At present, my package publisher is deployed on the ECS, and jenkens is used to complete the continuous integration task.
The final result of packaging the publisher is an EXE installation package.
At present, I also encounter this problem. Let me describe the current situation in detail:
1. Start the Jenkins task. This process is completed on the ECS. The last step of the task is to use virboxprotector to encrypt and protect the DLL and exe published by ourselves.
2. Then manually enter the ECS, open the AIP file, download the DLL and exe involved in packaging to the local, and use the ukey provided by the digital certificate provider to sign the EV code
3. Overwrite the signed file to the original path on the ECS
4. Manually run the build step of AIP on the ECS to obtain the packaged installation package
5. Download the installation package locally and use the ukey provided by the digital certificate provider to sign the EV code
6. During installation, the problem of "EXE and MSI file signature mismatchs" was encountered
After reading the post, I found that it may be caused by the problem of "can you let us know if you sign the EXE setup package outside of advanced installer".
My question now is:
1. Do I only need to sign the unique installer (EXE format) after packaging, or do I only need to sign the DLL encrypted with virboxprotector, or sign all DLLs involved in packaging?
2. To solve this problem, should I configure "production information-digital signature-settings" in AIP
3. How to configure "production information-digital signature-settings"
My digital signature batch file commands are as follows:
signtool sign /v /as /fd sha256 /sha1 33xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx /tr http://timestamp.sectigo.com
/td sha256 all_ files/*.*
Add: my EV code signature is completed using a USB flash disk (called ukey by the digital certificate provider).
If you need more information, I can provide my email. After getting in touch, I can send AIP files or pictures describing the problem.
All the best,