[wix-devs] Signing build output
r.sean.hall at gmail.com
Thu Dec 13 17:37:48 PST 2018
Since that's all on the build side of WiX itself, I'd be fine with that in
v3.14. However, v3.14 is not your typical backwards compatible v3.x release
- see Bob's recent blog post at
pretty sure the only reason we would do another backwards compatible v3.x
release would be for fixing a critical security vulnerability.
On Thu, Dec 13, 2018 at 4:01 PM Heath Stewart <heaths at outlook.com> wrote:
> I’d prefer that WiX sign the DLLs it builds. Note that Device Guard
> typically only requires that a chain terminate in a trusted root (and
> nothing revoked, etc.). If you sign them during build for official
> releases, no one else needs to sign them.
> *From:* Sean Hall <r.sean.hall at gmail.com>
> *Sent:* Thursday, December 13, 2018 11:52:30 AM
> *To:* WiX Toolset Developer Mailing List
> *Cc:* Heath Stewart
> *Subject:* Re: [wix-devs] Signing build output
> It sounds like there are two separate solutions to this issue. One is get
> WiX to sign all of its DLLs with its certificate. The other is to add the
> ability for WiX users to sign all of the WiX DLLs that get injected with
> their own certificate. Which one are you implementing?
> On Thu, Dec 13, 2018 at 1:45 PM Heath Stewart via wix-devs <
> wix-devs at lists.wixtoolset.org> wrote:
>> Re: https://github.com/wixtoolset/issues/issues/5329
>> Enterprise environments using Windows Device Guard now require that even
>> x86 and x64 binaries are signed. IF no one has already started working on
>> the aforementioned issue, I will start but:
>> 1. We’ll need this for 3.14, since moving to WiX 4 for legacy
>> authoring would be a huge undertaking. Is that possible?
>> 2. How, if at all, is signing handled now during build? Looks like
>> everything is in
>> but any particular reason some targets are commented out? Foresee any
>> problems with adding similar support for signing at least native DLLs (or
>> really any DLLs that would ship to end users)?
>> 3. To test this, see any problems with adding test-signing
>> capabilities to this (and related) files?
>> Any other thoughts or considerations regarding this matter?
>> WiX Toolset Developer Mailing List provided by FireGiant
More information about the wix-devs