Veverke
Posts: 7
Joined: Tue Oct 13, 2020 8:54 am

Generating updater.exe via AI command line

Wed Mar 23, 2022 9:48 pm

Hi, I am trying to sign all executables + dll files in my application, within an Azure Pipeline, using Azure signtool for that. (doing basically the described https://www.advancedinstaller.com/using ... vault.html) - on the result of running dotnet publish.
Exception is updater.exe, because it is generated by Advanced Installer API or some other proprietary way. Signing the updater.exe file that lies inside Advanced Installer installation folder /x86/updater.exe - does not help (it will work, but the updater.exe that is deployed when installing the MSI is not signed, meaning it is generated during processing of the .AIP file, which happens after running dotnet publish)

Is there a way the updater.exe AI generates (with the custom icon, etc) to be created using AdvancedInstaller.com command line API ? How ?

Catalin
Posts: 6536
Joined: Wed Jun 13, 2018 7:49 am

Re: Generating updater.exe via AI command line

Thu Mar 24, 2022 1:18 pm

Hello,

The "updater.exe" file is taken from the folder you mentioned and then imported in your project if you select the respective option in the "Updater" page.

The updater.exe file should be configured for signing by default:
FilesToBeSigned.png
FilesToBeSigned.png (39.92KiB)Viewed 1805 times

Additionally, after installation, the updater.exe should be signed:
UpdaterSigned.png
UpdaterSigned.png (72.21KiB)Viewed 1805 times


Best regards,
Catalin
Catalin Gheorghe - Advanced Installer Team
Follow us: Twitter - Facebook - YouTube

Veverke
Posts: 7
Joined: Tue Oct 13, 2020 8:54 am

Re: Generating updater.exe via AI command line

Fri Mar 25, 2022 1:02 pm

Thanks for the reply.
I do not see how this answers the question, though.
I originally developed an Azure Pipeline that uses azure signtool to do all the signing after my .NET app is published (compiled & built).
The whole thing works - except for signing the updater.exe, because it is somehow generating/modifying during execution of AdvancedInstaller.com build command (which bundles everything into an installer MSI).

What you show I already know/figured out myself.
Can you tell how can I sign the updater.exe file - the one deployed in the app installation after running the MSI - WITHOUT doing it using AdvancedInstaller's build ? I can sign the "base" updater.exe file (the one that sits under Caphyon folder), but it is NOT the one that is deployed in the installation, and therefore the deployed updater.exe comes unsigned at the end, signing the "base" file.

Any help on achieving this ?

Catalin
Posts: 6536
Joined: Wed Jun 13, 2018 7:49 am

Re: Generating updater.exe via AI command line

Tue Mar 29, 2022 4:41 pm

Hello,

I've run some tests on my end and the updater was correctly signed after the build process in Azure DevOps.

Here's how I tested this:

- create a new Advanced Installer project

- check the "Check for updates using Advanced Updater" option & saved the project

- configured the build agent as it follows:
BuildAgent.png
BuildAgent.png (171.62KiB)Viewed 1770 times

Code: Select all

SetSig
SetDigitalCertificateFile -file $(myCertFile.secureFilePath)
SetDigitalCertificatePassword -password caphyon123
Rebuild

- ran the build agent and downloaded the MSI.

- I then extracted the files from the MSI using the following command line:

Code: Select all

msiexec /a <path_to_MSI> /qn TARGETDIR=<extraction_folder_path>
I have then checked the digital signature of the Updater.exe from inside the MSI file and it was signed.

If possible, please give me a step-by-step test case which I can use to reproduce this on my end so I can further investigate this.

Best regards,
Catalin
Catalin Gheorghe - Advanced Installer Team
Follow us: Twitter - Facebook - YouTube

Return to “Building Installers”