Open kauppine opened 1 month ago
hi @kauppine thanks for reaching out on requesting this integration. As of now, the team is still evaluating & discussing how to proceed with support for ClickOnce.
I am currently evaluating the Trusted Siging service and it looks very promising. Signing exe and msi files is no problem. But I also need to sign ClickOnce manifest files. Direct support for this would be very helpful. Or some guidance how this service can be used with mage.exe.
@kauppine For the case you missed it: dotnet Sign prereleased last week a version with support for Trusted Signing. Works fine, but not yet with Clickonce, but there is already a PR waiting to be completed to fix the bug.
For awareness, keep in mind that the even with the dotnet/sign integration working as expected, we still have some limitations on the way that clickonce handles trust by pinning to a certificate thumbprint. Given that trusted signing manages short lived keys, the experience could be subpar for users.
Currently, Azure Trusted Signing does not support signing ClickOnce manifests.
It would be a great improvement and increase the usability of the service, if it could be used to sign ClickOnce manifests in a similar manner as with dotnet Sign: https://github.com/dotnet/sign