使用mage.exe退出Clickonce清单 [英] Resign Clickonce manifest using mage.exe

问题描述

简单的场景.在发布过程中，Visual Studio会生成并签名内容.

Simple scenario. Visual studio generates and signs things as part of the publish process.

然后我进入MyApp.dll.config.deploy文件并更新一些设置.

I then go to the MyApp.dll.config.deploy file and update some settings.

现在，当我尝试安装应用程序时，clickonce安装程序会说MyApp.dll.config具有与清单中指定的不同的计算哈希值.

Now when I try to install the application the clickonce installer says the MyApp.dll.config has a different computed hash than specified in manifest.

所以我尝试了mage.exe -sign MyApplicationManifest -certfile ... -password ...，结果是MyApp.vsto successfully signed

So I tried mage.exe -sign MyApplicationManifest -certfile ... -password ... which results in MyApp.vsto successfully signed

但是我仍然收到计算得出的哈希错误.我错过了一步吗?

But I still receive the computed hash error. Am I missing a step?

我已阅读以下链接: http://msdn.microsoft.com/zh-我们/library/acz3y3te(v=vs.110).aspx

I've read the following links: http://msdn.microsoft.com/en-us/library/acz3y3te(v=vs.110).aspx http://blogs.msdn.com/b/msiclickonce/archive/2009/07/17/clickonce-application-fails-after-changing-configuration-file-and-resigning-the-manifest.aspx

推荐答案

有一些步骤需要使清单消失.我使用powershell自动执行此操作.

There's a few steps that need to happen to resign the manifests. I used powershell to do it automatically.

1. 如果发布步骤已使用.deploy扩展名重命名了文件，则需要将其重命名为原始文件.
2. 在应用程序清单上运行mage.exe -update.如果您有部署清单，则需要执行相同的操作，除了在mage.exe的命令行参数中，您需要指定应用清单的相对位置.
3. 将所有文件重命名为.deploy扩展名(清单以外的所有文件.
4. 如果您有setup.exe引导程序并进行了更改(例如更新URL)，则必须使用delcert.exe删除签名，然后使用signtool.exe
对其进行签名.

1. If the publishing step has renamed the files with a .deploy extension you'll need to rename them back to the original.
2. Run mage.exe -update on your application manifest. If you have a deployment manifest you'll need to do the same, except in the command line argument to mage.exe you need to specify the relative location to the application manifest.
3. Rename all the files back to .deploy extension (all files except manifests.
4. If you have a setup.exe bootstrapper and you changed it (such as the update url) you'll have to remove the signature using delcert.exe and then sign it using signtool.exe

注意:对exe进行签名后，除非使用delcert.exe删除签名，否则无法使用signtool对其进行签名.

Note: Once an exe has been signed it cannot be resigned with signtool unless you remove the signing with delcert.exe.

如果您的clickonce是VSTO，则您的清单名称将有所不同(我认为MyApp.dll.manifest与MyApp.exe.manifest).

If your clickonce is a VSTO clickonce your manifest names will be different (I think MyApp.dll.manifest vs MyApp.exe.manifest).

更新:我已经在Powershell脚本中添加了敏感信息，并且已删除.

Update I've included the powershell script with sensitive information redacted.

$root = "$PSScriptRoot"
$ToolsPath = "C:\Tools"
$CertFile = $ToolsPath + "\REMOVED"
$CertPassword = "REMOVED"

#Update the setup.exe bootstrappers update url
Start-Process "$PSScriptRoot\setup.exe" -ArgumentList "-url=`"$ClickOnceUpdateUrl`"" -Wait

#The bootstrappers signature is now invalid since we updated the url
#We need to remove the old signature
Start-Process 'C:\Tools\delcert.exe' -ArgumentList "`"$root\setup.exe`"" -Wait

Write-Host "$root [writeline]"
#Resign with signtool
Invoke-Expression 'C:\Tools\signtool.exe sign /d "PUBLISHER NAME" /f "$CertFile" /p "$CertPassword" "$root\setup.exe"'

#update config properties
$CodeBasePath = Convert-Path "$PSScriptRoot\Application Files\MYAPP_*"
$ConfigPath = $CodeBasePath + "\MYAPP.dll.config.deploy"
[xml] $xml = Get-Content $ConfigPath

$ApiEndpoint = $xml.SelectSingleNode('/configuration/appSettings/add[@key="MYAPP:ApiBaseUrl"]')
$ApiEndpoint.value = $MYAPPApiEndpoint
$xml.Save($ConfigPath)  

#Begin Resigning various Manifests
$AppManifestPath = Convert-Path "Application Files\MYAPP_*\MYAPP.dll.manifest"

#Need to resign the application manifest, but before we do we need to rename all the files back to their original names (remove .deploy)
Get-ChildItem "$CodeBasePath\*.deploy" -Recurse | Rename-Item -NewName { $_.Name -replace '\.deploy','' }

#Resign application manifest
Invoke-Expression 'C:\Tools\mage.exe -update "$CodeBasePath\MYAPP.dll.manifest" -certFile "$CertFile" -password "$CertPassword" -if "ID.ico"'

#Regisn deployment manifests in root and versioned folder
Invoke-Expression 'C:\Tools\mage.exe -update "$CodeBasePath\MYAPP.vsto" -certFile "$CertFile" -password "$CertPassword" -appManifest "$AppManifestPath" -pub "PUBLISHER NAME" -ti "http://timestamp.globalsign.com/scripts/timstamp.dll"'
Invoke-Expression 'C:\Tools\mage.exe -update "$root\MYAPP.vsto" -certFile "$CertFile" -password "$CertPassword" -appManifest "$AppManifestPath" -pub "PUBLISHER NAME" -ti "http://timestamp.globalsign.com/scripts/timstamp.dll"'

#Rename files back to the .deploy extension, skipping the files that shouldn't be renamed
Get-ChildItem -Path "Application Files\*"  -Recurse | Where-Object {!$_.PSIsContainer -and $_.Name -notlike "*.manifest" -and $_.Name -notlike "*.vsto"} | Rename-Item -NewName {$_.Name + ".deploy"}

这篇关于使用mage.exe退出Clickonce清单的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！