Skip to main content

Building Microsoft APPX packages from source folder

· 3 min read
Cameron Martin
Cameron Martin
Developer

A quick guide on building and installing .appx packages from its original source folder, for example Windows ISO images, with an own certificate.

Prerequisites

  • Windows Developer Kit (in this case, the 14393 build)
  • Appx source folder of the app to build, for example from the desired windows ISO image

Source files

Microsoft's preinstalled APPX packages are located at C:/Program Files/WindowsApps

There are several files for the same package, we need the x64 variant of the app. For this example, we’re gonna build the Mail and Calendar app. The package needed for the example is called microsoft.windowscommunicationsapps_17.6868.41201.0_x64.

Copy the folder to a work place (for example, to the desktop).

The Windows Developer Kit includes the tools needed. MakeAppx.exe and SignTool.exe.

Generating a certificate

To build an appx from its source folder, first we need to have a certificate to sign it, as we can’t install an unsigned package.

Open elevated PowerShell session and generate a certificate.

New-SelfSignedCertificate -Type Custom -Subject "CN=BBJProjeK, O=The BBJProjeK Organization, C=US" -KeyUsage DigitalSignature -FriendlyName "BBJProjeK" -CertStoreLocation "Cert:\CurrentUser\My" -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.3","2.5.29.19={text}")

Move to the certificated folder and print certificates list.

Set-Location Cert:\CurrentUser\My
Get-ChildItem | Format-Table Subject, FriendlyName, Thumbprint

To export the certificate in the local store to a PFX file, use the Export-PfxCertificate cmdlet.

$password = ConvertTo-SecureString -String <Your Password> -Force -AsPlainText
Export-PfxCertificate -cert "Cert:\CurrentUser\My\<Certificate Thumbprint>" -FilePath <FilePath>.pfx -Password $password

Now click the file you generated, as we need to import it to local machine, type the password previously created and a prompt will show to save on a certificate store location.

Choose to save to a custom location, select “Trusted Root Certificate Authorities”.

Building the package

Now with the package folder and certificate file, move back to the APPX folder and open AppxManifest.xml. We need to edit the publisher of the package to the data we specified when created the certificate. In this case, we used the following info:

CN=BBJProjeK, O=The BBJProjeK Organization, C=US

The publisher tag is located under <Identity>, normally is the third xml line. Edit it, then close manifest file.

Build the app using MakeAppx.

MakeAppx pack /d microsoft.windowscommunicationsapps_17.6868.41201.0_x64 /p microsoft.windowscommunicationsapps_17.6868.41201.0_x64.appx /l

Sign it using SignTool specifying the pfx file.

SignTool sign /fd SHA256 /a /f <certpath> /p <CertPassword> microsoft.windowscommunicationsapps_17.6868.41201.0_x64

Should have built correctly. Open an elevated PowerShell session and install.

Add-AppxPackage microsoft.windowscommunicationsapps_17.6868.41201.0_x64.appx

Help

This is an old post, published on January 4th 2020 by Cameron Martin on the BBJProjeK The Agency Slack group. Updated to be published on this website.