search

brutaldev / StrongNameSigner

Strong-name sign third party .NET assemblies without the source code.
https://brutaldev.com/post/net-assembly-strong-name-signer
Other
327 stars 68 forks source link

Use NuGet package, but no automatic signing of assemblies #75

Closed MarcelVersteeg closed 1 year ago

MarcelVersteeg commented 1 year ago

I have created issue #74 before about this. That issue was closed, but even after your response it is still reproducible. I have duplicated my remark to that issue here.

My project file looks like this (kept out unnecessary details):

<Project Sdk="Microsoft.NET.Sdk">

  <PropertyGroup>
    <OutputType>Exe</OutputType>
    <TargetFrameworks>net481</TargetFrameworks>
    ....
  </PropertyGroup>
  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
    <DebugSymbols>true</DebugSymbols>
    <DebugType>full</DebugType>
    <Optimize>false</Optimize>
    <DefineConstants>DEBUG;TRACE</DefineConstants>
  </PropertyGroup>
   ....
  <ItemGroup>
    <PackageReference Include="Brutal.Dev.StrongNameSigner" Version="3.1.1" />
    <PackageReference Include="Vestris.ResourceLib" Version="2.1.0">
      <PrivateAssets>all</PrivateAssets>
      <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
    </PackageReference>
  </ItemGroup>
  <Target Name="SignResourceLib" BeforeTargets="ResolveAssemblyReferences" Condition=" '$(TargetDir)' != '' " Inputs="$(SolutionDir)bin\_packages\vestris.resourcelib\2.1.0\lib\net45\Vestris.ResourceLib.dll" Outputs="$(SolutionDir)bin\_signed\Vestris.ResourceLib.dll">
    <Exec Command="&quot;$(StrongNameSignerDirectory)StrongNameSigner.Console&quot; -in &quot;$(SolutionDir)bin\_packages\vestris.resourcelib\2.1.0\lib\net45&quot; -out &quot;$(SolutionDir)bin\_signed&quot;" WorkingDirectory="$(SolutionDir)" />
  </Target>

</Project>

The target is executed as expected and signs the Vetris.ResourceLib.dll. However, when I look at the build output, there is also another task being executed that seems to try to sign all DLLs in my entire tree. This is what I see in the output (verbosity level "Normal"):

Target StrongNameSignerTarget:
  -- Starting Brutal Developer .NET Assembly Strong-Name Signer Task --
  <a lot of assemblies from alll kinds of folders are "added for processing">
  -- Finished Brutal Developer .NET Assembly Strong-Name Signer Task in 00:00:01.4505714 --

This StrongNameSignerTarget is the target that is started automatically, and is not explicitly referenced in the project. @brutaldev How can I prevent this target to run?

MarcelVersteeg commented 1 year ago

I found the solution to this issue myself now. It is not an issue with the package. When adding the NuGet package to the project, exclude the build asset from the dependency, by either adding that to the dependency properties, or by editing the project file like this:

<PackageReference Include="Brutal.Dev.StrongNameSigner" Version="3.1.1">
    <ExcludeAssets>build</ExcludeAssets>
</PackageReference>
brutaldev commented 1 year ago

@MarcelVersteeg Thanks for the info, I hope this can be helpful to other and I might just add it to the documentation as well.