Reputation: 8308
Post-Build Events Output Path for Projects and Deployment Project
I am working on a program that needs to have each exe signed before being packaged in the MSI deployment project. I've tried using VS2010's Signing tools ("Sign the Assembly"), but the key file doesn't seem to like VS2010. VS doesn't ask for a password or any of that and doesn't sign the exe's. So, I've been running the sign tool via post-build command line.
Before we get too involved, we should take a look at the current structure of the application (I don't have control over this. I'm just making the updater and trying to test packaging):
- parent folder
- Main EXE Project Folder
- Updater EXE Project Folder
- Service Project Folder
- Installer Settings (uninstall processes, etc) Project Folder
- Deployment Project Folder
- Signing Files Folder
I read somewhere that the deployment project generates the exe in a different folder (obj/x86/Release/app.exe instead of bin/Release).
My current method of ensuring I sign the file is by hardcoding paths like this:
"..\..\..\..\SigningFolder\signtool" sign /f "..\..\..\..\SigningFolder\myKeyFile.p12" /p mypassword /t http://somecertsite.com "..\..\..\..\Updater\Updater\obj\x86\Release\Updater.exe"
"..\..\..\..\SigningFolder\signtool" sign /f "..\..\..\..\SigningFolder\myKeyFile.p12" /p mypassword /t http://somecertsite.com "..\..\..\..\Updater\Updater\bin\Release\Updater.exe"
This makes my eyes bleed. (This happens for each EXE and after the MSI is built, I sign the MSI as well.
So, my question:
- Is there a way to target the absolute output of the path? If I use
$(OutDir), it points tobin\Releasewhen compiling via the deployment project. (Or generally... Is there a better way to do this?)
Upvotes: 3
Views: 4959
Answers (1)
Reputation: 380
My method is to add the following line in my deployment project PostBuildEvent property (assuming I need to use a certificate stored on a smart card (/a option) and that the signtool path can't be determined via environment variables):
call "C:\Program Files (x86)\Windows Kits\8.0\bin\x86\signtool.exe" sign /a /d "$(SolutionName)" /q "$(BuiltOuputPath)"
This will sign the generated MSI, but not the enclosed EXE files. For this, I also add the following lines in the Post-build event of my C# projects (Project > Properties > Build Events):
call "C:\Program Files (x86)\Windows Kits\8.0\bin\x86\signtool.exe" sign /a /d "$(SolutionName)" /q "$(TargetDir)$(TargetFileName)" "$(ProjectDir)obj\$(ConfigurationName)\$(TargetFileName)"
Doing so will sign after a successfull build:
- The EXE file builded from my C# project (under
bindirectory) - The EXE file used by my deployment project as "Primary output" (under
objdirectory) - And finally the MSI package
Then, at the end, I don't have any executable file unsigned which is what I was looking for :)
Upvotes: 4
Related Questions
- VS Post Build Event
- How to get the dynamic path of solution directory in post-build event of Visual Studio
- How to configure post-build events for setup/deployment projects in Visual Studio
- Visual Studio Pre-build Event/Post-build Events Working Directory
- VisualStudion 2012: Post build Events
- Visual Studio WPF Project build Output path
- Output path for build in visual studio 2010
- Where should code signing be placed in the build/publish process?
- C# project additional output path
- VS .Net: Post build events for "Primary Output from <myProject>" in installer project