The ProGet extensions integrates automatic NuGet package signing/strong naming into ProGet feeds via feed adapters.
The project uses and combines the of the excellent work of:
- Werner van Deventer described in his blog post ".NET Assembly Strong-Name Signer".
- Rory Plaire webhooks-sign-package
As the name implies, it signs packages after they are pushed to the feed.
See ProGet - Tutorial - Step 3
Adapter Configuration XML:
<ProGet.PackageSigning.Extension.NuGet.SignNuGetPackageAfterPushAdapter Assembly="ProGet.PackageSigning.Extension">
<Properties />
</ProGet.PackageSigning.Extension.NuGet.SignNuGetPackageAfterPushAdapter>
or
<ProGet.PackageSigning.Extension.NuGet.SignNuGetPackageAfterPushAdapter Assembly="ProGet.PackageSigning.Extension">
<Properties AdditionalKeyPaths="{optional comma separated list of path where custom [snk|pfx] key files are located}" AdditionalKeyPaths="{optional specify the default key to use}" />
</ProGet.PackageSigning.Extension.NuGet.SignNuGetPackageAfterPushAdapter>
As the name implies, it signs packages before they are downloaded from the feed.
See ProGet - Tutorial - Step 3
Adapter Configuration XML:
<ProGet.PackageSigning.Extension.NuGet.SignNuGetPackageBeforeDownloadAdapter Assembly="ProGet.PackageSigning.Extension">
<Properties />
</ProGet.PackageSigning.Extension.NuGet.SignNuGetPackageBeforeDownloadAdapter>
or
<ProGet.PackageSigning.Extension.NuGet.SignNuGetPackageBeforeDownloadAdapter Assembly="ProGet.PackageSigning.Extension">
<Properties AdditionalKeyPaths="{optional comma separated list of path where custom [snk|pfx] key files are located}" AdditionalKeyPaths="{optional specify the default key to use}" />
</ProGet.PackageSigning.Extension.NuGet.SignNuGetPackageBeforeDownloadAdapter>
ProGet doesn't seem to invoke the adapters reliable:
- PUSH
- via NuGet commandline: YES
- via Web upload from disk: NO
- via Bulk Import from disk: NO
- DOWNLOAD
- via NuGet install/pull: NO
- via Web frontend download: YES