yubico.yubikey.1.0.1.nupkg is not AuthentiCode signed - Githubissues

Yubico / Yubico.NET.SDK

A YubiKey SDK for .NET developers

Apache License 2.0

96 stars 48 forks source link

yubico.yubikey.1.0.1.nupkg is not AuthentiCode signed #3

Closed gnida-rada closed 2 years ago

gnida-rada commented 2 years ago

In our company we can only consume nugets from internal feed. And we cannot publish yubico.yubikey.1.0.1 because it is not AuthentiCode signed. Would it be possible to start AuthentiCode-signing Yubico.yubikey .NET SDK?

Thanks!

Your package yubico.yubikey.1.0.1.nupkg (edited) failed to publish to the feed.

Request date: 10/13/2021 3:38:22 AM

Package information: Package: yubico.yubikey.1.0.1.nupkg Class: External Source: https://www.nuget.org/packages/Yubico.YubiKey/

Failure log: WARNING: File not StrongName signed: Yubico.YubiKey.dll ERROR: File not AuthentiCode signed: Yubico.YubiKey.dll

GregDomzalski commented 2 years ago

Thank you for your feedback. We will be addressing this in the next week.

gnida-rada commented 2 years ago

@GregDomzalski , is there an ETA? There is a workaround I could use (re-the .dlls and then re-package .nuget before publishing locally), which would take some time to do. If the signed official release is not far, I won't go that route and save some cycles.

GregDomzalski commented 2 years ago

Hi @gnida-rada, this is my priority to fix today. I'll post back here once everything has been posted to NuGet.

GregDomzalski commented 2 years ago

@gnida-rada Are looking for the assemblies to be StrongName signed as well? Or just AuthentiCode signed? My preference would be to not strong name this, as we're mostly focused on .NET/.NET Core, but it's ultimately up to our users and customers. 😄

gnida-rada commented 2 years ago

@GregDomzalski, we require both. Thanks!

GregDomzalski commented 2 years ago

Alright then. Strong naming it is. I need to do a little more research to see what the impact of this will be, but we should still have a package out today.

GregDomzalski commented 2 years ago

OK - I've pushed a signed build of the YubiKey package and its dependencies to NuGet. It sometimes takes a few minutes for the packages to show up.

In 1.0.2, I've:

Strong name signed the assemblies
Authenticode signed the assemblies within the NuGet packages
NuGet signed the packages

Please let me know if I have missed anything.

gnida-rada commented 2 years ago

Confirmed, I can publish it to our feed now. Closing the issue. Thanks!