CodeGo.net>如何使MSBuild签署Clickonce应用程序中的所有文件

我有一个由Clickonce安装的应用程序(WPF),现在我需要对其进行签名,以便Windows可以将我的公司识别为受信任的发行者.我的C.I.中使用了以下命令行工具(带有菱形<>的参数仅用于举例说明情况):

C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe /target:clean;build;publish /p:ApplicationVersion=<VERSION> /p:SignAssembly=true /p:GenerateManifests=true /p:SignManifests=true /p:AssemblyOriginatorKeyFile=<PFX_PATH> /p:ManifestCertificateThumbprint=<CERTIFICATE_ID> /property:Configuration=<CONFIGURATION>;PublishDir=<PUBLISH_DIR>;BootstrapperEnabled=true;PublishUrl=<PUBLISH_URL>;InstallUrl=<INSTALL_URL>;UpdateUrl=<UPDATE_URL> C:\hudson\slave\workspace\NIMBUS-NFE-NFEasy2\NFeasy2\NFeasy2.sln

问题是:仅setup.exe被签名,并且仅使用SHA-256算法.因此,当用户运行我的应用程序时,无法识别发行者.另外,在Windows XP上运行时,安装程​​序将永远不会运行,因为SO无法识别签名(似乎WinXP需要SHA-1).

如何设置项目或命令行以使用SHA-1和SHA-256算法对所有文件进行签名?此外,是否会在每次运行应用程序时停止提示用户的权限?如果没有,有办法吗?

谢谢!

解决方法:

通过Internet阅读了许多解决方案后,我设法编写了一个批处理文件以进行完整签名.请注意,这仅适用于特定版本,我必须按以下顺序将它们放入“路径”:

C:\Program Files (x86)\Windows Kits\8.1\bin\x86;

C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\Bin;

脚本如下:

rem renaming the setup.exe because it will be treated separately
ren setup.exe setup._

rem removing the .DEPLOY extension, getting back the original one
for /r %%x in (*.deploy) do ren "%%x" *.

rem signing all files with my certificate
for /r %%x in (*.exe *.dll) do signtool.exe sign /fd sha1 /as /sha1 <MY_CERTIFICATE> "%%x"
for /r %%x in (*.exe *.dll) do signtool.exe sign /fd sha256 /as /sha1 <MY_CERTIFICATE> "%%x"

rem updating the manifest with the new signatures
for /r %%x in (*.manifest) do mage.exe -update "%%x"

rem signing the manifest file
for /r %%x in (*.manifest) do mage.exe -sign "%%x" -ch <MY_CERTIFICATE>

rem putting the .DEPLOY extension in all files renamed previously
for /r %%x in (*.exe *.dll *.config *.cer *.ttf *.ico *.xml *.p7b) do ren "%%x" *.*.deploy

rem getting back setup.exe
ren setup._ setup.exe 

rem signing setup.exe file
signtool.exe sign /fd sha1 /as /sha1 <MY_CERTIFICATE> setup.exe
signtool.exe sign /fd sha256 /as /sha1 <MY_CERTIFICATE> setup.exe

rem updating MyApp.Application file
for /r %%x in (*.manifest) do mage.exe -update MyApp.Application -appm "%%x"

rem signing MyApp.Application file
mage.exe -sign MyApp.Application -ch <MY_CERTIFICATE>

rem updating the new signed file to the destiny folder
for /r %%x in (*.application) do xcopy MyApp.Application "%%x" /y
上一篇:GIT原理介绍


下一篇:12 hashlib模块