Automatically calling signature verification disabling as part of build for delay signed assemblies

  • Article

I authored this neat but overkilled build target for Visual Studio 2012 to automatically disable signature verification on the output of projects as part of a build step:

 

<?xml version="1.0" encoding="utf-8"?>
<Project xmlns="https://schemas.microsoft.com/developer/msbuild/2003">
 
  <!-- Turn off assembly signature verification when needed, so delay sign assemblies do not fail to load in dev unit test environment -->
  <Target Name="PostBuildDisableSignatureVerification" AfterTargets="AfterBuild">
    <Message Text="TRACE: Beginning PostBuildDisableSignatureVerification..." Condition="'$(EnableTracing)' == 'true'" Importance="high" />

    <!-- The tool we need to turn off signature verification is under the Microsoft SDK folder -->
    <GetFrameworkSdkPath>
      <Output
          TaskParameter="Path"
          PropertyName="SdkPath" />
    </GetFrameworkSdkPath>

    <!-- We need to exclude the file types that cannot be signed -->
    <ItemGroup>
      <ExtensionsExcluded Include="xml;xap;config;lastcodeanalysissucceeded;pdb;manifest;UnitTest.dll" />
    </ItemGroup>

    <!-- Because the property is scalar (i.e. represents multiple values) we need to do batching and transformation to exclude given values -->
    <CreateItem  Include="$(TargetDir)**\$(TargetName).*"
          Exclude="@(ExtensionsExcluded->'$(TargetDir)**\$(TargetName)*%(identity)')">
      <Output TaskParameter="Include" ItemName="CandidatesToSign"/>
    </CreateItem>
    <Message Text="CandidatesToSign: @(CandidatesToSign)" Condition="'$(EnableTracing)' == 'true'" Importance="high" />

    <!-- We need to run the tool twice, once for x86 and once for x64 -->
    <Exec Command="&quot;$(SdkPath)bin\NETFX 4.0 Tools\x64\sn.exe&quot; -Vr %(CandidatesToSign.Identity)" />
    <Exec Command="&quot;$(SdkPath)bin\NETFX 4.0 Tools\sn.exe&quot; -Vr %(CandidatesToSign.Identity)" />
    <Message Text="INFO: Signature verification disabled for assemblies of project '$(MSBuildProjectFile)'." Importance="high" />
  </Target>

</Project>

 

This can actually be simplified by passing the public part of the signature key as *,<public key> to designate all assemblies signed with this public key. It is then no longer necessary to build the candidates to sign or the extensions to exclude. Also the target needs then only to be executed once per solution instead of once for each project of the solution.