[wix-devs] Signing build output

Hoover, Jacob Jacob.Hoover at greenheck.com
Fri Dec 14 09:56:35 PST 2018

I am trying to find a compelling reason for this... Is the desire for users to add/modify the design time tools and deploy in house? If they are doing deployments, it's not an insurmountable task to sign and strong name the toolset as it sits today, and if they are modifying both design time and runtime libraries I would expect them to have an understanding of the build process.

-----Original Message-----
From: wix-devs [mailto:wix-devs-bounces at lists.wixtoolset.org] On Behalf Of Heath Stewart via wix-devs
Sent: Friday, December 14, 2018 11:40 AM
To: WiX Toolset Developer Mailing List <wix-devs at lists.wixtoolset.org>
Cc: Heath Stewart <heaths at outlook.com>
Subject: Re: [wix-devs] Signing build output

Thinking about this more last night, maybe test-signing support wouldn't be all that great. If we test-sign by default, people would have to install a test cert root to be trusted (which would actually help make unofficial WiX drops more identifiable, since only the bundle is signed now), while unsigned binaries by default work today.

To test this, I'll just install a self-signed cert on my box pretending to be what the .targets file currently attempts to use.

From: wix-devs <wix-devs-bounces at lists.wixtoolset.org> on behalf of Sean Hall via wix-devs <wix-devs at lists.wixtoolset.org>
Sent: Thursday, December 13, 2018 7:56:59 PM
To: WiX Toolset Developer Mailing List
Cc: Sean Hall
Subject: Re: [wix-devs] Signing build output

I'm going to have to defer to Rob for the test-signing. I sent a pull request long ago to make it easier to build WiX with your own strong name key and he declined it with "It is not a goal to make it easier to build non-official WiX toolset's to run on other machines. Instead, we'd like to encourage developers to integrate their changes into our official build."

I'm pretty sure we have not set up LFS for any of the repos. Can you clarify why we should?

On Thu, Dec 13, 2018 at 8:41 PM Heath Stewart <heaths at outlook.com> wrote:

> I had read that previously, but it really depends on how many *other* 
> breaking changes there are / will be. The main thing holding us back 
> from switching to WiX 4 has mainly been namespace changes (both XML 
> and managed assemblies). Some packages outside the main repo have 
> upgrade with little to no problem, and lack of need right now for 
> traditional WiX to be upgraded.
> So you'd also be fine with adding support for test-signing, perhaps as 
> a default for devs (i.e. make sure everything works as expected even 
> during a normal build)? If so, do you already have a self-signed cert 
> (I can create one otherwise) and is LFS enabled for your repo?
WiX Toolset Developer Mailing List provided by FireGiant https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.firegiant.com%2F&data=02%7C01%7C%7C8b5bcb7b7158429414d508d661783cb9%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636803566366994661&sdata=szzsFt%2FUv5Q30kf2rTX4LoTn8oRr86FsIm7I5LiQNKk%3D&reserved=0
WiX Toolset Developer Mailing List provided by FireGiant http://www.firegiant.com/
NOTE: This email was received from an external source. Please use caution when opening links or attachments in the message.

More information about the wix-devs mailing list