如何签署 Visual Studio .msi 的安装文件 [英] How to sign installation files of a Visual Studio .msi

问题描述

我最近从 globalsign 购买了一个验证码证书，但在签署我的文件以进行部署时遇到了问题.有几个 .exe 文件由项目生成，然后放入 .msi 中.当我使用 signtool 对 .exe 文件进行签名时，证书有效并且它们运行良好.问题是，当我构建 .msi(使用 Visual Studio 安装项目)时，.exe 文件丢失了它们的签名.所以我可以在构建后签署 .msi，但安装的 .exe 文件会继续整个未知发布者"业务.如何保留这些文件上的签名以便在客户端计算机上安装?

I recently purchased an authenticode certificate from globalsign and am having problems signing my files for deployment. There are a couple of .exe files that are generated by a project and then put into a .msi. When I sign the .exe files with the signtool the certificate is valid and they run fine. The problem is that when I build the .msi (using the visual studio setup project) the .exe files lose their signatures. So I can sign the .msi after it is built, but the installed .exe files continue the whole "unknown publisher" business. How can I retain the signature on these files for installation on the client machine?

推荐答案

Visual Studio 在编译时创建两个文件夹:obj 和 bin.结果证明，至少在我的情况下，输出将始终从 obj 文件夹复制到 bin 文件夹中.我正在对 bin 文件夹中的可执行文件进行签名，只是为了覆盖它们，然后将它们打包到 msi 中.对 obj 文件夹中的可执行文件进行签名解决了这个问题.

Visual Studio creates two folders at compile time: obj and bin. Turns out, at least in my case, the output will always be copied from the obj folder into the bin folder. I was signing the executables in the bin folder only to have them overwritten and then packaged into the msi. Signing the executables in the obj folder solved the problem.

这篇关于如何签署 Visual Studio .msi 的安装文件的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！