Menu Close

Category: Release

MSIX Hero 1.5.0 – Device Guard Signing

A long awaited feature – Device Guard Signing – has arrived in MSIX Hero 1.5.0. This and some further improvements are described below:

Sign packages with Device Guard Signing Service

MSIX Hero 1.5.0 can sign packages with Device Guard Signing Service. According to Microsoft:

Device Guard signing is a Device Guard feature that is available in the Microsoft Store for Business and Education. It enables enterprises to guarantee that every app comes from a trusted source

https://docs.microsoft.com/

To use Device Guard Signing, make sure to be signed up for Microsoft Store for Business or Microsoft Store for Education. In the Microsoft Store for Business (or or Microsoft Store for Education), assign yourself a role with permissions necessary to perform Device Guard signing.

To configure the feature in MSIX Hero, visit the new section of the Signing tab in the Settings window:

Sign-in using your Microsoft credentials by pressing the Sign in with Microsoft button.

MSIX Hero will perform a few checks to ensure that the user is allowed to sign. Once authenticated, MSIX Hero will check if you are allowed to sign, and will also determine your publisher name (certificate subject used for signing).

That’s it, you can now sign your packages.

Security considerations: Your login credentials are not stored anywhere. Authentication and authorization is delegated to the Microsoft Authentication Library. If you decide to configure default MSIX Hero signing method to be Device Guard, a stateless token and your desired publisher name will be saved in your profile, in an encrypted form. These tokens do not contain your user or password (encrypted or not) but they are sufficient to sign without asking for credentials each time.

More information about Device Guard signing can be found here: https://docs.microsoft.com/en-us/windows/msix/package/signing-package-device-guard-signing. Note that big parts of the official documentation do not apply to MSIX Hero, which does a lot of heavy-lifting under-the-hood, requiring only the minimal one time configuration.

At the time of writing, both version 1 and version 2 of the API are supported. Bear in mind, that the first version is going to be deprecated soon. The version 2 is used by default.

Command line signing with Device Guard

MSIXHeroCLI.exe can also sign with Device Guard. This works in one of three ways:

  • The user uses default settings from the current configuration (log-in performed once from the UI, subsequent signings are “silent”)
  • The user triggers signing and interactively provides the required credentials.
  • The user performs a signing by specifying the path to the authorization token (JSON). It is up to create and maintain the token file.

All these options are described in details in the documentation: Signing an MSIX package (sign).

Disable automatic publisher updates

CLI verb sign has now an extra parameter --noPublisherUpdate which – when present – prevents MSIX Hero from manually adjusting publisher names based on the certificate subject. In this case, an error will be returned if the certificate subject does not match the publisher name. Omitting the parameter (recommended) will ensure that the values are always in sync.

The setting is now also present in the UI

Other changes

  • Tabs in the Settings window are now showing an error indicator in case of incomplete data.
  • In the selector of the default certificate for signing, a default option “No certificate” is now available.
  • A problem with wrong path to default JSON editor after changing program’s settings has been fixed.
  • Many smaller UI improvements.

Download

The app will be updated automatically in a few hours if you installed it from app installer file. New users can download MSIX Hero from the Download page.

MSIX Hero 1.4.3 – Dependency graph

MSIX Hero 1.4.3 has been just released. Continue reading to find out what has been implemented since version 1.4.0.

Show nested package dependencies

The dependencies can be now presented in a graphical way:

The dependency graph takes into account package dependencies, target device families (Windows 10 and MSIX Core) and main packages (add-ons, modification packages), and it scans them recursively. The graph is interactive, you can zoom-in and zoom-out and move the shapes around for a better visibility. Once done, the results can be exported to a graphic file or printed.

This preview feature can be accessed for both installed and non-installed packages.

To show dependencies for an installed package, select it and from the Management ribbon press Analyze dependencies:

The same function can be invoked from the context menu:

Finally, you can open the new view from the Dependencies tab (by clicking on Open dependencies graph…) or simply start the viewer for any package (tab Tools, button Dependencies analyzer).

Ability to define expiration date for self-signed certificates

In the New self signed certificate dialog, a new input field has been added. You can now define the expiration date, with the default being one year from today:

Other changes

  • Windows 10 October 2020 Update is now correctly recognized by the Dependencies tab.
  • In the Installation tab, the path to the manifest file was empty for packages installed in the Developer mode. The issue has been fixed in this build.
  • Some minor wording adjustments in context menu and file pickers.

Download

The app will be updated automatically in a few hours if you installed it from app installer file. New users can download MSIX Hero from the Download page.

MSIX Hero 1.4.0 – Checking for appinstaller updates

MSIX Hero 1.4.0 is now available and here are the feature highlights and release notes for this release:

New tab with information about the installation type

Installation tab has now an extra tab, which shows the information about the type of the installation. For apps installed from .appinstaller files, the remote URL to the file is shown:

For Store apps, link to the corresponding Microsoft Store page is shown:

For all app types, a hyperlink to the installation folder is shown as well.

Ability to update / check for any .appinstaller update

For apps installed from Microsoft Store or from an appinstaller file, a new button Check for updates… is available in the Ribbon (tab Management)…

and from the context menu:

For Store apps, the link simply open the relevant Store page settings, where any pending updates may be downloaded.

For appinstaller, this will actually check whether any update is available (regardless of appinstaller settings about update check timing) and if an update is available an option to install it will be shown:

See more information about .appinstaller and the newly added function.

Better feedback for signtool related errors

Inspired by this thread on Twitter, this version now reports slightly more detailed error instead of infamous “No certificate were found that met all the given criteria“. For example, the following will be shown when trying to sign a certificate with improper EKU:

Even more information is also written to MSIX Hero logs (%localappdata%\msix-hero\Logs), including debug output of signtool.exe.

Improved package sidebar

Package content sidebar has received minor changes:

  • Installed add-ons (modification packages) are now displayed in the Content > Optional content section (previously they were under Installation tab)
  • The numbers (for example installed apps, add-ons, count of applications) are now shown as badges and better stand-out from the tab label:

Other changes

  • Validation of URL of .appinstaller files is now less strict and allows file:// and UNC share syntax.
  • Buttons for dismissing and calling release notes were stealing the focus. The issue has been fixed in this build.
  • Removal and update of packages was previously not refreshing the sidebar. The issue has been fixed in this build.
  • Importing a certificate file to the Personal store now shows a confirmation dialog.
  • Importing a certificate now shows an UAC dialog if MSIX Hero was not started as administrator.
  • For some packages, their titles and descriptions were not properly localized. The issue has been fixed in this build.
  • Ribbon buttons Modification package.., Appinstaller definition… and Winget manifest (YAML)… – have been moved from the Management to the Developer contextual tab.

Download

The app will be updated automatically in a few hours if you installed it from app installer file. New users can download MSIX Hero from the Download page.

MSIX Hero 1.3.0 – improved modification package generator + usability

MSIX Hero 1.3.0 is now available. Below are key changes of this release:

Improved modification package generator

The modification package generator has been heavily improved in this version. The dialog has been cleaned up an more options have been added.

  • Ability to specify display names for the package and publisher fields separately from “identity” values.
  • Ability to add extra files.
  • Ability to add extra registry entries (from .REG file).
  • Ability to create empty folder structures (only when creating a manifest file).

Some values which were displayed in previous versions of MSIX Hero (for example the architecture) are not there anymore, as modification packages do not require them. Additionally, a few reported bugs related to the modification packages handling have been fixed.

Create modification packages from command-line

Modification packages can be created from UI and from the new command line verb newmodpack, which exposes all options the UI offers.

Other changes

  • Fixed a problem with the package list loosing focus when switching to other windows.
  • The button Run package is now inactive when the current package does not have any Application (for example when it is a Modification Package).
  • In various dialogs, if there is any field which has an incorrect or a missing value, its tab is now highlighted.
  • In most of dialogs, the validation messages are now clearer about which value they refer to.
  • Restored missing asterisks for required values in some dialogs.
  • Update impact dialog now shows the correct message after pressing the button without specifying source packages first.
  • Headers in dialogs are now more “compact”, the labels are not displayed anymore.
  • In the Pack MSIX package dialog, the checkbox Sign this package is now in the Source + target tab (consistent with some other dialogs).
  • Minor visual adjustments of the Analyze update impact dialog.
  • General stability and performance improvements.

Download

The app will be updated automatically in a few hours if you installed it from app installer file. New users can download MSIX Hero from the Download page.

MSIX Hero 1.2.3

This release fixes a few important issues reported in version 1.2.0.

Changelog

  • On some systems, a BadData error could be shown when reading the list of installed packages, or when clicking a package on the installed apps list.
  • On some systems (depending on installed packages) a NullReferenceException could be shown when reading the list of installed packages.

Download

The app will be updated automatically in a few hours if you installed it from app installer file. New users can download MSIX Hero from the Download page.

MSIX Hero 1.2.0 – stopping apps + improved filtering

An update to MSIX Hero has been just released. This new version 1.2.0 contains the following changes:

Update 22.09.2020: Some users reported, that a “NullReference” error may be shown when launching the app, a regression in comparison to 1.1.15. On affected machines, this is caused by a presence of specific installed apps for which MSIX SDK API reports no manifest file path. The issue has been fixed in version 1.2.3.

Indicator for running apps

A small green indicator has been added to the apps that are currently running.

The list is “live” (it refreshes automatically). Note that some apps may be shown as running even though there is no foreground window visible. This is a case for UWP apps which may be still running in the background, in which case they are also considered as “running”.

Stopping apps

For an app that is currently running, it is possible to stop its process and all children (if necessary). This function can be invoked from the context menu:

…and from the Ribbon menu (make sure to select the app first):

Overhaul of the VIEW > filter menu

The VIEW menu has been adjusted to make it easier to filter. There are now two additional filter options:

  • Filtering by the architecture (for example, show me only x64 bit packages)
  • Filtering by the running status (for example, show me only apps that are running)

Four buttons representing the filter are clickable and reveal a dropdown with available options once clicked. Additionally, for drop-downs with radio buttons (for example filtering by the running status or by the add-on/main app type) the top part of its split button is clickable, and pressing it changes to the next available option.

As before, filter options can be combined, and for an app to be shown all filters must match. For example, the combination of settings from the last screenshot will show only running apps, excluding add-ons and Microsoft Store apps.

Other changes

  • The ribbon has been optimized for lower resolutions.
  • A duplicated action for the Empty modification package button in the File backstage has been corrected in this build. In previous versions, it was wrongly opening the MSIX app attach wizard.
  • Breaking change: It is not possible to start an app which does not have a Start Menu entry.

Download

The app will be updated automatically in a few hours if you installed it from app installer file. New users can download MSIX Hero from the Download page.

MSIX Hero 1.1.15: extended context menu

New version of MSIX Hero is available. This version has plenty of under-the-hood changes and refactored modules +optimizations for upcoming features.

Changelog

  • Running commands (previously called “tools”, for example REGEDIT, Notepad etc.) in the package context is now possible from the context menu:
  • Context menus have been restyled to match the app theme.
  • Improved progress reporting for some commands.
  • The usage of RAM has been optimized.

Resolved issues

  • The link to import the newly created certificate to the trusted store, shown on the confirmation page of the Create self-signed… dialog was not working. The issue has been fixed in this build.
  • A problem with sporadic “ghost” package selection has been fixed in this build.

Download

The app will be updated automatically in a few hours if you installed it from app installer file. New users can download MSIX Hero from the Download page.

MSIX Hero 1.1.0 – better add-ons overview

Feature highlight

It is possible to show add-ons / modification packages directly in the grid. A new ribbon group has been added to control this new behavior:

  • Only main apps – only main (non-optional) apps will be displayed. This is how previous versions worked, and also the default behavior of this version.
  • Only add-ons – only add-ons (modification packages) will be displayed. This is a handy way of seeing only apps which rely on some others, and also an easy way of uninstalling add-ons and modification packages.
  • Main apps + add-ons – combines both options by displaying all apps in the main grid.

Resolved issues

  • Modification packages were not loaded correctly in the sidebar. The issue has been fixed in this build.

Download

The app will be updated automatically in a few hours if you installed it from app installer file. New users can download MSIX Hero from the Download page.

MSIX Hero 1.0.21 – SDK update

This version contains just a single minor UI change – after upgrading to a newer version, a small information bar is shown:

Pressing Show release notes open respective blog page with change log of the currently installed version.

Additionally, various SDKs included with MSIX Hero has been updated in this build:

Download

The app will be updated automatically in a few hours if you installed it from app installer file. New users can download MSIX Hero from the Download page.

Update impact

Here is a visual comparison and update impact analysis of MSIX Hero 1.0.16 -> 1.0.21 upgrade. You can get similar results by exploring the options in the Ribbon > Tools Update impact analyzer.

MSIX Hero 1.0.16 – signed MSIX app attach scripts and more

A new minor update of MSIX Hero is available. This build improves the experience of MSIX app attach (UI and command-line driven) and fixes a few spotted issues. The update is highly recommended.

Changes

  • App attach scripts are now digitally signed.
  • Because of the previous, the configuration of package(s) for app attach has been moved to a separate JSON file app-attach.json, which is then accessed by staging and registration scripts. In order to make adjustments (like changing the MSIX junction point path) edit the JSON file directly. Below is a typical file structure that is created (either from UI or from MSIXHeroCLI.exe):
  • All MSIX app attach scripts have now constant names (for example stage.ps1) and do not contain the name of the package anymore. This has the following benefits:
    • It is easier to run them manually by just typing a few letters in Terminal window
    • This is also now semantically correct, as the scripts are now effectively the same for all packages, since the configurable data has been moved to the JSON config.
  • The content of the scripts for app attach has been generally improved in terms of code formatting, and a missing dismount routine (also not present in templates on MSDN) has been added to the destage.ps1 script.
  • Staging script had previously duplicated curly braces, which could cause an error returned by mklink. The issue has been fixed in this version.
  • Speaking of mklink, its exit codes are now checked by the staging script. Non-zero exit code will break immediately.
  • The dialog for certificate extraction can now trigger self-elevation (UAC) in case the checkbox for trusted store is checked.
  • In the same wizard, a shield has been added to indicate possible elevation.

Download

The app will be updated automatically in a few hours if you installed it from app installer file. New users can download MSIX Hero from the Download page.

Update impact

Here is a visual comparison and update impact analysis of MSIX Hero 1.0.14 -> 1.0.16 upgrade. You can get similar results by exploring the options in the Ribbon > Tools > Update impact analyzer.