locked
Signing .appx package

    Question

  • Can signtool be used for signing .appx packages? Can such signed packages be deployed in another Win8 machine?
    Wednesday, January 4, 2012 1:31 AM

Answers

  • Hi Anu,

    Your app would need to be distributed via the store. For testing purposes (the only currently available means since the store is not available during the Developer Preview) apps can be deployed only to systems with a developer license.

    Details on enterprise deployment have not yet been announced.

    --Rob

    Friday, January 20, 2012 5:03 PM
    Owner

All replies

  • Moving to the Tools forum.

    What is your current objective?

     

    If you are wanting to test an app on another system, here is a tutorial that walks you through the process: Tutorial: Creating, testing, and publishing your app

     

    If deploying using the Add-AppxDevPackage.bat to a target Win8 system without the development tools, you should refer to this post for a script to install a developer license on it in order to run the deployed package:

    http://social.msdn.microsoft.com/Forums/en-US/toolsforwinapps/thread/7be92f16-7179-4d74-9915-c6f21e0f4c55

     

    Thanks,

    -David

     

    Thursday, January 5, 2012 8:34 PM
    Moderator
  • David,

     

    My objective is to create the signed package automatically. I need to do it from build room. Is there a command line available in MSBUILD to achieve this. I cannot run VS 2011  manually from Store.Build Pacakage menu. I am able to create the package using MakeAppx.exe, but not sure how to get this signed.

    Can sign tool be used to sign this package? I tried signing with my organization's certificate using sign tool, but it failed with 'algorithm not valid' error.

    Thanks

    Anu

    Friday, January 6, 2012 6:33 AM
  • Hi Anu,

    The Developer Preview does not support self-signed packages like this. Details on enterprise deployment have not yet been announced.

    --Rob

    Sunday, January 8, 2012 8:14 PM
    Owner
  • Rob,

    Does that mean the only 'supported' way to publish Metro app is to manually do it through VC11? I am sure there are going to be companies making a living from Metro apps. Typically, companies will have build rooms that create daily\weekly builds and Metro will just be another output as such. There needs to be support for a build room to compile and sign Metro app just like one would manually do in VC11. Isn't there any command line to sign a Metro app? 

    Monday, January 9, 2012 5:01 PM
  • Are you trying to create test deployments to developer licensed systems? Or are you trying to deploy the package bypassing the store?

    The former is supported. You would sign the package using signtool.exe and your trusted cert. See the documentation linked previously by David Lamb. See also: App packages and deployment and App Packager (makeappx.exe)

    The latter is not supported in the Developer Preview. Future details have not been announced.

    --Rob

    Monday, January 9, 2012 9:55 PM
    Owner
  • No, I do not intend to bypass the store. I just want the ability to build\package\sign using some command line arguments of VC (or its tools) instead of doing it manually through VC UI. 

    Will check the links provided by you.

    Thanks

     

     

    Monday, January 9, 2012 11:08 PM
  • One clarification Rob: The intention is to publish the app to the store (eventually). So I dont want to sign it using my certs. I see that VC has UI options to deploy to store which I think internally signs the package and then deploys it. I'd like to know what tool to use to sign the package. I'd deploy it to the store manually later. 
    Monday, January 9, 2012 11:18 PM
  • As mentioned in the docs David and I linked, you would use signtool.

    VC's signing uses a temporary cert. You should be able to use your own test cert here.

    --Rob

    Wednesday, January 11, 2012 6:04 AM
    Owner
  • Thanks Rob... I am a little confused when you say use your 'test' cert. What is the process to sign when we want deploy it on the Metro store? I dont want my test cert to go onto the store.
    Tuesday, January 17, 2012 4:26 PM
  • You are signing the app only for your own local testing. I don't believe the store cares how the app is signed (or possibly if it is even signed). Visual studio creates a local test certificate for you. You could do the same.

    --Rob

    Wednesday, January 18, 2012 6:05 PM
    Owner
  • hi Rob, I guess we can use the "test" cert for testing or deploy it on the metro store since Store don't cares how the app is signed.  But if for one company, I don't think the "test" cert is a good way. So my question is for one company, do we need buy the regular from VeriSign company?
    Thursday, January 19, 2012 6:59 AM
  • I am not sure what you mean for one company?

    You do not need a VeriSign certificate to develop Metro style apps to deploy through the store or for testing to developer licensed systems.

    --Rob

    Thursday, January 19, 2012 8:17 PM
    Owner
  • Rob,

    I need to distribute the Metro APP to my customers and I believe the app needs to be signed for getting it deployed in Metro. Are you suggesting that no signing is required for this purpose? Are you suggesting that we need to sign using Visual Studio and distribute to our customers?

    I was hoping that since the APP is distributed by my organization it should have my organizations signature? Is this assumption correct? If so, how do I sign the app? I tried using signtool.exe to sign my app using my company's verisign certificate and it failed. So should the app be signed using some tool other than signtool. If it is signtool, how do you sign using the same.

     

    Anu

     

    Friday, January 20, 2012 5:43 AM
  • Hi Anu,

    Your app would need to be distributed via the store. For testing purposes (the only currently available means since the store is not available during the Developer Preview) apps can be deployed only to systems with a developer license.

    Details on enterprise deployment have not yet been announced.

    --Rob

    Friday, January 20, 2012 5:03 PM
    Owner