[wix-users] Code Integrity validation triggered at firewall.dll and winca.dll

Edwin Castro egcastr at gmail.com
Wed May 27 12:22:09 PDT 2020


I thought I got wix311-binaries.zip from
https://github.com/wixtoolset/wix3/releases.

I downloaded it and checked again and can confirm WiX v3.11.2 has signed
custom action dlls.

Perhaps I downloaded the wrong version previously.

--
Edwin G. Castro


On Wed, May 27, 2020 at 6:22 AM Bob Arnson <bob at firegiant.com> wrote:

> If you got them from https://github.com/wixtoolset, they're signed.
>
> -----Original Message-----
> From: wix-users <wix-users-bounces at lists.wixtoolset.org> On Behalf Of
> Edwin Castro via wix-users
> Sent: Wednesday, 27 May, 2020 00:33
> To: WiX Toolset Users Mailing List <wix-users at lists.wixtoolset.org>
> Cc: Edwin Castro <egcastr at gmail.com>
> Subject: Re: [wix-users] Code Integrity validation triggered at
> firewall.dll and winca.dll
>
> There is no NugGet for WiX v3 but I'm fairly certain the native ca dlls
> are not signed.
>
> I've decomposed the cab and wixlib for the extension dlls and was able to
> confirm the ca dlls were not signed. Going off memory but I think I found
> their version numbers to be older than I expected.
>
> I had not gotten around to filing a bug yet. I'll see about doing that
> tonight or tomorrow.
>
> --
> Edwin G. Castro
>
> On Tue, May 26, 2020, 21:21 Rob Mensching via wix-users <
> wix-users at lists.wixtoolset.org> wrote:
>
> > There is no NuGet for WiX v3.
> >
> > ---
> > Short replies here. Complete answers here:
> > https://www.firegiant.com/services/
> >
> > -----Original Message-----
> > From: Masato Maeda <Masato.Maeda at microsoft.com>
> > Sent: Tuesday, May 26, 2020 8:58 PM
> > To: WiX Toolset Users Mailing List <wix-users at lists.wixtoolset.org>
> > Cc: Rob Mensching <rob at firegiant.com>
> > Subject: RE: Code Integrity validation triggered at firewall.dll and
> > winca.dll
> >
> > Nuget package is code signed but individual content of nuget such as
> > EXEs and DLLs look like not code signed.
> > If a file is code signed, it should show "Digital Signatures" tab at
> > properties view of the file. For example, firewall.dll and winca.dll
> > are not code signed.
> >
> > Thanks,
> > Masato
> >
> > -----Original Message-----
> > From: wix-users <wix-users-bounces at lists.wixtoolset.org> On Behalf Of
> > Rob Mensching via wix-users
> > Sent: Tuesday, May 26, 2020 8:17 PM
> > To: WiX Toolset Users Mailing List <wix-users at lists.wixtoolset.org>
> > Cc: Rob Mensching <rob at firegiant.com>
> > Subject: [EXTERNAL] Re: [wix-users] Code Integrity validation
> > triggered at firewall.dll and winca.dll
> >
> > Those files are signed in WiX v3.11.2
> >
> > ---
> > Short replies here. Complete answers here:
> > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.
> > firegiant.com%2Fservices%2F&data=02%7C01%7CMasato.Maeda%40microsof
> > t.com%7C45b4e6df42f44ff5033508d801ec6c8b%7C72f988bf86f141af91ab2d7cd01
> > 1db47%7C1%7C0%7C637261462231359029&sdata=8St%2FaHYta9%2BjV7uQ8vnPm
> > zWhcYgYRTAq2OIuKWndfaA%3D&reserved=0
> >
> > -----Original Message-----
> > From: wix-users <wix-users-bounces at lists.wixtoolset.org> On Behalf Of
> > Masato Maeda via wix-users
> > Sent: Tuesday, May 26, 2020 8:14 PM
> > To: wix-users at lists.wixtoolset.org
> > Cc: Masato Maeda <Masato.Maeda at microsoft.com>
> > Subject: [wix-users] Code Integrity validation triggered at
> > firewall.dll and winca.dll
> >
> > Hi,
> >
> > Our team is using Wix Toolset to build MSI. There is high security
> > Microsoft Windows environment with enhanced Code Integrity policy. All
> > deploying binaries must be code signed. This includes temporary DLL
> > that runs during custom action execution. I have signed
> > CustomActionLibrary before and after run MakeSfxCA.exe. But native
> > extension libraries caused integrity error such as firewall.dll and
> > winca.dll. Is there a way to repack them after digitally signed?
> >
> > Thanks,
> > Masato
> >
> >
> >
> > ____________________________________________________________________
> > WiX Toolset Users Mailing List provided by FireGiant
> > https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.f
> > iregiant.com%2F&data=02%7C01%7CMasato.Maeda%40microsoft.com%7C45b4
> > e6df42f44ff5033508d801ec6c8b%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C
> > 0%7C637261462231359029&sdata=QtczUva0IxNBpnhyglNAasY5dRI4fEAkC8HWP
> > %2BfWdHg%3D&reserved=0
> >
> > ____________________________________________________________________
> > WiX Toolset Users Mailing List provided by FireGiant
> > https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.f
> > iregiant.com%2F&data=02%7C01%7CMasato.Maeda%40microsoft.com%7C45b4
> > e6df42f44ff5033508d801ec6c8b%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C
> > 0%7C637261462231369025&sdata=mX2fxT%2F11vsHHT1P0A0PcI9Bk27P6tHgJKQ
> > jFzTgUME%3D&reserved=0
> >
> > ____________________________________________________________________
> > WiX Toolset Users Mailing List provided by FireGiant
> > http://www.firegiant.com/
> >
>
> ____________________________________________________________________
> WiX Toolset Users Mailing List provided by FireGiant
> http://www.firegiant.com/
>



More information about the wix-users mailing list