On Tue Aug 26 22:40:54 2025 +0000, Vibhav Pant wrote:
How are this packages distributed, how users get them, are they
possibly signed, is it related in any way to Store packages? <span dir="">Yeah, I believe the Windows Store does distribute apps in the form of appx packages, but they can be sideloaded as well. There are also FOSS tools like </span>[`winget`](https://github.com/microsoft/winget-cli/tree/master)<span dir="">/App Installer that use </span>`Windows.Management.Deployment.PackageManager`<span dir=""> APIs to install packages, </span>and provide access to community-maintained repos for AppX packages as well. AppX packages contain signing info in `AppxSignature.p7x` (which is just PKCS #7 data), there's also support for codeintegrity signatures in `AppxMetadata/CodeIntegrity.cat` However, this is out of scope for opcservices.dll, as this only get used to decompress and read appx files. Signature vertification would need to be done separately, likely in `PackageManager`. But yes, the idea is that the `PackageManager` code would open and read AppX packages using `ReadPackageFromStream`.
Is this just for an experiment, or what are the real use cases?