Bug number / Link? -----Original Message----- From: Georg von Kries [mailto:g...@creativbox.net] Sent: Monday, July 08, 2013 11:39 AM To: 'General discussion for Windows Installer XML toolset.' Subject: Re: [WiX-users] PatchCertificates element and Insignia.exe
Done, I have just filed two bugs to keep both problems separated. Kind regards, Georg von Kries -----Ursprüngliche Nachricht----- Von: Blair Murri [mailto:os...@live.com] Gesendet: Montag, 8. Juli 2013 17:22 An: General discussion for Windows Installer XML toolset. Betreff: Re: [WiX-users] PatchCertificates element and Insignia.exe Sounds like a bug to me. Please file one. > From: g...@creativbox.net > To: wix-users@lists.sourceforge.net > Date: Mon, 8 Jul 2013 16:54:00 +0200 > Subject: Re: [WiX-users] PatchCertificates element and Insignia.exe > > Hi Jacob, > > signing is indeed working without any problem. But if you have a > <PatchCertificates> element in your MSI, signing the MSI with insignia > (actually it is done by an MSbuild target) will change the included > certificates in the MsiDigitalCertificate table. > > The following snipped (e.g. in product.wxs) will create entries in the > MSI tables MsiDigitalCertificate and MsiPatchCertificate: > > <PatchCertificates> > <DigitalCertificate Id="MyCertificate" SourceFile="xyz.cer" /> > </PatchCertificates> > > The certificate will get the identifier "MyCertificate" which is > referenced in MsiPatchCertificate. > > If you are now using external cabs and sign the MSI, the > "MyCertificate" is removed from the MsiDigitalCertificate table and a > new one is added for any external cab. They will get the certificates > thumbprint as the identifier but MsiPatchCertificate is still > referencing "MyCertificate" which will break the MSI IMHO. > > It is currently not an issue for me, as I have no plans to use patches > in the near future. But I was asking myself if this is an bug or if I > did something wrong. > > Thanks for your help, > Georg > > > -----Ursprüngliche Nachricht----- > Von: Hoover, Jacob [mailto:jacob.hoo...@greenheck.com] > Gesendet: Montag, 8. Juli 2013 16:38 > An: General discussion for Windows Installer XML toolset. > Cc: wix-users@lists.sourceforge.net > Betreff: Re: [WiX-users] PatchCertificates element and Insignia.exe > > I've been signing a msi and its external cabs without issue. > > Can you provide the steps you are using to see if I can spot anything? > > On Jul 8, 2013, at 9:30 AM, "Georg von Kries" <g...@creativbox.net> wrote: > > > Hi all, > > > > > > > > I've been using a <PatchCertificates> element in our installers for > > several years now, just in case we want to provide a patch and allow > > UAC > patching. > > After switching to use external cab files, I have mentioned that > > this is broken. > > > > > > > > When using external cabs, singing them and inscribing the digital > > certificate via Insignia.exe, it will remove the certificates > > provided in the PatchCertificates element from the > > MsiDigitalCertificate table and add a new entry with the certificate > > used for singing the cab files. This is actually the same > > certificate (in our case), but the identifier in the MsiDigitalCertificate table is being replaced. > > Insignia (or actually the > > Inscriber) will use the certificates thumbprint as the identifier. > > This invalidates the foreign key in the MsiPatchCertificate table. > > > > Additionally I cannot just use the certificate thumbprint as the > > identifier in the <DigitalCertificate> element, because it might > > start with a number which makes it invalid as an identifier. > > > > > > > > Therefore I think there are two bugs in the Inscriber. > > InscribeDatabase() > > method: > > > > 1. It should not remove existing certificates from the > > MsiDigitalCertificate table > > > > 2. The used identifier can be invalid, if the certificate thumbprint > > starts with a number. E.g. an underscore should be added at the > > beginning > > > > > > > > Am I missing something or is this a known limitation/bug? > > > > > > > > Kind regards, > > > > Georg von Kries > > > > > > > > > > > > -------------------------------------------------------------------- > > -- > > -------- This SF.net email is sponsored by Windows: > > > > Build for Windows Store. > > > > http://p.sf.net/sfu/windows-dev2dev > > _______________________________________________ > > WiX-users mailing list > > WiX-users@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/wix-users > > ---------------------------------------------------------------------- > ------ > -- > This SF.net email is sponsored by Windows: > > Build for Windows Store. > > http://p.sf.net/sfu/windows-dev2dev > _______________________________________________ > WiX-users mailing list > WiX-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/wix-users > > > > ---------------------------------------------------------------------- > -------- This SF.net email is sponsored by Windows: > > Build for Windows Store. > > http://p.sf.net/sfu/windows-dev2dev > _______________________________________________ > WiX-users mailing list > WiX-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/wix-users ---------------------------------------------------------------------------- -- This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev _______________________________________________ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users ------------------------------------------------------------------------------ This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev _______________________________________________ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users ------------------------------------------------------------------------------ This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev _______________________________________________ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users
