[WinGetUtil] ValidateManifestInstallers fails for zip installers with appx/msix NestedInstallerType

[msftrubengu]

Summary

ValidateManifestInstallers() in ManifestValidation.cpp incorrectly attempts MSIX validation on zip installers that contain nested appx/msix packages. The function uses installer.EffectiveInstallerType() to determine whether to run MsixManifestValidation::Validate(), but for zip installers EffectiveInstallerType() returns the NestedInstallerType (appx → InstallerTypeEnum::Msix), causing it to try opening the raw zip URL as an MSIX package.

Expected Behavior

Manifests with InstallerType: zip and NestedInstallerType: appx should pass ValidateManifestInstallers() without error. The MSIX validation should not attempt to open a zip archive URL as an MSIX package.

Actual Behavior

MsixManifestValidation::Validate() calls GetMsixInfo(installer.Url) on the zip URL. Since the URL points to a .zip archive (not an .appx/.msix file), GetMsixInfo() returns nullptr, and the error InstallerFailedToProcess is emitted for every installer entry:

Failed to process installer. [InstallerUrl] Value: https://github.com/microsoft/winget-cli/releases/download/v1.9.25180/DesktopAppInstaller_Dependencies.zip

The error repeats once per architecture (e.g., 4 times for x64/x86/arm/arm64).

Steps to Reproduce

1. Use a manifest with InstallerType: zip and NestedInstallerType: appx (e.g., Microsoft.VCLibs.Desktop.14 v14.0.33728.0 from microsoft/winget-pkgs)
2. Call WinGetValidateManifestV3 with WinGetValidateManifestOptionV2::InstallerValidation
3. Observe InstallerValidationFailure result with "Failed to process installer" messages

Environment

• Manifests: Microsoft.VCLibs.Desktop.14 v14.0.33728.0, Microsoft.VCLibs.14 v14.0.33519.0
• These manifests exist in production microsoft/winget-pkgs

Additional Context

The issue is in ManifestValidation.cpp line ~497:

if (installer.EffectiveInstallerType() == InstallerTypeEnum::Msix)
{
    auto installerErrors = msixManifestValidation.Validate(manifest, installer);
}

EffectiveInstallerType() returns NestedInstallerType for archive types (ManifestInstaller.h line ~50). This check should also verify !IsArchiveType(installer.BaseInstallerType) before running MSIX validation.

---

🏴‍☠️ This report was assembled by the Straw Hat crew's AI navigator. While we've sailed these waters carefully, the seas are unpredictable — details should be verified by the maintainers.