search

oleg-shilo / wixsharp

Framework for building a complete MSI or WiX source code by using script files written with C# syntax.
MIT License
1.11k stars 176 forks source link

Signed bootsrapper no longer works #994

Closed ltemimi closed 3 years ago

ltemimi commented 3 years ago

Hi Oleg

I used wixsharp to produce a bootstrapper to install two MSI . it works fine until I signed it with a certificate and it stopped working. For info when I sign an MSI the MSI still works.

please see the attached log file

thanks Laz PlcData.LoggingService_Bundle_20210518150854.log

oleg-shilo commented 3 years ago

Marking it as "help wanted" may be someone can assist you with this.

ltemimi commented 3 years ago

Thanks oleg hope to get some help. it is amazing though the MSIs work fine

ltemimi commented 3 years ago

Hi Oleg

I have solved my issue, thanks to Wixsharp, I had to sign each MSI in the bootstrap and then digitally sign the bootstrapper itself then it all worked. Frankly, I am very impressed with WixhSharp (using the signtool.exe outside of wixsharp did not work)

Hope it will help someone

var certificatePath =
                FileHelper.GetFilePathInExecutingDirectory("Code-signing-certificate.pfx", "Content");

            bootstrapper.DigitalSignature = new DigitalSignatureBootstrapper()
            {
                PfxFilePath = certificatePath,
                Password = "password",
                Description = "Product",
                OptionalArguments = "/v /sha1 ********88B313BFFB157F72F344",
                TimeUrl = new Uri("http://timestamp.comodoca.com/authenticode")
            };

/// for each MSI in the bootstrap
project.DigitalSignature = new DigitalSignature
            {
                PfxFilePath = certificatePath,
                Password = "password",
                Description = "Product",
                OptionalArguments = "/v /sha1 *****210D338888B313BFFB157F72F344",
                TimeUrl = new Uri("http://timestamp.comodoca.com/authenticode")
            };
oleg-shilo commented 3 years ago

Actually WixSharp doesn't do too much with signing. It simply runs signtool.exe under the hood. Though it automates providing the correct input params for it so no human error gets in. And thank many WixSharp users who shaped and refined the signing implementation it seems to be stable. But... tbh I am not even on top of the signing features, it all because of the contributors :)

ltemimi commented 3 years ago

Hi Oleg

that is what I mean I checked my code into source control in Azure devops which produces the signed MSI files automatically . And that is a wixsharp feature in making use of the signTool .exe enabling continuous integration. Before I used to do it manually after the msi has been produced.

Thanks