There have been asks by other teams outside of .NET to enable the type of recursive signing that we do in non-Arcade scenarios. This might include 'native' AzDO tasks that are used by teams for signing, OneBranch, etc. Exporting SignTool stock is not an option. The tool is far too .NET centric and also not well tested enough to have anyone iterating on it. It needs a major refactor before it will be usable by other teams.
The goal of this epic is to extract the core of the recursive signing algorithm into a new library that will be usable by non-.NET teams. This library could be integrated into 1ES, OneBranch, or ESRP tooling. The library needs to have the following characteristics:
.NET's SignTool would then be refactored to use this library. It would become a relatively small shell with the following:
- MSBuild task implementation
- MicroBuild integration.
- Implementations for archive types that are not part of the initial library set.
- (If required) .NET specific cert calculation. Ideally, however, .NET's current cert calculation is generic enough to be the default implementation.
There have been asks by other teams outside of .NET to enable the type of recursive signing that we do in non-Arcade scenarios. This might include 'native' AzDO tasks that are used by teams for signing, OneBranch, etc. Exporting SignTool stock is not an option. The tool is far too .NET centric and also not well tested enough to have anyone iterating on it. It needs a major refactor before it will be usable by other teams.
The goal of this epic is to extract the core of the recursive signing algorithm into a new library that will be usable by non-.NET teams. This library could be integrated into 1ES, OneBranch, or ESRP tooling. The library needs to have the following characteristics:
.NET's SignTool would then be refactored to use this library. It would become a relatively small shell with the following: