尝试从 Web 安装 .net 核心托管捆绑包时,WiX 捆绑包获得 "Failed to verify hash of payload"

WiX Bundle gets "Failed to verify hash of payload" when trying to install .net core hosting bundle from web

我有一个 burn/bootstrapper WiX 捆绑包:

        <?define DotNetVersion = "2.1.11"?>
        <!-- The Min and Next .Net version that our installed version must be between -->
        <Variable Name='MinDotNetVersion' Type='string' Value='2.1.0' bal:Overridable='no'/>
        <Variable Name='NextDotNetVersion' Type='string' Value='2.2.0' bal:Overridable='no'/>

        <?define HostingBundleUrl = "https://www.microsoft.com/net/download/thank-you/dotnet-runtime-$(var.DotNetVersion)-windows-hosting-bundle-installer" ?>
        <util:RegistrySearch Id="DotNetHostingBundle86" 
                             Root="HKLM" 
                             Key="SOFTWARE\dotnet\Setup\InstalledVersions$(var.Platform)\sharedhost" 
                             Value="Version"
                             Variable="DotNetHostingBundleVersion" />
        <!-- If running installer in a 32-bit process will change above key path to wow6432 etc, then won't find it. So, if didn't find it and version is x64, get the variable
             this way: -->
        <util:RegistrySearch Id="DotNetHostingBundle64" 
                             After="DotNetHostingBundle86"
                             Condition="NOT DotNetHostingBundleVersion AND VersionNT64"
                             Root="HKLM" 
                             Key="SOFTWARE\dotnet\Setup\InstalledVersions$(var.Platform)\sharedhost" 
                             Value="Version"
                             Variable="DotNetHostingBundleVersion"
                             Win64="yes"/>

        <Chain>
            <ExePackage Id="DotNetCoreHostingBundle" 
                        Vital="yes" 
                        Name=".Net Hosting Bundle Setup" 
                        DownloadUrl="$(var.HostingBundleUrl)" 
                        Compressed="no" 
                        SourceFile=".\ExtResourcesCopy\dotnet-hosting-$(var.DotNetVersion)-win.exe" 
                        InstallCondition="NOT DotNetHostingBundleVersion OR (DotNetHostingBundleVersion &lt; MinDotNetVersion OR DotNetHostingBundleVersion &gt;= NextDotNetVersion)"
                        Description="Installing .Net Hosting Bundle $(var.DotNetVersion). This includes the 32 bit and 64 bit runtimes, the Asp.net runtime packages (Microsoft.AspNetCore.App and .All), and the IIS Hosting Components."
                         />
            ...

我已将 dotnet-hosting-2.1.11-win.exe 文件下载到 ExtResourcesCopy 文件夹中,因为我将 SourceFile 设置为此,它获得了自己的有效负载数据。

然后我在另一台计算机上构建我的 .exe 和 运行 并收到以下错误:

Acquiring package: DotNetCoreHostingBundle, payload: DotNetCoreHostingBundle, download from: https://www.microsoft.com/net/download/thank-you/dotnet-runtime-2.1.11-windows-hosting-bundle-installer
Error 0x80091007: Hash mismatch for path: C:\ProgramData\Package Cache\.unverified\DotNetCoreHostingBundle, expected: 1ED626AD403D6E5D99AB69DB7C281FB8E8A8D0A2, actual: F21BF2F13F89D1C9DFD2844D57728102D5714EAA
Error 0x80091007: Failed to verify hash of payload: DotNetCoreHostingBundle
Failed to verify payload: DotNetCoreHostingBundle at path: C:\ProgramData\Package Cache\.unverified\DotNetCoreHostingBundle, error: 0x80091007. Deleting file.

然后,我使用日志文件中的确切 url 从 Microsoft 手动下载 dotnet-hosting-2.1.11-win.exe 文件,检查了目标计算机上的 SHA1 哈希值,并且运行宁:

certutil -hashfile dotnet-hosting-2.1.11-win.exe

这给了我预期的哈希值:1ed626ad403d6e5d99ab69db7c281fb8e8a8d0a2

那么 F21BF2F13F89D1C9DFD2844D57728102D5714EAA 的 "actual" 哈希来自哪里?有没有办法暂停安装程序,以便我可以检查 .unverified 文件夹中的文件? And/or我该怎么办?

您应该能够使用 dark.exe 反编译您的捆绑可执行文件并查看所有有效负载的哈希值。

注意:这些哈希值是出于安全目的而存在的。它们可以防止坏人篡改安装内容。

您正在使用的 URL 是一个 HTML 页面,该页面使用 JavaScript 下载程序包。 Burn 只看到 HTML.