sign icon indicating copy to clipboard operation
sign copied to clipboard

Published 20 hours ago verified publisher icon dotnet

Question: Why description and description URL arguments are mandatory?

Open SemyonL opened this issue 10 months ago • 1 comments

The tool requires two mandatory arguments:

-d, --description <description> (REQUIRED)             Description of the signing certificate.
-u, --description-url <description-url> (REQUIRED)     Description URL of the signing certificate.

However, signing tools like azuresigntool, nuget sign, signtool do not require these arguments as mandatory. What's the reasoning of making those arguments required?

SemyonL avatar Oct 05 '23 19:10 SemyonL

These arguments are used for Authenticode and ClickOnce signing. If you aren't doing Authenticode or ClickOnce signing, it does seem weird for Sign CLI to require arguments anyway. The current problem is that Sign CLI doesn't know at the time of argument parsing if it will be doing Authenticode or ClickOnce signing. A signing operation could fail if these values were required but not supplied.

We should look into how to make this better. Ideas include:

  • renaming the options (e.g.: --authenticode-description) and making them optional
  • introducing a --dry-run option to see if a signing operation would require these options without actually signing
  • defaulting these options to zero-length strings

dtivel avatar Nov 28 '23 18:11 dtivel