I'm trying to code sign a Wix installer package that was developed by another company (I have limited knowledge of Wix).
As a proof of concept piece of work we did I signed the MSIs and EXE using WixSharp.DigitalSignature as below, which seemed to work with a self signed certificate
project.DigitalSignature = new DigitalSignature()
{
PfxFilePath = Resources.CertificateUri,
HashAlgorithm = HashAlgorithmType.sha256,
Description = Resources.BootstrapperProject,
TimeUrls = new System.Collections.Generic.List<Uri>() { new Uri("http://timestamp.digicert.com") }
};
But now the time has come to implement with a proper certificate from GlobalSign it seems the above option isn't now possible as we now have to store the certificate in Azure Key Vault.
We have tried signing the MSIs and EXEs with AzureSignTool through the pipelines but when running the installer I'm always getting the error "0x80070001 - Incorrect function".
The log file outputs the below information:
[0ADC:1034][2021-12-21T11:00:53]i320: Registering bundle dependency provider: {0315ab7d-04da-4a77-8536-fa0e0211c531}, version: 1.0.0.124
[0ADC:1034][2021-12-21T11:00:53]i371: Updating session, registration key: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0315ab7d-04da-4a77-8536-fa0e0211c531}, resume: Active, restart initiated: No, disable resume: No
[1710:10C8][2021-12-21T11:00:53]i336: Acquiring container: WixAttachedContainer, copy from: C:\Users\Administrator\Desktop\DigiView Installer.exe
[1710:10C8][2021-12-21T11:00:58]i000: Setting string variable 'WixBundleLastUsedSource' to value 'C:\Users\Administrator\Desktop\'
[1710:1720][2021-12-21T11:00:58]e000: Error 0x80070001: Failed to extract all files from container, erf: 1:2:0
[1710:10C8][2021-12-21T11:00:58]e000: Error 0x80070001: Failed to wait for operation complete.
[1710:10C8][2021-12-21T11:00:58]e000: Error 0x80070001: Failed to open container.
[1710:10C8][2021-12-21T11:00:58]e000: Error 0x80070001: Failed to open container: WixAttachedContainer.
[1710:10C8][2021-12-21T11:00:58]e312: Failed to extract payloads from container: WixAttachedContainer to working path: C:\Users\ADMINI~1\AppData\Local\Temp\2\{4D72E5B3-50AB-4B5D-BD93-BC559386F434}\5A4A1D973A87D89730BC20C9B805B7A384EF1383, error: 0x80070001.
[1710:0F88][2021-12-21T11:00:59]e000: Error 0x80070001: Failed while caching, aborting execution.
There is very limited information online about this scenario, does anyone have a way forward for the particular problem I'm facing? Or can point me to some useful resources?
I was having the same error but with a different message:
There is a dev with the same issue here (also has a solution but a bit hard to understand, keep reading for more options to solve it).
The summary is that Wix is running multiple executables when you install (like the installer exe has another exe inside that runs the installer). When you don't sign both then it causes these type of problems. And also it will trigger smartscreen even if you got an EV certificate (because not everything that is running on install is signed). Read a bit of general information about signing bundles with Wix.
Now on how to sign properly an Azure, I used this link. Read the comments there is interesting info for some error I also stumbled upon!
One note, on AzureDevops you have an environment variable with the Wix installed if you use windows-latest. You can use a command line task in the pipeline using: