A new build of MSIX Hero has been just published. This is a major release, which brings a few interesting highlights. One of these additions is the ability to execute certain operations from a command-line interface – silently, without any interaction (thus “silent hero”).
After installing the new package, an app alias
MSIXHeroCLI.exe will be available in terminal of your choice (if you haven’t installed Windows Terminal yet, this is a good moment to grab it from github or Microsoft Store).
The command line version of MSIX Hero has currently the following options:
- Packing folders to MSIX packages, unpacking MSIX packages
- Signing a package (and updating the manifest accordingly)
- With a selected combination of PFX file and a password,
- With a certificate identified by a thumbprint,
- With default signing settings as defined in program settings
- Installing a certificate from a certificate file or from a signed MSIX package.
- Creating a new certificate for self-signing
To get started, type
MSIXHeroCLI.exe in terminal and press Enter
You can also get a help for a specific command by executing
MSIXHeroCLI.exe <command-name> --help, for example
MSIXHeroCLI.exe sign --help
Below are a few command samples:
To sign a package with a PFX file and a password:
MSIXHeroCLI.exe sign --file "c:\signing\cert.pfx" --password "Start123" --increaseVersion Major "c:\msix\unsigned-package.msix"
Note: Syntax for this command uses a limited subset of features and commands of signtool.exe. For example, you can use
--sha1 to specify the PFX path, password, timestamp URL and certificate thumbprint respectively. The additional value of MSIX Hero in comparison to
signtool.exe is that the package manifest is adjusted automatically.
To pack a folder to an MSIX package
MSIXHeroCLI.exe pack --package "c:\msix\packed.msix" --directory "C:\msix\unpacked"
Note: the switches also support short form -p and -d, which is exactly the format that
Importing a certificate from a signed package to Trusted People store
The following command let you install a package signed with an untrusted certificate by importing it to the Trusted People store. You have to start
MSIXHeroCLI.exe as administrator in order for this to work.
MSIXHeroCLI.exe trust "C:\msix\signed-package-with-untrusted-certificate.msix"
Finally, if execution of a command fails due to an error reported by any SDK-tool (for example,
signtool.exe) its exit code or error code will be reported as exit code of
Read more about the command line interface in the following article:
New indicator representing signature status
In both sidebar and the Package Expert window, a new badge is shown which indicates the status of the signature. When a package is installed, it will be almost always shown as trusted, for example:
Clicking on the publisher name opens a Windows Explorer dialog with the signature properties.
If the package is not signed, the following is shown:
Finally, if the package is signed but the certificate is not trusted, yet another prompt is shown, this time with an extra button for importing the certificate to the Trusted People store with two-clicks (the second click to confirm the UAC dialog).
Showing execution aliases
Execution aliases are now visible in the sidebar, where previously only an information about Start Menu icon was present:
Left picture: MSIX Hero 0.9.1, right picture the new view in MSIX Hero 1.0.0. The UI version of MSIX Hero can be started from the Start menu, but the command line version does not install any icon, and instead relies on the execution alias.
Ability to define global password for package signing
It is now possible to define global password for package signing with PFX. The password will be stored in encrypted form in program configuration, using standard Windows Data Protection API (encryption keys stored in loaded User Profile). In previous versions of MSIX Hero, the password must be typed every time the signing was required.
Note: The settings defined on this screen are fully respected by
MSIXHeroCLI.exe when it is started without any extra parameters for certificate selection.
- The button Install certificate… in Ribbon > Certificates was not triggering UAC dialog, but instantly failing with access denied error when MSIX Hero was not started as admin. This regression has been fixed in this build, and UAC dialog will be now shown correctly.
- The authoring tool information stopped showing in the sidebar due to a wrong namespace lookup, a regression introduced in the last version. This issue has been fixed in this build.
- Switching the type of package signing (from PFX file to Installed certificate or vice-versa) in the Settings dialog could write wrong values for PFX path and/or thumbprint if no other changes were done. This issue has been fixes in this build.
- Some MSIX packages could not be packed or signed by previous version of MSIX Hero (an error about invalid manifest was thrown). This error in namespace lookup has been fixed in this version.
The app will be updated automatically in a few hours if you installed it from app installer file. New users can download MSIX Hero from the Download page.
Last, but not least. Have you already tested how Update impact (a major highlight of version 0.9.0) works? This is the comparison between MSIX Hero 0.9.1 and MSIX Hero 1.0.0. You can get similar results by exploring the options in the Ribbon > Tools > Update impact analyzer.