[GH-ISSUE #74] Use NuGet package, but no automatic signing of assemblies #63

New issue

Closed

opened 2026-02-25 21:30:35 +03:00 by kerem · 2 comments

kerem commented

2026-02-25 21:30:35 +03:00

Owner

Originally created by @MarcelVersteeg on GitHub (Nov 2, 2022).
Original GitHub issue: https://github.com/brutaldev/StrongNameSigner/issues/74

Via a third-party NuGet package I obtain an unsigned assembly I need for my application. I want to use the StrongNameSigner to only sign this single assembly, so I added the StrongNameSigner NuGet package to my application's project. This makes in unnecessary for other people in my team to install the StrongNameSigner separately when building the projects.

However, by adding the StrongNameSigner NuGet package to my project, all assemblies in the target directory are automatically processed. Is there a way to disable this automatic processing, or to specify which assembly/assemblies I want to be processed via this automatic mechanism?

Originally created by @MarcelVersteeg on GitHub (Nov 2, 2022). Original GitHub issue: https://github.com/brutaldev/StrongNameSigner/issues/74 Via a third-party NuGet package I obtain an unsigned assembly I need for my application. I want to use the StrongNameSigner to only sign this single assembly, so I added the StrongNameSigner NuGet package to my application's project. This makes in unnecessary for other people in my team to install the StrongNameSigner separately when building the projects. However, by adding the StrongNameSigner NuGet package to my project, all assemblies in the target directory are automatically processed. Is there a way to disable this automatic processing, or to specify which assembly/assemblies I want to be processed via this automatic mechanism?

kerem closed this issue

2026-02-25 21:30:35 +03:00

kerem commented

2026-02-25 21:30:35 +03:00

Author

Owner

@brutaldev commented on GitHub (Nov 2, 2022):

Second example in the docs: https://github.com/brutaldev/StrongNameSigner#build-process

Example of targeting one package folder.

<Target Name="BeforeBuild">
  <Exec ContinueOnError="false"
        Command="&quot;..\packages\Brutal.Dev.StrongNameSigner.3.1.1\build\StrongNameSigner.Console.exe&quot; -in &quot;..\packages\elmah.corelibrary.1.2.2&quot;" />
</Target>

You can remove the other targets that are created in your project file that perform a full signing operation.

@brutaldev commented on GitHub (Nov 2, 2022): Second example in the docs: https://github.com/brutaldev/StrongNameSigner#build-process Example of targeting one package folder. ``` <Target Name="BeforeBuild"> <Exec ContinueOnError="false" Command=""..\packages\Brutal.Dev.StrongNameSigner.3.1.1\build\StrongNameSigner.Console.exe" -in "..\packages\elmah.corelibrary.1.2.2"" /> </Target> ``` You can remove the other targets that are created in your project file that perform a full signing operation.

kerem commented

2026-02-25 21:30:35 +03:00

Author

Owner

@MarcelVersteeg commented on GitHub (Nov 3, 2022):

My project file looks like this (kept out unnecessary details):

<Project Sdk="Microsoft.NET.Sdk">

  <PropertyGroup>
    <OutputType>Exe</OutputType>
    <TargetFrameworks>net481</TargetFrameworks>
    ....
  </PropertyGroup>
  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
    <DebugSymbols>true</DebugSymbols>
    <DebugType>full</DebugType>
    <Optimize>false</Optimize>
    <DefineConstants>DEBUG;TRACE</DefineConstants>
  </PropertyGroup>
   ....
  <ItemGroup>
    <PackageReference Include="Brutal.Dev.StrongNameSigner" Version="3.1.1" />
    <PackageReference Include="Vestris.ResourceLib" Version="2.1.0">
      <PrivateAssets>all</PrivateAssets>
      <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
    </PackageReference>
  </ItemGroup>
  <Target Name="SignResourceLib" BeforeTargets="ResolveAssemblyReferences" Condition=" '$(TargetDir)' != '' " Inputs="$(SolutionDir)bin\_packages\vestris.resourcelib\2.1.0\lib\net45\Vestris.ResourceLib.dll" Outputs="$(SolutionDir)bin\_signed\Vestris.ResourceLib.dll">
    <Exec Command="&quot;$(StrongNameSignerDirectory)StrongNameSigner.Console&quot; -in &quot;$(SolutionDir)bin\_packages\vestris.resourcelib\2.1.0\lib\net45&quot; -out &quot;$(SolutionDir)bin\_signed&quot;" WorkingDirectory="$(SolutionDir)" />
  </Target>

</Project>

The target is executed as expected and signs the Vetris.ResourceLib.dll. However, when I look at the build output, there is also another task being executed that seems to try to sign all DLLs in my entire tree. This is what I see in the output (verbosity level "Normal"):

Target StrongNameSignerTarget:
  -- Starting Brutal Developer .NET Assembly Strong-Name Signer Task --
  <a lot of assemblies from alll kinds of folders are "added for processing">
  -- Finished Brutal Developer .NET Assembly Strong-Name Signer Task in 00:00:01.4505714 --

This StrongNameSignerTarget is the target that is started automatically, and is not explicitly referenced in the project. @brutaldev How can I prevent this target to run?

@MarcelVersteeg commented on GitHub (Nov 3, 2022): My project file looks like this (kept out unnecessary details): ``` <Project Sdk="Microsoft.NET.Sdk"> <PropertyGroup> <OutputType>Exe</OutputType> <TargetFrameworks>net481</TargetFrameworks> .... </PropertyGroup> <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' "> <DebugSymbols>true</DebugSymbols> <DebugType>full</DebugType> <Optimize>false</Optimize> <DefineConstants>DEBUG;TRACE</DefineConstants> </PropertyGroup> .... <ItemGroup> <PackageReference Include="Brutal.Dev.StrongNameSigner" Version="3.1.1" /> <PackageReference Include="Vestris.ResourceLib" Version="2.1.0"> <PrivateAssets>all</PrivateAssets> <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets> </PackageReference> </ItemGroup> <Target Name="SignResourceLib" BeforeTargets="ResolveAssemblyReferences" Condition=" '$(TargetDir)' != '' " Inputs="$(SolutionDir)bin\_packages\vestris.resourcelib\2.1.0\lib\net45\Vestris.ResourceLib.dll" Outputs="$(SolutionDir)bin\_signed\Vestris.ResourceLib.dll"> <Exec Command=""$(StrongNameSignerDirectory)StrongNameSigner.Console" -in "$(SolutionDir)bin\_packages\vestris.resourcelib\2.1.0\lib\net45" -out "$(SolutionDir)bin\_signed"" WorkingDirectory="$(SolutionDir)" /> </Target> </Project> ``` The target is executed as expected and signs the Vetris.ResourceLib.dll. However, when I look at the build output, there is also another task being executed that seems to try to sign all DLLs in my entire tree. This is what I see in the output (verbosity level "Normal"): ``` Target StrongNameSignerTarget: -- Starting Brutal Developer .NET Assembly Strong-Name Signer Task -- <a lot of assemblies from alll kinds of folders are "added for processing"> -- Finished Brutal Developer .NET Assembly Strong-Name Signer Task in 00:00:01.4505714 -- ``` This `StrongNameSignerTarget` is the target that is started automatically, and is not explicitly referenced in the project. @brutaldev How can I prevent this target to run?

kerem referenced this issue

2026-02-25 21:30:41 +03:00

[PR #63] [MERGED] Fixes #62 NullReferenceException when using ReferenceAssemblyAnnotator #96