My experience is that you really want your private key under lock and key. I heard the room with the private key at MSFT had a hand print reader. Even the WiX toolset submits our binaries off to a signing service to get signed. Never saw two organizations implement signing the same way. <sigh/>
-----Original Message----- From: John Ludlow [mailto:john.ludlow...@gmail.com] Sent: Monday, December 2, 2013 10:09 AM To: General discussion about the WiX toolset. Subject: Re: [WiX-users] Signing bundles - changes needed to each bundle wixproj I suppose that's a good point, Rob - there's lots of ways to sign stuff. We tend to go to the signtool method (actually a specific version of signtool for reasons I can't remember) and I kind of figured that would be the (ahem) generically preferred method of signing things that WiX cares about. Anyway, thanks for your help. On 2 December 2013 17:59, Rob Mensching <r...@robmensching.com> wrote: > Ditto. > > And if you come up with a way to set these targets by default > correctly for the multitude of ways for signing binaries, we'd love to > discuss it on wix-devs. > > -----Original Message----- > From: Blair Murri [mailto:os...@live.com] > Sent: Monday, December 2, 2013 9:53 AM > To: General discussion for Windows Installer XML toolset. > Subject: Re: [WiX-users] Signing bundles - changes needed to each > bundle wixproj > > I don't believe there's a preference to one over the other. Each has > its own costs and risks. Whichever works better in your environment. > MSBuild is flexible in that regard. (What I do with my clients tends > to vary based on the client's needs and customs). > > > > > > > -Blair > > > > > > From: John Ludlow > Sent: Monday, December 02, 2013 9:49 AM > To: General discussion for Windows Installer XML toolset. > > > > > > I see - that was the impression I got from the documentation, but I > tend to prefer to stay out of those because any changes to the > .wixprojs are relatively hidden, and we'd have to do the change for > each bundle .wixproj (and probably each MSI .wixproj). Given the > hidden nature, it's easy to forget (and more than a little cumbersome to > implement each change). > > We could partially solve this using tools to mandate that this change > was done before checkin, but we'd have to write a check for that tool. > It's not difficult, but if we don't need to do it then we'd rather > not. Similarly, we could write tools to auto-fix this - again, not > difficult, but if we don't need to do it then we'd rather not. > > Ideally, however, the wix targets that come out of the box would have > this already. > > I was wondering whether there's a reason why editing the .wixproj is > preferred over CustomAfterWixTargets. If Visual Studio did a better > job of exposing the underlying msbuild code then I'd just tweak the > .msbuild file, but given how cumbersome it is, I'd rather avoid this if I can > help it. > > > > > On 2 December 2013 16:52, Rob Mensching <r...@robmensching.com> wrote: > > > You could do that. I tend to add an explicit .props/.targets file to > > the .wixprojs myself but you have options with MSBuild. > > > > Documentation improvements are always appreciated. > > > > -----Original Message----- > > From: John Ludlow [mailto:john.ludlow...@gmail.com] > > Sent: Monday, December 2, 2013 8:07 AM > > To: General discussion about the WiX toolset. > > Subject: Re: [WiX-users] Signing bundles - changes needed to each > > bundle wixproj > > > > Hi Rob, > > > > How would this be invoked from the build? Your message prompted some > > digging, and I found CustomAfterWixTargets. Would you recommend > > setting this to the path to my own msbuild .targets file, and > > providing the SignXXX targets in there? > > > > I tried this and it seemed to work. > > > > If this is best practice, it would be worth updating the > > documentation to this effect. > > > > > > On 2 December 2013 14:52, Rob Mensching <r...@robmensching.com> wrote: > > > > > Generally, I've seen people use the instructions to check the WiX > > > toolset into their build process and provide a standard > > > .props/.targets file for encapsulating all the custom logic for > > > their > > build. > > > > > > -----Original Message----- > > > From: John Ludlow [mailto:john.ludlow...@gmail.com] > > > Sent: Monday, December 2, 2013 4:23 AM > > > To: General discussion for Windows Installer XML toolset. > > > Subject: [WiX-users] Signing bundles - changes needed to each > > > bundle wixproj > > > > > > Hi, > > > > > > We're writing an installer using a bundle to chain two MSIs together. > > > The bundle should be signed (we generally sign installers and EXEs > > > and > > DLLs). > > > Currently, we're using WiX 3.6 (we currently use Visual Studio > > > 2008, and > > > 3.7 didn't support that version of Visual Studio). > > > > > > We've discovered the 0x80004005 error described here: > > > > > > http://windows-installer-xml-wix-toolset.687559.n2.nabble.com/Wix- > > > 3- > > > 7- > > > Burn-error-0x80004005-Failed-to-extract-all-files-from-container-t > > > d7 > > > 58 > > > 7152.html > > > > > > However, the fix for this seems to be to tweak the project files. > > > This is not a preferred solution for us, as over the next year we > > > will be creating a significant number of these as we adopt this > > > technology for some of our existing installers. Since any tweaks > > > to the projects are hidden (they require right clicking the > > > project, choosing Edit... and effectively unloading the project > > > from the solution). We'd have to remember to do that each time we > > > create a bundle, and I'd rather not > > have that point of failure. > > > > > > I'm planning on using insignia.exe to extract engine.exe, sign it > > > and then import it. However, it's been suggested this is also less > > > than ideal (though it's better than having to remember to tweak a > > > project > > file). > > > > > > I was wondering whether this is improved in later versions of WiX. > > > I imagine it would be pretty simple for WiX to include this > > > functionality in the default .wixproj project template, meaning we > > > don't have to remember to do it ourselves. If this is the case, > > > would > > this also support timestamping? > > > > > > Or are there any other inventive solutions for solving this issue? > > > > > > Thanks > > > > > > John > > > > > > ------------------------------------------------------------------ > > > -- > > > -- > > > -------- Rapidly troubleshoot problems before they affect your > > > business. Most IT organizations don't have a clear picture of how > > > application performance affects their revenue. With AppDynamics, > > > you get 100% visibility into your Java,.NET, & PHP application. > > > Start your 15-day FREE TRIAL of AppDynamics Pro! > > > http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/os > > > tg .c lktrk _______________________________________________ > > > WiX-users mailing list > > > WiX-users@lists.sourceforge.net > > > https://lists.sourceforge.net/lists/listinfo/wix-users > > > > > > > > > > > > ------------------------------------------------------------------ > > > -- > > > -- > > > -------- Rapidly troubleshoot problems before they affect your > > > business. Most IT organizations don't have a clear picture of how > > > application performance affects their revenue. With AppDynamics, > > > you get 100% visibility into your Java,.NET, & PHP application. > > > Start your 15-day FREE TRIAL of AppDynamics Pro! > > > http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/os > > > tg .c lktrk _______________________________________________ > > > WiX-users mailing list > > > WiX-users@lists.sourceforge.net > > > https://lists.sourceforge.net/lists/listinfo/wix-users > > > > > > > -------------------------------------------------------------------- > > -- > > -------- Rapidly troubleshoot problems before they affect your > > business. Most IT organizations don't have a clear picture of how > > application performance affects their revenue. With AppDynamics, you > > get 100% visibility into your Java,.NET, & PHP application. Start > > your 15-day FREE TRIAL of AppDynamics Pro! > > http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg > > .c lktrk _______________________________________________ > > WiX-users mailing list > > WiX-users@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/wix-users > > > > > > > > -------------------------------------------------------------------- > > -- > > -------- Rapidly troubleshoot problems before they affect your > > business. Most IT organizations don't have a clear picture of how > > application performance affects their revenue. With AppDynamics, you > > get 100% visibility into your Java,.NET, & PHP application. Start > > your 15-day FREE TRIAL of AppDynamics Pro! > > http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg > > .c lktrk _______________________________________________ > > WiX-users mailing list > > WiX-users@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/wix-users > > > > ---------------------------------------------------------------------- > -------- Rapidly troubleshoot problems before they affect your > business. Most IT organizations don't have a clear picture of how > application performance affects their revenue. With AppDynamics, you > get 100% visibility into your Java,.NET, & PHP application. Start your > 15-day FREE TRIAL of AppDynamics Pro! > http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg.c > lktrk _______________________________________________ > WiX-users mailing list > WiX-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/wix-users > > ---------------------------------------------------------------------- > -------- Rapidly troubleshoot problems before they affect your > business. Most IT organizations don't have a clear picture of how > application performance affects their revenue. With AppDynamics, you > get 100% visibility into your Java,.NET, & PHP application. Start your > 15-day FREE TRIAL of AppDynamics Pro! > http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg.c > lktrk _______________________________________________ > WiX-users mailing list > WiX-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/wix-users > > ---------------------------------------------------------------------- > -------- Rapidly troubleshoot problems before they affect your > business. Most IT organizations don't have a clear picture of how > application performance affects their revenue. With AppDynamics, you > get 100% visibility into your Java,.NET, & PHP application. Start your > 15-day FREE TRIAL of AppDynamics Pro! > http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg.c > lktrk _______________________________________________ > WiX-users mailing list > WiX-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/wix-users > ------------------------------------------------------------------------------ Rapidly troubleshoot problems before they affect your business. Most IT organizations don't have a clear picture of how application performance affects their revenue. With AppDynamics, you get 100% visibility into your Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro! http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg.clktrk _______________________________________________ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users ------------------------------------------------------------------------------ Rapidly troubleshoot problems before they affect your business. Most IT organizations don't have a clear picture of how application performance affects their revenue. With AppDynamics, you get 100% visibility into your Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro! http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg.clktrk _______________________________________________ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users
