[Setup]: SignedUninstaller
Valid values: | |
Default value: | yes if SignTool is set, no otherwise |
Specifies whether the uninstaller program (unins???.exe) should be deployed with a digital signature attached. When the uninstaller has a valid digital signature, Windows Vista users will not see an "unidentified program" warning when launching it from outside of Control Panel.
The first time you compile a script with this directive set to yes, a uniquely-named copy of the uninstaller EXE file will be created in the directory specified by the SignedUninstallerDir directive (which defaults to the output directory). Depending on the SignTool setting, you will either then be prompted to attach a digital signature to this file using an external code-signing tool (such as Microsoft's signtool.exe) or the file will be automatically signed on the fly. On subsequent compiles, the signature from the file will be embedded into the compiled installations' uninstallers.
Upgrading to a newer version of Inno Setup, or changing certain [Setup] section directives that affect the contents of the uninstaller EXE file (such as SetupIconFile), will cause a new file to be created under a different name.
If a file generated by this directive is deleted, it will be recreated automatically if necessary on the next compile.
When the uninstaller has a digital signature, Setup will write the messages from the active language into a separate file (unins???.msg). It cannot embed the messages into the EXE file because doing so would invalidate the digital signature.
When set to yes, any temporary self-copies used by Setup are digitally signed too.
Details on obtaining signing certificates and using code-signing tools are beyond the scope of this documentation.