http://neilsleightholm.blogspot.de/2012/05/wix-burn-tipstricks.html
About signing:
I created several .wixproj files for msbuild compilation. But to get signing to work, i had to do the following (this is probably just one way to do it):
Wix projects by default call a wix.targets task, which has many msbuild tasks for building the msi/merge modules, whatever with the installed wix version. It also holds an abstract task which you can redefine/redirect to sign you stuff.
To sign msi and cab packages:
<Target Name="SignCabs"> <Exec Command="$(signToolCall) "%(SignCabs.FullPath)"" /> </Target> <Target Name="SignMsi"> <Exec Command="$(signToolCall) "%(SignMsi.FullPath)"" /> </Target>
To sign BURN bootstrapper:
<Target Name="SignBundleEngine"> <Exec Command="$(signToolCall) "@(SignBundleEngine)"" /> </Target> <Target Name="SignBundle" > <Exec Command="$(signToolCall) "@(SignBundle)"" /> </Target>
And most important: each .wixproj file must have a property called (it does not matter in which property group you push that):
<PropertyGroup> <!-- this makes wix sign everything it can --> <SignOutput>true</SignOutput> </PropertyGroup>
To streamline everything, just put this one line into your .wixproj file:
<Import Project="$(WixTargetsPath)" />
<!-- the WixTargetsPath line already exists. add your default targets file to your .wixproj targets -->
<Import Project="..\Default.targets" />
And to round everything up, here's my complete Default.targets file with methods to find the ProgramFiles (x86) directory and the windows installer SDK directory:
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<PropertyGroup>
<!--MSBuild 4.0 property-->
<ProgramFiles32>
$(MSBuildProgramFiles32)
</ProgramFiles32>
<!--Use OS env var as a fallback:- 32 bit MSBuild 2.0/3.5 on x64 will use this-->
<ProgramFiles32 Condition=" '' == '$(ProgramFiles32)'">
$(ProgramFiles%28x86%29)
</ProgramFiles32>
<!-- Handle MSBuild 2.0/3.5 running in 64 bit mode - neither of the above env vars are available. http://stackoverflow.com/questions/336633
NB this trick (Adding a literal " (x86)" to the 64 bit Program Files path) may or may not work on all versions/locales of Windows -->
<ProgramFiles32 Condition ="'$(ProgramFiles32)'=='' AND 'AMD64' == '$(PROCESSOR_ARCHITECTURE)'">
$(ProgramFiles) (x86)
</ProgramFiles32>
<!--Catch-all - handles .NET 2.0/3.5 non-AMD64 and .NET 2.0 on x86 -->
<ProgramFiles32 Condition=" '' == '$(ProgramFiles32)' ">
$(ProgramFiles)
</ProgramFiles32>
<!-- some important directories -->
<ProductsDir Condition=" '$(ProductsDir)' == '' ">
$(MSBuildThisFileDirectory)..\Products\
</ProductsDir>
<msiDir>
"$(ProgramFiles32)\Microsoft SDKs\Windows\v7.0A\bin\"
</msiDir>
<!-- signtool configuration -->
<signTool>
$(msiDir)signtool.exe
</signTool>
<timeStampServer>
http://timestamp.verisign.com/scripts/timestamp.dll
</timeStampServer>
<signKey>
"$(ProductsDir)your_key_file.pfx"
</signKey>
<uniformResourceLocator>
www.your_web_adress.com
</uniformResourceLocator>
<signToolCall>
$(signtool) sign /f $(signKey) /p smokey11 /du $(uniformResourceLocator) /t $(timeStampServer)
</signToolCall>
</PropertyGroup>
<PropertyGroup>
<!-- this makes wix sign everything it can -->
<SignOutput>true</SignOutput>
</PropertyGroup>
<Target Name="SignCabs">
<Exec Command="$(signToolCall) "%(SignCabs.FullPath)"" />
</Target>
<Target Name="SignMsi">
<Exec Command="$(signToolCall) "%(SignMsi.FullPath)"" />
</Target>
<Target Name="SignBundleEngine">
<Exec Command="$(signToolCall) "@(SignBundleEngine)"" />
</Target>
<Target Name="SignBundle" >
<Exec Command="$(signToolCall) "@(SignBundle)"" />
</Target>
</Project>
Hey Jakob, thank you so much for that post. It just made my day ;-)
AntwortenLöschen