Microsoft Technical Takeoff: Windows and Microsoft Intune
Oct 24 2022 07:00 AM - Oct 27 2022 12:00 PM (PDT)

How to properly escape a comma in makeappx.exe package process?

Occasional Visitor

When trying to package up a UWP application, we have our signing certificate specified in the Publisher section of the manifest. Unfortunately, our CN and Organization both have commas in the value.

Example:
<Identity Name="PKProtectExplorerIntegration" Publisher="CN=MSFT, INC, O=MSFT, INC, C=US" Version="1.0.0.0" />

When we try to run makeappx.exe pack /d Test /p Test.msix /nv

We see this error in the output because of the commas:
Output:
MakeAppx : error: Error info: error C00CE169: App manifest validation error: The app manifest must be valid as per schema: Line 14, Column 49, Reason: 'CN=MSFT, INC, O=MSFT, INC, C=US' violates pattern constraint of '(CN|L|O|OU|E|C|S|STREET|T|G|I|SN|DC|SERIALNUMBER|Description|PostalCode|POBox|Phone|X21Address|dnQualifier|(OID.(0|[1-9][0-9])(.(0|[1-9][0-9]))+))=(([^,+="<>#;])+|".")(, ((CN|L|O|OU|E|C|S|STREET|T|G|I|SN|DC|SERIALNUMBER|Description|PostalCode|POBox|Phone|X21Address|dnQualifier|(OID.(0|[1-9][0-9])(.(0|[1-9][0-9]))+))=(([^,+="<>#;])+|".")))*'.
The attribute 'Publisher' with value 'CN=MSFT, INC, O=MSFT, INC, C=US' failed to parse.

 

How do we properly escape a comma in the Publisher string?

3 Replies

hi@jackd5O 

I think ,(comma) is not supported to be a part of the publisher name.
This article specifies how publisher attribute should look like. 
 
It has to align with this regex:
 
(CN|L|O|OU|E|C|S|STREET|T|G|I|SN|DC|SERIALNUMBER|(OID\.(0|[1-9][0-9]*)(\.(0|[1-9][0-9]*))+))=(([^,+="<>#;])+|".*")(, ((CN|L|O|OU|E|C|S|STREET|T|G|I|SN|DC|SERIALNUMBER|(OID\.(0|[1-9][0-9]*)(\.(0|[1-9][0-9]*))+))=(([^,+="<>#;])+|".*")))*"
 
[^,+="<>#;] = any symbols like , + = etc are now supported. 

@jackd5O 

I believe you can include the comma by quoting the field. So it would be 'CN="MSFT, INC", O="MSFT, INC", C=US'. To include those inner quotes in the manifest XML, you would need to escape them as &quot; so it would ultimately look like Publisher="CN=&quot;MSFT, INC&quot;, O=&quot;MSFT, INC&quot;, C=US".

Note that the regex says you cannot use special characters, unless you quote them:
([^ ,+="<>#;]+|".*")
means that you can write something without any of those characters, or you can surround the full thing with quotes.