dll signing not triggered when using devenv.com which leads to failed register with Outlook

Add-in Express™ Support Service
That's what is more important than anything else

dll signing not triggered when using devenv.com which leads to failed register with Outlook
 
Horatiu Muresan




Posts: 26
Joined: 2016-04-28
Hi,

I'm signing my add-in dll with a trusted certificate (from the project's Addin Express-> Signing options menu).

When building my solution from Visual studio, I can see:
ADXAddIn8x8 -> Sign ADXAddIn8x8.dll... Success
ADXAddIn8x8 -> Sign adxloader.dll.manifest... Success

When building the same solution from a command line with devenv.com :
C:\Work\VirtualMeetingOutlookPlugin\ADX\sources>devenv.com ADXAddIn8x8.sln /Rebuild "Release|Any CPU"
I don't see the 2 Success Sign confirmation lines shown when building with VS and my adxloader.dll.manifest file does not get updated(the signing seems to have some timestamp info as well, as I'm always getting an edit on the manifest file after a VS build)
This results in Outlook crashing when attempting to register the add-in, and I get the error:
15:41:43:776 1380 5284 Hash verification failed
in adxloader.log.

Do you know why the command line build fails to sign it? The dll signing is 100% dependant of the VS IDE? Can you suggest a post-build event for signing the dll instead of doing it from the Addin Express-> Signing options menu? (that will probably guarantee the signing even when build with devenv.com)

Thank you.

Regards from Romania(GMT+2),
Horatiu
Posted 07 Feb, 2017 10:02:00 Top
Andrei Smolin


Add-in Express team


Posts: 14129
Joined: 2006-05-11
Hello Horatiu,

Horatiu Muresan writes:
When building the same solution from a command line with devenv.com :


You need to use signtool.exe in this case.

Regards from Belarus (GMT+3),

Andrei Smolin
Add-in Express Team Leader
Posted 08 Feb, 2017 05:05:36 Top
Horatiu Muresan




Posts: 26
Joined: 2016-04-28
Hello Andrei,

signtool.exe as a post-build event solves my dll signing problem.

A couple more questions:
1. I see the adxloader.dll.manifest file got signed too. Is there a post build event alternative for it as well? Signtool does not work in this case.
2. Signing the adxloader.dll and adxloader64.dll is mandatory?

Thank you for the quick reply and for the constructive suggestion.

Regards from Romania (GMT+2),
Horatiu Muresan
Posted 08 Feb, 2017 05:58:39 Top
Andrei Smolin


Add-in Express team


Posts: 14129
Joined: 2006-05-11
Hello Horatiu,

1. {Add-in Express installation folder}\Bin\adxPatch.exe /?
2. Signing isn't mandatory. By signing a file, you create an independent confirmation that the file is actually signed by the certificate holder, not by anyone else.

Regards from Belarus (GMT+3),

Andrei Smolin
Add-in Express Team Leader
Posted 08 Feb, 2017 08:26:56 Top
Horatiu Muresan




Posts: 26
Joined: 2016-04-28
Thank you Andrei,

Signing the manifest file using adxPatch.exe seems to trigger signing of all the needed assemblies (adxloader.dll, adxloader64.dll, <add-in-assembly>.dll) which is ok.

As a side-note, /SHA256=True switch fails unless /SHA1=False is explicitly set.

Thanks again.

Regards from Romania(GMT+2),
Horatiu Muresan
Posted 08 Feb, 2017 10:45:21 Top
Andrei Smolin


Add-in Express team


Posts: 14129
Joined: 2006-05-11
Hello Horatiu,

This may be expected. As far as I know this should depend on the windows version that you use. You should see the same situation in the Publish Dialog. In my windows 10, the dialog allows me to choose both SHA1 and SHA256. As far as I remember on windows 7 I was unable to choose both of them simultaneously.

Regards from Belarus (GMT+3),

Andrei Smolin
Add-in Express Team Leader
Posted 08 Feb, 2017 11:13:34 Top