Freitag, 22. Februar 2013

BURN #02: How to sign the msi packages and the Bootstrapper

Some examples on conditions, how to change the installer GUI, and signing the packages.

http://neilsleightholm.blogspot.de/2012/05/wix-burn-tipstricks.html

About signing:
I created several .wixproj files for msbuild compilation. But to get signing to work, i had to do the following (this is probably just one way to do it):

Wix projects by default call a wix.targets task, which has many msbuild tasks for building the msi/merge modules, whatever with the installed wix version. It also holds an abstract task which you can redefine/redirect to sign you stuff.

To sign msi and cab packages:
<Target Name="SignCabs">
  <Exec Command="$(signToolCall) &quot;%(SignCabs.FullPath)&quot;" />
 </Target>
 
 <Target Name="SignMsi">
  <Exec Command="$(signToolCall) &quot;%(SignMsi.FullPath)&quot;" />
 </Target>

To sign BURN bootstrapper:
<Target Name="SignBundleEngine">
  <Exec Command="$(signToolCall) &quot;@(SignBundleEngine)&quot;" />
 </Target>
 
 <Target Name="SignBundle" >
  <Exec Command="$(signToolCall) &quot;@(SignBundle)&quot;" />
 </Target>

And most important: each .wixproj file must have a property called (it does not matter in which property group you push that):
<PropertyGroup>
  <!-- this makes wix sign everything it can -->
  <SignOutput>true</SignOutput>
 </PropertyGroup>

To streamline everything, just put this one line into your .wixproj file:
    <Import Project="$(WixTargetsPath)" />
 <!-- the WixTargetsPath line already exists. add your default targets file to your .wixproj targets -->
    <Import Project="..\Default.targets" />

And to round everything up, here's my complete Default.targets file with methods to find the ProgramFiles (x86) directory and the windows installer SDK directory:
  1. <?xml version="1.0" encoding="utf-8"?>
  2. <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  3. <PropertyGroup>
  4. <!--MSBuild 4.0 property-->
  5. <ProgramFiles32>
  6. $(MSBuildProgramFiles32)
  7. </ProgramFiles32>
  8. <!--Use OS env var as a fallback:- 32 bit MSBuild 2.0/3.5 on x64 will use this-->
  9. <ProgramFiles32 Condition=" '' == '$(ProgramFiles32)'">
  10. $(ProgramFiles%28x86%29)
  11. </ProgramFiles32>
  12.  
  13. <!-- Handle MSBuild 2.0/3.5 running in 64 bit mode - neither of the above env vars are available. http://stackoverflow.com/questions/336633
  14. NB this trick (Adding a literal " (x86)" to the 64 bit Program Files path) may or may not work on all versions/locales of Windows -->
  15. <ProgramFiles32 Condition ="'$(ProgramFiles32)'=='' AND 'AMD64' == '$(PROCESSOR_ARCHITECTURE)'">
  16. $(ProgramFiles) (x86)
  17. </ProgramFiles32>
  18.  
  19. <!--Catch-all - handles .NET 2.0/3.5 non-AMD64 and .NET 2.0 on x86 -->
  20. <ProgramFiles32 Condition=" '' == '$(ProgramFiles32)' ">
  21. $(ProgramFiles)
  22. </ProgramFiles32>
  23.  
  24. <!-- some important directories -->
  25. <ProductsDir Condition=" '$(ProductsDir)' == '' ">
  26. $(MSBuildThisFileDirectory)..\Products\
  27. </ProductsDir>
  28. <msiDir>
  29. "$(ProgramFiles32)\Microsoft SDKs\Windows\v7.0A\bin\"
  30. </msiDir>
  31. <!-- signtool configuration -->
  32. <signTool>
  33. $(msiDir)signtool.exe
  34. </signTool>
  35. <timeStampServer>
  36. http://timestamp.verisign.com/scripts/timestamp.dll
  37. </timeStampServer>
  38. <signKey>
  39. "$(ProductsDir)your_key_file.pfx"
  40. </signKey>
  41. <uniformResourceLocator>
  42. www.your_web_adress.com
  43. </uniformResourceLocator>
  44. <signToolCall>
  45. $(signtool) sign /f $(signKey) /p smokey11 /du $(uniformResourceLocator) /t $(timeStampServer)
  46. </signToolCall>
  47. </PropertyGroup>
  48.  
  49. <PropertyGroup>
  50. <!-- this makes wix sign everything it can -->
  51. <SignOutput>true</SignOutput>
  52. </PropertyGroup>
  53. <Target Name="SignCabs">
  54. <Exec Command="$(signToolCall) &quot;%(SignCabs.FullPath)&quot;" />
  55. </Target>
  56. <Target Name="SignMsi">
  57. <Exec Command="$(signToolCall) &quot;%(SignMsi.FullPath)&quot;" />
  58. </Target>
  59. <Target Name="SignBundleEngine">
  60. <Exec Command="$(signToolCall) &quot;@(SignBundleEngine)&quot;" />
  61. </Target>
  62. <Target Name="SignBundle" >
  63. <Exec Command="$(signToolCall) &quot;@(SignBundle)&quot;" />
  64. </Target>
  65. </Project>

1 Kommentar: