这WinGet 规范列出最小单例 YAML 文件示例(我将在 2021 年 6 月 17 日展示)显示一个SignatureSha256值,我思考表示可执行文件必须经过签名……这需要花钱……因为Microsoft 可信根计划。我认为可执行文件必须经过签名,对吗?
PackageIdentifier: "Microsoft.WindowsTerminal"
PackageVersion: "1.6.10571.0"
PackageLocale: "en-US"
Publisher: "Microsoft"
PackageName: "Windows Terminal"
License: "MIT"
ShortDescription: "The new Windows Terminal, a tabbed command line experience for Windows."
Installers:
- Architecture: "x64"
InstallerType: "msix"
InstallerUrl: "https://github.com/microsoft/terminal/releases/download/v1.6.10571.0/Microsoft.WindowsTerminal_1.6.10571.0_8wekyb3d8bbwe.msixbundle"
InstallerSha256: 092aa89b1881e058d31b1a8d88f31bb298b5810afbba25c5cb341cfa4904d843
SignatureSha256: e53f48473621390c8243ada6345826af7c713cf1f4bbbf0d030599d1e4c175ee
ManifestType: "singleton"
ManifestVersion: "1.0.0"
答案1
从此请求请求,已成功合并,您可以看到,exe 不需要 SignatureSha256。此外,@罗伯特在对我的问题的评论中指出,在 JSON 模式文件中,注释听起来更像是可选的:SignatureSha256 is recommended for appx or msix.
以下是该拉取请求中的相关代码:
PackageIdentifier: WeMod.WeMod
PackageVersion: 7.1.3
Installers:
- Architecture: x86
InstallerType: exe
InstallerUrl: https://storage-cdn.wemod.com/app/releases/stable/WeMod-7.1.3.exe
InstallerSha256: 64df92f972e8e055ca816f91f9f3cba20bcac2febda818b38da7d24af64e67a0
InstallerSwitches:
Silent: /s
SilentWithProgress: /s
ManifestType: installer
ManifestVersion: 1.0.0