我有一个带有以下内容的刻录/引导WiX捆绑包:
<?define DotNetVersion = "2.1.11"?>
<!-- The Min and Next .Net version that our installed version must be between -->
<Variable Name='MinDotNetVersion' Type='string' Value='2.1.0' bal:Overridable='no'/>
<Variable Name='NextDotNetVersion' Type='string' Value='2.2.0' bal:Overridable='no'/>
<?define HostingBundleUrl = "https://www.microsoft.com/net/download/thank-you/dotnet-runtime-$(var.DotNetVersion)-windows-hosting-bundle-installer" ?>
<util:RegistrySearch Id="DotNetHostingBundle86"
Root="HKLM"
Key="SOFTWARE\dotnet\Setup\InstalledVersions\$(var.Platform)\sharedhost"
Value="Version"
Variable="DotNetHostingBundleVersion" />
<!-- If running installer in a 32-bit process will change above key path to wow6432 etc, then won't find it. So, if didn't find it and version is x64, get the variable
this way: -->
<util:RegistrySearch Id="DotNetHostingBundle64"
After="DotNetHostingBundle86"
Condition="NOT DotNetHostingBundleVersion AND VersionNT64"
Root="HKLM"
Key="SOFTWARE\dotnet\Setup\InstalledVersions\$(var.Platform)\sharedhost"
Value="Version"
Variable="DotNetHostingBundleVersion"
Win64="yes"/>
<Chain>
<ExePackage Id="DotNetCoreHostingBundle"
Vital="yes"
Name=".Net Hosting Bundle Setup"
DownloadUrl="$(var.HostingBundleUrl)"
Compressed="no"
SourceFile=".\ExtResourcesCopy\dotnet-hosting-$(var.DotNetVersion)-win.exe"
InstallCondition="NOT DotNetHostingBundleVersion OR (DotNetHostingBundleVersion < MinDotNetVersion OR DotNetHostingBundleVersion >= NextDotNetVersion)"
Description="Installing .Net Hosting Bundle $(var.DotNetVersion). This includes the 32 bit and 64 bit runtimes, the Asp.net runtime packages (Microsoft.AspNetCore.App and .All), and the IIS Hosting Components."
/>
...
我已经将dotnet-hosting-2.1.11-win.exe文件下载到ExtResourcesCopy文件夹中,并且由于我将SourceFile设置为此,所以它获得了自己的有效载荷数据。
然后我构建我的.exe并在另一台计算机上运行它并得到以下错误:
Acquiring package: DotNetCoreHostingBundle, payload: DotNetCoreHostingBundle, download from: https://www.microsoft.com/net/download/thank-you/dotnet-runtime-2.1.11-windows-hosting-bundle-installer
Error 0x80091007: Hash mismatch for path: C:\ProgramData\Package Cache\.unverified\DotNetCoreHostingBundle, expected: 1ED626AD403D6E5D99AB69DB7C281FB8E8A8D0A2, actual: F21BF2F13F89D1C9DFD2844D57728102D5714EAA
Error 0x80091007: Failed to verify hash of payload: DotNetCoreHostingBundle
Failed to verify payload: DotNetCoreHostingBundle at path: C:\ProgramData\Package Cache\.unverified\DotNetCoreHostingBundle, error: 0x80091007. Deleting file.
然后我通过从Microsoft手动下载dotnet-hosting-2.1.11-win.exe文件,使用日志文件中的确切网址并运行以下命令来检查目标计算机上的SHA1哈希:
certutil -hashfile dotnet-hosting-2.1.11-win.exe
这给了我预期的哈希值:1ed626ad403d6e5d99ab69db7c281fb8e8a8d0a2
那么F21BF2F13F89D1C9DFD2844D57728102D5714EAA的“实际”哈希值从哪里来?是否可以暂停安装程序,以便我可以检查.unverified文件夹中的文件?和/或对此我该怎么办?
答案 0 :(得分:1)
您使用的URL是一个HTML页面,该页面使用JavaScript下载程序包。 Burn只看到HTML。
答案 1 :(得分:0)
您应该能够使用dark.exe来反编译捆绑包可执行文件,并查看所有有效负载的哈希值。
注意:出于安全目的存在这些散列。它们可防止不良行为者篡改安装内容。