I am attempting to use a post build event to sign a compiled console application using signtool. This is happening after the fact of setting up the solution and projects. Obviously, it isn't going well since I'm posting a question here. I'm using an environment variable that contains the full path to the signtool.exe. The build log has the following response:
%SIGNTOOL% sign /n “RTI International (Research Triangle Institute Inc)” /sm /tr http://timestamp.entrust.net/rfc3161ts2 /fd sha256 /td sha256 C:\Users\tlillys\Documents\GitHub\minteqa2\src\MINTEQA2\minteqa2\Debug\minteqa2.exe SignTool Error: No file digest algorithm specified. Please specify the digest algorithm with the /fd flag. Using /fd SHA256 is recommended and more secure than SHA1. Calling signtool with /fd sha1 is equivalent to the previous behavior. In order to select the hash algorithm used in the signing certificate's signature, use the /fd certHash option. Project : error PRJ0019: A tool returned an error code from "Signtool"
IT folks here have asked if there are any compiler options/settings that relate to the "digest algorithm". I haven't seen any as I browse through.
Are there options when setting up a new project/solution that pertain to digest algorithms?
Win 10 box with
Microsoft Visual Studio Professional 2017
Microsoft .NET Framework
Installed Version: Professional
Intel® Fortran Compiler Package ID: w_oneAPI_2021.3.0.306
Intel® Fortran Compiler – toolkit version: 2021.3.0, extension version 19.2.0062.15, Package ID: w_oneAPI_2021.3.0.306, Copyright © 2002-2021 Intel Corporation. All rights reserved.
* Other names and brands may be claimed as the property of others.
There is absolutely nothing in the compiler relevant to this. I would expect you to put the signing command in a "Post-Build Event". Note that host process environment variables aren't passed into the event process, but it looks to me as if you have inadequately specified the command for the signing tool.
Thanks Steve. I didn't think there would be an option.
What's curious is that the response using the environment variable gives the impression that the signtool.exe was called and responded that the arguments provided were not sufficient, as you observed. If I replace the environment variable with the quoted path to the signtool.exe, the error indicates that the replacement string is not recognized. Once I added "call", I'm back where I started which is an issue with the /fd flag.
It would be interesting to see the build log after setting the VS option Tools > Options > Intel Compilers and Libraries > IFORT Intel Fortran Classic > General > Show Environment in Log > True. Zip buildlog.htm and attach it to a reply here. Also, I notice there are "fancy quotes" in your excerpt from the build log - are those actually in the command, or did you run this through Word first?
The solution was to put everything in a batch file that expected the full path to the target as an argument and call the batch file in the post build command.
%SIGNTOOL% sign /n "Company Name" /sm /tr http://timestamp.entrust.net/;aldskf;aoi /fd sha256 /td sha256 %1