The above could have been easy and straightforward if there weren’t for, what I call, design errors in the building and publish process.
My first thought was that I could just add a post-build event, calling a command line protecting the applications/dll’s then just copy them back to the output folder. I was thinking that the “Publish” feature would use this output folder.
That weren’t the case unfortunately.
The Publish feature seems to store the built exe’s in memory or in a temporary location. Then it will overwrite anything in the output folder. So, your recently protected items will be overwritten. Then, after this, all signing and publishing magic will occur.
As my original approach did not work I had to do this manually:
1. I need to publish first (which builds).
2. Then protect the files
3. Copy the protected files over the build version folder
4. Update the application.manifest file (so that new hashes are createad for each file)
5. Re-sign the manifest file
6. Update the ApplicationName.Application file so it hashes the new manifest file
7. Re-sign the *.Application file
To work with the files we use the manifest tool mage.exe. I am not sure if the version for Visual Studio 2008 has all functionality so I downloaded the RC for VS2010. I run all commands to the VS2010 command prompt.
We don’t want to create new manifest files as that would reset other stuff you may enter within the Publish designer (and may not exist as option in mage.exe).
Here is a rough script how I did it:
REM http://msdn.microsoft.com/en-us/library/ms165431.aspx
REM http://msdn.microsoft.com/en-us/library/acz3y3te%28VS.100%29.aspx
REM msbuild /target:publish /property:BootstrapperEnabled=true
REM Protect files
"C:\Program Files (x86)\Eziriz\.NET Reactor\dotNET_Reactor.exe" -project c:\sourcefiles\Reactor\AnyConnect.nrproj
REM Copy protected files
copy C:\sourcefiles\code\AnyConnect\bin\Release\protected\*.dll "C:\sourcefiles\code\AnyConnect\bin\Release\app.publish\Application Files\AnyConnect_1_2_0_0\"
copy C:\sourcefiles\code\AnyConnect\bin\Release\protected\*.exe "C:\sourcefiles\code\AnyConnect\bin\Release\app.publish\Application Files\AnyConnect_1_2_0_0\"
REM update hash files and sign
cd "C:\sourcefiles\code\AnyConnect\bin\Release\app.publish\Application Files\AnyConnect_1_2_0_0\"
mage -Update AnyConnect.exe.manifest
mage -Sign AnyConnect.exe.manifest -CertFile c:\sourcefiles\sign\netcart.pfx -Password myPassword
REM update application file
cd "C:\sourcefiles\code\AnyConnect\bin\Release\app.publish\
mage -Update AnyConnect.application -AppManifest "Application Files\AnyConnect_1_2_0_0\AnyConnect.exe.manifest"
mage -Sign AnyConnect.application -CertFile c:\sourcefiles\sign\netcart.pfx -Password myPassword
You can improve this a lot so you don’t have to update version number and maybe even build the project but right now this works for me.
Remember when uploading the project to upload both the version folder and the *.application file.