Closed Bug 1725446 Opened 3 years ago Closed 3 years ago

Generate Code Integrity catalog when packaging MSIX

Tracking

()

Status:

RESOLVED WONTFIX

People

(Reporter: nalexander, Unassigned)

References

(Blocks 1 open bug)

Details

Nick Alexander :nalexander [he/him]

Reporter

Description

•

3 years ago

This is from :agashlin in a different medium: "The makemsix signing branch that we use in automation doesn't generate a Code Integrity catalog when signing the package, unlike makeappx.exe. I assume that when Microsoft signs the package for the store they use makeappx.exe, we may need to do this as well for testing. This lack of Code Integrity may also be missed by some enterprise MSIX users."

This ticket tracks including a Code Integrity catalog when packaging MSIX, possibly by teaching makemsix how to so.

If this is a hard blocker, we could try using Wine to run makeappx.exe, or we could run the relevant MSIX jobs on Windows directly.

Adam Gashlin (he/him) [:agashlin] (ex-moco)

Comment 1

•

3 years ago

Minor correction to myself: the signing would be done by signtool, not makeappx.

Robin Steuber (they/them) [:bytesized]

Updated

•

3 years ago

Priority: -- → P3

Adam Gashlin (he/him) [:agashlin] (ex-moco)

Comment 2

•

3 years ago

I no longer think there's any application for this: If an enterprise is enforcing code integrity independent of the Store, they'd want to sign the Code Integrity catalog with their own key to limit the binaries that are allowed to run.

Status: NEW → RESOLVED

Closed: 3 years ago

Resolution: --- → WONTFIX

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

Generate Code Integrity catalog when packaging MSIX

Categories

(Firefox :: Installer, enhancement, P3)

Tracking

()

People

(Reporter: nalexander, Unassigned)

References

(Blocks 1 open bug)

Details

Crash Data

Security

(public)

User Story

Description

Comment 1

Updated

Comment 2