VS2015 安装程序项目 - 向 MSI 添加无效的 Microsoft 签名 [英] VS2015 Installer Projects - Adds Invalid Microsoft signature to MSIs
问题描述
当您构建 MSI 时,此 Microsoft 工具会添加无效的 Microsoft 数字签名.
This Microsoft tool adds an INVALID Microsoft digital signature when you build an MSI.
有人知道阻止工具添加数字签名的简单方法吗?或者在构建后删除数字签名的简单方法?
Anyone know of a simple way to stop the tool from adding the digital signature? Or an easy way to remove digital signature after the build?
VS2015 安装程序项目链接https://visualstudiogallery.msdn.microsoft.com/f1cc3f3e-c3700-40a-8797-c509fb8933b9
VS2015 Installer Projects link https://visualstudiogallery.msdn.microsoft.com/f1cc3f3e-c300-40a7-8797-c509fb8933b9
即使签名错误,MSI 文件也能正常工作.但是,当有人尝试使用 Edge 浏览器下载 MSI 时,它会阻止下载并显示此下载错误消息.此文件的签名已损坏或无效".带有一个可怕的大红色错误盾牌图标.
The MSI file works fine even with the bad signature. BUT, when someone tries to download the MSI with the Edge browser, it blocks the download and shows this download error message. "The signature for this file is corrupt or invalid" . With a big scary RED Error shield icon.
如果您想从您的产品或工具中吓跑潜在用户,这是一个完美的方法.
If you want to scare away potential users from your product or tool, this is the perfect way to do it.
咆哮:微软在 2012 年放弃该工具后再次提供该工具时,大鞠躬.告诉开发人员看,我们确实听取了您的意见,我们带回了这个流行的工具."好吧,你不会认为微软可以指派一个低级别的开发人员来维护它并修复像这样简单的事情.似乎只是另一个带有坏轮子的玩具,MS 将其扔进沙箱中,然后让它在那里散架.来吧微软,花 10 分钟解决这个问题.
Rant: Microsoft took a big bow when it made this tool available again after dropping it in 2012. Telling developers "See we do listen to you and we brought back this popular tool." Well, wouldn't you think Microsoft could assign a low level developer to maintain it and fix simple things like this. Seems to be just another toy with a broken wheel that MS tossed into the sandbox and left it there to fall apart. C'mon Microsoft, spend 10 minutes and fix this.
推荐答案
要解决此问题,您还可以尝试对包进行双重签名,而不是完成删除数字签名.这样,有关无效签名的警告消息将在下载时消失,并且正确的信息将出现在安装时的 UAC 提示中.
To fix this you can also try to dual sign the package, instead of completing removing the digital signature. This way the warning message about the invalid signature will disappear on download and also the correct info will appear in the UAC prompts on install.
双重签名当然需要 SHA2 证书.
Dual signing of course requires a SHA2 certificate.
SHA 2 签名无法被 Windows 7 之前的操作系统识别,因此如果您也针对这些签名并希望您的签名在那里可见,则需要执行 双重签名.
SHA 2 signatures are not recognized by OSes older than Windows 7, so if you target those too and want your signature to be visible there you need to perform dual signing.
微软解释 双重签名的步骤,以及更多细节.
Microsoft explaining the steps for dual signing, with more details.
这篇关于VS2015 安装程序项目 - 向 MSI 添加无效的 Microsoft 签名的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
