msixbundle-rs

A Rust library and CLI tool for building and signing Windows MSIX packages and MSIX bundles using the Windows SDK toolchain.

Overview

msixbundle-rs provides a programmatic Rust interface to automate the creation, signing, and validation of multi-architecture MSIX packages and bundles. It's designed for build pipelines that need to package Windows applications for distribution via the Microsoft Store or enterprise deployment.

Crates

Crate	Description	crates.io
msixbundle	Core library for MSIX packaging operations
msixbundle-cli	Command-line tool for packaging workflows

Features

• Multi-architecture support: Build separate MSIX packages for x64 and ARM64 architectures
• Automatic bundle creation: Combine per-architecture packages into a single .msixbundle
• SDK auto-discovery: Automatically locate Windows SDK tools (MakeAppx.exe, signtool.exe, appcert.exe) via registry
• Code signing: Sign packages and bundles with PFX certificates
• Timestamping: Support for both RFC3161 and Authenticode timestamp protocols
• Validation: Validate packages using Windows App Certification Kit (WACK) and verify signatures
• Manifest parsing: Extract version and display name from AppxManifest.xml

Requirements

• Windows OS: This tool requires Windows and the Windows SDK
• Windows SDK 10: MakeAppx.exe and signtool.exe must be installed
  • Install via Visual Studio or standalone SDK
• Windows App Certification Kit (WACK): Required for validation (appcert.exe)
  • Installed automatically with the Windows SDK
• Rust: 1.70+ (2021 edition)

Quick Start

CLI Tool

cargo install msixbundle-cli

msixbundle-cli \
  --out-dir ./output \
  --dir-x64 ./build/x64/AppxContent \
  --dir-arm64 ./build/arm64/AppxContent \
  --pfx ./signing.pfx \
  --pfx-password "secret"

Library

[dependencies]
msixbundle = "1.0"

use msixbundle::*;

let tools = locate_sdk_tools()?;
let manifest = read_manifest_info(x64_dir)?;
let msix = pack_arch(&tools, x64_dir, out_dir, &manifest, "x64")?;

See the individual crate READMEs for detailed documentation.

Project Structure

msixbundle-rs/
├── msixbundle/          # Core library
│   ├── src/
│   │   └── lib.rs
│   └── Cargo.toml
├── msixbundle-cli/      # Command-line tool
│   ├── src/
│   │   └── main.rs
│   └── Cargo.toml
└── Cargo.toml           # Workspace configuration

How It Works

1. Manifest Parsing: Reads AppxManifest.xml from each architecture directory to extract version and identity information
2. Package Creation: Uses MakeAppx.exe to create .msix files for each architecture
3. Bundle Mapping: Generates a bundlemap.txt file listing all architecture packages
4. Bundle Creation: Uses MakeAppx.exe to combine packages into a .msixbundle
5. Signing: Uses signtool.exe to apply digital signatures with optional timestamping
6. Validation: Optionally validates packages with WACK and verifies signature validity

Contributing

Contributions are welcome! Please feel free to submit issues or pull requests.

License

MIT License - see the LICENSE file for details.

Resources

• MSIX Documentation
• MakeAppx.exe Tool Reference
• SignTool.exe Documentation
• Windows App Certification Kit (WACK)
• AppxManifest Schema