如果尝试在没有数字签名的情况下引导程序输出.exe文件安装,则可以正常工作。但是在数字符号安装程序显示错误之后。
签署.exe,在/ Project标记前使用bootstrap.wixproj文件中的波纹管代码。
<!-- SignOutput must be present in some PropertyGroup to trigger signing. -->
<PropertyGroup>
<SignOutput>true</SignOutput>
</PropertyGroup>
<!-- Sign the bundle engine -->
<Target Name="SignBundleEngine">
<Exec Command=""C:\Program Files (x86)\Microsoft SDKs\ClickOnce\SignTool\signtool.exe" sign /tr http://timestamp.digicert.com /td sha512 /fd sha512 /f "D:\Digital Sign Resorce\CARoot.pfx" /p Test123 /d "My Project Name" "D:\Project\xxx\v3.2.0.0\SetupWiX\bin\Release\SetupWiX.msi"" />
</Target>
<!-- Sign the final bundle -->
<Target Name="SignBundle">
<Exec Command=""C:\Program Files (x86)\Microsoft SDKs\ClickOnce\SignTool\signtool.exe" sign /tr http://timestamp.digicert.com /td sha512 /fd sha512 /f "D:\Digital Sign Resorce\CARoot.pfx" /p Test123 /d "My Project Name" "D:\Project\xxx\v3.2.0.0\Bootstrapper_New\bin\Release\MyApp.exe"" />
</Target>
这是对我有用的。我将证书(和一个证书)安装在我的构建用户服务帐户的个人存储中,以便自动选择它而无需密码或访问其他位置的PFX文件。我的MSI已在上一个构建步骤中签名。
<Target Name="SignBundleEngine">
<Exec Command="signtool.exe sign /tr http://timestamp.digicert.com "@(SignBundleEngine)"" />
<Exec Command="Signtool.exe sign /fd SHA256 /tr http://timestamp.digicert.com /td sha256 "@(SignBundleEngine)"" />
</Target>
<Target Name="SignBundle">
<Exec Command="signtool.exe sign /tr http://timestamp.digicert.com "@(SignBundle)"" />
<Exec Command="Signtool.exe sign /fd SHA256 /tr http://timestamp.digicert.com /td sha256 "@(SignBundle)"" />
</Target>