locked
Signing a delay-signed assembly RRS feed

  • Question

  • In our current build process, assemblies are delay-signed during the initial build.  All developers have the public keyfile (via source control) in order to make this possible.  This results in partially signed assemblies whenever a compile is done on a developer's workstation (which is ok because developer machines also bypass strong name validation for our public key).

    On the build server, an additional task is performed (we currently use nant) which re-signs each assembly after it is compiled (this time doring a full signature using the full key).  Therefore the output of the build server is a fully valid strongly named assembly.  This resigning is done with the sn.exe tool.  Nant has a task wrapping this tool, but I didn't find one for MSBuild. 

    Is an MSBuild task planned for wrapping sn.exe?  Is there an alternative approach to the strong-name scenario that you'd suggest (that doesn't require developers to have direct access to a keyfile containing the private key)?

    One alternative I looked at was putting <DelaySign>true</DelaySign> into the conditional PropertyGroups (so that we could make a "Build Server" configuration that just signed the assembly directly during the initial call to csc), but that seems to confuse VS 2005 Beta 2 because it doesn't think that signature related settings should be based on configuration.


    Friday, July 15, 2005 3:45 PM

Answers

  • No problem.  I interpreted the lack of response as: there is no task currently available and none coming in later CTPs or the RTM.

    So, we made a task ourselves to call sn.exe so that it was easier to assembly the required command line (vs. using the Exec task directly).


    Monday, August 15, 2005 9:14 PM

All replies

  • Hi,

    Sorry for the delay in responding.

    Is this still an issue for you?  For the moment, are you able to use the Exec task to invoke sn directly?

    It sounds like you would need to customize the build and somehow indicate that you are running on the build server, and then perform the signing steps.

    Thanks.
    Faisal Mohamood
    MSBuild Team

    Thursday, August 11, 2005 8:48 PM
  • No problem.  I interpreted the lack of response as: there is no task currently available and none coming in later CTPs or the RTM.

    So, we made a task ourselves to call sn.exe so that it was easier to assembly the required command line (vs. using the Exec task directly).


    Monday, August 15, 2005 9:14 PM