msixbundle 1.1.4

Rust library to pack per-arch MSIX and build/sign .msixbundle using Windows SDK tools
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148

# msixbundle


Rust library for building and signing Windows MSIX packages and bundles using the Windows SDK toolchain.

## Installation


```toml
[dependencies]
msixbundle = "1.0"
```

## Features


- **SDK auto-discovery**: Automatically locate Windows SDK tools via registry
- **Manifest parsing**: Extract version and display name from `AppxManifest.xml`
- **Package creation**: Create `.msix` files for each architecture
- **Resource indexing**: Generate `resources.pri` with MakePri.exe
- **Bundle creation**: Combine multiple `.msix` files into a `.msixbundle`
- **Code signing**: Sign packages and bundles with PFX certificates or certificate store thumbprints
- **Timestamping**: Support for RFC3161 and Authenticode protocols
- **Validation**: Validate packages using WACK and verify signatures

## API


| Function | Description |
|----------|-------------|
| `locate_sdk_tools()` | Find Windows SDK tools on the system |
| `read_manifest_info()` | Parse AppxManifest.xml for version and identity |
| `compile_resources_pri()` | Generate `resources.pri` for qualified asset resolution |
| `pack_arch()` | Create a per-architecture .msix package |
| `build_bundle()` | Combine multiple .msix files into a .msixbundle |
| `sign_artifact()` | Sign packages/bundles with a PFX or certificate thumbprint |
| `verify_signature()` | Verify digital signatures |
| `validate_package()` | Validate packages using WACK |

## Usage


```rust
use msixbundle::*;
use std::path::Path;

fn main() -> anyhow::Result<()> {
    // Locate Windows SDK tools
    let tools = locate_sdk_tools()?;

    // Read manifest information
    let x64_dir = Path::new("./build/x64/AppxContent");
    let manifest = read_manifest_info(x64_dir)?;
    println!("Building {} v{}", manifest.display_name, manifest.version);

    // Optional: generate resources.pri for scale-qualified assets
    compile_resources_pri(&tools, &PriOptions {
        appx_content_dir: x64_dir,
        default_language: "en-us",
        target_os_version: "10.0.0",
        keep_priconfig: false,
        overwrite: true,
        makepri_override: None,
    })?;

    // Pack architectures (last param: overwrite existing files)
    let out_dir = Path::new("./output");
    let x64_msix = pack_arch(&tools, x64_dir, out_dir, &manifest, "x64", true)?;

    let arm64_dir = Path::new("./build/arm64/AppxContent");
    let arm64_msix = pack_arch(&tools, arm64_dir, out_dir, &manifest, "arm64", true)?;

    // Build bundle
    let packages = vec![
        ("x64".to_string(), x64_msix),
        ("arm64".to_string(), arm64_msix),
    ];
    let bundle = build_bundle(&tools, out_dir, &packages, &manifest, true)?;

    // Sign the bundle with PFX
    let pfx = Path::new("./signing.pfx");
    sign_artifact(&tools, &SignOptions {
        artifact: &bundle,
        certificate: CertificateSource::Pfx {
            path: pfx,
            password: Some("password"),
        },
        sip_dll: None,
        timestamp_url: Some("http://timestamp.digicert.com"),
        rfc3161: true,
        signtool_override: None,
    })?;

    // Or sign with a certificate thumbprint from the Windows store
    // sign_artifact(&tools, &SignOptions {
    //     artifact: &bundle,
    //     certificate: CertificateSource::Thumbprint {
    //         sha1: "1a2b3c4d5e6f...",
    //         store: Some("My"),
    //         machine_store: false,
    //     },
    //     sip_dll: None,
    //     timestamp_url: Some("http://timestamp.digicert.com"),
    //     rfc3161: true,
    //     signtool_override: None,
    // })?;

    // Verify the signature
    verify_signature(&tools, &bundle)?;

    println!("Bundle created: {}", bundle.display());
    Ok(())
}
```

## Cargo Features


### `sdk-discovery` (default)


Automatically locates Windows SDK tools via the Windows registry.

```toml
[dependencies]
msixbundle = { version = "1.0", default-features = true }
```

To disable auto-discovery and provide paths manually:

```toml
[dependencies]
msixbundle = { version = "1.0", default-features = false }
```

## Error Handling


The library uses `anyhow::Result` for error handling and provides custom error types via `MsixError`:

- `ToolMissing`: Windows SDK tool not found
- `MakeAppx`: MakeAppx.exe operation failed
- `SignTool`: signtool.exe operation failed
- `Manifest`: Manifest parsing error
- `Validation`: WACK validation failed

## Requirements


- Windows OS with Windows SDK 10 installed
- MakeAppx.exe and signtool.exe
- makepri.exe (optional, required for `compile_resources_pri()`)
- appcert.exe (optional, required for validation)

## License


MIT License