尝试从Web安装.net核心托管捆绑包时,WiX捆绑包出现“无法验证有效负载的哈希值”

时间:2019-05-28 05:06:09

标签: .net-core wix burn

我有一个带有以下内容的刻录/引导WiX捆绑包:

        <?define DotNetVersion = "2.1.11"?>
        <!-- The Min and Next .Net version that our installed version must be between -->
        <Variable Name='MinDotNetVersion' Type='string' Value='2.1.0' bal:Overridable='no'/>
        <Variable Name='NextDotNetVersion' Type='string' Value='2.2.0' bal:Overridable='no'/>

        <?define HostingBundleUrl = "https://www.microsoft.com/net/download/thank-you/dotnet-runtime-$(var.DotNetVersion)-windows-hosting-bundle-installer" ?>
        <util:RegistrySearch Id="DotNetHostingBundle86" 
                             Root="HKLM" 
                             Key="SOFTWARE\dotnet\Setup\InstalledVersions\$(var.Platform)\sharedhost" 
                             Value="Version"
                             Variable="DotNetHostingBundleVersion" />
        <!-- If running installer in a 32-bit process will change above key path to wow6432 etc, then won't find it. So, if didn't find it and version is x64, get the variable
             this way: -->
        <util:RegistrySearch Id="DotNetHostingBundle64" 
                             After="DotNetHostingBundle86"
                             Condition="NOT DotNetHostingBundleVersion AND VersionNT64"
                             Root="HKLM" 
                             Key="SOFTWARE\dotnet\Setup\InstalledVersions\$(var.Platform)\sharedhost" 
                             Value="Version"
                             Variable="DotNetHostingBundleVersion"
                             Win64="yes"/>

        <Chain>
            <ExePackage Id="DotNetCoreHostingBundle" 
                        Vital="yes" 
                        Name=".Net Hosting Bundle Setup" 
                        DownloadUrl="$(var.HostingBundleUrl)" 
                        Compressed="no" 
                        SourceFile=".\ExtResourcesCopy\dotnet-hosting-$(var.DotNetVersion)-win.exe" 
                        InstallCondition="NOT DotNetHostingBundleVersion OR (DotNetHostingBundleVersion &lt; MinDotNetVersion OR DotNetHostingBundleVersion &gt;= NextDotNetVersion)"
                        Description="Installing .Net Hosting Bundle $(var.DotNetVersion). This includes the 32 bit and 64 bit runtimes, the Asp.net runtime packages (Microsoft.AspNetCore.App and .All), and the IIS Hosting Components."
                         />
            ...

我已经将dotnet-hosting-2.1.11-win.exe文件下载到ExtResourcesCopy文件夹中,并且由于我将SourceFile设置为此,所以它获得了自己的有效载荷数据。

然后我构建我的.exe并在另一台计算机上运行它并得到以下错误:

Acquiring package: DotNetCoreHostingBundle, payload: DotNetCoreHostingBundle, download from: https://www.microsoft.com/net/download/thank-you/dotnet-runtime-2.1.11-windows-hosting-bundle-installer
Error 0x80091007: Hash mismatch for path: C:\ProgramData\Package Cache\.unverified\DotNetCoreHostingBundle, expected: 1ED626AD403D6E5D99AB69DB7C281FB8E8A8D0A2, actual: F21BF2F13F89D1C9DFD2844D57728102D5714EAA
Error 0x80091007: Failed to verify hash of payload: DotNetCoreHostingBundle
Failed to verify payload: DotNetCoreHostingBundle at path: C:\ProgramData\Package Cache\.unverified\DotNetCoreHostingBundle, error: 0x80091007. Deleting file.

然后我通过从Microsoft手动下载dotnet-hosting-2.1.11-win.exe文件,使用日志文件中的确切网址并运行以下命令来检查目标计算机上的SHA1哈希:

certutil -hashfile dotnet-hosting-2.1.11-win.exe

这给了我预期的哈希值:1ed626ad403d6e5d99ab69db7c281fb8e8a8d0a2

那么F21BF2F13F89D1C9DFD2844D57728102D5714EAA的“实际”哈希值从哪里来?是否可以暂停安装程序,以便我可以检查.unverified文件夹中的文件?和/或对此我该怎么办?

2 个答案:

答案 0 :(得分:1)

您使用的URL是一个HTML页面,该页面使用JavaScript下载程序包。 Burn只看到HTML。

答案 1 :(得分:0)

您应该能够使用dark.exe来反编译捆绑包可执行文件,并查看所有有效负载的哈希值。

注意:出于安全目的存在这些散列。它们可防止不良行为者篡改安装内容。

相关问题
最新问题