【发布时间】:2018-01-31 17:52:09
【问题描述】:
我需要更新 .NET 4.5.1 应用程序清单,确保 DigestMethod 保持为 sha256 哈希。
原因如下:我最初使用 ClickOnce 将 WPF 应用程序部署到开发环境,然后脚本配置、签署应用程序并将其复制到特定生产环境。我有一个执行此操作的现有脚本,但在从 .NET 4.0 升级到 .NET 4.5.1 后,该脚本不再有效。我认为这是由于在这些 .NET 版本中默认清单哈希算法从 sha1 更改为 sha256。
脚本的相关部分非常小:
using Microsoft.Build.Tasks.Deployment.ManifestUtilities;
// This comes from Microsoft.Build.Tasks.v12.0.dll
public class Program
{
public static void Main(string[] args)
{
// set up...
DeployManifest manifest= ManifestReader.ReadManifest(manifestPath, true) as DeployManifest;
// I perform some updates to the manifest...
ManifestWriter.WriteManifest(manifest);
}
}
}
即使我只是简单地读取清单并再次将其写出,而不进行任何更新,DigestMethod 算法也会从 sha256 更改为 sha1,如下面的清单文件所示:
原始清单:
<?xml version="1.0" encoding="utf-8"?>
<asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xrml="urn:mpeg:mpeg21:2003:01-REL-R-NS" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:co.v1="urn:schemas-microsoft-com:clickonce.v1" xmlns:co.v2="urn:schemas-microsoft-com:clickonce.v2">
<assemblyIdentity name="program.application" version="1.9.9.10" publicKeyToken="0000000000000000" language="neutral" processorArchitecture="amd64" xmlns="urn:schemas-microsoft-com:asm.v1" />
<description asmv2:publisher="me" asmv2:product="program (dev)" xmlns="urn:schemas-microsoft-com:asm.v1" />
<deployment install="true" mapFileExtensions="true" />
<compatibleFrameworks xmlns="urn:schemas-microsoft-com:clickonce.v2">
<framework targetVersion="4.5.1" profile="Full" supportedRuntime="4.0.30319" />
</compatibleFrameworks>
<dependency>
<dependentAssembly dependencyType="install" codebase="Application Files\program_1_9_9_10\program.exe.manifest" size="44259">
<assemblyIdentity name="program.exe" version="1.9.9.10" publicKeyToken="0000000000000000" language="neutral" processorArchitecture="amd64" type="win32" />
<hash>
<dsig:Transforms>
<dsig:Transform Algorithm="urn:schemas-microsoft-com:HashTransforms.Identity" />
</dsig:Transforms>
<dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha256" />
<dsig:DigestValue>0R79PRqWqhrE60GSHC/rE2WczQ4jqxCKBGr4lsjS4ZE=</dsig:DigestValue>
</hash>
</dependentAssembly>
</dependency>
</asmv1:assembly>
重写清单:
<?xml version="1.0" encoding="utf-8"?>
<asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xrml="urn:mpeg:mpeg21:2003:01-REL-R-NS" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:co.v1="urn:schemas-microsoft-com:clickonce.v1" xmlns:co.v2="urn:schemas-microsoft-com:clickonce.v2">
<assemblyIdentity name="program.application" version="1.9.9.10" publicKeyToken="0000000000000000" language="neutral" processorArchitecture="amd64" xmlns="urn:schemas-microsoft-com:asm.v1" />
<description asmv2:publisher="me" asmv2:product="program (dev)" xmlns="urn:schemas-microsoft-com:asm.v1" />
<deployment install="true" mapFileExtensions="true" />
<dependency>
<dependentAssembly dependencyType="install" codebase="Application Files\program_1_9_9_10\program.exe.manifest" size="44259">
<assemblyIdentity name="program.exe" version="1.9.9.10" publicKeyToken="0000000000000000" language="neutral" processorArchitecture="amd64" type="win32" />
<hash>
<dsig:Transforms>
<dsig:Transform Algorithm="urn:schemas-microsoft-com:HashTransforms.Identity" />
</dsig:Transforms>
<dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<dsig:DigestValue>0R79PRqWqhrE60GSHC/rE2WczQ4jqxCKBGr4lsjS4ZE=</dsig:DigestValue>
</hash>
</dependentAssembly>
</dependency>
<compatibleFrameworks xmlns="urn:schemas-microsoft-com:clickonce.v2">
<framework targetVersion="4.5.1" profile="Full" supportedRuntime="4.0.30319" />
</compatibleFrameworks>
</asmv1:assembly>
请注意,两者之间的区别在于 dsig:DigestMethod 元素中从 sha256 到 sha1 的变化。奇怪的是,DigestValue 没有改变。当我尝试运行已部署的应用程序时,这最终会导致错误,类似于“”xxxx 的计算哈希值与清单中指定的不同。”
我在这里展示了 Deploy Manifest,但我看到 Application Manifest 也出现了同样的效果。
我想如果我可以用 sha256 哈希写出清单,它将解决我的问题。有谁知道如何做到这一点?任何建议将不胜感激。
【问题讨论】: