Sign windows service with code signing certificate

(tritrancs) #1

Hi,

We are using Octopack nuget packet to package/deploy a windows service with Teamcity.
Now we want to sign the executable (using codesign.exe) with our code certificate before deploy.
We don’t want to sign it at the tentacle (which requires to include the codesign.exe and the certificate file in the package) and prefer to sign the files at the build agents before creating the nuget package.
Please advise on how to achieve this.

Thanks and regards,
Tri

(Shawn Sesna) #3

Greetings Tri, thanks for reaching out! You might be able to accomplish this with a Post-Build Event as described here, https://octopus.com/docs/packaging-applications/create-packages/octopack/octopack-to-include-buildevent-files.

Another method that you could do is to remove the OctoPack NuGet reference and install the TeamCity Octopus plug-in (https://plugins.jetbrains.com/plugin/9038-octopus-deploy-integration). This will allow you to separate the build, package, and push operations into distinct tasks in the build process. This way, you could insert a task after build, but before package that would sign your code.

Hope this helps!

(tritrancs) #4

Thanks for getting back.
I’ve go with the method that use the pack step instead of OctoPack package. Will get back to you if I have more questions on this.

(Shawn Sesna) #5

Excellent!