Creating a sparse signed Win32 app package
Using the new “sparse packages” option for Win32 apps is insanely complicated. Here’s what I went through to get it working… Unfortunately it’s not anywhere near as simple as just clone the sample… expect to take 30 minutes to get it working.
Clone the sample
It’s in the Samples/SparsePackages folder.
Step 1: Locate MakeAppx.exe and MakeCert.exe
First you have to find where MakeAppx.exe and MakeCert.exe is located. It’s located in the following path… (the build number will change depending on what SDK you have installed). Both are located in the same directory.
C:\Program Files (x86)\Windows Kits\10\bin\10.0.18362.0\x64
Step 2: Create the package
Open an admin command prompt in the directory that contains MaceAppx.exe as seen above. Execute the following command (updating the path to the path of the PhotoStoreDemoPkg folder within the code sample you cloned). The /d parameter is the input folder, and the /p parameter is the output package path.
makeappx pack /d “C:\Users\aleader\Documents\GitHub\AppModelSamples\Samples\SparsePackages\PhotoStoreDemoPkg” /p “C:\Users\aleader\Documents\GitHub\AppModelSamples\Samples\SparsePackages\PhotoStoreDemoPkg.msix” /nv
Step 3: Create a certificate
Then, in the same admin command prompt, execute the following command…
makecert /n “CN=Contoso” /r /h 0 /eku “1.3.6.1.5.5.7.3.3,1.3.6.1.4.1.311.10.3.13” /e 01/01/2030 /sv MyKey.pvk MyKey.cer
Type in a password of your choice when prompted (I just used “password” since this is for local testing purposes).
Hopefully you’ll receive a “Succeeded” output!
Step 4: Convert the PVK to PFX
The fun doesn’t stop just yet! In the same admin command prompt, execute the following command (Pvk2Pfx is located in the same folder as MakeAppx and MakeCert). Be sure to use the same password you used above.
pvk2pfx -pvk MyKey.pvk -pi “password” -spc MyKey.cer -pfx MyKey.pfx -f
Step 5: Sign the package
In the same admin command prompt, execute the following SignTool.exe command (SignTool.exe is located in the same folder as MakeAppx and MakeCert). Be sure to use the same password you used above, and update the path to where you outputted your MSIX.
signtool sign /fd SHA256 /a /f MyKey.pfx /p “password” “C:\Users\aleader\Documents\GitHub\AppModelSamples\Samples\SparsePackages\PhotoStoreDemoPkg.msix”
Step 6: Install the certificate
Double click your “MyKey.cer” file you created in Step #3 (should be in the same directory as MakeAppx), and then click “Install Certificate”, change the location to “Local Machine”, select “Place the certificates in the following store”, click Browse and select “Trusted People”, and then finish it up!
Step 7: Update paths in app
The app then has to be updated to reference your MSIX in the StartUp.cs file.
string externalLocation = Path.GetDirectoryName(Process.GetCurrentProcess().MainModule.FileName);
string sparsePkgPath = @”C:\Users\aleader\Documents\GitHub\AppModelSamples\Samples\SparsePackages\PhotoStoreDemoPkg.msix”;
Step 8: Update PhotoStoreDemo.exe.manifest
You need to update the publisher value to match your manifest’s publisher value.
<msix xmlns=”urn:schemas-microsoft-com:msix.v1"
publisher=”CN=Contoso”
packageName=”PhotoStoreDemo”
applicationId=”PhotoStoreDemo”
Step 9: Deploy the app
Cross your fingers, click deploy in Visual Studio, and hope it works!