-
Notifications
You must be signed in to change notification settings - Fork 8
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for signing ClickOnce manifests #25
Comments
hi @kauppine thanks for reaching out on requesting this integration. As of now, the team is still evaluating & discussing how to proceed with support for ClickOnce. |
I am currently evaluating the Trusted Siging service and it looks very promising. |
@kauppine For the case you missed it: dotnet Sign prereleased last week a version with support for Trusted Signing. |
For awareness, keep in mind that the even with the dotnet/sign integration working as expected, we still have some limitations on the way that clickonce handles trust by pinning to a certificate thumbprint. Given that trusted signing manages short lived keys, the experience could be subpar for users. |
@Jaxelr In which way could the experience be subpar for users? I have tested it now for some days. I have tested several situations.
So as for now I don't see problems for my scenario's. |
@JaapMosselman Thanks for notification! We were already using dotnet Sign, but had missed it. |
Whenever an update is performed, the certificate used for futures versions will be different, hence you will need to grant trust on each subsequent update, instead of it being seamlessly. This is because ClickOnce pins trust to the thumbprint instead of other relevant properties of the certificate (ekus, subject). Functionality wise, yes, it would work. Even timestamped, it will follow the same behavior. |
Ah, clear. So the difference is that on an update the user has now to press the Install button, while when the certificate is not changed, the update whould be installed fully automatically without user interaction. |
I can't speak for the team but personally I would, of course, prefer this experience would be seamless for everyone, allowing us the ability to leverage short lived keys while also maintaining our trust posture. On a more positive note, it's a good data point to understand that it is still usable in certain aspects. I'll also mention this to the team, since we've seen interest on having this formally supported as well. |
Currently, Azure Trusted Signing does not support signing ClickOnce manifests.
It would be a great improvement and increase the usability of the service, if it could be used to sign ClickOnce manifests in a similar manner as with dotnet Sign: https://github.com/dotnet/sign
The text was updated successfully, but these errors were encountered: