Automatic account creation is now enabled. Captcha authentication required for account creation and editing unless you are trusted here.
Certificates and WiX
From WiX Wiki at MindCapers
Contents |
Certificates in WiX v3
<Certificate> isn't just for SSL certificates any longer. It's just stuck in the IIS extension because that's where it came from... it'll install normal certificates just fine. I do it all the time in Windows Marketplace.
If you need to install certificates, WiX has the <iis:Certificate> element.
Here is an example of wxs file:
<Wix xmlns="http://schemas.microsoft.com/wix/2006/wi" xmlns:iis="http://schemas.microsoft.com/wix/IIsExtension"> <Module ... <Directory Id="TARGETDIR" Name="SourceDir"> ... <Component Id="RootCertificate" Guid=""> <iis:Certificate Id="Certificate.RootCA" Name="Root certificate" Request="no" StoreLocation="localMachine" StoreName="root" Overwrite="no" BinaryKey="RootCA" /> </Component> ... </Directory> <Binary Id="RootCA" SourceFile="$(var.TargetDir)\RootCA.cer" /> ... </Module> </Wix>
Explanations:
- First you should add http://schemas.microsoft.com/wix/IIsExtension namespace to root element because <iis:Certificate> element is a part of IIS Extension.
- <iis:Certificate> element should be nested in <Component>. Component’s Guid attribute leaved blank in order to create component which will not being uninstalled. Certainly you can put valid Guid there but be careful! Such a way can cause errors. Suppose you have more than one distributive installs same certificate. If you install all of them and than uninstall one this will remove the certificate from certificates storage. Think leaving certificate in certificates storage even after product is uninstalled is less error prone approach.
- Name of certificate is required attribute. Any string is acceptable.
- BinaryKey attribute references to an Id of Binary element.
- SourceFile attribute of <Binary> element references to file with certificate (where to take it in order to put into distributive)
The script above only installs certificate to certificates storage but do not install certificate as a file. If you want installer to put the file with certificate into target directory use File element (as for any other files).
Assemblies and Certificates
Here is the process for installing an assembly and certificate using Visual Studio 2005. Some steps may have to be addapted depending on the environment.
Create a Key
First you have to create a key if you don't have one already:
makecert -n "CN=<CompanyName>" -sv <PVKFile.pvk> <CertificateFile.cer> -len 2048 -r pvk2pfx.exe -pvk <PVKFile.pvk> -spc <CertificateFile.cer> -pfx <PFXFile.pfx> [-po Password] pktextract <CertificateFile.cer>
The password, if any, will be the one you enter for the first step. The last step generates the public key token you'll be needing later.
Create a Manifest File
You'll need a manifest file, you can write it yourself or take the easy way out by compiling the project once after going to project properties and selecting General->Manifest. Set the Assembly Identity to:
<DllName>, type=win32, version=<VersionNumber>, processorArchitecture=X86, publicKeyToken=<PublicKeyToken>
- DllName is the name without the extension
- VersionNumber is of the form 1.2.3.4
- PublicKeyToken is the one you got from pktextract
Ensure that you have "Embed Manifest" under "Input and Output" set to no for this first time.
Depending on the compiler you're using you may need to edit the resulting manifest file and add the line
<file name="dllFile.dll" hash="0000000000000000000000000000000000000000" hashalg="SHA1"/>
before any dependency elements. The file name is the final name of the file, with the extension. The value of the hash bit is unimportant because it will be overwritten later. You can save the resulting manifest file and reuse it for the following steps multiple times as long as none of the fundamental values change (file name, version number, encryption key, etc.).
You then run
mt.exe -manifest <dllFile.dll.manifest> -hashupdate -makecdfs
which updates the hash value and creates a cdf ffile. Next you run:
makecat -v <dllFile.dll.manifest.cdf>
to create the cat file. Finally you run:
signtool sign /f <PFXFile.pfx> [/p password] /t http://timestamp.verisign.com/scripts/timestamp.dll <dllFile.dll.cat>
to sign the catalog file using the key.
Now the wix bit, which I had a lot of trouble with and sent a couple messages to the list about without resulting in much progress. Once I figured out what the missiing bits were however it turned out to be pretty simple:
<Component Id="DllComponent" Guid="MYGUID-#############">
<File Id="ManFile"
Name="dllFile.man"
LongName="dllFile.dll.manifest"
src="Path\dllFile.dll.manifest"
Vital="yes"
DiskId="1">
</File>
<File Id="CatFile"
Name="dllFile.cat"
LongName="dllFile.dll.cat"
src="Path\dllFile.dll.cat"
Vital="yes"
DiskId="1">
</File>
<File Id="DllFile"
Name="dllFile.dll"
LongName="dllFile.dll"
KeyPath="yes"
src="Path\dllFile.dll"
Vital="yes"
DiskId="1"
Assembly="win32"
AssemblyManifest="ManFile">
</File>
</Component>
And of course finally once you've installed your new assembly you need to reference it in any other projects that will be using it by going to Project Options->Linker->Manifest File->Additional Manifest Dependencies and adding
type='win32' name='<DllName>' version='<VersionNumber>' processorArchitecture='X86' publicKeyToken='<PublicKeyToken>' language='*'
