Hi, I haven't started using burn yet - but I'd like to - and signing will be an issue for us. At the moment, I hand an unsigned MSI over to the release manager for signing. He is the only person with access to the certificate. Can we still do this with burn? From what I've seen of this discussion so far, I must sign as part of the build process - something that will cause us a bit of an issue. Is that right?
-Nick -----Original Message----- From: Peter Hull [mailto:peterhul...@hotmail.com] Sent: 12 January 2012 08:58 To: WiX Users Subject: Re: [WiX-users] Signing the burn bootstrapper To sign the bundle and bundle engine you need to add the following to your .wixproj: Add <SignOutput>true</SignOutput> to a PropertyGroup Implement the targets like this: <Target Name="SignBundleEngine"> <SignFile TimestampUrl="..." CertificateThumbprint="..." SigningTarget="@(SignBundleEngine)" /> </Target> <Target Name="SignBundle" > <SignFile TimestampUrl="..." CertificateThumbprint="..." SigningTarget="@(SignBundle)" /> </Target> You need to put these _after_ the <Import Project="$(WixTargetsPath)" /> Alternatively you can use <Exec Command='signtool.exe sign ..."' /> for more control. There is also a <SignContainers> target but I don't know quite what it does. When buiding MSIs, to sign them you need to implement <Target Name="SignMsi"> If you have external CABs then also implement <Target Name="SignCabs"> The things you need to sign are in an itemgroup with the same name as the target (e.g. @(SignMsi)) Note that you can't use the SignFile task for this, as it will only sign exes and dlls. You have to use <Exec Command="signtool sign ..." /> Hope that helps, Pete ------------------------------------------------------------------------------ RSA(R) Conference 2012 Mar 27 - Feb 2 Save $400 by Jan. 27 Register now! http://p.sf.net/sfu/rsa-sfdev2dev2 _______________________________________________ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users
