-
Notifications
You must be signed in to change notification settings - Fork 5
How To Sign
First off, you need access to a signing service. The signing service at https://api.outercurve.org is only available to Outercurve project leaders for signing Outercurve projects.
Files can be signed in one of two ways:
- Download and install Cmdlets from https://github.com/outercurve/SigningService/releases
- If this is your first time installing on this machine, open a Powershell console and run the following command:
[System.Environment]::SetEnvironmentVariable("PSMODULEPATH", [System.Environment]::GetEnvironmentVariable("PSMODULEPATH", "User") , "User"))
and then close that Powershell console. (This is due to Windows Explorer not updating path variables via an MSI install. Future versions of the Cmdlets will hopefully remove this step.)
###Signing Signing files requires a single Powershell cmdlet:
Set-OcfSignatureViaService path/to/filestosign -ServiceUrl <ServiceUrl> -Credential <Credential>
-
<ServiceUrl>
is the base signing service URL. In the case of Outercurve, the URL is https://api.outercurve.org. -
<Credential>
is a PSCredential object (created using theGet-Credential
cmdlet) containing your username and password - NOTE: You may pass in multiple or a single file to the
Set-OcfSignatureViaService
cmdlet. Works just as well either way
Examples:
- If you're only going to sign a files in a single command you could run in Powershell:
Set-OcfSignatureViaService path/to/filestosign -ServiceUrl <ServiceUrl> -Credential (Get-Credential)
When the command is run, your credentials will be requested in a popup window. This works well if you're only running Set-OcfSignatureViaService
once. On the other hand, you might not want to do that for multiple commands since you'll be asked for your credentials every time. In those cases you might want to put your credentials in a variable and pass that variable into each signing command:
$cert = Get-Credential #### requests your credential via a pop up window
Set-OcfSignatureViaService path/to/somefilestosign -ServiceUrl <ServiceUrl> -Credentials $cert
Set-OcfSignatureViaService path/to/someotherfilestosign -ServiceUrl <ServiceUrl> -Credentials $cert
###Strong-naming and Signing
If the file(s) to be signed are .Net Assemblies, the files can be strong-named and Authenticode signed by adding the -StrongName
switch to the cmdlet:
Set-OcfSignatureViaService path/to/filestosign -StrongName -ServiceUrl <ServiceUrl> -Credential <Credential>
#MSBuild ##How to install
- Download the the MSBuild tasks and unzip them into your project from https://outercurveapi.blob.core.windows.net/downloads/Outercurve.MSBuildTasks.zip
##How to use
There are only a few steps to using the MSBuild task to sign a project.
First you need to import the Outercurve.MSBuildTasks.targets into you project file (or script). You'll probably want something like this:
<Import Project="$(MSBuildThisFileDirectory)\relativePathFrom\projectFileTo\Outercurve.MSBuildTasks.targets"/>
This adds the SetCodeSignatureViaService target to the end of your build process. The SetCodeSignatureVia Service target has a number of properties which can be set in your MSBuild file.
-
SignConfig
- the MSBuild configuration you want to run SetCodeSignatureViaService on
Default: Release -
SignStrongName
- whether the input file(s) should be strong named. NOTE: if this is true any of the input files are not delay-signed .NET assemblies, the SetSignatureViaService target will throw an error
Default: false -
SignContinueOnError
- whether the build process should be stopped on an error
Default: false -
SignOutputDir
- the output directory for the signed files NOTE: currently doesn't work
Default: $(TargetDir) -
SignServiceUrl
- the url to the signing service. In the case of Outercurve signing, this is https://api.outercurve.org
Default: None, unless this has been saved to the registry using theSet-OcfDefaultRemoteService
cmdlet -
SignUserName
- the username on the signing service
Default: None, unless this has been saved to the registry using theSet-OcfDefaultRemoteService
cmdlet -
SignPassword
- the password on the signing service
Default: None, unless this has been saved to the registry using theSet-OcfDefaultRemoteService
cmdlet
The input files to SetSignatureViaService are set using MSBuild items. This sole item works as follows:
-
@(SignInputAssembly)
- the containing the path to the files to be signed.
Default: $(TargetPath)