starred/StrongNameSigner
1
0
Fork 0
mirror of https://github.com/brutaldev/StrongNameSigner.git synced 2026-04-25 03:16:10 +03:00
Code Issues Projects Releases Packages Wiki Activity

[GH-ISSUE #80] SDK style probjects supported? #64

New issue
Closed
opened 2026-02-25 21:30:35 +03:00 by kerem · 4 comments
kerem commented 2026-02-25 21:30:35 +03:00
Owner
Copy link

Originally created by @kirillkovalenko on GitHub (Dec 18, 2022).
Original GitHub issue: https://github.com/brutaldev/StrongNameSigner/issues/80

Originally assigned to: @brutaldev on GitHub.

I trying to use strong name signer tool to have a new 3rd party dependency assembly signed automatically. It seems that the tool finds in project dependencies referenced via ProjectReference, but does not process those referenced via PackageReference tag. Is SDK style not supported or it's me doing something wrong?

Build started...
1>------ Build started: Project: Client, Configuration: Debug Any CPU ------
1>-- Starting Brutal Developer .NET Assembly Strong-Name Signer Task --
1>Adding 'Contracts.dll' for processing.
1>Adding 'Core.dll' for processing.
1>Adding 'Directory.dll' for processing.
1>Adding 'Interop.WtsApi.dll' for processing.
1>Checking assembly references in 'Contracts.dll'.
1>Checking assembly references in 'Core.dll'.
1>Checking assembly references in 'Directory.dll'.
1>Checking assembly references in 'Interop.WtsApi.dll'.
1>Removing invalid friend reference from assembly 'Core.dll'.
1>Removing invalid friend reference from assembly 'Core.dll'.
1>Removing invalid friend reference from assembly 'Directory.dll'.
1>-- Finished Brutal Developer .NET Assembly Strong-Name Signer Task in 00:00:13.9144618 --
1>CSC : warning CS8002: Referenced assembly 'NtApiDotNet, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null' does not have a strong name.
Originally created by @kirillkovalenko on GitHub (Dec 18, 2022). Original GitHub issue: https://github.com/brutaldev/StrongNameSigner/issues/80 Originally assigned to: @brutaldev on GitHub. I trying to use strong name signer tool to have a new 3rd party dependency assembly signed automatically. It seems that the tool finds in project dependencies referenced via `ProjectReference`, but does not process those referenced via `PackageReference` tag. Is SDK style not supported or it's me doing something wrong? ```text Build started... 1>------ Build started: Project: Client, Configuration: Debug Any CPU ------ 1>-- Starting Brutal Developer .NET Assembly Strong-Name Signer Task -- 1>Adding 'Contracts.dll' for processing. 1>Adding 'Core.dll' for processing. 1>Adding 'Directory.dll' for processing. 1>Adding 'Interop.WtsApi.dll' for processing. 1>Checking assembly references in 'Contracts.dll'. 1>Checking assembly references in 'Core.dll'. 1>Checking assembly references in 'Directory.dll'. 1>Checking assembly references in 'Interop.WtsApi.dll'. 1>Removing invalid friend reference from assembly 'Core.dll'. 1>Removing invalid friend reference from assembly 'Core.dll'. 1>Removing invalid friend reference from assembly 'Directory.dll'. 1>-- Finished Brutal Developer .NET Assembly Strong-Name Signer Task in 00:00:13.9144618 -- 1>CSC : warning CS8002: Referenced assembly 'NtApiDotNet, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null' does not have a strong name. ```
kerem closed this issue 2026-02-25 21:30:35 +03:00
kerem commented 2026-02-25 21:30:35 +03:00
Author
Owner
Copy link

@brutaldev commented on GitHub (Dec 18, 2022):

@kirillkovalenko Do you have a basic sample project that I can test with?

<!-- gh-comment-id:1356850955 --> @brutaldev commented on GitHub (Dec 18, 2022): @kirillkovalenko Do you have a basic sample project that I can test with?
kerem commented 2026-02-25 21:30:35 +03:00
Author
Owner
Copy link

@kirillkovalenko commented on GitHub (Dec 19, 2022):

I've created a simple project Sns80.zip

BTW, does your tool respect AssemblyOriginatorKeyFile MsBuild property?

<!-- gh-comment-id:1357365640 --> @kirillkovalenko commented on GitHub (Dec 19, 2022): I've created a simple project [Sns80.zip](https://github.com/brutaldev/StrongNameSigner/files/10258036/Sns80.zip) BTW, does your tool respect `AssemblyOriginatorKeyFile` MsBuild property?
kerem commented 2026-02-25 21:30:35 +03:00
Author
Owner
Copy link

@brutaldev commented on GitHub (Dec 19, 2022):

BTW, does your tool respect AssemblyOriginatorKeyFile MsBuild property?

No, it's completely separate from any MSBuild specifics that project files could be using and you would need to pass you key file in the same way.

The problem you are experiencing with your project is related to PR #78
Package references go into cache directories such as C:\Users\USER_NAME\.nuget\packages\ntapidotnet, the locations are explicitly excluded with the automatic build task because there are usually thousands of packages in there, none of which we want to traverse and check for each project's build unnecessarily.

A solution now would be to sign explicitly using the console application with build events as described here: https://github.com/brutaldev/StrongNameSigner#build-process
You could also sign using the application, re-publish to your own local (or private NuGet repository) or just reference the final signed file directly. Ther project you are referring to is also open source so you could request from the developers to sign it or fork your own version, sign it and make another NuGet package for them.

You have a lot of options that make it not necessary to use this tool since it is intended as a last resort.

<!-- gh-comment-id:1358309094 --> @brutaldev commented on GitHub (Dec 19, 2022): > BTW, does your tool respect AssemblyOriginatorKeyFile MsBuild property? No, it's completely separate from any MSBuild specifics that project files could be using and you would need to pass you key file in the same way. The problem you are experiencing with your project is related to PR #78 Package references go into cache directories such as `C:\Users\USER_NAME\.nuget\packages\ntapidotnet`, the locations are explicitly excluded with the automatic build task because there are usually thousands of packages in there, none of which we want to traverse and check for each project's build unnecessarily. A solution now would be to sign explicitly using the console application with build events as described here: https://github.com/brutaldev/StrongNameSigner#build-process You could also sign using the application, re-publish to your own local (or private NuGet repository) or just reference the final signed file directly. Ther project you are referring to is also open source so you could request from the developers to sign it or fork your own version, sign it and make another NuGet package for them. You have a lot of options that make it not necessary to use this tool since it is intended as a last resort.
kerem commented 2026-02-25 21:30:35 +03:00
Author
Owner
Copy link

@kirillkovalenko commented on GitHub (Dec 20, 2022):

A solution now would be to sign explicitly using the console application

Thanks, I've already implemented this approach.

<!-- gh-comment-id:1358997927 --> @kirillkovalenko commented on GitHub (Dec 20, 2022): > A solution now would be to sign explicitly using the console application Thanks, I've already implemented this approach.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
v3.6.5
v3.6.4
v3.6.3
v3.6.2
v3.6.1
v3.6.0
v3.5.1
v3.5.0
v3.4.0
v3.3.3
v3.3.2
v3.3.1
v3.3.0
v3.2.1
v3.2.0
v3.1.1
v3.1.0
v2.9.1
v2.9.0
2.7.1
2.7.0
2.6.0
2.4.0
v2.3.0
v2.2.0
v2.1.4
v2.1.3
v2.1.2
v2.1.0
v2.0.0
v1.8.0
v1.7.0
v1.6.1
v1.5.1-2
v1.5.0
v1.5.1
v1.4.9
v1.4.8
v1.4.7
v1.4.6
1.4.5
1.4.4
1.4.3
1.4.2
1.4.1
1.4
v1.3.0.0
1.2
Labels
Clear labels   
bug

   
duplicate

   
duplicate

   
enhancement

   
invalid

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
wontfix
No labels
bug
duplicate
duplicate
enhancement
invalid
pull-request
question
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/StrongNameSigner#64
No description provided.