Closed praxa-enzo closed 10 months ago
I have the same problem. Found a workaround.
Create a test certificate with the Publisher that you need as a Subject
New-SelfSignedCertificate -Type Custom -Subject "..." -KeyUsage DigitalSignature -FriendlyName "My Test Certificate" -CertStoreLocation "Cert:\CurrentUser\My" -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.3", "2.5.29.19={text}")
Export the certificate to a pfx with some password (I used Windows "Manage User Certificates")
Setup msix_config to sign with the test certificate
Sign the generated msix package again with the real certificate
The most trouble I had was figuring out the exact Subject of the real certificate. I had to download it from Azuer Keyvault, import it into Windows Certificate store and then use this powerhsell script to get the subject:
(Get-Item Cert:\CurrentUser\My\<certthumbnail>).Subject
@YehudaKremer I have the same issue and the fix is simple. I've opened a pull request. Is it possible for you to have a look? It would be really appreciated.
@Sylfwood Thank you 👍
Publish in version 3.16.2
.
@YehudaKremer Sorry to bother, but the new release does not seem to contain the fix. Or maybe I missed to fix another part in your code with the last pull request ?
I still have a similar error with 3.16.2, but I'm not sure it is the same of the 3.16.1. Maybe it's because of the manifest validation, and the Microsoft schema does not allow the ST
key ?
MakeAppx : error: Failure at appxFactory->CreateManifestReader(manifestStream, &manifestReader) - 0x80080204 - The specified package format is not valid: The package manifest is not valid.
MakeAppx : error: Error info: /*[local-name()="Package" and namespace-uri()="http://schemas.microsoft.com/appx/manifest/foundation/windows10"]/*[local-name()="Identity" and namespace-uri()="http://schemas.microsoft.com/appx/manifest/foundation/windows10"][1]/@Publisher
'C=country, ST=province, O=companyName, OU=Development, CN=companyName' violates pattern constraint of '(CN|L|O|OU|E|C|S|STREET|T|G|I|SN|DC|SERIALNUMBER|Description|PostalCode|POBox|Phone|X21Address|dnQualifier|(OID\.(0|[1-9][0-9]*)(\.(0|[1-9][0-9]*))+))=(([^,+="<>#;])+|".*")(, ((CN|L|O|OU|E|C|S|STREET|T|G|I|SN|DC|SERIALNUMBER|Description|PostalCode|POBox|Phone|X21Address|dnQualifier|(OID\.(0|[1-9][0-9]*)(\.(0|[1-9][0-9]*))+))=(([^,+="<>#;])+|".*")))*'.
I've cleaned the cache, and I can see that the 3.16.2 version is used:
Unhandled exception:
#0 ProcessResultExtensions.exitOnError (package:msix/src/method_extensions.dart:61:7)
#1 MakeAppx.pack (package:msix/src/makeappx.dart:28:9)
<asynchronous suspension>
#2 Msix._packMsixFiles (package:msix/msix.dart:137:5)
<asynchronous suspension>
#3 Msix._createMsix (package:msix/msix.dart:103:5)
<asynchronous suspension>
#4 Msix.create (package:msix/msix.dart:59:5)
<asynchronous suspension>
#5 main (file:///C:/hostedtoolcache/windows/flutter/stable-3.13.0-x64/.pub-cache/hosted/pub.dev/msix-3.16.2/bin/create.dart:4:3)
<asynchronous suspension>
It is possible for you to take a look at it?
Thanks a lot
Hum... It seems this is a limitation of Microsoft... Not sure we can do anything about that. I will try the workaround.
Publisher name:
Required and corresponds to package that describes the publisher information.
The Publisher attribute must match the publisher subject information of the certificate used to sign a package.
This field accepts a string between 1 and 8192 characters in length that fits the regular expression of a distinguished name : "(CN | L | O | OU | E | C | S | STREET | T | G | I | SN | DC | SERIALNUMBER | Description | PostalCode | POBox | Phone | X21Address | dnQualifier | (OID.(0 | [1-9][0-9])(.(0 | [1-9][0-9]))+))=(([^,+="<>#;])+ | ".")(, ((CN | L | O | OU | E | C | S | STREET | T | G | I | SN | DC | SERIALNUMBER | Description | PostalCode | POBox | Phone | X21Address | dnQualifier | (OID.(0 | [1-9][0-9])(.(0 | [1-9][0-9]))+))=(([^,+="<>#;])+ | ".")))*".
:information_source: Info
Version:
3.16.1
:speech_balloon: Description
When running the following command in our GitHub actions pipeline:
We get the following error:
The
ST
key is not part of the regular expression, while it is a valid key in the subject of our certificate. A valid key would beS
. But if we use this key then it is not possible to sign the installer afterwards because the app manifest publisher name does not match the subject of the certificate. Would it be possible to make the publisher as described in the pubspec below a valid publisher?:scroll: Pubspec.yaml