How can I resolve Sign error 0x800700C1 when signing an uninstaller?

[gencha]

I was just looking into signing our installer/uninstaller and read this wiki article: http://nsis.sourceforge.net/Signing_an_Uninstaller

Everything seemed to go well until it comes to signing the actual uninstaller:

Quote:

!system: ""C:\Program Files\Microsoft SDKs\Windows\v7.1\Bin\signtool.exe" sign /f "X:\ssl\code\y.pfx" /p abcdef /t "http://timestamp" "C:\Users\y\AppData\Local\Temp\uninstaller.exe""
Done Adding Additional Store

Number of errors: 1

SignTool Error: SignedCode::Sign returned error: 0x800700C1

Either the file being signed or one of the DLL specified by /j switch is not a valid Win32 application.

SignTool Error: An error occurred while attempting to sign: C:\Users\y\AppData\Local\Temp\uninstaller.exe

!system: returned 1

But there is nothing wrong with that uninstaller. I can execute it just fine (so I'm quite certain it's a valid Win32 application).

Is the approach outlined in that article still correct?

[Afrow UK]

That means "The parameter is incorrect". Try writing the uninstaller elsewhere.

Stu

[gencha]

I think it just resolved itself.

I won't claim that I understand it, but I think the issue was related to switching compression on and off during the build process.
Most likely, the way I use the code from the article isn't optimal (to say the least) and this caused problems.

I now enable whole LZMA compression at the beginning of the build process and just keep it. Even though the build takes forever :P

[isawen]

Hi guys,

It appears that if you try to sign the uninstaller belonging to a signed installer you will get the same exception..
Isn't that strange?

Thanks,
Isa

[stephench]

I am getting the same error when I attempt to sign uninst.exe. The error persists even if I turn off compression completely.

My guess is when nullsoft installer dynamically patches the uninst.exe file, it somehow violates some non-critical rule of win32 exe format which doesn't affect correction executation of the file. But it is not able to pass the exe format validation performed by the signtool.exe file from Microsoft Platform SDK.

Does anybody have a better idea what might go wrong?

[Afrow UK]

I've not had any issues signing uninstall executables. How are you going about it? You need to:

1. Write a standalone script which generates the uninstaller.
2. Build it and run the built executable to generate the uninstaller.
3. Sign the generated uninstaller.
4. Bundle it in the main installer.

I wasn't aware there was any other way so you are probably already doing this?

Stu

[stephench]

I didn't attempt to create the fully automatic flow yet. I just use the original script to generate the installer, install it manually to get the file uninst.exe. Then I tried to sign the uninst.exe file manually and got this error. I do use the unicode version of the installer instead of the ansi version.

I noticed in your earlier reply saying "Try writing the uninstaller elsewhere". How does the location of the uninstaller matter in this case?

Quote:

Originally Posted by Afrow UK

I've not had any issues signing uninstall executables. How are you going about it? You need to:

1. Write a standalone script which generates the uninstaller.
2. Build it and run the built executable to generate the uninstaller.
3. Sign the generated uninstaller.
4. Bundle it in the main installer.

I wasn't aware there was any other way so you are probably already doing this?

Stu

[Anders]

http://social.msdn.microsoft.com/For...-db71cd8a323b/ ?

[n1ghtv1s1on]

I ran across this post from a Google search because I was having the same problem signing an uninstaller from Bitrock Install Builder. This was my solution:

1.) Build an unsigned installer
2.) Install that unsigned installer on your machine
3.) Sign the resultant uninstall.exe
4.) Package it with your distribution
5.) Build the signed installer

BitRock instructions for packaging and deploying are here if anybody is interested:
http://answers.bitrock.com/questions...ler-on-windows