[GH-ISSUE #106] [QUESTION] Transitive signing #87

New issue

Closed

opened 2026-02-25 21:30:38 +03:00 by kerem · 3 comments

kerem commented

2026-02-25 21:30:38 +03:00

Owner

Originally created by @kirillkovalenko on GitHub (Aug 29, 2025).
Original GitHub issue: https://github.com/brutaldev/StrongNameSigner/issues/106

A have a 3rd party nuget which has an unsigned assembly which reference another unsigned assembly from another nuget. Is there a way to sign both and have the original assembly to reference a signed version of the dependency?

Originally created by @kirillkovalenko on GitHub (Aug 29, 2025). Original GitHub issue: https://github.com/brutaldev/StrongNameSigner/issues/106 A have a 3rd party nuget which has an unsigned assembly which reference another unsigned assembly from another nuget. Is there a way to sign both and have the original assembly to reference a signed version of the dependency?

kerem closed this issue

2026-02-25 21:30:38 +03:00

kerem commented

2026-02-25 21:30:38 +03:00

Author

Owner

@brutaldev commented on GitHub (Aug 29, 2025):

@kirillkovalenko Yes, this is the default behaviour. All unsigned assemblies will be signed and their dependencies updated to reflect the new signed references.

@brutaldev commented on GitHub (Aug 29, 2025): @kirillkovalenko Yes, this is the default behaviour. All unsigned assemblies will be signed and their dependencies updated to reflect the new signed references.

kerem commented

2026-02-25 21:30:38 +03:00

Author

Owner

@kirillkovalenko commented on GitHub (Sep 1, 2025):

Let's say I want to sign directly in the .nuget folder which has the following structure. Assembly foo depends of bar. Is there currently a way to sign foo and have also bar signed without having to copy both in the same folder? I looked at StrongNameSigner.Console.exe command line options and don't see anything related to a search path.

~/.nuget/packages
     foo
        x.y.z
          lib
            netstandard2.0 
                foo.dll
     bar
       a.b.c
         lib
            netstandard2.0
                 bar.dll

@kirillkovalenko commented on GitHub (Sep 1, 2025): Let's say I want to sign directly in the .nuget folder which has the following structure. Assembly `foo` depends of `bar`. Is there currently a way to sign `foo` and have also `bar` signed without having to copy both in the same folder? I looked at `StrongNameSigner.Console.exe` command line options and don't see anything related to a search path. ``` ~/.nuget/packages foo x.y.z lib netstandard2.0 foo.dll bar a.b.c lib netstandard2.0 bar.dll ```

kerem commented

2026-02-25 21:30:38 +03:00

Author

Owner

@brutaldev commented on GitHub (Sep 1, 2025):

Please refer to the docs: https://github.com/brutaldev/StrongNameSigner?tab=readme-ov-file#dealing-with-dependencies

You can supply multiple paths using a | character and all assemblies found will be used together. The docs on dealing with dependencies explains how this works.

StrongNameSigner.Console.exe -in "./nuget/packages/foo/x.y.z/lib/netstandard2.0|./nuget/packages/bar/a.b.c/lib/netstandard2.0"

@brutaldev commented on GitHub (Sep 1, 2025): Please refer to the docs: https://github.com/brutaldev/StrongNameSigner?tab=readme-ov-file#dealing-with-dependencies You can supply multiple paths using a `|` character and all assemblies found will be used together. The docs on dealing with dependencies explains how this works. `StrongNameSigner.Console.exe -in "./nuget/packages/foo/x.y.z/lib/netstandard2.0|./nuget/packages/bar/a.b.c/lib/netstandard2.0"`