问题
I have an open source windows store application (UWP). When I associate the application with the store a Package.StoreAssociation.xml and a <AppName>_StoreKey.pfx is created along with some modifications to my Package.appxmanifest (Identity Tag; Name and Publisher Attributes).
- Can I commit that information to a public git repository (the certificate must be in the repository because I want to build the package with AppVeyor)?
- Should I encrypt it?
- Could I revoke the certificate if it leaked?
- Are the changes to appxmanifest sensitive?
回答1:
Can I commit that information to a public git repository (the certificate must be in the repository because I want to build the package with AppVeyor)?
For public git repository, the Store key .pfx file should not be committed(Add to .gitignore file). If you want to use the CI system, please create a private repository or append the .pfx file to your cloned project in CI backend.
Should I encrypt it?
This file has been encrypted and it's for signing your app before submitting to Windows Store, see also How to create an app package signing certificate
Could I revoke the certificate if it leaked?
You need to reserved a new app name, see here
Are the changes to appxmanifest sensitive?
Depends on what you have changed, it's very important for Identity and package information in .packagemanifest file. See App package manifest
回答2:
You should not include <AppName>_StoreKey.pfx file to your public repo. However you can still use AppVeyor CI.
1.Change your *.csproj file to include this information.
<PropertyGroup Condition="('$(Configuration)' == 'Debug') Or ('$(UseTemporarySignCert)' == 'true')">
<PackageCertificateKeyFile><AppName>_TemporaryKey.pfx</PackageCertificateKeyFile>
</PropertyGroup>
<PropertyGroup Condition="('$(Configuration)' == 'Release') And ('$(UseTemporarySignCert)' != 'true')">
<PackageCertificateThumbprint><!-- Your <AppName>_StoreKey.pfx Thumbprint Here --></PackageCertificateThumbprint>
</PropertyGroup>
2.Import your <AppName>_StoreKey.pfx certificate to: store location - Current User, Certificate store - Personal
3.Add UseTemporarySignCert environment variable with value true to your AppVeyor project.
As result you will be able to build signed project by your own without <AppName>_StoreKey.pfx in release mode and publish then to the store.
And AppVeyor will work with TemporaryKey.pfx.
来源:https://stackoverflow.com/questions/38922239/can-i-publish-the-storekey-pfx-of-an-uwp-application