使用mage.exe退出Clickonce清单 [英] Resign Clickonce manifest using mage.exe
问题描述
简单的场景.在发布过程中,Visual Studio会生成并签名内容.
Simple scenario. Visual studio generates and signs things as part of the publish process.
然后我进入MyApp.dll.config.deploy
文件并更新一些设置.
I then go to the MyApp.dll.config.deploy
file and update some settings.
现在,当我尝试安装应用程序时,clickonce安装程序会说MyApp.dll.config
具有与清单中指定的不同的计算哈希值.
Now when I try to install the application the clickonce installer says the MyApp.dll.config
has a different computed hash than specified in manifest.
所以我尝试了mage.exe -sign MyApplicationManifest -certfile ... -password ...
,结果是MyApp.vsto successfully signed
So I tried mage.exe -sign MyApplicationManifest -certfile ... -password ...
which results in MyApp.vsto successfully signed
但是我仍然收到计算得出的哈希错误.我错过了一步吗?
But I still receive the computed hash error. Am I missing a step?
我已阅读以下链接: http://msdn.microsoft.com/zh-我们/library/acz3y3te(v=vs.110).aspx
I've read the following links: http://msdn.microsoft.com/en-us/library/acz3y3te(v=vs.110).aspx http://blogs.msdn.com/b/msiclickonce/archive/2009/07/17/clickonce-application-fails-after-changing-configuration-file-and-resigning-the-manifest.aspx
推荐答案
有一些步骤需要使清单消失.我使用powershell自动执行此操作.
There's a few steps that need to happen to resign the manifests. I used powershell to do it automatically.
- 如果发布步骤已使用
.deploy
扩展名重命名了文件,则需要将其重命名为原始文件. - 在应用程序清单上运行
mage.exe -update
.如果您有部署清单,则需要执行相同的操作,除了在mage.exe的命令行参数中,您需要指定应用清单的相对位置. - 将所有文件重命名为.deploy扩展名(清单以外的所有文件.
- 如果您有setup.exe引导程序并进行了更改(例如更新URL),则必须使用
delcert.exe
删除签名,然后使用signtool.exe
对其进行签名.
- If the publishing step has renamed the files with a
.deploy
extension you'll need to rename them back to the original. - Run
mage.exe -update
on your application manifest. If you have a deployment manifest you'll need to do the same, except in the command line argument to mage.exe you need to specify the relative location to the application manifest. - Rename all the files back to .deploy extension (all files except manifests.
- If you have a setup.exe bootstrapper and you changed it (such as the update url) you'll have to remove the signature using
delcert.exe
and then sign it usingsigntool.exe
注意:对exe进行签名后,除非使用delcert.exe删除签名,否则无法使用signtool对其进行签名.
Note: Once an exe has been signed it cannot be resigned with signtool unless you remove the signing with delcert.exe.
如果您的clickonce是VSTO,则您的清单名称将有所不同(我认为MyApp.dll.manifest与MyApp.exe.manifest).
If your clickonce is a VSTO clickonce your manifest names will be different (I think MyApp.dll.manifest vs MyApp.exe.manifest).
更新:我已经在Powershell脚本中添加了敏感信息,并且已删除.
Update I've included the powershell script with sensitive information redacted.
$root = "$PSScriptRoot"
$ToolsPath = "C:\Tools"
$CertFile = $ToolsPath + "\REMOVED"
$CertPassword = "REMOVED"
#Update the setup.exe bootstrappers update url
Start-Process "$PSScriptRoot\setup.exe" -ArgumentList "-url=`"$ClickOnceUpdateUrl`"" -Wait
#The bootstrappers signature is now invalid since we updated the url
#We need to remove the old signature
Start-Process 'C:\Tools\delcert.exe' -ArgumentList "`"$root\setup.exe`"" -Wait
Write-Host "$root [writeline]"
#Resign with signtool
Invoke-Expression 'C:\Tools\signtool.exe sign /d "PUBLISHER NAME" /f "$CertFile" /p "$CertPassword" "$root\setup.exe"'
#update config properties
$CodeBasePath = Convert-Path "$PSScriptRoot\Application Files\MYAPP_*"
$ConfigPath = $CodeBasePath + "\MYAPP.dll.config.deploy"
[xml] $xml = Get-Content $ConfigPath
$ApiEndpoint = $xml.SelectSingleNode('/configuration/appSettings/add[@key="MYAPP:ApiBaseUrl"]')
$ApiEndpoint.value = $MYAPPApiEndpoint
$xml.Save($ConfigPath)
#Begin Resigning various Manifests
$AppManifestPath = Convert-Path "Application Files\MYAPP_*\MYAPP.dll.manifest"
#Need to resign the application manifest, but before we do we need to rename all the files back to their original names (remove .deploy)
Get-ChildItem "$CodeBasePath\*.deploy" -Recurse | Rename-Item -NewName { $_.Name -replace '\.deploy','' }
#Resign application manifest
Invoke-Expression 'C:\Tools\mage.exe -update "$CodeBasePath\MYAPP.dll.manifest" -certFile "$CertFile" -password "$CertPassword" -if "ID.ico"'
#Regisn deployment manifests in root and versioned folder
Invoke-Expression 'C:\Tools\mage.exe -update "$CodeBasePath\MYAPP.vsto" -certFile "$CertFile" -password "$CertPassword" -appManifest "$AppManifestPath" -pub "PUBLISHER NAME" -ti "http://timestamp.globalsign.com/scripts/timstamp.dll"'
Invoke-Expression 'C:\Tools\mage.exe -update "$root\MYAPP.vsto" -certFile "$CertFile" -password "$CertPassword" -appManifest "$AppManifestPath" -pub "PUBLISHER NAME" -ti "http://timestamp.globalsign.com/scripts/timstamp.dll"'
#Rename files back to the .deploy extension, skipping the files that shouldn't be renamed
Get-ChildItem -Path "Application Files\*" -Recurse | Where-Object {!$_.PSIsContainer -and $_.Name -notlike "*.manifest" -and $_.Name -notlike "*.vsto"} | Rename-Item -NewName {$_.Name + ".deploy"}
这篇关于使用mage.exe退出Clickonce清单的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!