Even more new features for AVE 2.3

We opened up a beta testing opportunity for upcoming Application Virtualization Explorer, version 2.3, a few weeks ago. In that post we also announced new features that the product has and which were already available in the beta as well.

While the new features mentioned will be getting a more detailed coverage in the upcoming weeks, I just wanted to write about additional new features which the beta does not support but which will be in the actual 2.3 release.

The features I want to discuss about in this post both relate to the App-V package MSI.

If you are unsure what MSI exactly I am referring to, it’s the one that you can generate alongside with the other App-V package files and can be used to deploy your App-V package into standalone clients, or clients that are not serviced from the traditional App-V Management Server or by using SCCM’s integrated App-V package delivery mechanism.

In AVE 2.3 there’s going to be two new MSI related options. These both only complement the normal MSI outputting and as such are not necessary for the correct functioning of the resulting MSI.

They can be configured from the newly structured Options dialog in AVE, pictured below, instead of the MSI section in Package Configuration screen because they both relate to all MSI packages rather than individual per-package version of the MSI file. And they can also be configured using AVE’s Group Policy Template file that we ship with the product, making it wasy for larger corporations to define correct settings once and for all.

The first one of the options relates to the template MSI AVE will use when outputting the package MSI file.

Historically we have been using the same template as Sequencer uses to maximize compatibility, only filling it up with the up-to-date package data (OSD, ICO and Manifest files, as well as updating appropriate MSI properties).

Now in AVE 2.3 you have the option of using your own template MSI for generation, which opens up the possibility for both customization of the visuals (if you want your own branding in the banners etc.) as well as fixing some of the known shortcomings in certain operations of the stock MSI file Sequencer uses, like described in the very thorough CSI-Windows’ article. You just set the path to the customized MSI file and AVE will use it for all package saves instead of the default one.

Since AVE has no understanding of the how MSI works internally, apart from knowing what properties to update and how to store those App-V package metadata files inside it in one CAB file, it is highly recommeded to take the default MSI file as a baseline and customize from there; adding or removing functionality as needed (all is done through custom actions in it).

The second new feature supported by AVE 2.3 will be option to use custom digital signing for the generated MSI file.

If you have ever used digital signing of code (EXEs and DLLs, but MSI can be signed as well), you’ll know that after the signing any alteration to the signed file will invalidate the signature. That’s kind of the whole point of digital signing, after all! In the Microsoft world we use Authenticode certificates  for this purpose, and they are (usually, always?) delivered to you as PFX files which is the predecessor to a PKCS12 standard.

Now, it would be no good to sign your template file with the certificate because it would be invalidated the instance AVE updates its contents during save. For this reason the signing needs to be re-done each time the package is saved, and as a last step. For this purpose we added support for signing the resulting MSI file with your own code signing certificate. You just have to specify the path to the certificate file itself, password for it and the timestamping service to use (we pre-list Verisign’s or Comodo’s for you to select, it actually doesn’t require a certificate from those vendors for timestamping service to work). You also have to have Microsoft’s signtool -utility somewhere for AVE to found it, since we offload the signing process to it instead of doing all the very complex API calling ourselves (there’s not that much managed love for the purpose, provided in the base .NET framework).

So if you want to or need to have your App-V package MSIs digitally signed (Windows Installer tend to trust them more if you do), you can now integrate it into your workflow with AVE!