search

electron-userland / electron-builder

A complete solution to package and build a ready for distribution Electron app with “auto update” support out of the box
https://www.electron.build
MIT License
13.61k stars 1.74k forks source link

msiWrapped installer target causes seemingly unnecessary UAC prompt #8219

Open robatwilliams opened 4 months ago

robatwilliams commented 4 months ago

I understand the msiWrapped target wraps an NSIS installer inside an MSI.

The produced MSI causes a Windows UAC prompt when opened, which doesn't seem justified. I believe it should only be necessary later if the user chooses to install for all users.

I notice in the eventual NSIS dialog that the "all users" option doesn't require UAC elevation, presumably because it's already running elevated.

I tried setting msiWrapped.impersonate: true to cause the WiX action to run as the local user, however the UAC prompt remains. Verified what appears in the project.wxs file:

<CustomAction Id="RunInstaller" Return="check" Execute="deferred"
      HideTarget="no" Impersonate="yes" BinaryKey="WrappedExe" ExeCommand="" />

After setting this option, I further noticed that the "all users" install option in the eventual NSIS dialog is now an elevation (shield icon) button, but when clicked pops up an error dialog "This file does not have an app associated with it for performing this action. Please install an app or, if one is already installed, create an association in the Default Apps Settings page." - the title of the dialog box is "C:\Windows\Installer\MSIE1C4.tmp" which is the NSIS installer just with a different file extension.

When that temporarily unpacked NSIS installer is renamed to .exe and run separately, it doesn't cause an UAC prompt. So it appears that the MSI wrapper is causing the prompt.

rkristof commented 2 months ago

I am also getting the same error dialog with the following setting:

"msiWrapped": { "oneClick": false, "impersonate": true }

mmaietta commented 2 months ago

@ghost1face can you please take a look at this? I recall you implemented the msiWrapped logic and I'm not familiar with how msi works

ghost1face commented 2 months ago

@mmaietta no problem let me see if I can help.

Hey @robatwilliams have you signed your installer with a codesign certificate? I believe this prompt if I'm understanding what you're seeing, won't go away unless your installer is signed.

rkristof commented 2 months ago

For me everything is signed, except "elevate.exe", because we were getting false positive antivirus prompts during installation (this was with the NSIS installer though, I'm not sure if it's relevant for MSI)

robatwilliams commented 2 months ago

have you signed your installer with a codesign certificate?

No. I didn't sign any of the other installer types (msi, exe) either, and didn't get this prompt.

github-actions[bot] commented 1 week ago

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 30 days.

robatwilliams commented 1 week ago

I'm not currently looking at this, but later in the future colleagues will be ready to produce more types of installers.

Fine by me if you want to close it as "not currently a problem for anyone", but there might still be an issue here.