Using an InstallShield custom action to call Mage to update a ClickOnce VSTO application

I'm only vaguely familiar with making setups, and I have been asked to create a setup that distributes a pre-built ClickOnce deployment package for an Excel add-in that uses VSTO. The problem: the customer should be able to change a parameter in an (already signed) config file.

What I have found is that according to http://blogs.msdn.com/b/vsto/archive/2009/04/29/signing-and-re-signing-manifests-in-clickonce.aspx, I can update and re-sign the package, but as I want to do this during installation, it looks like I need to include mage.exe and our certificate during the installation process. Presumably, I can do this and still remove them before the installation completes.

My question: Is the best option to write the moral equivalent of a batch file that does an update and sign of the manifests, or is there a pre-existing custom action or similar function that I've just not noticed.

Tell me if more info is needed.

More Info: The point of contention is a setting within the .config file that tells it where the webservice that prov开发者_如何转开发ides its information is. This will change for each customer, being on their intranet, and we can't / don't want to create an install customized for each customer. We're taking advantage of the ClickOnce's deployment capabilities so that once the add-in is on the user's system, it has the info it needs, which would be set up once by an administrator.

What sort of option are you changing (is there a better way?), and how many possible values are there for this option? If it's just two or three values, consider pre-building each of these variants and installing the selected one. If it's too many to pre-build, see Christopher's comment about distributing your private key: you should drop that plan unless you're going to create a key on the fly.

It turns out the answer is "don't!". I was able to convince the developer to have the application download updated configuration information after it was deployed from a central location, which bypassed this particular mess.