I have a burn/bootstrapper WiX bundle with:
<?define DotNetVersion = "2.1.11"?>
<!-- The Min and Next .Net version that our installed version must be between -->
<Variable Name='MinDotNetVersion' Type='string' Value='2.1.0' bal:Overridable='no'/>
<Variable Name='NextDotNetVersion' Type='string' Value='2.2.0' bal:Overridable='no'/>
<?define HostingBundleUrl = "https://www.microsoft.com/net/download/thank-you/dotnet-runtime-$(var.DotNetVersion)-windows-hosting-bundle-installer" ?>
<util:RegistrySearch Id="DotNetHostingBundle86"
Root="HKLM"
Key="SOFTWARE\dotnet\Setup\InstalledVersions\$(var.Platform)\sharedhost"
Value="Version"
Variable="DotNetHostingBundleVersion" />
<!-- If running installer in a 32-bit process will change above key path to wow6432 etc, then won't find it. So, if didn't find it and version is x64, get the variable
this way: -->
<util:RegistrySearch Id="DotNetHostingBundle64"
After="DotNetHostingBundle86"
Condition="NOT DotNetHostingBundleVersion AND VersionNT64"
Root="HKLM"
Key="SOFTWARE\dotnet\Setup\InstalledVersions\$(var.Platform)\sharedhost"
Value="Version"
Variable="DotNetHostingBundleVersion"
Win64="yes"/>
<Chain>
<ExePackage Id="DotNetCoreHostingBundle"
Vital="yes"
Name=".Net Hosting Bundle Setup"
DownloadUrl="$(var.HostingBundleUrl)"
Compressed="no"
SourceFile=".\ExtResourcesCopy\dotnet-hosting-$(var.DotNetVersion)-win.exe"
InstallCondition="NOT DotNetHostingBundleVersion OR (DotNetHostingBundleVersion < MinDotNetVersion OR DotNetHostingBundleVersion >= NextDotNetVersion)"
Description="Installing .Net Hosting Bundle $(var.DotNetVersion). This includes the 32 bit and 64 bit runtimes, the Asp.net runtime packages (Microsoft.AspNetCore.App and .All), and the IIS Hosting Components."
/>
...
I've downloaded the dotnet-hosting-2.1.11-win.exe file into the ExtResourcesCopy folder, and since I set the SourceFile to this it gets its own Payload data.
I then build my .exe and run it on another computer and get the following error:
Acquiring package: DotNetCoreHostingBundle, payload: DotNetCoreHostingBundle, download from: https://www.microsoft.com/net/download/thank-you/dotnet-runtime-2.1.11-windows-hosting-bundle-installer
Error 0x80091007: Hash mismatch for path: C:\ProgramData\Package Cache\.unverified\DotNetCoreHostingBundle, expected: 1ED626AD403D6E5D99AB69DB7C281FB8E8A8D0A2, actual: F21BF2F13F89D1C9DFD2844D57728102D5714EAA
Error 0x80091007: Failed to verify hash of payload: DotNetCoreHostingBundle
Failed to verify payload: DotNetCoreHostingBundle at path: C:\ProgramData\Package Cache\.unverified\DotNetCoreHostingBundle, error: 0x80091007. Deleting file.
I then checked the SHA1 hash on the target computer by downloading the dotnet-hosting-2.1.11-win.exe file manually from Microsoft, using the exact url from the log file, and running:
certutil -hashfile dotnet-hosting-2.1.11-win.exe
This gave me the expected hash of: 1ed626ad403d6e5d99ab69db7c281fb8e8a8d0a2
So where is this "actual" hash of F21BF2F13F89D1C9DFD2844D57728102D5714EAA coming from? Is there a way of pausing the installer so I can inspect the file in the .unverified folder? And/or what can I do about this?
The URL you're using is an HTML page that uses JavaScript to download the package. Burn just sees the HTML.
You should be able to use dark.exe
to decompile your bundle executable and see the hashes for all of the payloads.
Note: Those hashes are present for security purposes. They prevent bad actors from tampering with the install content.
User contributions licensed under CC BY-SA 3.0