Manifest generation and DLL signature not working when building with MSBuild

Add-in Express™ Support Service
That's what is more important than anything else

Manifest generation and DLL signature not working when building with MSBuild
Fabio Resner

Posts: 1
Joined: 2016-04-18
Dear Add-in Express team,

We???re trying to automate the build of our application. This involves compiling the add-on using MSBuild.exe instead of compiling it from within Visual Studio. However, we???ve noticed that both the manifest and the project output are not being digitally signed when the project is compiled with MSBuild, as opposed to what happens when compiling from within Visual Studio. In fact, the manifest is strangely being generated with a wrong hash of the project output DLL (we have substituted the angle brackets by brackets below so as to avoid any problems with the forum engine):

[assemblyIdentity name="Lacuna.WebPKI.WebPKIforIE, PublicKeyToken=1e2b6bc06969f7bf" hash="D4B8FA6A15BD71C7EAE91807DF0552B0" id="Lacuna.WebPKI.WebPKIforIE" /]

The MD5 hash of the DLL is actually different:

PS C:\] Get-FileHash "C:\Program Files (x86)\Lacuna Software\Web PKI for Internet Explorer\Lacuna.WebPKI.WebPKIforIE.dll" -Algorithm md5

Algorithm Hash Path
--------- ---- ----
MD5 6DA3D1A2A41DC05EDE46982D0B5AC55F C:\Program Files (x86)\Lacuna...

And the DLL is indeed not digitally signed:

C:\]"C:\Program Files (x86)\Windows Kits\10\bin\x86\signtool.exe" verify /pa /v "C:\Program Files (x86)\Lacuna Software\Web PKI for Internet Explorer\Lacuna.WebPKI.WebPKIforIE.dll"

Verifying: C:\Program Files (x86)\Lacuna Software\Web PKI for Internet Explorer\Lacuna.WebPKI.WebPKIforIE.dll
SignTool Error: No signature found.

Number of files successfully Verified: 0
Number of warnings: 0
Number of errors: 1

(the adxloader.dll and adxloader64.dll files are actually correctly signed with our codesign, so no problem there)

This causes the add-on to simply not work after being installed. Our icon on the Tools toolbar is shown, but nothing happens upon clicking it. I guess adxloader is verifying the manifest and, upon determining that the hash of the project DLL in the manifest does not match the hash of the actual DLL, concludes that the DLL is corrupt and simply aborts execution (a log somewhere would be nice, by the way).

We have managed to manually sign the DLL using signtool.exe and correct the manifest manually by altering the assemblyIdentity element with the correct DLL hash (after signature) and digitally signing the XML using a custom XmlDSig tool. After doing that, the add-on works. Hence our conclusion that the problem is the lack of signature in the project DLL and the incorrect generation of the manifest.

We noticed that in the Add-in Express installation folder there are command line tools that seem to do tasks related to code signature (adxpatch.exe and adxpublisher.exe), but we haven???t managed to figure out the exact syntax. If you could provide us the syntax, we can work an extra step in our build process (the build process is not solely a call to MSBuild but a bigger procedure done with the Grunt tool). Or perhaps there???s a way to make MSBuild itself invoke the signature/manifest generation, just like when building from within Visual Studio?

Products and versions being used:
- MSBuild version 14.0
- Visual Studio 2015 update 1
- Add-in Express for Internet Explorer and .NET Standard version 9.3.6125 (downloaded on april 11th)

We thank you in advance for your attention.
Posted 18 Apr, 2016 07:53:05 Top
Sergey Grischenko

Add-in Express team

Posts: 7233
Joined: 2004-07-05
Hi Fabio,

Please use adxpatch.exe tool to sign the adxloader.dll.manifest. To learn about command line parameters you can execute the following command line: adxpatch.exe /?

The command line below signs the loader and manifest files:
adxpatch.exe /Sign="<adxloader.dll.manifest file path>" /CertificateFile="<cert file path>" /CertificatePassword="<cert password>"

Note: the manifest file, adxloader.dll and adxloader64.dll files should be located in the same folder.
Posted 19 Apr, 2016 05:50:11 Top