> New-SelfSignedCertificate -Type CodeSigningCert -Subject "CN=MyCompany, O=MyCompany, L=Stockholm, S=N/A, C=Sweden" -KeyUsage DigitalSignature
-FriendlyName MyCertificate -CertStoreLocation "Cert:\LocalMachine\My" -TextExtension @('2.5.29.37={text}1.3.6.1.5.5.7.3.3',
'2.5.29.19={text}Subject Type:End Entity')
The cmdlet outputs a thumbprint (like the A27...D9F here) that
you can pass to another cmdlet, Move-Item, to move the certificate
into the trusted root certification store:
>Move-Item Cert:\LocalMachine\My\A27A5DBF5C874016E1A0DEBF38A97061F6625D9F -Destination Cert:\LocalMachine\Root
Again, you need to install the certificate into this store on all computers where you intend to install and run the packaged app. Youalsoneedtoenablesideloadingofappsonthesedevices.Onan unmanaged computer, this can be done under Update & Security | For Developers in the Settings app. On a device that’s managed by an organization, you can turn on sideloading by pushing a policy with a mobile device management (MDM) provider.
The thumbprint can also be used to export the certificate to a
new PFX file using the Export-PfxCertificate cmdlet:
>$pwd = ConvertTo-SecureString -String secret -Force -AsPlainText >Export-PfxCertificate -cert
"Cert:\LocalMachine\Root\A27A5DBF5C874016E1A0DEBF38A97061F6625D9F" -FilePath "c:/<SolutionFolder>/Msix/certificate.pfx" -Password $pwd
Remember to tell Visual Studio to use the generated PFX file to sign the MSIX package by selecting it under the Packaging tab in the designer, or by manually editing the .wapproj project file and replacing the values of the <PackageCertificateKeyFile> and <PackageCertificateThumbprint> elements.
Package Manifest The Package.appxmanifest file is an XML- based template that the build process uses to generate a digitally signed AppxManifest.xml file that includes all information the OS needs to deploy, display and update the packaged app. This is where you specify the display name and logo of your app, as it will appear in the Windows shell after the app has been installed.
Make sure that the Subject property of the certificate you use to sign the MSIX package with exactly matches the value of the Publisher attribute of the Identity element. Because a packaged desktop appli- cation can run only on desktop devices, you should also remove the TargetDeviceFamily element with the name of Windows.Universal from the Dependencies element in the default template that Visual
Minimum Version and Target Version as they’re called in the dia- log that shows up when you create a packaging project, is a UWP concept in which the former specifies the oldest version of the OS that your app is compatible with, and the latter is used to identify the set of APIs that are available when you compile the app. When packaging desktop applications that don’t call into any Windows 10 APIs, you should select the same version. Whenever you don’t, your code should include runtime API checks to avoid getting exceptions when running your app on devices that target the minimum version.
To generate the actual MSIX package, there’s a wizard available under Project | Store | Create App Packages in Visual Studio. An end user installs an MSIX package by simply double-clicking on the generated .msix file. This brings up a built-in, non-customizable dialog, shown in Figure 1, that guides you through the process of installing the app.
Continuous Integration
If you want to set up CI for your MSIX packages, Azure Pipelines has great support. It supports Configuration as Code (CAC) through the use of YAML files and provides a cloud-hosted build agent that comes with all the software required to create MSIX packages pre-installed.
Before building the packaging project the same way the wizard in Visual Studio does using the MSBuild command line, the build process can version the MSIX package that’s being produced by editing the Version attribute of the Package element in the Package.appxmanifest file. In Azure Pipelines, this can be achieved by using an expression for setting a counter variable that gets incremented for every build, and a PowerShell script that uses the System.Xml.Linq.XDocument class in .NET to change the value of the attribute. Figure 2 shows an example YAML file that versions and creates an MSIX package based on a packaging project before it copies it to a staging directory on the build agent.
The name of the hosted virtual machine that runs Visual Studio 2017 on Windows Server 2016 is vs2017-win2016. It has the required UWP and .NET development workloads installed, including SignTool, which is used to sign the MSIX package after it has been created by MSBuild. Note that the PFX file shouldn’t be added to the source control. It’s also ignored by Git by default. Instead, it should be uploaded to Azure Pipelines as a secret file
Studio generates.
The MinVersion and Max-
VersionTested attributes, or
Figure 3 A Packaged WPF Application Ready to Be Pushed to the Source Control
Figure 4 The Pipeline Configuration Web Interface
34 msdn magazine
DevOps