1

We're trying to publish a ClickOnce application, but we are forced to do so using MSBuild, since we're suffering from the Visual Studio bug where Visual Studio stupidly insists on re-enabling 'The application should check for updates', which we do not want.

Using MSBuild does not suffer from this, but it does not produce the same output as using Visual Studio's 'Publish...' (despite what MSDN says). We're obfuscating the code in a Post-Build Event, and MSBuild seems to sign the application manifests at the wrong point in the process.

For the record, we're using the following MSBuild command line:

msbuild /t:Publish

Using MSBuild and enabling obfuscation yields output, but when I try to install the application from the generated manifests, I get the following ClickOnce error:

* Activation of http://download.foo.com/Test/Foo.application resulted in exception. Following failure messages were detected:
     + File, Foo.exe, has a different computed hash than specified in manifest.

Disabling the obfuscation does not yield this error, but obviously we're not going to publish unobfuscated code.

I've tried using MageUI to re-sign the manifests, but this does not seem to fix it.

My question is: what does Visual Studio do differently? Does it use a different MSBuild target? If so, which one? How can I fix my certificate problems?

ErikHeemskerk
  • 1,623
  • 14
  • 30

2 Answers2

1

The problem is probably the obfuscation. Can you try publishing the application and signing it WITHOUT the obfuscation and see what it does?

Also, if you are using mage: 1. Sign the application manifest (the appname.exe.manifest in the versioned folder). 2. Sign the deployment manifest (myapp.application) in the top folder of the deployment foldres. 3. When you sign the deployment manifest, be sure to go to the Application Reference tab and click "Select Manigest" and re-select the application manifest in the versioned folder, THEN sign it. THis seems stupid, but it's required to sign the deployment manifest.

RobinDotNet
  • 11,723
  • 3
  • 30
  • 33
  • Like I mentioned in the original question (maybe not phrased clearly), disabling obfuscation results in the publish completing successfully and it being able to install without errors. However, I don't want to publish non-obfuscated code. The problem is not obfuscation itself, but the fact that command-line MSBuild does not seem to process it correctly. – ErikHeemskerk Jun 14 '11 at 09:17
  • The mage solution worked perfectly. Now if only that could be easily automated... – ErikHeemskerk Jun 14 '11 at 09:30
  • 1
    This blog from the ClickOnce guy at Microsoft shows how to use mage to re-sign the manifests. This is the command-line version of mageUI, and you can probably figure out a way to script it. http://blogs.msdn.com/b/vsto/archive/2009/04/29/signing-and-re-signing-manifests-in-clickonce.aspx – RobinDotNet Jul 07 '11 at 22:57
0

I have found that if you publish by pressing the "Publish Now" button in the publish tab the "application should check for updates" state persists, i.e. VS does not turn it on again. However, if you publish through the dropdown menu item it will re-enable the check. a clear bug to me.

Marc
  • 1