Task/Context
I want to include ffmpeg executables (not dylib-s, but "exe") in my app bundle and run them via Process.Start(). The resulting app bundle should be able to pass apple notarization and review processes.
A typical solution is to add ffmpeg as a Content and sign it.
<Content Include="ffmpeg">
<CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
</Content>
Current NET SDK Implementation
By default, the .NET build pipeline won't sign ffmpeg, as it is just a file without an extension.
Current Implementation Customization Options
We have the following options to customize the signing process:
<CodesignBundle/> msbuild item group, which allows adding an application bundle (but not a ordinal executable) to the "to be signed" list. This works well if my helper application is an app bundle. Unfortunately, it does not work for ffmpeg, which is a single console executable.<SkipCodesignItems/> msbuild item group, which allows using pre-signed binaries (and not to break the signature during the build). This may be helpful for the binaries built by me, but not for the ready-to-use binary builds of the ffmpeg taken from the official ffmpeg site.- Fully custom logic like
<Exec Command="codesign" .../>. This works, but making it consistent with the project signing settings requires a lot of code and finally it is a little bit "code smell."
So, none of the existing options provides an easy-to-use and robust solution.
Proposal
Extend or rework the <CodesignBundle/> functionality to allow signing not only app bundles but also single executable files.
Note: such a binaries (e.g. ffmpeg) are often distributed as a bundles containing multiple executables (e.g. ffmpeg and ffprobe) as well as their dependencies (dylibs, etc). Therefore, the wildcards support (to be able to include the whole folder with all its content and, ideally, somehow filter out non-binary/non-signable files) will be more important in this scenario than in case when including app bundles.
Task/Context
I want to include
ffmpegexecutables (not dylib-s, but "exe") in my app bundle and run them viaProcess.Start(). The resulting app bundle should be able to pass apple notarization and review processes.A typical solution is to add
ffmpegas aContentand sign it.Current NET SDK Implementation
By default, the .NET build pipeline won't sign
ffmpeg, as it is just a file without an extension.Current Implementation Customization Options
We have the following options to customize the signing process:
<CodesignBundle/>msbuild item group, which allows adding an application bundle (but not a ordinal executable) to the "to be signed" list. This works well if my helper application is an app bundle. Unfortunately, it does not work forffmpeg, which is a single console executable.<SkipCodesignItems/>msbuild item group, which allows using pre-signed binaries (and not to break the signature during the build). This may be helpful for the binaries built by me, but not for the ready-to-use binary builds of theffmpegtaken from the official ffmpeg site.<Exec Command="codesign" .../>. This works, but making it consistent with the project signing settings requires a lot of code and finally it is a little bit "code smell."So, none of the existing options provides an easy-to-use and robust solution.
Proposal
Extend or rework the
<CodesignBundle/>functionality to allow signing not only app bundles but also single executable files.Note: such a binaries (e.g.
ffmpeg) are often distributed as a bundles containing multiple executables (e.g.ffmpegandffprobe) as well as their dependencies (dylibs, etc). Therefore, the wildcards support (to be able to include the whole folder with all its content and, ideally, somehow filter out non-binary/non-signable files) will be more important in this scenario than in case when including app bundles.