Hi all,
I've been using a <PatchCertificates> element in our installers for several years now, just in case we want to provide a patch and allow UAC patching. After switching to use external cab files, I have mentioned that this is broken. When using external cabs, singing them and inscribing the digital certificate via Insignia.exe, it will remove the certificates provided in the PatchCertificates element from the MsiDigitalCertificate table and add a new entry with the certificate used for singing the cab files. This is actually the same certificate (in our case), but the identifier in the MsiDigitalCertificate table is being replaced. Insignia (or actually the Inscriber) will use the certificates thumbprint as the identifier. This invalidates the foreign key in the MsiPatchCertificate table. Additionally I cannot just use the certificate thumbprint as the identifier in the <DigitalCertificate> element, because it might start with a number which makes it invalid as an identifier. Therefore I think there are two bugs in the Inscriber. InscribeDatabase() method: 1. It should not remove existing certificates from the MsiDigitalCertificate table 2. The used identifier can be invalid, if the certificate thumbprint starts with a number. E.g. an underscore should be added at the beginning Am I missing something or is this a known limitation/bug? Kind regards, Georg von Kries ------------------------------------------------------------------------------ This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev _______________________________________________ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users
