我需要更新.NET 4.5.1应用程序清单,确保DigestMethod保持为sha256哈希值。
原因如下:我最初将带有ClickOnce的WPF应用程序部署到开发环境,然后脚本配置,签名并将应用程序复制到特定的生产环境。我有一个现有的脚本,但从.NET 4.0升级到.NET 4.5.1后,该脚本不再有效。我认为这是由于这些.NET版本中从sha1到sha256的默认清单散列算法发生了变化。
脚本的相关部分非常小:
using Microsoft.Build.Tasks.Deployment.ManifestUtilities;
// This comes from Microsoft.Build.Tasks.v12.0.dll
public class Program
{
public static void Main(string[] args)
{
// set up...
DeployManifest manifest= ManifestReader.ReadManifest(manifestPath, true) as DeployManifest;
// I perform some updates to the manifest...
ManifestWriter.WriteManifest(manifest);
}
}
}
即使我只是读取清单并再次将其写出来,而不进行任何更新,DigestMethod算法会从sha256更改为sha1,如下面的清单文件所示:
原始清单:
<?xml version="1.0" encoding="utf-8"?>
<asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xrml="urn:mpeg:mpeg21:2003:01-REL-R-NS" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:co.v1="urn:schemas-microsoft-com:clickonce.v1" xmlns:co.v2="urn:schemas-microsoft-com:clickonce.v2">
<assemblyIdentity name="program.application" version="1.9.9.10" publicKeyToken="0000000000000000" language="neutral" processorArchitecture="amd64" xmlns="urn:schemas-microsoft-com:asm.v1" />
<description asmv2:publisher="me" asmv2:product="program (dev)" xmlns="urn:schemas-microsoft-com:asm.v1" />
<deployment install="true" mapFileExtensions="true" />
<compatibleFrameworks xmlns="urn:schemas-microsoft-com:clickonce.v2">
<framework targetVersion="4.5.1" profile="Full" supportedRuntime="4.0.30319" />
</compatibleFrameworks>
<dependency>
<dependentAssembly dependencyType="install" codebase="Application Files\program_1_9_9_10\program.exe.manifest" size="44259">
<assemblyIdentity name="program.exe" version="1.9.9.10" publicKeyToken="0000000000000000" language="neutral" processorArchitecture="amd64" type="win32" />
<hash>
<dsig:Transforms>
<dsig:Transform Algorithm="urn:schemas-microsoft-com:HashTransforms.Identity" />
</dsig:Transforms>
<dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha256" />
<dsig:DigestValue>0R79PRqWqhrE60GSHC/rE2WczQ4jqxCKBGr4lsjS4ZE=</dsig:DigestValue>
</hash>
</dependentAssembly>
</dependency>
</asmv1:assembly>
重写清单:
<?xml version="1.0" encoding="utf-8"?>
<asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xrml="urn:mpeg:mpeg21:2003:01-REL-R-NS" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:co.v1="urn:schemas-microsoft-com:clickonce.v1" xmlns:co.v2="urn:schemas-microsoft-com:clickonce.v2">
<assemblyIdentity name="program.application" version="1.9.9.10" publicKeyToken="0000000000000000" language="neutral" processorArchitecture="amd64" xmlns="urn:schemas-microsoft-com:asm.v1" />
<description asmv2:publisher="me" asmv2:product="program (dev)" xmlns="urn:schemas-microsoft-com:asm.v1" />
<deployment install="true" mapFileExtensions="true" />
<dependency>
<dependentAssembly dependencyType="install" codebase="Application Files\program_1_9_9_10\program.exe.manifest" size="44259">
<assemblyIdentity name="program.exe" version="1.9.9.10" publicKeyToken="0000000000000000" language="neutral" processorArchitecture="amd64" type="win32" />
<hash>
<dsig:Transforms>
<dsig:Transform Algorithm="urn:schemas-microsoft-com:HashTransforms.Identity" />
</dsig:Transforms>
<dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<dsig:DigestValue>0R79PRqWqhrE60GSHC/rE2WczQ4jqxCKBGr4lsjS4ZE=</dsig:DigestValue>
</hash>
</dependentAssembly>
</dependency>
<compatibleFrameworks xmlns="urn:schemas-microsoft-com:clickonce.v2">
<framework targetVersion="4.5.1" profile="Full" supportedRuntime="4.0.30319" />
</compatibleFrameworks>
</asmv1:assembly>
注意两者之间的差异是在dsig:DigestMethod元素中从sha256到sha1的变化。奇怪的是,DigestValue没有改变。当我尝试运行已部署的应用程序时,这最终会导致错误,“xxxx具有与清单中指定的不同的计算哈希值。”
我在这里展示了Deploy Manifest,但我发现Application Manifest会产生同样的效果。
我认为如果我可以用sha256哈希编写清单,它将解决我的问题。有谁知道如何做到这一点?任何建议都会非常感激。
答案 0 :(得分:1)
我可以使用Mage.exe而不是ManifestUtilities来获得正确的哈希值。
Mage.exe具有-Algorithm标志来选择散列算法:
// -Algorithm <sha256RSA|sha1RSA> -a
// Specifies the algorithm to generate digests.
// Example:
// -Algorithm sha1RSA
我用来更新.NET 4.5 ClickOnce清单(包括签名)的整个过程是:
// Update the application manifest
// (I first had to strip the .deploy extensions from all the files referenced in the manifest for the mage tool to work)
mage -Update <applicationManifest> -Algorithm sha256RSA -CertFile <certificate > -Password <password>
// Then I replaced the .deploy extensions
// Update the deployment manifest (I didn't need to replace any .deploy extensions for this)
mage -Update <deploymentManifest> -AppManifest <applicationManifest>
-Algorithm sha256RSA -CertFile <certificate> -Password <password>
在我的项目文件夹中包含mage.exe并使用&#39;复制到输出目录&#39;之后,我使用此方法从C#运行mage.exe。设置为&#39;始终复制&#39;。
private static void RunMage(string arguments)
{
var startInfo = new ProcessStartInfo
{
FileName = "mage.exe",
Arguments = arguments,
UseShellExecute = false,
RedirectStandardOutput = true,
};
using (Process mage = Process.Start(startInfo))
{
while (!mage.StandardOutput.EndOfStream)
{
Console.Out.WriteLine(mage.StandardOutput.ReadLine());
}
mage.WaitForExit();
}
}
这个链接有助于弄清楚如何处理法师:http://www.nullskull.com/a/1540/update-configuration-of-a-clickonce-wpf-application-using-mage-or-mageui.aspx
答案 1 :(得分:0)
我遇到了同样的问题并通过使用允许您指定目标框架版本的重载来解决它:
ManifestWriter.WriteManifest(manifest, manifestPath, "4.5.1");