问题
Our Windows Store app is signed by Visual Studio with our custom code signing certificate to allow sideloading of the resulting AppX bundle.
The AppX bundle generated by Visual Studio (during the _CreateBundle build step I guess) will add no trusted timestamp to the digital signature. This prevents the bundle from being installed after the certficate has expired.
Is there a way to adjust or configure the _CreateBundle build task to add a timestamp during the packaging and singing process? I looked into SignTool (which we use for code signing MSI packages), but the documentation yields
You can't use the SignTool time stamp operation on a signed app package; the operation isn't supported.
.. and my package is already signed by Visual Studio within the _CreateBundle step as it seems.
回答1:
To clearify the documentation: One cannot add a timestamp to an already signed package, but SignTool can re-sign the package and include a timestamp. So I added a post-build event to re-sign the bundle generated by Visual Studio:
if $(SolutionName) == Installer (
"C:\Program Files (x86)\Windows Kits\10\bin\x86\signtool.exe" sign /fd SHA256 /a /f "$(ProjectDir)..\..\Build\CodeSigning.pfx" /tr http://tsa.starfieldtech.com "$(TargetDir)AppPackages\my_app\my_app.appxbundle"
)
来源:https://stackoverflow.com/questions/44798449/add-timestamp-to-signed-appx-bundle