Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

SignTool: StrongNameInfo should not imply delay signing by default

See original GitHub issue

Found as a result of trying to onboard ASP.NET Core to Azure Pipelines.

SignTool currently assumes that when a strong name key is specified via StrongNameInfo, that this means assemblies where delay-signed. As a result, it adds the <StrongName> metadata to the generated project it runs via MicroBuild.

Not all strong name keys we use are available in ESRP. For example, the MicrosoftAspNetCore key. This key is fully available in open source, so it should be unnecessary to have ESRP re-apply a strong name since C# will fully-sign assemblies locally.

Talking with @JohnTortugo about this, he proposed one workaround, which is take advantage of the ‘resign’ capability by changing StrongNameInfo to the path to a .snk file. This is not desirable either because this is unnecessary in most cases. The ‘resign’ capability is only necessary for .dll’s that need to modify the IL after the C# compiler is done, which IMO is the exception not the rule to strong-name signing. Re-signing every aspnet .dll would be inefficient.

Issue Analytics

  • State:closed
  • Created 5 years ago
  • Comments:19 (19 by maintainers)

github_iconTop GitHub Comments

1reaction
natemcmastercommented, Jan 30, 2019

I thought ASP.NET is listing all files explicitly via FileSignInfo, isn’t that the case?

We were doing that and decided to try using the PKT/StrongNameSignInfo approach. If that’s not going to work, we’ll go back to listing files explicitly by name.

1reaction
JohnTortugocommented, Jan 30, 2019

Yeah, AFAIU FileSignInfo will require the file name to be specified. What I understand nate wants is PKT -> AuthenticodeCertificate; independent of name, etc.

I also don’t like the StrongNameSignInfo name… still, the change that I was going to propose to meet @natemcmaster scenario was to let StrongNameSignInfo->StrongName (ItemSpec) accepts “None” which would mean don’t strong name this file. So essentially StrongNameSignInfo will be used to configure information for strong name & authenticode interchangeably.

Read more comments on GitHub >

github_iconTop Results From Across the Web

SignTool.exe (Sign Tool) - .NET Framework
Learn about SignTool.exe, the Sign Tool. This command-line tool digitally signs files, verifies signatures in files, and applies timestamps ...
Read more >
Why signtool.exe very slow with self signed code certificate?
I try to generate certificate from. How do I create a self-signed certificate for code signing on Windows? When using signtool wnd tested...
Read more >
What Is Microsoft Signtool & How Can I Use It to Sign ...
Signing your scripts and other executables with Microsoft Signtool can help you achieve that goal. Even if code signing is not mandatory everywhere,...
Read more >
EV Authenticode Signing using SignTool
After your token and computer are ready, use the SignTool command to sign your program. You can run either the automatic or manual...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Too many defaults that are opt-out, and they are different from what MSbuild and the .NET Core SDK chose as defaults

Next page

Upgrade to C#8