Code sign assemblies before Setup gets created

Question

I try to update our build-process so that it code sign all the assemblies and installers: 1) Build all the projects 2) Sign their outputs 3) Build installers (msi, with VS2010 Setup Projects) 4) Sign installers

The problem I have is, that in Step 3, the Installer-Project takes the primary output out of the obj-folder. But in step 2 I take the outputs of the MSBuild-Task, and they are in the bin folder. So I have an unsigned primary output in my msi.

The MSBuild-call:

<MSBuild Projects="%(SolutionFiles.FullPath)" ContinueOnError ="false" Properties="Configuration=$(BuildConfiguration)" Targets="Build">
        <Output TaskParameter="TargetOutputs" ItemName="AssembliesBuildByChildProjects"/>
    </MSBuild>

The signing works with a cmd-File:

<Exec 
        Command="&quot;$(SignPath)signcode.cmd&quot;  &quot;%(AssembliesBuildByChildProjects.Fullpath)&quot; /t"
        WorkingDirectory="$(SignPath)" />

Thanks

Answer 1

I found a solution for this, not nice - but could be worst :-)

I just sign all the output-files located in the obj-Folder also:

<ItemGroup>
        <PrimaryOut 
            Include="@(AssembliesBuildByChildProjects->'..\**\obj\**\%(FileName).%(Extension)')" />
    </ItemGroup>

    <Exec
        Command="&quot;$(SignPath)signcode.cmd&quot;  &quot;%(PrimaryOut.Fullpath)&quot; /t"
        WorkingDirectory="$(SignPath)" />
    <Exec 
        Command="&quot;$(SignPath)signcode.cmd&quot;  &quot;%(AssembliesBuildByChildProjects.Fullpath)&quot; /t"
        WorkingDirectory="$(SignPath)" />