Apologies, I spoke too soon - Some property group did have attribute that changes the condition they are used under, akin to VS's Configuration Manager. So, I added SignOutput to each PropertyGroup for different configuration builds and everything worked as expected.
So thank you very much, Milan! Ben On 10/7/12 9:40 AM, "Ben Clothier" <bgcloth...@gmail.com> wrote: >Milan, > >Thank you very much for your helpful advice. > >I've added SignOutput to both my MSI and Bundle WIX projects. There were >multiple PropertyGroup elements in both but since they had no attributes I >assumed they didn't mattered which I put it. I sticked it in one where >there were elements for OutputPath and OutputType. > >I moved the SignMsi from my Bundle WIX project to my MSI project's wixproj >file. First, I tried to build but again neither my MSI and Bundle were >signed. I tried and changed my Bundle's wixproj to use the SignFile task >but it made no difference. > >I was originally using Visual Studio's Post Build event to sign the output >(but I understand that is probably not sufficient for Bundle since it was >only signing the final output, not the engine, which Rob has reported that >bad thing can happen and indeed it did). I already had removed those from >the PostBuild and deleted the empty PostBuild element from both wixproj. > >Is there something else I'm missing? > >Ben > >On 10/6/12 11:15 AM, "Milan Kaše" <milan.k...@gmail.com> wrote: > >>In your bundle a MSIs wixprojs set SignOutput to true: >> >><Project> >> <PropertyGroup> >> ... >> <SignOutput>true</SignOutput> >> </PropertyGroup> >> >>Then for MSIs add target SignMsi and for bundle add targets >>SignBundleEngine and SignBundle. In these targets use SignFile task or >>Exec task to sign the output files. (Note that for MSIs you cannot use >>the SignFile task.) >> >><Target Name="SignMsi"> >> <Exec Command=""$(WindowsSdkDir)\bin\signtool.exe" sign >>/sha1 xxxxxx... /t http://timestamp.verisign.com/scripts/timstamp.dll >>"%(SignMsi.FullPath)"" /> >></Target> >> >><Target Name="SignBundle"> >> <SignFile CertificateThumbprint="xx xx xx ..." >>SigningTarget="@(SignBundleEngine)" >>TimestampUrl="http://timestamp.verisign.com/scripts/timstamp.dll"; /> >></Target> >> >>-- >>Milan >> >>2012/10/6 Ben Clothier <bgcloth...@gmail.com> >>> >>> I discovered that there are few more steps required to distribute a >>>signed >>> bundle. Somebody was quite thoughtful to post this snippet which I >>>added to >>> wixproj file: >>> >>> >>> >>> >>>http://wyrdfish.wordpress.com/2012/07/10/digitally-signing-your-bundle-w >>>i >>>th- >>> wix/ >>> >>> >>> However, it's apparent I'm missing something more because when I build >>>the >>> project, it doesn't appear to execute the commands was added, not even >>>an >>> error or warning. The blog had Project element, so I only copied the >>>inner >>> elements and placed it toward the end of my wixproj content, after the >>> default commented out BeforeBuild and AfterBuild, since I wasn't sure >>>what >>> was mean by author's "import them into the wixproj after the wix target >>> import." since there was no "Import" anywhere in my wixproj file. >>> >>> I'm using Visual Studio to author and build the WiX project, which >>>consists >>> of a bundle with one custom msi and 2 redistributed third-party >>>installers >>> packaged as exes, each are already signed so I only need to sign my >>>custom >>> msi, the bundle and the bundle engine as the blog post suggests. I've >>> already modified the command to use my actual pfx file; I didn't change >>>the >>> targets as I _think_ it does no harm to have them in there since I'm >>>just >>> changing the built-in targets so that WiX will sign anything that's >>> includedŠ right? >>> >>> Ben >>> >>> >>> >>>------------------------------------------------------------------------ >>>- >>>----- >>> Don't let slow site performance ruin your business. Deploy New Relic >>>APM >>> Deploy New Relic app performance management and know exactly >>> what is happening inside your Ruby, Python, PHP, Java, and .NET app >>> Try New Relic at no cost today and get our sweet Data Nerd shirt too! >>> http://p.sf.net/sfu/newrelic-dev2dev >>> _______________________________________________ >>> WiX-users mailing list >>> WiX-users@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/wix-users >> >>------------------------------------------------------------------------- >>- >>---- >>Don't let slow site performance ruin your business. Deploy New Relic APM >>Deploy New Relic app performance management and know exactly >>what is happening inside your Ruby, Python, PHP, Java, and .NET app >>Try New Relic at no cost today and get our sweet Data Nerd shirt too! >>http://p.sf.net/sfu/newrelic-dev2dev >>_______________________________________________ >>WiX-users mailing list >>WiX-users@lists.sourceforge.net >>https://lists.sourceforge.net/lists/listinfo/wix-users > > ------------------------------------------------------------------------------ Don't let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev _______________________________________________ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users
