为NSIS安装程序设置UAC“发布者”字段

时间:2012-05-14 10:27:14

标签: uac nsis

当我打开我的安装程序(我使用NSIS创建)时,会出现UAC对话框,其中包含有关我的安装程序的信息。字段发布商是“未知”。我听说过对应用程序进行数字签名,您知道如何在NSIS中执行此操作吗?

如何将字段/属性发布者设置为“我的安装程序”或其他文字?

我认为以下代码应该设置 Publisher 字段,但它不会,它仍然是'未知':

InstallDir  "abc"
Name        "def"        
OutFile     "def.exe"

VIProductVersion                 "1.0.0.0"
VIAddVersionKey ProductName      "def"
VIAddVersionKey Comments         "MY DESCRIPTION"
VIAddVersionKey CompanyName      "My Installer"
VIAddVersionKey LegalCopyright   "MY COMPANYNAME"
VIAddVersionKey FileDescription  "MY DESCRIPTION"
VIAddVersionKey FileVersion      1
VIAddVersionKey ProductVersion   1
VIAddVersionKey InternalName     "def"
VIAddVersionKey LegalTrademarks  "PTY LTD"
VIAddVersionKey OriginalFilename "def.exe"

Section
    DetailPrint "Hello World"
SectionEnd

3 个答案:

答案 0 :(得分:19)

您必须Authenticode sign安装程序,并且具有Windows信任的证书颁发机构(如果您想成为Winqual的一部分,那么您需要一个特殊证书,MS只允许您使用VeriSign)因为该字段是从数字证书(如果存在)中提取的,而不是从PE版本信息中提取的。

要作为构建过程的一部分进行签名,您可以使用此hack,或者如果您使用的是Unicode分叉,则可以使用!finalize命令。

答案 1 :(得分:2)

要提供有关该命令的更多详细信息,以下是我在!finalize命令中与NSIS 3.03版本一起使用的行。

重要提示::您需要在与您的 certificate.pfx 文件位于同一目录的 passwd.txt 文件内提供代码签名证书密码。 

!define PRODUCT_NAME "def"
!define PRODUCT_VERSION "1.0.0.0"
!define OutputFileName "def.exe"

Name "${PRODUCT_NAME} ${PRODUCT_VERSION}"
OutFile "${OutputFileName}"
InstallDir "abc"
ShowInstDetails show

!define /file OutFileSignPassword ".\CodeSign\passwd.txt"
!define OutFileSignCertificate ".\CodeSign\certificate.pfx"
!define OutFileSignSHA1   ".\CodeSign\signtool.exe sign /f ${OutFileSignCertificate} /p ${OutFileSignPassword} /fd sha1   /t  http://timestamp.comodoca.com /v" 
!define OutFileSignSHA256 ".\CodeSign\signtool.exe sign /f ${OutFileSignCertificate} /p ${OutFileSignPassword} /fd sha256 /tr http://timestamp.comodoca.com?td=sha256 /td sha256 /as /v" 

!finalize "PING -n 1 127.0.0.1 >nul"                                # Delay Next Step to ensure File isn't locked by previous Process 
!finalize "${OutFileSignSHA1} .\${OutputFileName}"                  # CodeSigning with SHA1/AuthentiCode 
!finalize "PING -n 5 127.0.0.1 >nul"                                # Delay Next Step to ensure File isn't locked by previous Process 
!finalize "${OutFileSignSHA256} .\${OutputFileName}"                # CodeSigning with SHA256/RFC 3161  

CRCCheck on

Section
    DetailPrint "Hello World"
SectionEnd

之后,您将看到类似于以下行的输出:

The following certificate was selected:
    Issued to: Your Company
    Issued by: COMODO RSA Code Signing CA
    Expires:   Sun Mar 15 00:59:59 2020
    SHA1 hash: 0A12223C465069798D940317273C4F56A9BCC6D9

Done Adding Additional Store
Successfully signed: .\def.exe

Number of files successfully Signed: 1

Number of warnings: 0

Number of errors: 0

答案 2 :(得分:0)

svcabre实现了两个签名来对安装程序文件签名似乎很重要:

同时使用两种sha1算法

"c:\Program Files (x86)\Windows Kits\10\bin\x86\signtool.exe"
sign /f "YourCertificateFileHere.pfx" /p YourPasswordHere 
/fd sha1 /t http://timestamp.comodoca.com /v "YourInstallerFilePathHere"

sha256 

"c:\Program Files (x86)\Windows Kits\10\bin\x86\signtool.exe" 
sign /f "YourCertificateFileHere.pfx" /p YourPasswordHere 
/fd sha256 /tr http://timestamp.comodoca.com?td=sha256 
/td sha256 /as /v "YourInstallerFilePathHere"

使用此选项,Windows 10也会正确显示证书持有者。

相关问题
最新问题