[wix-users] DetectCondition for MsuPackage for KB3033929

Tyler Gustafson tgustafson at solacom.com
Thu Sep 15 10:40:19 PDT 2016


Ouch, sorry to hear that.
Personally I would document the problem away at this point or possibly look for another way to get the SHA-1 certificate back instead of having my installer tell the customer they need Windows Updates.
If you really want to go that route I'm not any more helpful than Google on this topic but maybe someone else on here has more experience with WiX and .msu

-----Original Message-----
From: wix-users [mailto:wix-users-bounces at lists.wixtoolset.org] On Behalf Of Mridul Pentapalli
Sent: September-15-16 11:42 AM
To: WiX Toolset Users Mailing List
Subject: Re: [wix-users] DetectCondition for MsuPackage for KB3033929

That is true, until you find that your SHA-1 certificate expired last week and that your certificate provider no longer provides SHA-1 certificates any more. We were dual signing our drivers until last week.

Mridul.

On Thu, Sep 15, 2016 at 10:27 AM, John Cooper <JoCooper at jackhenry.com>
wrote:

> Dual sign is the way to go.  This is an OS and not WiX issue.
>
> --
> John Merryweather Cooper
> Senior Software Engineer -- Integration Development Group -- 
> Enterprise Notification Service Jack Henry & Associates, Inc.® | 
> Lenexa, KS  66214 | Office:
> 913-341-3434x431050
> JoCooper at jackhenry.com
>
>
>
>
> -----Original Message-----
> From: wix-users [mailto:wix-users-bounces at lists.wixtoolset.org] On 
> Behalf Of Tyler Gustafson
> Sent: Thursday, September 15, 2016 10:14 AM
> To: WiX Toolset Users Mailing List <wix-users at lists.wixtoolset.org>
> Subject: Re: [wix-users] DetectCondition for MsuPackage for KB3033929
>
> The e-mail below is from an external source.  Please do not open 
> attachments or click links from an unknown or suspicious origin.
>
> The documentation I've read suggests you sign your drivers with both 
> the old SHA-1 and the new SHA-2 certificates so that older systems 
> which don't recognise SHA-2 will still work. You might not have to 
> solve this problem with WiX.
>
> https://www.digicert.com/code-signing/code-signing-dual-
> signing-sha256-sha1.htm
>
>
> -----Original Message-----
> From: wix-users [mailto:wix-users-bounces at lists.wixtoolset.org] On 
> Behalf Of Mridul Pentapalli
> Sent: September-15-16 10:49 AM
> To: wix-users at lists.wixtoolset.org
> Subject: [wix-users] DetectCondition for MsuPackage for KB3033929
>
> Hi,
>
> Due to changes for digital signature enforcement of drivers, we are 
> signing our drivers with SHA-2 certificates but these are not 
> recognized by Windows
> 7 SP1 unless they are patched with KB3033929.
>
> I added this entry to my bootstrapper, but I have no idea how to 
> populate the DetectCondition entry. Can someone please suggest a way 
> to get this to work?
>
> <MsuPackage DisplayName="Security Update for Windows 7 for x64-based 
> Systems (KB3033929)"
>                   Compressed="yes"
>                   Description="Security Update for Windows 7 for 
> x64-based Systems (KB3033929)"
>                   DetectCondition=""
>                   InstallCondition="" <!--- This will be Windows 7 SP1 
> x64 bit only -->
>                   DownloadUrl="
> https://www.microsoft.com/en-us/download/confirmation.aspx?id=46148"
>                   KB="KB3033929"
>                   Permanent="yes"
>                   SourceFile="Windows6.1-KB3033929-x64.msu" />
>
> Regards,
> Mridul.
>
> ____________________________________________________________________
> WiX Toolset Users Mailing List provided by FireGiant 
> http://www.firegiant.com/
> --
> Scanned by Total Defense Email Cloud Security 
> http://cloud.totaldefense.com
>
>
>
> ____________________________________________________________________
> WiX Toolset Users Mailing List provided by FireGiant 
> http://www.firegiant.com/
>
> NOTICE: This electronic mail message and any files transmitted with it 
> are intended exclusively for the individual or entity to which it is 
> addressed. The message, together with any attachment, may contain 
> confidential and/or privileged information.
> Any unauthorized review, use, printing, saving, copying, disclosure or 
> distribution is strictly prohibited. If you have received this message 
> in error, please immediately advise the sender by reply email and 
> delete all copies.
>
>
> ____________________________________________________________________
> WiX Toolset Users Mailing List provided by FireGiant 
> http://www.firegiant.com/
>

____________________________________________________________________
WiX Toolset Users Mailing List provided by FireGiant http://www.firegiant.com/
--
Scanned by Total Defense Email Cloud Security http://cloud.totaldefense.com


More information about the wix-users mailing list