1

I'm trying to code sign a Wix installer package that was developed by another company (I have limited knowledge of Wix).

As a proof of concept piece of work we did I signed the MSIs and EXE using WixSharp.DigitalSignature as below, which seemed to work with a self signed certificate

project.DigitalSignature = new DigitalSignature()
   {
      PfxFilePath = Resources.CertificateUri,
      HashAlgorithm = HashAlgorithmType.sha256,
      Description = Resources.BootstrapperProject,
      TimeUrls = new System.Collections.Generic.List<Uri>() { new Uri("http://timestamp.digicert.com") }
   };

But now the time has come to implement with a proper certificate from GlobalSign it seems the above option isn't now possible as we now have to store the certificate in Azure Key Vault.

We have tried signing the MSIs and EXEs with AzureSignTool through the pipelines but when running the installer I'm always getting the error "0x80070001 - Incorrect function".

The log file outputs the below information:

[0ADC:1034][2021-12-21T11:00:53]i320: Registering bundle dependency provider: {0315ab7d-04da-4a77-8536-fa0e0211c531}, version: 1.0.0.124
[0ADC:1034][2021-12-21T11:00:53]i371: Updating session, registration key: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0315ab7d-04da-4a77-8536-fa0e0211c531}, resume: Active, restart initiated: No, disable resume: No
[1710:10C8][2021-12-21T11:00:53]i336: Acquiring container: WixAttachedContainer, copy from: C:\Users\Administrator\Desktop\DigiView Installer.exe
[1710:10C8][2021-12-21T11:00:58]i000: Setting string variable 'WixBundleLastUsedSource' to value 'C:\Users\Administrator\Desktop\'
[1710:1720][2021-12-21T11:00:58]e000: Error 0x80070001: Failed to extract all files from container, erf: 1:2:0
[1710:10C8][2021-12-21T11:00:58]e000: Error 0x80070001: Failed to wait for operation complete.
[1710:10C8][2021-12-21T11:00:58]e000: Error 0x80070001: Failed to open container.
[1710:10C8][2021-12-21T11:00:58]e000: Error 0x80070001: Failed to open container: WixAttachedContainer.
[1710:10C8][2021-12-21T11:00:58]e312: Failed to extract payloads from container: WixAttachedContainer to working path: C:\Users\ADMINI~1\AppData\Local\Temp\2\{4D72E5B3-50AB-4B5D-BD93-BC559386F434}\5A4A1D973A87D89730BC20C9B805B7A384EF1383, error: 0x80070001.
[1710:0F88][2021-12-21T11:00:59]e000: Error 0x80070001: Failed while caching, aborting execution.

There is very limited information online about this scenario, does anyone have a way forward for the particular problem I'm facing? Or can point me to some useful resources?

Bob Arnson
  • 21,377
  • 2
  • 40
  • 47
rNewport
  • 36
  • 4
  • @Bob Arnson, the linked question doesn't address the main problem that I am facing. I need to be able to sign my application on a devops pipeline with AzureSignTool using a certificate stored in Azure Key Vault. – rNewport Dec 21 '21 at 15:41
  • Your bundle needs to be signed following those instructions. – Bob Arnson Dec 22 '21 at 00:31
  • I am signing without Azure key valut (using "secure files" feature of the azure pipeline), seem to work flawlessly: https://unmanagedvisio.com/azure-devops-to-build-office-visio-vsto-add-ins There is a link to real yaml file in the article. – Nikolay Dec 22 '21 at 10:53
  • You should be able to sign MSI files using the AzureSignTool, which signs Authenticode-supported files like MSIs; however, Burn bundles require multiple signatures to support its extraction, download, and caching phases which requires the Insignia tool - part of the WiX Toolset. Perhaps this is what Bob was referring to, though I didn't see a link. – Heath Jan 05 '22 at 00:50

0 Answers0