Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Skip the signing step #105

Closed
Nohac opened this issue Feb 18, 2022 · 5 comments
Closed

Skip the signing step #105

Nohac opened this issue Feb 18, 2022 · 5 comments
Assignees
@YehudaKremer
Labels
enhancement New feature or request fixed bug fixed

Comments

@Nohac
Copy link

Nohac commented Feb 18, 2022

💬 Description

Would it be possible to add a feature to skip signing entirely? I'm in a situation where I need to use another tool for signing (not signtool.exe) and it won't let me sign when it's already signed with a test certificate.

I have no idea how an msix file works, so this might not be possible.
@YehudaKremer YehudaKremer added the enhancement New feature or request label Feb 18, 2022
@YehudaKremer
Copy link
Owner

Hello @Nohac

I published a new version 3.1.4 with new config options: sign_msix: false or msix:create --sign-msix false cli option, that disable the signing of the msix file.

Please check if it helps you.

@YehudaKremer YehudaKremer added the fixed bug fixed label Feb 18, 2022
@YehudaKremer YehudaKremer self-assigned this Feb 18, 2022
@Nohac
Copy link
Author

Nohac commented Feb 18, 2022
edited
Loading

Thank you for the quick fix and reply!

Unfortunately it did not work, I'm getting the following error when trying to sign the msix:

SignTool Error: An unexpected internal error has occurred.
Error information: "Error: SignerSign() failed." (-2147024885/0x8007000b)

The command I'm using works for the exe directly, but not the msix.

Just to clarify, the sign tool I'm using is just a wrapper around signtool.exe that makes it work with a yubi key.

Here's the signtool equivalent command that I'm using:

signtool.exe sign /v /fd sha256 /tr http://<timestamp-server> /td sha256 /n "<name>" <installer>.msix

YehudaKremer added a commit that referenced this issue Feb 19, 2022
@YehudaKremer
fix Skip the signing step #105
49ed615
@YehudaKremer
Copy link
Owner

YehudaKremer commented Feb 19, 2022
edited
Loading

Hello @Nohac

My bad I had to add one more change to completely remove the sign part.
Please try version 3.1.5,
and also make sure the Publisher: ??? configuration value is the same as the Subject of your certificate.

@Nohac
Copy link
Author

Nohac commented Feb 23, 2022

Thanks. I'm unfortunately still not able to sign after updating. I copied the subject from a successfully signed exe file, so it should be correct. I'm not sure if I need all the fields from the subject, there's some strange fields there that's on the format 123.123.123 = something, which this tool does not allow.

@Nohac
Copy link
Author

Nohac commented Feb 24, 2022
edited
Loading

@YehudaKremer I found someone with my exact issue: https://www.advancedinstaller.com/forums/viewtopic.php?t=37784
It seems you need to accept more fields in your regex. Or just drop the regex entirely, alternatively have an option to turn off publisher validation.

It's also worth mentioning that I'm using an EV certificate, which requires some additional fields. This stackoverflow post may explain some of it: https://stackoverflow.com/a/51644728

Edit: After reading the thread more carefully, prefixing the numbered fields with OID. worked! It would be nice if this workaround was added to the documentation.

@Nohac Nohac closed this as completed Feb 24, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@YehudaKremer YehudaKremer

Labels
enhancement New feature or request fixed bug fixed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@YehudaKremer @Nohac