[Bug 45757] New: Visual Studio 2017 Installer - " The installer manifest failed signature validation"
https://bugs.winehq.org/show_bug.cgi?id=45757
Bug ID: 45757 Summary: Visual Studio 2017 Installer - "The installer manifest failed signature validation" Product: Wine Version: 3.15 Hardware: x86 URL: https://visualstudio.microsoft.com/downloads/#build-to ols-for-visual-studio-2017 OS: Linux Status: NEW Keywords: download Severity: normal Priority: P2 Component: -unknown Assignee: wine-bugs@winehq.org Reporter: dark.shadow4@web.de Depends on: 45749 Distribution: ---
Follow up to bug 45749. After the workaround, the installer opens. But installing anything errors instantly with "The installer manifest failed signature validation"
https://bugs.winehq.org/show_bug.cgi?id=45757
jimbo1qaz jimbo1qaz@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |jimbo1qaz@gmail.com
--- Comment #1 from jimbo1qaz jimbo1qaz@gmail.com --- https://developercommunity.visualstudio.com/content/problem/3983/when-the-se...
I assume this error is related to implementations of cryptography (Wine? DLL? .Net?)
Maybe running ProcMon or some Wine equivalent (not sure what, winedbg +relay?) would help.
https://bugs.winehq.org/show_bug.cgi?id=45757
--- Comment #2 from Fabian Maurer dark.shadow4@web.de --- Yeah, I hope I can take a look tomorrow.
https://bugs.winehq.org/show_bug.cgi?id=45757
--- Comment #3 from Fabian Maurer dark.shadow4@web.de --- Seems like CryptDecodeObjectEx fails, visual studio log says
[00c1:0011][2018-09-03T21:40:25] ManifestVerifier Exception decoding signature value; Unknown error "-2146881269". [00c1:0011][2018-09-03T21:40:25] ManifestVerifier Result: InvalidSignature
which corresponds to CRYPT_E_ASN1_BADTAG
Could we maybe just be missing some root certificate?
https://bugs.winehq.org/show_bug.cgi?id=45757
--- Comment #4 from Fabian Maurer dark.shadow4@web.de --- I got the same issue now on my Win7-VM. Installing the updates, specifically the windows update manager update, fixes the issue. It can also be fixed by installing two certain certificates. Doesn't work on wine though, but I still think it's missing certificates.
https://bugs.winehq.org/show_bug.cgi?id=45757
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |Installer CC| |focht@gmx.net
https://bugs.winehq.org/show_bug.cgi?id=45757 Bug 45757 depends on bug 45749, which changed state.
Bug 45749 Summary: Multiple Node.js based applications/installers need ntdll.NtQueryInformationFile to handle 'FileModeInformation' information class (MS Visual Studio 2017 Installer, FACEIT Anti-cheat client) https://bugs.winehq.org/show_bug.cgi?id=45749
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |FIXED
https://bugs.winehq.org/show_bug.cgi?id=45757
Jonathan jomarocas@outlook.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |jomarocas@outlook.com
--- Comment #5 from Jonathan jomarocas@outlook.com --- any update of this issue, i understand is a update from windows update
https://bugs.winehq.org/show_bug.cgi?id=45757
Zebediah Figura z.figura12@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Component|-unknown |crypt32 CC| |z.figura12@gmail.com
--- Comment #6 from Zebediah Figura z.figura12@gmail.com --- The program attempts to decode a signed message. It calls CryptMsgGetParam(..., CMSG_CERT_(COUNT_)PARAM) to retrieve certificates. It then fails trying to decode the third one. I tested feeding the same message into native crypt32 and it only returns two certificates. The third one we return is bogus.
I have no experience with ASN or CMS, and crypt32 code is an unreadable mess. I'm willing to look into this, but I'd really appreciate it if someone with at least a bit more background could consider picking this up instead.
https://bugs.winehq.org/show_bug.cgi?id=45757
--- Comment #7 from Fabian Maurer dark.shadow4@web.de --- Does it work with native crypt32 though?
https://bugs.winehq.org/show_bug.cgi?id=45757
--- Comment #8 from Zebediah Figura z.figura12@gmail.com --- (In reply to Fabian Maurer from comment #7)
Does it work with native crypt32 though?
Native crypt32 crashes with a page fault somewhere.
https://bugs.winehq.org/show_bug.cgi?id=45757
Mike Ellery mellery@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |mellery@gmail.com
https://bugs.winehq.org/show_bug.cgi?id=45757
scorpion81 scorpion8182@googlemail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |scorpion8182@googlemail.com
--- Comment #9 from scorpion81 scorpion8182@googlemail.com --- Created attachment 63980 --> https://bugs.winehq.org/attachment.cgi?id=63980 crash log for MS VC Build Tools installer
https://visualstudio.microsoft.com/downloads/#build-tools-for-visual-studio-... (not the full VS, but only the buildtools) also fail to install in wine 4.4, 32 bit prefix, even with .NET 4.7.2 being installed via latest winetricks from github. I know that visual studio itself is listed as "garbage" (lol, the test results are meant), but i think that web installer is just "fancier than necessary" lol
https://bugs.winehq.org/show_bug.cgi?id=45757
--- Comment #10 from scorpion81 scorpion8182@googlemail.com --- Created attachment 64024 --> https://bugs.winehq.org/attachment.cgi?id=64024 content of C:\users\username\Temp\VSFaultInfo\190327_082750_2354600\ErrorInformation.txt
hmm after creating an offline installer like described here https://stackoverflow.com/questions/46684230/visualstudio-build-tools-2017-o... and running that like WINEPREFIX=~/wine-vc14 wine vs_buildtools.exe --quiet --installPath C:\MSVC --noweb the installer creates an error output file even. I will also attach wines debug log in another attachment.
https://bugs.winehq.org/show_bug.cgi?id=45757
--- Comment #11 from scorpion81 scorpion8182@googlemail.com --- Created attachment 64025 --> https://bugs.winehq.org/attachment.cgi?id=64025 wine debug log for invocation of offline installer, some telemetry crap craps out
seems like some telemetry stuff is being invoked and queries the hardware id... wtf...
https://bugs.winehq.org/show_bug.cgi?id=45757
--- Comment #12 from Zebediah Figura z.figura12@gmail.com --- There's no need to add additional reports and logs; the problem is diagnosed well enough already.
https://bugs.winehq.org/show_bug.cgi?id=45757
--- Comment #13 from Dmitry Timoshkov dmitry@baikal.ru --- Created attachment 64294 --> https://bugs.winehq.org/attachment.cgi?id=64294 CryptMsgUpdate should skip broken certificates
I've dumped the blob and created 2 test apps: one loads the blob with CertOpenStore(), and another one loads it with CryptMsgOpenToDecode() + CryptMsgUpdate() (like the VS installer does). The opened store contains 2 certificates because before adding the certificate to the store it gets verified by an attempt to create a certificate context. However CryptMsg* doesn't perform the verification and simply copies the certificate.
dumpasn1 shows that the blob in question has 3 certificates, but the last one is corrupted.
Attached patch adds the verification step to CryptMsgUpdate(), and this makes the loop that fetches the certificates from the blob and creates the context succeed. Unfortunately after that the installer still fails the signature verification due to another problem.
P.S. And yes, crypt32 code is not the best thing to work on.
https://bugs.winehq.org/show_bug.cgi?id=45757
--- Comment #14 from Dmitry Timoshkov dmitry@baikal.ru --- (In reply to Dmitry Timoshkov from comment #13)
Created attachment 64294 [details] CryptMsgUpdate should skip broken certificates
I've dumped the blob and created 2 test apps: one loads the blob with CertOpenStore(), and another one loads it with CryptMsgOpenToDecode() + CryptMsgUpdate() (like the VS installer does). The opened store contains 2 certificates because before adding the certificate to the store it gets verified by an attempt to create a certificate context. However CryptMsg* doesn't perform the verification and simply copies the certificate.
dumpasn1 shows that the blob in question has 3 certificates, but the last one is corrupted.
Attached patch adds the verification step to CryptMsgUpdate(), and this makes the loop that fetches the certificates from the blob and creates the context succeed. Unfortunately after that the installer still fails the signature verification due to another problem.
It's CertVerifyCertificateChainPolicy() that failed with CERT_E_UNTRUSTEDROOT. With the patch applied to wine-staging the signature verification step works just fine, probably the patch in staging that adds Microsoft root certificates helps.
After that it's possible to start the installation but it fails later due some not implemented stubs.
https://bugs.winehq.org/show_bug.cgi?id=45757
Alistair Leslie-Hughes leslie_alistair@hotmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |FIXED Fixed by SHA1| |1875620466d178faead9d0ccea0 | |8bd2eee7c7722
--- Comment #15 from Alistair Leslie-Hughes leslie_alistair@hotmail.com --- Fixed by https://source.winehq.org/git/wine.git/?a=commit;h=1875620466d178faead9d0cce...
https://bugs.winehq.org/show_bug.cgi?id=45757
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #16 from Alexandre Julliard julliard@winehq.org --- Closing bugs fixed in 4.8.
https://bugs.winehq.org/show_bug.cgi?id=45757
Michael Stefaniuc mstefani@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|--- |4.0.x
https://bugs.winehq.org/show_bug.cgi?id=45757
Michael Stefaniuc mstefani@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|4.0.x |---
--- Comment #17 from Michael Stefaniuc mstefani@winehq.org --- Removing the 4.0.x milestone from bug fixes included in 4.0.3.
-
wine-bugs@winehq.org -
WineHQ Bugzilla