After struggling with a ClickOnce issue on an Automated build that I inherited I came across several issues that helped me solve the problem.
Here's a brief recap:
A request was submitted to create a new ClickOnce deployment for a small application used to deploy java via ClickOnce.
I copied the ClickOnce automation scripts from another working project and adjusted the files to include in the process.
We then ran the build and everything ran beautifully until we launched the application. At which time the installation failed with the Error: <entryPoint> is invalid. That started a mad witch hunt that caused me to first look into the scripts which then led to investigating the certs, which finally led back to the Application manifest signing task (Exec -> mage.exe). Unfortunately I could have avoided many of the other issues if I had found the question under Application manifest signing: below sooner.
I have included in this post the issues and resolutions below more as a future reference if I run into them again. Most likely this post will be updated as I find more ClickOnce issues (currently not a big fan).
Certificate creation:
makecert -r -pe -a sha1 -n "CN=yourcompany" -b 01/01/2000 -e 01/01/2036 -eku 1.3.6.1.5.5.7.3.3 -ss My
The -b and -e option specify the time period when certificate is valid. The -eku option specifies the certificate is intended for code signing. I've also added -a sha1 option to set the same algorithm that VS uses (but I don't think it matters).
It's important to use the -pe option which allows to export the private key from the certificate. To do this use CertMgr (another tool from Framework SDK). The new certificate will be installed in your personal store. Select it and click on the Export button. Click Next on the first page, and on the second select to export the private key. On the next one you can select some additional options; if not sure just leave on default. After that you will be asked to type password for the file; can be left blank. On the last one specify the file name and location. Finish the wizard and you should get a .pfx file that can be used in VS or imported on user machines.
<http://geekswithblogs.net/kobush/archive/2005/05/30/41068.aspx>
Certificate use by ClickOnce application:
Some times it works to just build the application on the machine that needs the certificate (haven't entirely figured out why this only works on some certificates and not all). In this case the project just needs to sign the manifest and use a file stored with the project. The first build will prompt for the certificate password, but the subsequent builds will not.
However, if the project continually asks for a password during the build, then you will need to install the certificate and reference it from the store. Then any machine that will build the project just need have the certificate in the store.
Application manifest:
Error: <entryPoint> is invalid
Check: Validate that the processor attribute of the assemblyIdentity element is the same as the
entryPoint processor attribute.
No comments:
Post a Comment