You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When testing to ensure that I can update certificates for when the old ones expire without elevating for admin access, I think I ran into a bug. No matter what I do, it always elevate on the patch that was signed by the new certificate.
I use two MSIs to create a MSP patch using "PatchCreation" (not Patch), and in the 2nd MSI, I added another DigitalCertificate entry that refers the new certificate. After creating the MSP, I verified that it contains the new certificate in the tables. It's signed with the old certificate. I was able to install this patch without being elevated for admin prompt.
However, when I create a new patch with the same approach described before, that doesn't contain the old certificate in the "PatchCertificate" element, and is signed by the new certificate that's added in the previous patch, it elevated for an admin login.
I compared my patch to ones that was created by InstallShield which works without elevating, I couldn't find any differences. Both tables contains the same entries (MSIDigitalCertificate), with the same certificate files, and signed by the same certificates with the same process. I carefully analyzed everything, and I can't figure out what's wrong. So I think this might be a bug with how WiX handles MSP.
It doesn't seem like it's a WiX bug but we'd need lots more detail and build and install logs to be sure. Have you tried building a .pcp with InstallShield to see if that produces the desired behavior? As you're not using pure-WiX patching, the only possibility is that WiX isn't building the .pcp file correctly. Please contact wix-users.
Release changed from v3.9 to v3.x Resolution set to support Status changed from Untriaged to Resolved
I'm working on a sample installer that don't contain our files we're not ready to release yet, but are similar in the patch creation process. While doing so, I noticed two things:
For some reason, my process generates a new GUID for the Patch.wxs' PatchCreation Id attribute. Does patches have to have the same GUID for the Id?
The Family element contains DiskId and SequenceStart, both of which are unchanged between each patch (I have 10000 for both). Do they need to be modified/incremented for each patch?
If the above are not issues, I will post the sample msi/msp with logs, pcp, wxs, and other relevant files later when I'm done making them.
Found the issue with my patching. For anyone who runs in similar issue, you need to have the ProductCode specified in the PatchCreation's PatchSequence element, it is the same GUID as the one used for ID of product for building MSI. I didn't have this reference, which apparently caused issues. Now it doesn't elevate for admin.
When testing to ensure that I can update certificates for when the old ones expire without elevating for admin access, I think I ran into a bug. No matter what I do, it always elevate on the patch that was signed by the new certificate.
In the wxs for creating MSI, I have this:
I use two MSIs to create a MSP patch using "PatchCreation" (not Patch), and in the 2nd MSI, I added another DigitalCertificate entry that refers the new certificate. After creating the MSP, I verified that it contains the new certificate in the tables. It's signed with the old certificate. I was able to install this patch without being elevated for admin prompt.
However, when I create a new patch with the same approach described before, that doesn't contain the old certificate in the "PatchCertificate" element, and is signed by the new certificate that's added in the previous patch, it elevated for an admin login.
I compared my patch to ones that was created by InstallShield which works without elevating, I couldn't find any differences. Both tables contains the same entries (MSIDigitalCertificate), with the same certificate files, and signed by the same certificates with the same process. I carefully analyzed everything, and I can't figure out what's wrong. So I think this might be a bug with how WiX handles MSP.
I posted an question on Stack Overflow in hopes that maybe someone answered, it has some more details of what I've tried: http://stackoverflow.com/questions/31273553/supplying-a-new-certificate-in-wix-patch-when-old-one-expires
The text was updated successfully, but these errors were encountered: