ashkensington-zz / elmah

Automatically exported from code.google.com/p/elmah
Apache License 2.0
0 stars 0 forks source link

Document how to sign and install ELMAH into GAC #79

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
Some folks may not be entirely familiar with the process of signing a 
private build of an assembly, installing it into the GAC and using its 
strong name for configuration. It would be useful to document this for 
ELMAH (even though the steps would apply to any weak-named assembly) as 
noted in the following thread:

http://groups.google.com/group/elmah/t/885232536c2ef21

Original issue reported on code.google.com by azizatif on 2 Dec 2008 at 3:57

GoogleCodeExporter commented 9 years ago
Would it be possible for releases (production and beta etc) of ELMAH to be 
strongly
signed before being uploaded to google code?

I'd rather use pre-build binaries for our application so having them signed 
makes it
easier to drop them in the GAC.

Cheers

Original comment by mat.stee...@gmail.com on 24 Apr 2009 at 12:38

GoogleCodeExporter commented 9 years ago
@mat.steeples: Strong-naming the assembly by themselves won't help unless a 
setup 
MSI is also provided because that is the only official way to get an assembly 
into 
the GAC on production server. As pointed out in the thread, GACUTIL is not even 
installed on servers. It is purely an SDK tool at this point.

Original comment by azizatif on 28 Apr 2009 at 5:20

GoogleCodeExporter commented 9 years ago
I understand that. Currently we install assemblies into the GAC on production 
servers
using windows explorer. We open up C:\windows\assembly and drag the assemblies 
into
there.

The reason I was asking for signed assemblies is that we try and use precompiled
binaries direct from websites so that we can keep track of what version we're 
using.
If someone has to check out the source, attach a key and then compile it we 
don't
know if any modifications have been made to the code itself (unless we use 
reflector
on it).

As far as I'm aware there aren't any ways to sign an assembly that has already 
been
compiled (unless it's marked as delay-sign)

Original comment by mat.stee...@gmail.com on 28 Apr 2009 at 6:39

GoogleCodeExporter commented 9 years ago
FWIW, we have successfully signed Elmah with our own key, compiled from source, 
so 
that works, and it is easy, etc.

HTH.

-- Mark Kamoski

Original comment by mkamo...@gmail.com on 29 Apr 2009 at 8:23

GoogleCodeExporter commented 9 years ago
Agree. While gacutil is not officially supported as deployment, it works well 
enough, 
just like dragging/dropping into the c:\windows\assembly folder. Not having to 
re-
compile it would just save me from that step.

Original comment by goo...@stum.de on 26 May 2009 at 8:34

GoogleCodeExporter commented 9 years ago
For anyone looking to do this,

1. Download the src zip file and extract it.
2. Open up your preferred solution version in the Solutions folder.
3. Right-click the project in Visual Studio, go to Properties, Signing, check 
Sign
the assembly, select New, give it a name, don't bother with a password, save 
and exit.
4. Double-click the build.cmd file in the Solutions folder.
5. Your preferred version will now be in the appropriate bin folder.

Original comment by nicho...@piasecki.name on 19 Nov 2009 at 3:37

GoogleCodeExporter commented 9 years ago
Couldn't the Elmah devs just add the key and sign the dll so it would be 
simpler? (I know it is pretty easy, but still, all the other dlls included are 
fine (mono.security, mysql, npgsql, sqlite, etc) just the Elmah.dll that isn't 
signed)

Original comment by c0bra99 on 28 Jul 2011 at 2:56

GoogleCodeExporter commented 9 years ago
Paul Simpson has independently published a Code Project article documenting the 
steps:
http://www.codeproject.com/KB/aspnet/elmahGAC.aspx

Original comment by azizatif on 3 Aug 2011 at 4:53

GoogleCodeExporter commented 9 years ago
Please sign it... It is easy (and I did it) the real problem is that Nuget 
Package is not signed so in cannot use from nuget as dependency and I have to 
create a custom package just because it is not signed...

Original comment by manudear...@gmail.com on 11 Feb 2013 at 10:10

GoogleCodeExporter commented 9 years ago
This issue has been migrated to:
https://github.com/elmah/Elmah/issues/79
The conversation continues there.
DO NOT post any further comments to the issue tracker on Google Code as it is 
shutting down.
You can also just subscribe to the issue on GitHub to receive notifications of 
any further development.

Original comment by azizatif on 25 Aug 2015 at 8:16