软件包签名

软件可以签名,但这不是强制性的。如果安装了未签名的包,用户必须确认他接受这个包:

图1

您可以使用 PackageManagerCLI 为软件包签名。

相关的命令行参数是:

--signPackage="<package file path>" --pkcs12Path="<PKCS#12 file path>" --pkcs12Passwd="<PKCS#12 password>"

这将使用 PKCS#12 文件中的证书和私钥对包文件进行签名。

或者,您可以使用 --tsaTimestampServiceUrl="" 指定 TSA 时间戳服务,将时间戳添加到签名。如果您不这样做,一旦证书过期,使用软件包的用户将无法验证您的软件包。

用法:

PackageManagerCLI <option> <option> <...>
--profile="<profile name>"
 The version profile to be used for execution of this process.
 (Mandatory.)
--culture="<culture name>"
 The language to be used for execution of this process, e.g. "de-DE".
 If not specified, the operation system language is used.
 (Optional.)
--install="<package file path>"
 Installs the package at the specified file path.
 (Cannot be used together with --uninstall, --uninstallAll or --create PackageArchive.)
--uninstall="<package GUID>;<version>"
 Uninstalls the package with the specified GUID and version.
 (Cannot be used together with --install, --uninstallAll or --createPackageArchive.)
--uninstallAll
 Uninstalls all packages.
 (Cannot be used together with --install, --uninstall or --createPackageArchive.)
--components="<component ID>;<component ID>;<...>"
 Selects the specified component IDs for installation. The other components
 in the same package will not be installed, unless required by the selected
 components.
 You can also specify "typical" or "complete" instead of the ID list.
 If this option is not specified, "complete" is assumed by default.
 (Optional, can only be used together with --install.)
--targetProfiles="<profile>;<profile>;<...>"
 Selects the specified target profiles for installation.
 If this option is not specified, all target profiles are selected by default.
 (Optional, can only be used together with --install.)
--targetDirectories="<ID>=<path>;<ID>=<path>;<...>=<...>"
 Sets the specified target directories. Each target directory is identified
 by its target directory ID (an integer value).
 (Optional, can only be used together with --install.)
--createPackageArchive="<package folder path>;<target filename>"
 Creates a package archive out of a folder. "packae folder path" has to be an existing folder.
 (Cannot be used together with --install, --uninstall or --uninstallAll.)
--signPackage="<package file path>" --pkcs12Path="<PKCS#12 file path>" --pkcs12Passwd="<PKCS#12 password>"
 Signes a package file with the certificate and private key from the PKCS#12 file.
 (Optional, can use --tsaTimestampServiceUrl="<url>" to specifiy a TSA timestamp service to add a timestamp to the signature.)
--validateSignature="<package file path>"
 Validate the signature of a package file.
--verbose
 Display detailed progress information on the console.