[每天解决一问题系列 - 0005] WiX Burn 如何校验chained package的合法性

问题描述:

项目中使用Wix burn打包,内部包含了多个MSI。有时候会遇到如下错误

Error 0x80091007: Failed to verify hash of payload: SetupProject1.msi 。

问题解析:

首先需要了解Wix Brun校验其payload的原理,主要有如下两种情况:

1)如果MSI有数字签名,则根据MSI的数字签名进行校验,也就是说如果数字签名没有变,Burn不会校验MSI的内容是否变化

2)如果MSI无数字签名,则获取该MSI的SHA1 hash,在安装的时候校验hash。这种情况下,如果MSI的内容发生变化,则无法使用该burn进行安装,必须重新编译。

WIX Brun 源代码 (burn\engine\cache.cpp)

static HRESULT VerifyThenTransferPayload(
    __in BURN_PAYLOAD* pPayload,
    __in_z LPCWSTR wzCachedPath,
    __in_z LPCWSTR wzUnverifiedPayloadPath,
    __in BOOL fMove
    )
{
。。。
 // If the payload has a certificate root public key identifier provided, verify the certificate.
    if (pPayload->pbCertificateRootPublicKeyIdentifier)
    {
        hr = CacheVerifyPayloadSignature(pPayload, wzUnverifiedPayloadPath, hFile);
        ExitOnFailure1(hr, "Failed to verify payload signature: %ls", wzCachedPath);
    }
    else if (pPayload->pCatalog) // If catalog files are specified, attempt to verify the file with a catalog file
    {
        hr = VerifyPayloadWithCatalog(pPayload, wzUnverifiedPayloadPath, hFile);
        ExitOnFailure1(hr, "Failed to verify payload signature: %ls", wzCachedPath);
    }
    else if (pPayload->pbHash) // the payload should have a hash we can use to verify it.
    {
        hr = VerifyHash(pPayload->pbHash, pPayload->cbHash, wzUnverifiedPayloadPath, hFile);
        ExitOnFailure1(hr, "Failed to verify payload hash: %ls", wzCachedPath);
    }
。。。
}

 

解决方法:

了解了问题的原理,方法就显而易见了。

posted on 2015-01-23 15:27  西西弗斯  阅读(536)  评论(0编辑  收藏  举报