-
Notifications
You must be signed in to change notification settings - Fork 114
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Persistent Identity documents seem incomplete (or feature is broken), and makeappx gives uninformative error message #304
Comments
The error code is 0x80080218 = APPX_E_INVALID_PUBLISHER_BRIDGING. This means that the artifact(s) xml+cat did not match the manifest. I looked at the artifact and manifest, and it seems you are using the "new" publisher name in the manifest. The manifest should use the "old" publisher name. Then, the artifact will allow you to sign the package using a certificate with the "new" name. @fredemmott can you give it a try using the other publisher name in the manifest? @dianmsft I think the docs may not be clear that the manifest should use the "old" publisher. Can we update them to make it clearer? |
Sorry the slow reply; I'll give it a try when I have a break from other stuff. I've ended up publishing releases with the new identity already, so it's more of a 'damage done' thing
Yeah, this isn't clear to me from re-reading.
It's also unclear what this means in practice for 'sideloaded' MSIX: do I have to explicitly give my users the old certificate and ask them to install it manually, or is there a way to embed it in the MSIX? If I need to ask all new users to install it manually, forever, this isn't a practical option: it's less friction for my users to ask them to uninstall and reinstall instead of upgrade, if I've moved since my code signing certificate was last renewed. For context, the reason I care about this is I have a personal code signing certificate, not an organizational one, so the city/state are required to match what's on my government-issued IDs or similar proof of address. For example, I hit this problem this time as my previous certificate was for "Fred Emmott" with "State=California", then I moved, so now I can only get certificates as "Fred Emmott" with "State=Texas". |
In terms of old certificate, the device will need to have the old certificate in order to install the package and use this feature. Thank you for the feedback. We'll put this improvement in our backlog. |
I followed the instructions, and have an artifacts.txt, artifact.cat (signed and timestamped), and artifact.xml
I am using makeappx from https://www.nuget.org/packages/Microsoft.Windows.SDK.BuildTools/ 10.0.22000.197
I get:
More details:
passing
/pb
to makeappx here: https://github.com/fredemmott/OpenKneeboard/blob/f62238acf2b437245168d11707d67df2b79346c1/.github/workflows/ci.yml#L52publisher bridging artifacts: https://github.com/fredemmott/OpenKneeboard/tree/8778109a9c1d2e1ecc75fa8ab76117945af73ec8/src/app/artifacts
Windows 10 file properties tells me the .cat signature is valid
Failed CI run: https://github.com/fredemmott/OpenKneeboard/runs/5505915627?check_suite_focus=true
Document Details
⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.
The text was updated successfully, but these errors were encountered: