search

akamsteeg / AtleX.HaveIBeenPwned

A fully async .NET Standard client library for the API of HaveIBeenPwned.com
https://www.nuget.org/packages/AtleX.HaveIBeenPwned/
MIT License
5 stars 0 forks source link

Add strong naming #32

Closed akamsteeg closed 4 years ago

akamsteeg commented 5 years ago

Microsoft recommends strong naming NuGet packages. We should add strong naming to this library too.

akamsteeg commented 4 years ago

Okay, in 1bb60df I changed from full assembly signing to public signing. However, that breaks loading the assembly on NETFX. It throws a FileLoadException:

Could not load file or assembly 'AtleX.HaveIBeenPwned, Version=4.1.0.0, Culture=neutral, PublicKeyToken=dd937fdd82a3e1d3' or one of its dependencies. Strong name signature could not be verified. The assembly may have been tampered with, or it was delay signed but not fully signed with the correct private key. (Exception from HRESULT: 0x80131045)

Since we have only a single TFM (netstandard2.0) this is not trivial to solve I guess. There are a few options:

  1. Fully sign the assembly;
  2. Add a net461 TFM again. Fully sign that one and do public signing on the .NET Standard 2.0 assembly;
  3. Add a net461 TFM again. Do not sign that one and do public signing on the .NET Standard 2.0 assembly.

I'm open to suggestions here.

akamsteeg commented 4 years ago

For now I've chosen for option 1.

akamsteeg commented 4 years ago

Still having the assembly load exceptions in Azure DevOps, but only on Windows build agents and I cannot possibly recreate it with .NET Framework and .NET Core test applications on multiple OS-es and in multiple versions. Any help debugging/determining impact is still very much appreciated.