New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Error signing output with public key from file 'x.snk' -- Assembly signing not supported #6911

Closed
Jonathan34 opened this Issue Jun 16, 2017 · 9 comments

Comments

Projects
None yet
4 participants
@Jonathan34

Jonathan34 commented Jun 16, 2017

I am moving a .net full project to .net standard 2.0 with a.netcore 2.0 unit test projects.
They both use a snk to strongly sign the binaries.

<SignAssembly>True</SignAssembly><AssemblyOriginatorKeyFile>wol.snk</AssemblyOriginatorKeyFile>

When building the .net standard 2.0 project, i get:

CSC : error CS7027: Error signing output with public key from file 'wol.snk' -- Assembly signing not supported. [.../Source/proj/projA/projA.csproj]

Any idea?

Environment data

dotnet --info output:

.NET Command Line Tools (2.0.0-preview1-005977)

Product Information:
 Version:            2.0.0-preview1-005977
 Commit SHA-1 hash:  414cab8a0b

Runtime Environment:
 OS Name:     Mac OS X
 OS Version:  10.12
 OS Platform: Darwin
 RID:         osx.10.12-x64
 Base Path:   /usr/local/share/dotnet/sdk/2.0.0-preview1-005977/

Microsoft .NET Core Shared Framework Host

  Version  : 2.0.0-preview1-002111-00
  Build    : 1ff021936263d492539399688f46fd3827169983

@Jonathan34 Jonathan34 changed the title from Error signing output with public key from file 'wol.snk' -- Assembly signing not support to Error signing output with public key from file 'x.snk' -- Assembly signing not supported Jun 16, 2017

@Jonathan34

This comment has been minimized.

Jonathan34 commented Jun 19, 2017

This may be better reported in dotnet/sdk. not sure.
@nguerrera @natidea @MattGertz

@livarcocc

This comment has been minimized.

Member

livarcocc commented Jun 20, 2017

This is strange. We do this ourselves all the time with our assemblies in the CLI repo: https://github.com/dotnet/cli/blob/release/2.0.0/src/dotnet/dotnet.csproj#L8-L10.

Would it be possible for you to share a repro repo with us? Though, I see that this happens only on non-windows. if that's the case, you are probably missing this:
<PublicSign Condition=" '$(OS)' != 'Windows_NT' ">true</PublicSign>
Can you try that out and let us know?

@nguerrera

This comment has been minimized.

Member

nguerrera commented Jun 20, 2017

Support for full signing on non-Windows in Roslyn is tracked by dotnet/roslyn#8210

@Jonathan34

This comment has been minimized.

Jonathan34 commented Jun 20, 2017

@livarcocc if i set the publicSign it says:
CSC : error CS8102: Public signing was specified and requires a public key, but no public key was specified. [/proj/projA.csproj]

Unfortunately, I can only provide the csproj file, so i am not sure it will be a big help.

@Jonathan34

This comment has been minimized.

Jonathan34 commented Jun 20, 2017

@livarcocc my bad, the public sign does the trick. I had kept the signassenbly to false so setting it to true works fine:

<SignAssembly>true</SignAssembly>
<AssemblyOriginatorKeyFile>key.snk</AssemblyOriginatorKeyFile>
<PublicSign Condition=" '$(OS)' != 'Windows_NT' ">true</PublicSign>

could you please explain what will this PublicSign does? (or does not do)

@livarcocc

This comment has been minimized.

Member

livarcocc commented Jun 20, 2017

Awesome. Glad it worked. Closing this for now. if anything else comes up, just re-activate.

@livarcocc livarcocc closed this Jun 20, 2017

@Jonathan34

This comment has been minimized.

Jonathan34 commented Jun 21, 2017

@livarcocc yes no problem, do you mind explaining what this PublicSign does (or does not do)?
Is the resulting signing of the assembly different? What are the implications of signing in a non windows environment?

thanks

@nguerrera

This comment has been minimized.

Member

nguerrera commented Jun 21, 2017

@Jonathan34 Excellent question. There are consequences. Public signing is like delay signing: only the public key is needed and the binary is not actually signed with the private key. The only difference is a bit in the PE that allows most scenarios to run without registering for skip verification. However, since the binary is not actually fully signed, it cannot be installed to the GAC, cannot be used with shadow copying, and cannot be loaded in a partial trust context on full framework.

See https://github.com/dotnet/corefx/blob/master/Documentation/project-docs/public-signing.md

There are plans to support full signing on non-Windows (dotnet/roslyn#8210), but the work has not been completed.

4creators added a commit to DjvuNet/DjvuNet that referenced this issue Sep 21, 2017

@gregdegruy

This comment has been minimized.

gregdegruy commented Oct 10, 2017

GAC is the Global Assembly Cache for those who may not know.

seanksullivan added a commit to seanksullivan/Wemo.net that referenced this issue Mar 13, 2018

Manually added a PublicSign and condition to the csproj files, to ena…
…ble VSTS build to succeed, else it fails with 'PFX signing not supported on .NET Core', per: dotnet/cli#6911.  Note, PFX signing is successful locally with VS2017, but unseccessful via VSTS netcore build; .NetCore projects are still very frail.

Mackiovello added a commit to Starcounter/Starcounter.ErrorCodes that referenced this issue Apr 13, 2018

kruglik-alexey added a commit to kruglik-alexey/Tp.Core.Functional that referenced this issue May 1, 2018

@ndrwrbgs ndrwrbgs referenced this issue Aug 6, 2018

Merged

Add Strong name #48

6bee added a commit to 6bee/aqua-core that referenced this issue Oct 22, 2018

6bee added a commit to 6bee/aqua-core that referenced this issue Oct 22, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment