[wix-users] Change Temp folder used during build

Hoover, Jacob Jacob.Hoover at greenheck.com
Mon Jan 9 10:24:48 PST 2017 

I was trying a MSI and using the Win10 SDK.  Doesn't work.  An EXE/DLL works without issue, but not a MSI.  Bonus points, if you try to sign on Win7 w/ a SHA256 signtool crashes.

8.1 SDK still says: 
SignTool Error: Multiple signature support is not implemented for this filetype.
SignTool Error: An error occurred while attempting to sign: basicproduct.msi

Ref: http://stackoverflow.com/questions/35223147/how-to-setup-signtool-with-sha256-on-windows-7

Note  You can only use SignTool to sign your Windows Store app packages on Windows 8 and later or Windows Server 2012 and later. You can't use SignTool to sign app packages on down level operating systems such as Windows 7 or Windows Server 2008 R2.

-----Original Message-----
From: wix-users [mailto:wix-users-bounces at lists.wixtoolset.org] On Behalf Of John Cooper
Sent: Monday, January 09, 2017 12:11 PM
To: WiX Toolset Users Mailing List <wix-users at lists.wixtoolset.org>
Subject: Re: [wix-users] Change Temp folder used during build

It can be done with signtool from the 8.1 SDK or later.

https://knowledge.symantec.com/support/partner/index?page=content&id=INFO2274&pmv=print&actp=PRINT 

--
John Merryweather Cooper
Senior Software Engineer -- Integration Development Group -- Enterprise Notification Service Jack Henry & Associates, Inc.® | Lenexa, KS  66214 | Office:  913-341-3434x431050 JoCooper at jackhenry.com





-----Original Message-----
From: wix-users [mailto:wix-users-bounces at lists.wixtoolset.org] On Behalf Of Hoover, Jacob
Sent: Monday, January 9, 2017 10:31 AM
To: WiX Toolset Users Mailing List <wix-users at lists.wixtoolset.org>
Subject: Re: [wix-users] Change Temp folder used during build

The e-mail below is from an external source.  Please do not open attachments or click links from an unknown or suspicious origin.

For what it's worth, SignTool does NOT support dual signing MSI's so my SignMsi target previously posted was bad.  You'd have to modify the command to either just use SHA1, or just use SHA256.

-----Original Message-----
From: wix-users [mailto:wix-users-bounces at lists.wixtoolset.org] On Behalf Of Bob Arnson
Sent: Friday, January 06, 2017 9:05 AM
To: WiX Toolset Users Mailing List <wix-users at lists.wixtoolset.org>
Subject: Re: [wix-users] Change Temp folder used during build

You'd need to ask the MSBuild team.

-----Original Message-----
From: wix-users [mailto:wix-users-bounces at lists.wixtoolset.org] On Behalf Of Brian Enderle
Sent: Friday, 6 January, 2017 08:14
To: WiX Toolset Users Mailing List <wix-users at lists.wixtoolset.org>
Subject: Re: [wix-users] Change Temp folder used during build

I appreciate the optional solutions but these seem a bit cumbersome compared to what we have now on about a dozen projects.

So back to my original question, can the output path be changed?

Brian

If you can't explain it simply, you don't understand it well enough.  - Albert Einstein

On Thu, Jan 5, 2017 at 3:37 PM, Hoover, Jacob <Jacob.Hoover at greenheck.com>
wrote:

> You can sign whatever you'd like to that the tool supports, however 
> this is a WIX users group so my answers were WIX specific.
>
> I wouldn't generate a bat file for signing, but rather integrate it 
> directly into the project for the binary in question.  Ex:  if you 
> have a *.csproj generating an EXE, then add an afterbuild target and 
> use the same general logic in my targets, but use the appropriate 
> property for the output file for that project. (Probably want to make 
> the Exec calls conditional, assuming you only want them to happen on 
> your build server in a release build.)
>
> -----Original Message-----
> From: wix-users [mailto:wix-users-bounces at lists.wixtoolset.org] On 
> Behalf Of John Cooper
> Sent: Thursday, January 05, 2017 1:46 PM
> To: WiX Toolset Users Mailing List <wix-users at lists.wixtoolset.org>
> Subject: Re: [wix-users] Change Temp folder used during build
>
> Yes.  By writing an MSBuild task, you can generalize SignTool to sign 
> anything supported by that version.  That is how we sign.  I am 
> currently modifying my task to optionally receive the PFX and password 
> from a secure server.
>
> --
> John Merryweather Cooper
> Senior Software Engineer -- Integration Development Group -- 
> Enterprise Notification Service Jack Henry & Associates, Inc.® | 
> Lenexa, KS  66214 |
> Office:  913-341-3434x431050 JoCooper at jackhenry.com
>
>
>
>
> -----Original Message-----
> From: wix-users [mailto:wix-users-bounces at lists.wixtoolset.org] On 
> Behalf Of Brian Enderle
> Sent: Thursday, January 5, 2017 1:33 PM
> To: WiX Toolset Users Mailing List <wix-users at lists.wixtoolset.org>
> Subject: Re: [wix-users] Change Temp folder used during build
>
> The e-mail below is from an external source.  Please do not open 
> attachments or click links from an unknown or suspicious origin.
>
> From what I can find on using the method you outlined, I can sign the 
> CABS and/or sign the MSI.  Is there a way to sign my DLLs and EXE (the 
> program's EXE, not the installer's EXE) included in the project (which 
> is what the SignItAll.bat is doing)?
>
> Brian
>
> Brian
>
> If you can't explain it simply, you don't understand it well enough.  
> - Albert Einstein
>
> On Thu, Jan 5, 2017 at 1:02 PM, Hoover, Jacob 
> <Jacob.Hoover at greenheck.com>
> wrote:
>
> > Why are you using a batch file to sign?  What does your build event 
> > look like?  Have you tried using the provided signing events Wix 
> > already sources for you?
> >
> > Ex:
> >   <Target Name="SignCabs" DependsOnTargets="UsesSignTool">
> >     <Exec Command=""$(SignToolPath)" sign /t 
> > http://timestamp.digicert.com /sha1 $(Sha1) /a
> "%(SignCabs.FullPath)""
> > />
> >     <Exec Command=""$(SignToolPath)" sign /tr 
> > http://timestamp.digicert.com /td sha256 /fd sha256 /as /sha1
> > $(Sha256) /a "%(SignCabs.FullPath)"" />
> >   </Target>
> >
> >   <Target Name="SignMsi" DependsOnTargets="UsesSignTool">
> >     <Exec Command=""$(SignToolPath)" sign /t 
> > http://timestamp.digicert.com /sha1 $(Sha1) /a
> "%(SignMsi.FullPath)""
> > />
> >     <Exec Command=""$(SignToolPath)" sign /tr 
> > http://timestamp.digicert.com /td sha256 /fd sha256 /as /sha1
> > $(Sha256) /a "%(SignMsi.FullPath)"" />
> >   </Target>
> >
> > Don't forget to define: <SignOutput>true</SignOutput> in your WixProj.
> > Also I didn't include UsesSignTool because mine isn't clean, but al 
> > it is doing is setting the SignToolPath.
> >
> > -----Original Message-----
> > From: wix-users [mailto:wix-users-bounces at lists.wixtoolset.org] On 
> > Behalf Of Brian Enderle
> > Sent: Thursday, January 05, 2017 8:52 AM
> > To: WiX Users <wix-users at lists.wixtoolset.org>
> > Subject: [wix-users] Change Temp folder used during build
> >
> > When I build a WiX project in Visual Studio 2015 that has a 
> > pre-build or post-build event, AVG is identifying these events as suspicious.
> > This requires that I manually tell AVG to allow this operation each 
> > time I build the project.
> >
> > As I investigated the issue, I found that the WiX build event is 
> > converted to a file in C:\Users\<username>\AppData\Local named
> "tmp*.exec.cmd"
> > where '*' appears to be a random GUID that changes with each build 
> > (i.e.,
> > tmpe64b16a499eb4d85ab32156b25079ed5.exec.cmd)  This GUID doesn't 
> > appear to be associated with any GUID in the WiX project that I can find.
> >
> > The file contents look like this:
> >
> >
> > setlocal
> > set errorlevel=dummy
> > set errorlevel=
> > "D:\Projects\<MyProjectFolder>\<MyProjectWiXFolder>\SignItAll.bat"
> > "D:\Projects\<MyProjectFolder>\"
> > exit %errorlevel%
> >
> >
> > SignItAll.bat is a batch file that signs the files in the MSI with 
> > our credentails.
> >
> >
> > AVG provides a mechanism to ignore files run from a particular 
> > directory but obviously I don't want to add 
> > C:\Users\<username>\AppData\Local.  Is there a way I can tell WiX to 
> > output these files to a custom folder (i.e., 
> > C:\Users\<username>\AppData\
> Local\WiX).
> >
> > If anyone has found a different solution to this problem, I am open 
> > to alternative options.
> >
> >
> > Brian
> >
> > If you can't explain it simply, you don't understand it well enough.
> > - Albert Einstein
> >
> > ____________________________________________________________________
> > WiX Toolset Users Mailing List provided by FireGiant 
> > http://www.firegiant.com/
> >
> > ____________________________________________________________________
> > WiX Toolset Users Mailing List provided by FireGiant 
> > http://www.firegiant.com/
> >
>
> ____________________________________________________________________
> WiX Toolset Users Mailing List provided by FireGiant 
> http://www.firegiant.com/
>
> NOTICE: This electronic mail message and any files transmitted with it 
> are intended exclusively for the individual or entity to which it is addressed.
> The message, together with any attachment, may contain confidential 
> and/or privileged information.
> Any unauthorized review, use, printing, saving, copying, disclosure or 
> distribution is strictly prohibited. If you have received this message 
> in error, please immediately advise the sender by reply email and 
> delete all copies.
>
>
> ____________________________________________________________________
> WiX Toolset Users Mailing List provided by FireGiant 
> http://www.firegiant.com/
>
> ____________________________________________________________________
> WiX Toolset Users Mailing List provided by FireGiant 
> http://www.firegiant.com/
>

____________________________________________________________________
WiX Toolset Users Mailing List provided by FireGiant http://www.firegiant.com/

____________________________________________________________________
WiX Toolset Users Mailing List provided by FireGiant http://www.firegiant.com/

____________________________________________________________________
WiX Toolset Users Mailing List provided by FireGiant http://www.firegiant.com/
NOTICE: This electronic mail message and any files transmitted with it are intended exclusively for the individual or entity to which it is addressed. The message, together with any attachment, may contain confidential and/or privileged information.
Any unauthorized review, use, printing, saving, copying, disclosure or distribution is strictly prohibited. If you have received this message in error, please immediately advise the sender by reply email and delete all copies.

____________________________________________________________________
WiX Toolset Users Mailing List provided by FireGiant http://www.firegiant.com/

More information about the wix-users mailing list