search

YehudaKremer / msix

Create Msix installer for flutter windows-build files.
https://pub.dev/packages/msix
MIT License
280 stars 70 forks source link

Skip the signing step #105

Closed Nohac closed 2 years ago

Nohac commented 2 years ago

:speech_balloon: Description

Would it be possible to add a feature to skip signing entirely? I'm in a situation where I need to use another tool for signing (not signtool.exe) and it won't let me sign when it's already signed with a test certificate.

I have no idea how an msix file works, so this might not be possible.

YehudaKremer commented 2 years ago

Hello @Nohac

I published a new version 3.1.4 with new config options: sign_msix: false or msix:create --sign-msix false cli option, that disable the signing of the msix file.

Please check if it helps you.

Nohac commented 2 years ago

Thank you for the quick fix and reply!

Unfortunately it did not work, I'm getting the following error when trying to sign the msix:

SignTool Error: An unexpected internal error has occurred.
Error information: "Error: SignerSign() failed." (-2147024885/0x8007000b)

The command I'm using works for the exe directly, but not the msix.

Just to clarify, the sign tool I'm using is just a wrapper around signtool.exe that makes it work with a yubi key.

Here's the signtool equivalent command that I'm using:

signtool.exe sign /v /fd sha256 /tr http://<timestamp-server> /td sha256 /n "<name>" <installer>.msix
YehudaKremer commented 2 years ago

Hello @Nohac

My bad I had to add one more change to completely remove the sign part. Please try version 3.1.5, and also make sure the Publisher: ??? configuration value is the same as the Subject of your certificate.

Nohac commented 2 years ago

Thanks. I'm unfortunately still not able to sign after updating. I copied the subject from a successfully signed exe file, so it should be correct. I'm not sure if I need all the fields from the subject, there's some strange fields there that's on the format 123.123.123 = something, which this tool does not allow.

Nohac commented 2 years ago

@YehudaKremer I found someone with my exact issue: https://www.advancedinstaller.com/forums/viewtopic.php?t=37784 It seems you need to accept more fields in your regex. Or just drop the regex entirely, alternatively have an option to turn off publisher validation.

It's also worth mentioning that I'm using an EV certificate, which requires some additional fields. This stackoverflow post may explain some of it: https://stackoverflow.com/a/51644728

Edit: After reading the thread more carefully, prefixing the numbered fields with OID. worked! It would be nice if this workaround was added to the documentation.