AzureTrustedSignTool 1.2.2

dotnet tool install --global AzureTrustedSignTool --version 1.2.2                
This package contains a .NET tool you can call from the shell/command line.
dotnet new tool-manifest # if you are setting up this repo
dotnet tool install --local AzureTrustedSignTool --version 1.2.2                
This package contains a .NET tool you can call from the shell/command line.
#tool dotnet:?package=AzureTrustedSignTool&version=1.2.2                
nuke :add-package AzureTrustedSignTool --version 1.2.2                

====================

This wrapper use used for Signing files using either sign tool or dotnet sign tool depending on the extension

Installation Make sure these are available on the machine dotnet tool install --global AzureTrustedSignTool dotnet tool install Knapcode.CertificateExtractor --global dotnet tool install --global sign --prerelease

Additionally ensure that Windows SDK version 10.0.22621.0 or higher is available in the machine. And if you are signing locally with your own Azure account, make sure you have https://aka.ms/installazurecliwindowsx64 installed and you are logged in in the computer with "az login"

Usage AzureTrustedSignTool.exe sign --help AzureTrustedSignTool 1.0.0+9e0607678984d0120d21b83ed90e4d8748d1764d Copyright (C) 2024 AzureTrustedSignTool

-f, --folder Folder to check

-g, --file File to Sign

-s, --searchpattern (Default: ) Search Pattern - if empty it will search for the most common binary files. If empty, *.exe, *.dll, *.msi, *.nupkg, *.tsep, *.msix, *.vsix, *.appxbundle, *.appx

-t, --trustedendpoint (Default: https://neu.codesigning.azure.net) Metadata Json file

-a, --accountname Account Name [Required]

-p, --profilename Profile Name [Required]

-i, --correlationid (Default: LocalSigning) Control Id

-e, --signtoolexe (Default: C:\Program Files (x86)\Windows Kits\10\bin\10.0.22621.0\x64\signtool.exe) Sign Tool Exe

-v, --verbose (Default: false) logs all messages

-e, --excludefilelist file containing a list of files that are not to be signed, each line is a regx. Example: System.*.dll

-i, --includefilelist file containing a list of files that should be signed only from the ones found in folder

--help Display this help screen.

--version Display version information. Choosing the Account and Signing profile These are required and can be set with --accountname --profilename

Additionally the account is currently in North Europe by default, that can also be modified by using --trustedendpoint

Authentication to Azure In order to use use the Azure service, you have 2 options.

Using your own account, you can use locally "az login" - after this if your account has the correct signing role in azure you will be able to sign files locally. All signatures will be audited to you. Using a azure service app - this is the preferable method for CI systems, like Bamboo, Github or Teamcity. After your admin has created a techincal application, he will provide the following data which needs to be set in your environment via Environment variables (this is mandatory)

set AZURE_TENANT_ID=YOUR TENANT ID - subscription id

set AZURE_CLIENT_ID= APP Registation ID - in microsfot intra

set AZURE_CLIENT_SECRET= app secret id generate for above appSign Tool configuration with trusted account

Product Compatible and additional computed target framework versions.
.NET net8.0 is compatible.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

This package has no dependencies.

Version Downloads Last updated
1.2.2 606 11/21/2024
1.2.1 142 11/19/2024
1.2.0 1,335 11/11/2024
1.1.0 3,201 10/6/2024
1.0.0 576 8/15/2024