Build: Fix build script for a local installer (#44168)

## Summary of the Pull Request Not maintained since wix5 upgrade, so make it build locally for an installer 1. Do elevation when dev cert is not added to root store 2. Set up version to build arg to build, and build cmdpal version same with CI 3. cmdpal AOT local build 4. Make sure every msix file is signed successfully  ## PR Checklist - [ ] Closes: #xxx  - [ ] **Communication:** I've discussed this with core contributors already. If the work hasn't been agreed, this work might be rejected - [ ] **Tests:** Added/updated and all pass - [ ] **Localization:** All end-user-facing strings can be localized - [ ] **Dev docs:** Added/updated - [ ] **New binaries:** Added on the required places - [ ] [JSON for signing](https://github.com/microsoft/PowerToys/blob/main/.pipelines/ESRPSigning_core.json) for new binaries - [ ] [WXS for installer](https://github.com/microsoft/PowerToys/blob/main/installer/PowerToysSetup/Product.wxs) for new binaries and localization folder - [ ] [YML for CI pipeline](https://github.com/microsoft/PowerToys/blob/main/.pipelines/ci/templates/build-powertoys-steps.yml) for new test projects - [ ] [YML for signed pipeline](https://github.com/microsoft/PowerToys/blob/main/.pipelines/release.yml) - [ ] **Documentation updated:** If checked, please file a pull request on [our docs repo](https://github.com/MicrosoftDocs/windows-uwp/tree/docs/hub/powertoys) and link it here: #xxx  ## Detailed Description of the Pull Request / Additional comments  ## Validation Steps Performed Verify the script can build an installer on a new devbox, and cmdpal, filelocksmith etc can be run without problem <img width="872" height="275" alt="image" src="https://github.com/user-attachments/assets/cf4cff0d-0d90-4496-a7f8-50c582d9c340" /> <img width="1251" height="555" alt="image" src="https://github.com/user-attachments/assets/6529c1a8-a532-4dfc-9f74-2c2fd37e28e6" /> Output for msix packages: PackageFullName Version --------------- ------- Microsoft.PowerToys.SparseApp_0.96.2.0_neutral__8wekyb3d8bbwe 0.96.2.0 Microsoft.PowerToys.FileLocksmithContextMenu_0.96.2.0_neutral__8wekyb3d8bbwe 0.96.2.0 Microsoft.PowerToys.ImageResizerContextMenu_0.96.2.0_neutral__8wekyb3d8bbwe 0.96.2.0 Microsoft.PowerToys.NewPlusContextMenu_0.96.2.0_neutral__8wekyb3d8bbwe 0.96.2.0 Microsoft.PowerToys.PowerRenameContextMenu_0.96.2.0_neutral__8wekyb3d8bbwe 0.96.2.0 --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
2026-04-03 09:46:54 +02:00 · 2025-12-11 13:17:42 +08:00
parent d32ea86314
commit f8c5ff8c0c
2 changed files with 328 additions and 57 deletions
--- a/tools/build/cert-management.ps1
+++ b/tools/build/cert-management.ps1
@@ -61,8 +61,18 @@ function ImportAndVerifyCertificate {
    try {
        $null = Import-Certificate -FilePath $cerPath -CertStoreLocation $storePath -ErrorAction Stop
    } catch {
-        Write-Warning "Failed to import certificate to $storePath : $_"
-        return $false
+        if ($_.Exception.Message -match "Access is denied" -or $_.Exception.InnerException.Message -match "Access is denied") {
+            Write-Warning "Access denied to $storePath. Attempting to import with admin privileges..."
+            try {
+                Start-Process powershell -ArgumentList "-NoProfile", "-Command", "& { Import-Certificate -FilePath '$cerPath' -CertStoreLocation '$storePath' }" -Verb RunAs -Wait
+            } catch {
+                Write-Warning "Failed to request admin privileges: $_"
+                return $false
+            }
+        } else {
+            Write-Warning "Failed to import certificate to $storePath : $_"
+            return $false
+        }
    }

    $imported = Get-ChildItem -Path $storePath | Where-Object { $_.Thumbprint -eq $thumbprint }