如何注册的ClickOnce与SHA256证书的.NET 4.0像Visual Studio更新3 [英] How to Sign ClickOnce with Sha256 Cert for .NET 4.0 like Visual Studio Update 3
问题描述
我想部署一个Outlook插件使用的ClickOnce安装程序。我有一个批处理文件,试图安装在Windows XP的时候,几乎工作,但我得到的错误XML签名是无效的。这是众所周知,XP失败,SHA256证书例如 pretty。它也被称为是3更新为Visual Studio 2013发布时使用的Visual Studio界面修复该问题。我想知道我怎么能使用signtool或法师在命令行上完成同样的修复。这里是我的,除了Windows XP中的一切都运行当前的批处理文件:
::构建并发布
的MSBuild /目标:清洁,发布/属性:MapFileExtensions = FALSE /属性:配置=释放/property:ApplicationVersion=\"1.0.0.0/property:InstallUrl=\"https://example.com/属性:UpdateEnabled = 真/属性:的UpdateMode =前景/属性:UpdateInterval =0/属性:UpdateIntervalUnits =天/属性:PublisherName的=示例/属性:产品名称=示例Outlook加载项/属性:的FriendlyName =示例Outlook加载项/属性:LoadBehavior的=3/属性:BootstrapperEnabled =真/属性:IsWebBootstrapper =真::登录该exe
signtool签名/ FD SHA1 / Fcertificate.pfx,发布\\ setup.exe文件::登录应用程序清单
法师-sign发布\\应用程序文件\\ Example_1_0_0_0 \\ Example.dll.manifest-CertFilecertificate.pfx
法师 - 更新发布\\应用程序文件\\ Example_1_0_0_0 \\ Example.dll.manifest-CertFilecertificate.pfx-algorithm sha1RSA::签署部署清单(有2处)
法师 - 更新发布\\应用程序文件\\ Example_1_0_0_0 \\ Example.vsto-appmanifest发布\\应用程序文件\\ Example_1_0_0_0 \\ Example.dll.manifest-CertFilecertificate.pfx-algorithm sha1RSA
法师 - 更新发布\\ Example.vsto-appmanifest发布\\应用程序文件\\ Example_1_0_0_0 \\ Example.dll.manifest-CertFilecertificate.pfx-algorithm sha1RSA
我已经尝试了许多调整这个脚本,这是我已经得到了。如果我使用Visual Studio与同certificate.pfx发布一切工作就好现在发布按钮,但我想,以得到它的工作对自动命令行。
由于user2404450正确写道,这个问题不能与法师解决包括在任何VS 2013更新。 Microsoft已更新的API,而不是mage.exe工具。如果添加了-algorithm sha1RSA参数同时呼吁mage.exe,仅指定什么摘要算法为你的应用程序资源生成散列时使用。
要解决这个问题,我们编写了一个小工具,调用正确的API,看一个例子:
<$p$p><$c$c>Microsoft.Build.Tasks.Deployment.ManifestUtilities.SecurityUtilities.SignFile(certThumbprint, timestampUrl,路径,V4.0);您必须安装VS 2013更新3拿到第4个参数的工作。
I am trying to deploy an outlook add-in using a clickonce installer. I have a batch file that almost works, however, I get the error "xml signature is not valid" when trying to install on Windows XP. It is pretty well known that XP fails with SHA256 certificates example. It is also known that Update 3 for Visual Studio 2013 fixes the issue when you publish using Visual Studio interface. I am wondering how I can accomplish the same fix using signtool or mage on the command line. Here is my current batch file that works for everything except Windows XP:
:: Build and publish
msbuild /target:clean,publish /property:MapFileExtensions=false /property:Configuration="Release" /property:ApplicationVersion="1.0.0.0" /property:InstallUrl="https://example.com" /property:UpdateEnabled="true" /property:UpdateMode="Foreground" /property:UpdateInterval="0" /property:UpdateIntervalUnits="days" /property:PublisherName="Example" /property:ProductName="Example Outlook Add-In" /property:FriendlyName="Example Outlook Add-In" /property:LoadBehavior="3" /property:BootstrapperEnabled="true" /property:IsWebBootstrapper="true"
:: Sign the exe
signtool sign /fd SHA1 /f "certificate.pfx" "publish\setup.exe"
:: Sign the application manifest
mage -sign "publish\Application Files\Example_1_0_0_0\Example.dll.manifest" -CertFile "certificate.pfx"
mage -update "publish\Application Files\Example_1_0_0_0\Example.dll.manifest" -CertFile "certificate.pfx" -algorithm sha1RSA
:: Sign the deployment manifests (there are 2 locations)
mage -update "publish\Application Files\Example_1_0_0_0\Example.vsto" -appmanifest "publish\Application Files\Example_1_0_0_0\Example.dll.manifest" -CertFile "certificate.pfx" -algorithm sha1RSA
mage -update "publish\Example.vsto" -appmanifest "publish\Application Files\Example_1_0_0_0\Example.dll.manifest" -CertFile "certificate.pfx" -algorithm sha1RSA
I have tried many tweaks to this script and this is where i've gotten. Everything works just fine if I publish with the same certificate.pfx using the Visual Studio "Publish Now" button, but I would like to get it working on command line for automation.
As user2404450 correctly wrote, the problem cannot be solved with Mage included in any VS 2013 Update. Microsoft has updated the API, but not the mage.exe tool. If you add the "-algorithm sha1RSA" parameter while calling mage.exe, you only specify what digest algorithm to use when generating hashes for your application resources.
To solve this, we have written a small tool that calls the correct API, see an example:
Microsoft.Build.Tasks.Deployment.ManifestUtilities.SecurityUtilities.SignFile(certThumbprint, timestampUrl, path, "v4.0");
You have to install VS 2013 Update 3 to get the 4th parameter working.
这篇关于如何注册的ClickOnce与SHA256证书的.NET 4.0像Visual Studio更新3的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
