[wix-users] WiX MSP patching

Александр Соловьев deffill at mail.ru
Thu Nov 2 07:01:16 PDT 2017


Thank you for your reply.
I have the DigitalCertificate tag included. I also have 3 files for my cert: *.cer, *.pfx and *.pvk. Do I get you right that I have to embed a *.cer, but to sign with *.pfx? Do I need to sign the msp or embed anything into it?


>Четверг,  2 ноября 2017, 20:55 +07:00 от "Hoover, Jacob via wix-users" <wix-users at lists.wixtoolset.org>:
>
>In the original MSI one needs to include the public cert via:
>        <PatchCertificates>
>            <DigitalCertificate Id="Foo" SourceFile="..\..\Certs\Foo.cer"/>
>        </PatchCertificates>
>
>Sign the MSI with the matching private key.
>
>When you build your patch, the second MSI it was based off of should also have the above authoring and should also be signed with the same key.
>
>
>With those bits in place LUAPatching should work without admin rights being required, assuming the administrator of the target PC hasn't disabled LUA.
>
>
>https://msdn.microsoft.com/en-us/library/windows/desktop/aa372388%28v=vs.85%29.aspx?f=255&MSPPError=-2147217396
>
>-----Original Message-----
>From: wix-users [mailto:wix-users-bounces at lists.wixtoolset.org] On Behalf Of John via wix-users
>Sent: Thursday, November 2, 2017 8:25 AM
>To: WiX Toolset Users Mailing List < wix-users at lists.wixtoolset.org >
>Cc: John < jzajac2 at gmail.com >
>Subject: Re: [wix-users] WiX MSP patching
>
>“the certificate has to be embedded into the package”? I don’t understand what that means. I’ve always used the cert and signtool to sign the files within the package and the MSI or MSP 
>
>The way I understand windows security here is that the administrator token is required to write to program files folders. You can bypass that by having it trusted ? 
>
>Sent from my iPhone
>
>> On Nov 2, 2017, at 2:23 AM, Александр Соловьев via wix-users < wix-users at lists.wixtoolset.org > wrote:
>> 
>> Greetings.
>> I am trying to create an msp for my msi distribution and seem to get stuck at this point. The goal is to create a patch that can be applied by a non-administrator to an application installed in program files folder. However, I keep getting UAC promt window with credentials input.
>> So far I have got 2 msi packages with different set of features (some removed, some added) and an msp patch built based upon the tutorial at  http://wixtoolset.org/ . The msi are installed properly and the msp applies as expected but only under admin priveleges. As I understand from reading the internet, the msi and msp have to be signed with a certificate. For this purpose I have generated a code-signing sertificate (self-signed for testing purposes) and have signed all the packages with signtool.exe. I've also found that the certificate has to be embedded into the package and still no luck. I even added my root certificate as a known root and the only result I got was UAC widnow color change from yellow to blue. 
>> Having said that I am asking for any help. Could you point out what I am missing and where to go next? 
>> If this is not the place to post this question please take my apologies and point me to the right one.
>> 
>> 
>> 
>> ____________________________________________________________________
>> WiX Toolset Users Mailing List provided by FireGiant  http://www.firegiant.com/
>
>____________________________________________________________________
>WiX Toolset Users Mailing List provided by FireGiant  http://www.firegiant.com/
>
>____________________________________________________________________
>WiX Toolset Users Mailing List provided by FireGiant  http://www.firegiant.com/





More information about the wix-users mailing list