PDA

View Full Version : Error -6258. msi signing stopped working from one day to the next



SMadden
11-28-2016, 07:38 PM
Hi,

Over the long Thanksgiving weekend all our builds that sign the windows installer package have stopped working. No code or system changes were made. I triple checked that the signing certificate is still valid for another 6 months and that it's not corrupt. It's the same on all build servers and my local dev machine. We use a pfx with password. The certificate was created using SHA-1, which will be deprecated, but according to the documentation it should still work if the certificate was created before Jan 1st 2016 (which it was).

I'm running out of ideas what it could be. Did anybody else run into an issue like this before? Here is the full error.

Media table successfully built
Started signing certificate.msi ...
ISDEV : error -6258: An error occurred extracting digital signature information from file "...\PROJECT_ASSISTANT\Interm\certificate.msi". Make sure the digital signature information provided in the IDE is correct.
Started signing BCU.msi ...
ISDEV : error -6258: An error occurred extracting digital signature information from file "...\BCU\PROJECT_ASSISTANT\SINGLE_EXE_IMAGE\DiskImages\DISK1\BCU.msi". Make sure the digital signature information provided in the IDE is correct.
ISDEV : error -6003: An error occurred streaming '...\PROJECT_ASSISTANT\SINGLE_EXE_IMAGE\DiskImages\DISK1\BCU.isc' into setup.exe

Any suggestions on what to try are welcome :-)

Thanks,
Sandra

joshstechnij
11-29-2016, 06:57 PM
This error essentially is indicating that the MSI package either has no digital signature, or the certificate used does not terminate in a trusted root.

Are there any other digital signing errors in your build log, or any SigningHelper messages? If no such information is present in the log, does the MSI contained in the release Disk1 folder contain a digital signature (right-click the MSI in Windows Explorer, select Properties and look for the Digital Signature tab)? If it does, what state does Windows consider the signature based on the 'Digital Signature Information' field (double-click a listed signature to view it)?

SMadden
11-29-2016, 07:18 PM
interesting. The msi does have a valid signature, but the build still fails. The certifcate.msi also exists in the Interm folder and has a signature. I can also use signtool.exe in a command shell to successfully sign the packages by hand, so I think that shows that the pfx is not corrupt or expired.


ISDEV : error -6258: An error occurred extracting digital signature information from file "...\BCU\BCU\PROJECT_ASSISTANT\Interm\certificate.msi". Make sure the digital signature information provided in the IDE is correct.

Regarding the build.log. In the beginning it shows that it's successfully signing the swidtag, the build only fails in the end when it tries to sign the msi/setup.exe packages.


Created release folders
Started signing regid.2000-02.com.vocera_36DD0A12-F31B-4193-9F2F-DFA01BA916AF.swidtag ...
Note: Optional element swid:product_id is not present in swidtag
Successfully signed swidtag 'regid.2000-02.com.vocera_36DD0A12-F31B-4193-9F2F-DFA01BA916AF.swidtag'
InstallShield Script Compiler
Version 23.0.0.288
Copyright (c) 2016 Flexera Software LLC. All Rights Reserved.