Unfortunately, each installer is unique (different files included depending on the client’s request and a unique identifier), so I can’t sign the installer on a Windows machine and download it.

+5
source share
3 answers

I had to do this a few weeks ago without using wine. I did this to import the pfx file into windows, and then exported it with the option "Include all certificates in the certificate path, if possible." then I followed the instructions on this page .

After you have all the certificates (spc and pvk files), you should use the following command:

signcode -spc [spc file] -v [pvk file] -a sha1 -$ commercial -t http://timestamp.verisign.com/scripts/timstamp.dll -tr 10 [exe file to sign]

I had to install the mono-dev package:

sudo apt-get install mono-devel
+1
source

, , : osslsigncode. (, OpenSSL). , ( ), WINE .

+6

Windows Microsoft Authenticode. SDK , DLL (signtool.exe). , Wine.

Windows API - Wine, , Authenticode Microsoft ( ).

However, this tool is not very good - it basically adds a certificate and a signed time stamp at the end of the file. Adaptations for Linux may also exist.

Here is a link for those who launched it using the sign code.

0
source

More articles:


All Articles