[每天解决一问题系列 - 0005] WiX Burn 如何校验chained package的合法性
问题描述:
项目中使用Wix burn打包,内部包含了多个MSI。有时候会遇到如下错误
Error 0x80091007: Failed to verify hash of payload: SetupProject1.msi 。
问题解析:
首先需要了解Wix Brun校验其payload的原理,主要有如下两种情况:
1)如果MSI有数字签名,则根据MSI的数字签名进行校验,也就是说如果数字签名没有变,Burn不会校验MSI的内容是否变化
2)如果MSI无数字签名,则获取该MSI的SHA1 hash,在安装的时候校验hash。这种情况下,如果MSI的内容发生变化,则无法使用该burn进行安装,必须重新编译。
WIX Brun 源代码 (burn\engine\cache.cpp)
static HRESULT VerifyThenTransferPayload( __in BURN_PAYLOAD* pPayload, __in_z LPCWSTR wzCachedPath, __in_z LPCWSTR wzUnverifiedPayloadPath, __in BOOL fMove ) { 。。。 // If the payload has a certificate root public key identifier provided, verify the certificate. if (pPayload->pbCertificateRootPublicKeyIdentifier) { hr = CacheVerifyPayloadSignature(pPayload, wzUnverifiedPayloadPath, hFile); ExitOnFailure1(hr, "Failed to verify payload signature: %ls", wzCachedPath); } else if (pPayload->pCatalog) // If catalog files are specified, attempt to verify the file with a catalog file { hr = VerifyPayloadWithCatalog(pPayload, wzUnverifiedPayloadPath, hFile); ExitOnFailure1(hr, "Failed to verify payload signature: %ls", wzCachedPath); } else if (pPayload->pbHash) // the payload should have a hash we can use to verify it. { hr = VerifyHash(pPayload->pbHash, pPayload->cbHash, wzUnverifiedPayloadPath, hFile); ExitOnFailure1(hr, "Failed to verify payload hash: %ls", wzCachedPath); } 。。。 }
解决方法:
了解了问题的原理,方法就显而易见了。