msixbundle-cli
| Crates.io | msixbundle-cli |
| lib.rs | msixbundle-cli |
| version | 1.1.0 |
| created_at | 2025-12-27 22:51:16.853536+00 |
| updated_at | 2026-01-06 18:00:06.797042+00 |
| description | Command-line tool to pack/sign MSIX and build .msixbundle |
| homepage | https://github.com/Choochmeque/msixbundle-rs |
| repository | https://github.com/Choochmeque/msixbundle-rs |
| max_upload_size | |
| id | 2007971 |
| size | 26,084 |
Vladimir Pankratov (Choochmeque)
documentation
README
msixbundle-cli
Command-line tool for building and signing Windows MSIX packages and bundles.
Installation
cargo install msixbundle-cli
Usage
Basic Usage
Build a bundle from x64 and ARM64 app directories:
msixbundle-cli \
--out-dir ./output \
--dir-x64 ./build/x64/AppxContent \
--dir-arm64 ./build/arm64/AppxContent
Build and Sign with PFX
msixbundle-cli \
--out-dir ./output \
--dir-x64 ./build/x64/AppxContent \
--dir-arm64 ./build/arm64/AppxContent \
--pfx ./certificates/signing.pfx \
--pfx-password "YourPassword" \
--timestamp-url http://timestamp.digicert.com \
--timestamp-mode rfc3161
Build and Sign with Certificate Thumbprint
Sign using a certificate from the Windows certificate store:
msixbundle-cli \
--out-dir ./output \
--dir-x64 ./build/x64/AppxContent \
--dir-arm64 ./build/arm64/AppxContent \
--thumbprint "1a2b3c4d5e6f..." \
--cert-store My \
--timestamp-url http://timestamp.digicert.com
For certificates in the machine store:
msixbundle-cli \
--out-dir ./output \
--dir-x64 ./build/x64/AppxContent \
--thumbprint "1a2b3c4d5e6f..." \
--machine-store
Sign Individual Packages
Sign each architecture package before bundling:
msixbundle-cli \
--out-dir ./output \
--dir-x64 ./build/x64/AppxContent \
--dir-arm64 ./build/arm64/AppxContent \
--sign-each \
--pfx ./signing.pfx \
--pfx-password "secret"
With Validation and Verification
msixbundle-cli \
--out-dir ./output \
--dir-x64 ./build/x64/AppxContent \
--pfx ./signing.pfx \
--pfx-password "secret" \
--validate \
--verify \
--verbose
Options
| Option | Description |
|---|---|
--out-dir |
Output directory for generated .msix and .msixbundle files |
--dir-x64 |
Path to x64 AppxContent directory containing AppxManifest.xml |
--dir-arm64 |
Path to ARM64 AppxContent directory |
--pfx |
Path to PFX certificate file for signing (mutually exclusive with --thumbprint) |
--pfx-password |
Password for the PFX certificate |
--thumbprint |
Certificate thumbprint (SHA1) from Windows cert store (mutually exclusive with --pfx) |
--cert-store |
Certificate store name (default: My). Common: "My" (Personal), "Root", "CA". See SignTool docs |
--machine-store |
Use machine certificate store instead of user store |
--sign-each |
Sign individual architecture packages (not just the bundle) |
--signtool-path |
Override path to signtool.exe |
--sip-dll |
Path to Appx SIP DLL (e.g., C:\Windows\System32\AppxSip.dll) |
--timestamp-url |
Timestamp server URL (default: http://timestamp.digicert.com) |
--timestamp-mode |
Timestamping protocol: rfc3161 or authenticode (default: rfc3161) |
--validate |
Validate packages using WACK (Windows App Certification Kit) |
--verify |
Verify signatures with SignTool after signing |
--verbose |
Enable verbose logging (sets RUST_LOG=info) |
--force |
Overwrite existing output files |
Creating a Self-Signed Certificate
For development and testing, create a self-signed certificate. The certificate's CN must match the Publisher in your AppxManifest.xml:
<Identity Name="YourApp" Publisher="CN=YourCompany" Version="1.0.0.0" />
Using PowerShell
# Create certificate (CN must match Publisher in manifest)
$cert = New-SelfSignedCertificate -Type Custom -Subject "CN=YourCompany" `
-KeyUsage DigitalSignature -FriendlyName "MSIX Test Certificate" `
-CertStoreLocation "Cert:\CurrentUser\My" `
-TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.3", "2.5.29.19={text}")
# Export to PFX
$password = ConvertTo-SecureString -String "YourPassword" -Force -AsPlainText
Export-PfxCertificate -Cert $cert -FilePath ".\test-certificate.pfx" -Password $password
# Install to Trusted Root (required for local testing)
$store = New-Object System.Security.Cryptography.X509Certificates.X509Store("Root", "LocalMachine")
$store.Open("ReadWrite")
$store.Add($cert)
$store.Close()
Using OpenSSL
# Generate key and certificate
openssl genrsa -out private.key 2048
openssl req -new -key private.key -out request.csr -subj "/CN=YourCompany"
openssl x509 -req -days 365 -in request.csr -signkey private.key -out certificate.crt
# Export to PFX
openssl pkcs12 -export -out test-certificate.pfx -inkey private.key -in certificate.crt -password pass:YourPassword
Notes
- Microsoft Store: No certificate needed - submit unsigned packages, the Store signs them
- Enterprise/Sideloading: Use a certificate from a trusted Certificate Authority
- Local Testing: Self-signed certificates work after installing to Trusted Root
Requirements
- Windows OS with Windows SDK 10 installed
- MakeAppx.exe and signtool.exe
- WACK (appcert.exe) for
--validateoption
License
MIT License