How to sign C++/CLI assemblies in VS 2010?

Question

Hello,

in VS 2008 I signed my C++/CLI assemblies successfully using the method described here (using the KeyContainer linker option):
http://www.conceptualinertia.net/aoakenfo/signing-ccli-assemblies
If I try this method in VS 2010 I receive the message:
mt.exe : general warning 810100b3: <FileName>.dll is a strong-name signed assembly and embedding a manifest invalidates the signature. You will need to re-sign this file to make it a valid assembly.
That means, that the KeyContainer linker option in VS 2010 will no longer work, if I embed a manifest. I have to resign the assembly using the sn tool.

My question: Is this a bug in VS 2010 or is VS 2010 less capable of (comfortable) signing by design?

Kind regards
Siegmund Baumann

Answer 1

Yes, this is a bug in VS2010. Due to the facts that it is relatively easy to workaround the problem and signing is usually not needed for day to day development work, we have decided to not to fix it for VS2010 release but it will be fixed for SP.

To workaround the problem, here are the steps you need to take:

1. Set "Linker" -> "Advanced"  -> "Key File" to the key file you have generated with sn -k
2. Set "Link" -> "Advanced" -> "Delay Sign" to "Yes"
3. Add a custom build step or post build event to sign the dll: sn -R <dll> <key file>

Note that, if you need to register your dll, for step 1 to 3 above to work, you need to disable the registration step first and do the registration after step 3 is done.

Li Shao, MSFT

---

Li Shao

Answer 2

Yes, this is a bug in VS2010. Due to the facts that it is relatively easy to workaround the problem and signing is usually not needed mkv for day to day development work, we have decided to not to fix it for VS2010 release but it will be fixed for SP.

To workaround the problem, here are the steps you need to take:

1. Set "Linker" -> "Advanced"  -> "Key File" to the key file you have generated with sn -k
2. Set "Link" -> "Advanced" -> "Delay Sign" to "Yes"
3. Add a custom build step or post build event to sign the dll: sn -R <dll> <key file>

Note that, if you need to register your dll, for step 1 to 3 above to work, you need to disable the registration step first and do the registration after step 3 is done.

Li Shao, MSFT

---

Li Shao

Thanks for your explanation. Now I get to know the cause and also the easy solution. Thanks.

Answer 3

This works. In my case, I could omit step 2) (Delay sign=yes) without any noticable adverse consequences.

Also, we prefer to use macros in the post build event command line, example:

sn -Ra $(TargetPath) $(ProjectDir)mapiext.snk

where "mapiext.snk" is the strong name key file previously created with sn.exe and stored in the solution project root directory and checked in to TFS.

Answer 4

One side effect seems to be, that an executable will be linked on every debugger start.

Because the file is changed.

Is there also an easy workaround for this?

Kind regards

Dieter Pelz

 

Answer 5

Hi Dieter,

Signing is usually not needed and thus enabled when doing development so you can probably disable signing to avoid relinking. You can enabled signing when releasing the binaries. Please let me know if this does not apply to your scenario.

Li Shao, MSFT

---

Li Shao

Answer 6

This does not appear to be addressed in Visual Studio 2010 SP1 Beta

Answer 7

It has been decided to not to fix it for SP1 as there is easy workaround for this. Please let me know if you think this is important to fix. I will try to get to see if this can be fixed in SP1.

Li Shao, MSFT

---

Li Shao