SignCabs only signs cabs that are not embedded in the MSI (external cabs). WiX does NOT provide any target explicitly for signing your payload before it is cabbed (or any other such manipulation of your payload).
You can either write a Binder Extension that ensures that files are signed before they are cabbed or you can use any build extension target running before Link to go sign the files you know need signing (or you can sign them in the projects that build them). Blair From: Tony Sent: Tuesday, October 22, 2013 12:37 PM To: General discussion for Windows Installer XML toolset. Signing the MSI now works, but I don't see the SignCabs target being invoked. How does SignCabs get set to the list of my cab files? On Tue, Oct 22, 2013 at 1:47 PM, Tony <[email protected]> wrote: > Answering my own question... > > ".(though now I see it needs to be "property", so I'll give that a try)" > <-- that was it. I don't know why I was thinking it need to be a WiX > property and/or preprocessor variable. **OBVIOUSLY** it needs to be a > "property" within the project file. Duh! > > Now the signing attempt fails as expected. I'll go grab our signing cert > and give it try. > > Thanks for listening....<g> > > > On Tue, Oct 22, 2013 at 1:42 PM, Tony <[email protected]> wrote: > >> I built a "Hello World" C# console application to test the signing >> process. Here's what I've done so far... >> >> 1. Added a wix (msi) project to the solution. >> 2. Set Manufacturer, updated InstallerVersion to 500, added a >> 'Media....EmbedCab="yes"' entry (removed the MediaTemplate entry), and >> added the single HelloWorld.exe to the component list. >> >> All of this builds and generates a usable .msi. >> >> Now I've tried to add signing... >> >> 1. Installed (unzipped) WiX 3.7 binaries per >> http://wixtoolset.org/documentation/manual/v3/msbuild/daily_builds.html >> 2. Added PropertyGroup to the .wixproj file per above, daily builds, link. >> 3. Added SignMsi target exactly (for now) as shown in >> http://wixtoolset.org/documentation/manual/v3/overview/insignia.html >> 4. Added SignOutput=true preprocessor and define variables...(though now >> I see it needs to be "property", so I'll give that a try) >> >> All of this builds, but I don't think the signing is working, in fact I >> would expect the signing to fail as I don't currently have our signing cert >> in my personal cert list. >> >> What did I miss and/or do wrong? I assume the targets would be invoked >> via votive, I don't _need_ to use MSBUILD to have them exercised, correct? >> >> I worked on a huge WiX project a few years ago, but all of our signing >> was done through a manual post-build step, not via WiX .targets >> integration. So, this is a bit new to me. >> >> Thanks... >> >> >> >> On Tue, Oct 22, 2013 at 10:42 AM, Bruce Cran <[email protected]> wrote: >> >>> On 10/22/2013 3:00 PM, Tony wrote: >>> > <Target Name="SignCabs"> >>> > <Exec Command="Signtool.exe sign /a >>> "%(SignCabs.FullPath)"" /> >>> > </Target> >>> >>> To avoid the signature going invalid when the certificate expires, you >>> probably want to add a timestamp: >>> >>> <Exec Command="Signtool.exe sign /a "%(SignCabs.FullPath)"" /t >>> http://timestamp.verisign.com/scripts/timstamp.dll /> >>> >>> (that isn't a typo - "timstamp.dll" is 8.3 format). >>> If you have a Globalsign cert, you might want to use >>> timestamp.globalsign.com instead etc. >>> >>> And for the MSI file, you might want to add: >>> >>> /n text-that-should-appear-in-UAC-elevation-prompt-description >>> >>> Otherwise, the description will contain a randomly-generated filename. >>> >>> -- >>> Bruce Cran >>> >>> >>> >>> ------------------------------------------------------------------------------ >>> October Webinars: Code for Performance >>> Free Intel webinars can help you accelerate application performance. >>> Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most >>> from >>> the latest Intel processors and coprocessors. See abstracts and register >>> > >>> >>> http://pubads.g.doubleclick.net/gampad/clk?id=60135991&iu=/4140/ostg.clktrk >>> _______________________________________________ >>> WiX-users mailing list >>> [email protected] >>> https://lists.sourceforge.net/lists/listinfo/wix-users >>> >> >> >> >> -- >> Tony >> > > > > -- > Tony > -- Tony ------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60135991&iu=/4140/ostg.clktrk _______________________________________________ WiX-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/wix-users ------------------------------------------------------------------------------ Android is increasing in popularity, but the open development platform that developers love is also attractive to malware creators. Download this white paper to learn more about secure code signing practices that can help keep Android apps secure. http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk _______________________________________________ WiX-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/wix-users
