Open floyd-chan opened 3 weeks ago
I just read in this post that these two parameters can be set to $null:
https://github.com/dotnet/sign/issues/642#issuecomment-2148378970
I've tried this, and I get this error:
Option '-u' is required.
I am still stuck and I cannot determine what to do. Help?
@floyd-chan, the values for --description
and --description-url
apply to Authenticode signatures. Here is signtool.exe's description for those values:
Command | Description |
---|---|
/d Desc | Specifies a description of the signed content. |
/du URL | Specifies a URL for the expanded description of the signed content. |
BTW, I recommend that you look at using a federated identity instead of a client secret when connecting with either GitHub Actions or Azure DevOps pipelines. In these cases, you'd use the --azure-key-vault-managed-identity
parameter instead. Then, you wouldn't need to have a secret in your pipeline. @clairernovotny, can you link to samples for this?
Hi @floyd-chan,
Sign CLI supports secret-less authentication using Workload Identity Federation for GitHub Actions and Azure Pipelines.
Here are a couple samples:
Docs on setting up the Workload Identity Federation are here:
The --description
and --description-url
options were made optional in this pull request: #718.
I am developing a Business Central app that requires code signing with Azure Key Vault as described here in Microsoft Learn:
https://learn.microsoft.com/en-us/dynamics365/business-central/dev-itpro/developer/devenv-sign-extension#steps-for-signing-your-app-file-with-azure-key-vault
I am going to be signing with a service principal, so this is the sample code provided on that page:
sign code azure-key-vault --azure-key-vault-url "https://MyKeyvault.vault.azure.net/" --azure-key-vault-certificate "NameOfMyCertificate" --azure-key-vault-client-id "ClientIdOfServicePrincipal" --azure-key-vault-client-secret "ClientSecretOfServicePrincipal" --azure-key-vault-tenant-id "MicrosoftEntraId" --description "Some Description" --description-url "" --verbosity Information "C:/Path/To/File(s)"
It is unclear to me what should be provided to the Description and Description-Url parameters; there is no clear documentation for this.
How should I proceed?