VISTA/UAC Patch Preparation...

[Superfreak3]

We just received our digital certificate and it appears that it has
been added or applied to our all inclusive .msi installation package
file accordingly. We now get the friendlier UAC prompt listing the
app, company, etc.

Now, what I would like to do is populate the msiPatchCertificate table
as a precursor requirement for credential free patching. However,
this seems to be dependent upon an entry in the msiDigitalCertificate
table. Even though my base install seems to be functioning properly
after application of the signature, there is nothing in my test
package's msiDigitalCertificate table.

I thought I read somewhere that this table is only populated if
external .cab files are signed. If this is correct, we have no
external .cab's as its only the all inclusive .msi.

How can I populate the msiPatchCertificate table if the above is
correct? Would somthing have to be added to the msiDigitalCertificate
table as well. I wouldn't mind populating the information manually.
I would just hope it would be held with subsequent compiles of our
installation via Wise for Windows Installer.

Any help greatly appreciated!

 

[Ronnie Vernon MVP]

Have you tried the MSDN Vista Developer Forums?

MSDN Software Development for Windows Vista:
http://forums.microsoft.com/MSDN/default.aspx?ForumGroupID=24&SiteID=1

 

[Superfreak3]

Superfreak3;646974 Wrote:










How did you go about getting the certificate? How will it be applied to
your subsequent msi builds?

I feel your pain. I am trying to do exactly the same thing and have hit
the same roadblock. There just isn't proper documentation on this issue.
'This' (http://msdn2.microsoft.com/EN-US/library/aa367762.aspx) msdn
article mentions "use internal cabinet files" but never gives any
example on how to make it happen.

I tried both signing the .msi from the command line with signcode.exe
and via our installation build tool, Wise for Windows Installer. Both
seem to work fine as we see the friendlier UAC prompt during install.

 

[Superfreak3]

Superfreak3;646974 Wrote:










How did you go about getting the certificate? How will it be applied to
your subsequent msi builds?

I feel your pain. I am trying to do exactly the same thing and have hit
the same roadblock. There just isn't proper documentation on this issue.
'This' (http://msdn2.microsoft.com/EN-US/library/aa367762.aspx) msdn
article mentions "use internal cabinet files" but never gives any
example on how to make it happen.

Here's something I got from post in different group....

http://groups.google.com/group/micr...30ab8fe892f/3b0247505e64498e#3b0247505e64498e

 

[Superfreak3]

I could sign my msi. Thanks for your replies.

Were you able to populate your msi tables?

Here is a script that can help you with getting the certificate into
the msi tables.
Dim Installer
Dim Database

Const szCertFile = "C:\MyCer.cer"
Const szDatabase = "C:\YourMSI.msi"

Set Installer=CreateObject("WindowsInstaller.Installer")

Set Database = Installer.OpenDatabase(szDatabase, 1)
Set ViewCert = Database.OpenView("SELECT * FROM
`MsiDigitalCertificate`")
ViewCert.Execute 0
Set ViewSig = Database.OpenView("SELECT * FROM `MsiDigitalSignature`")
ViewSig.Execute 0

Set RecordCert = Installer.CreateRecord(2)
RecordCert.StringData(1) = "Temp"
RecordCert.SetStream 2, szCertFile
Call ViewCert.Modify(1, RecordCert)

Set RecordSig = Installer.CreateRecord(4)
RecordSig.StringData(1) = "Media"
RecordSig.StringData(2) = "1"
RecordSig.StringData(3) = "Temp"
call ViewSig.Modify(1, RecordSig)

Database.Commit

Yep, I could populate my Wise tables without problem after creating
the
..cer file from my .spc file in Certificate Manager console.

THANKS!