Last active
June 13, 2018 02:58
-
-
Save corytodd/d4e615a3cba46f24d5adab3737f1c3ad to your computer and use it in GitHub Desktop.
ClickOnce SHA256 Signing outside of Visual Studio
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from xml.dom import minidom | |
| from subprocess import check_output | |
| #Set this to the Visual Studio output directory, no trailing \ | |
| path = 'X:\absolute\path\tp\publish\directory' | |
| #Typically found as MyApp.application in the publish directory | |
| app = "MyApp" | |
| #Path to Mage.exe. Notice the delimented \v | |
| mage = '"C:\Program Files (x86)\Microsoft SDKs\Windows\\v7.0A\Bin\mage.exe"' | |
| # Path to Signtool.exe. Notice the delimented \v | |
| signtool = '"C:\Program Files (x86)\Microsoft SDKs\Windows\\v7.1A\Bin\signtool.exe"' | |
| #SHA 1 Hash (even though this is a SHA2 cert) | |
| hash = "<sha1 fingerprint of your cert>" | |
| #Timestamp URL | |
| timestamp = '<your timestamp url>' | |
| #Acquire the current version's manifest | |
| xmldoc = minidom.parse(path+"\\"+app+'.application') | |
| itemlist = xmldoc.getElementsByTagName('dependentAssembly') | |
| manifest = path + "\\" + itemlist[0].attributes['codebase'].value | |
| #Get to the publish directory | |
| setupst = '{} sign /sha1 {} /t "{}" /v "{}\\setup.exe"'.format(signtool,hash,timestamp,path) | |
| manifst = '{} -sign "{}" -ch {} -ti "{}"'.format(mage,manifest,hash,timestamp) | |
| applica = '{} -update "{}{}{}.application" -appmanifest "{}" -ch {} -ti "{}"'.format(mage,path,"\\",app,manifest,hash,timestamp) | |
| #print(setupst) | |
| #print(manifst) | |
| #print(applica) | |
| check_output(setupst, shell=True) | |
| check_output(manifst, shell=True) | |
| check_output(applica, shell=True) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment