Error signing output with public key from file 'x.snk' -- Assembly signing not supported

[Jonathan34]

I am moving a .net full project to .net standard 2.0 with a.netcore 2.0 unit test projects.
They both use a snk to strongly sign the binaries.

<SignAssembly>True</SignAssembly><AssemblyOriginatorKeyFile>wol.snk</AssemblyOriginatorKeyFile>

When building the .net standard 2.0 project, i get:

CSC : error CS7027: Error signing output with public key from file 'wol.snk' -- Assembly signing not supported. [.../Source/proj/projA/projA.csproj]

Any idea?

Environment data

dotnet --info output:

.NET Command Line Tools (2.0.0-preview1-005977)

Product Information:
 Version:            2.0.0-preview1-005977
 Commit SHA-1 hash:  414cab8a0b

Runtime Environment:
 OS Name:     Mac OS X
 OS Version:  10.12
 OS Platform: Darwin
 RID:         osx.10.12-x64
 Base Path:   /usr/local/share/dotnet/sdk/2.0.0-preview1-005977/

Microsoft .NET Core Shared Framework Host

  Version  : 2.0.0-preview1-002111-00
  Build    : 1ff021936263d492539399688f46fd3827169983

[Jonathan34]

This may be better reported in dotnet/sdk. not sure.
@nguerrera @natidea @MattGertz

[livarcocc]

This is strange. We do this ourselves all the time with our assemblies in the CLI repo: https://github.com/dotnet/cli/blob/release/2.0.0/src/dotnet/dotnet.csproj#L8-L10.

Would it be possible for you to share a repro repo with us? Though, I see that this happens only on non-windows. if that's the case, you are probably missing this:
<PublicSign Condition=" '$(OS)' != 'Windows_NT' ">true</PublicSign>
Can you try that out and let us know?

[nguerrera]

Support for full signing on non-Windows in Roslyn is tracked by dotnet/roslyn#8210

[Jonathan34]

@livarcocc if i set the publicSign it says:
CSC : error CS8102: Public signing was specified and requires a public key, but no public key was specified. [/proj/projA.csproj]

Unfortunately, I can only provide the csproj file, so i am not sure it will be a big help.

[Jonathan34]

@livarcocc my bad, the public sign does the trick. I had kept the signassenbly to false so setting it to true works fine:

<SignAssembly>true</SignAssembly>
<AssemblyOriginatorKeyFile>key.snk</AssemblyOriginatorKeyFile>
<PublicSign Condition=" '$(OS)' != 'Windows_NT' ">true</PublicSign>

could you please explain what will this PublicSign does? (or does not do)

[livarcocc]

Awesome. Glad it worked. Closing this for now. if anything else comes up, just re-activate.

[Jonathan34]

@livarcocc yes no problem, do you mind explaining what this PublicSign does (or does not do)?
Is the resulting signing of the assembly different? What are the implications of signing in a non windows environment?

thanks

[nguerrera]

@Jonathan34 Excellent question. There are consequences. Public signing is like delay signing: only the public key is needed and the binary is not actually signed with the private key. The only difference is a bit in the PE that allows most scenarios to run without registering for skip verification. However, since the binary is not actually fully signed, it cannot be installed to the GAC, cannot be used with shadow copying, and cannot be loaded in a partial trust context on full framework.

See https://github.com/dotnet/corefx/blob/master/Documentation/project-docs/public-signing.md

There are plans to support full signing on non-Windows (dotnet/roslyn#8210), but the work has not been completed.

[ugreg]

GAC is the Global Assembly Cache for those who may not know.

[RehanSaeed]

Since dotnet/roslyn#8210 is now completed, I assume this works now?