Skip to content

trusted-signing-action / SignTool output is too verbose #68

Description

@bgrainger

Here's sample output from using trusted-signing-action to sign two DLLs:

Signing SignTool file batch 1 of 1.
	Executing signtool.exe: C:\Users\ContainerAdministrator\AppData\Local\TrustedSigning\Microsoft.Windows.SDK.BuildTools\Microsoft.Windows.SDK.BuildTools.10.0.22621.3233\bin\10.0.22621.0\x64\signtool.exe sign /v /debug /fd SHA256 /tr http://timestamp.acs.microsoft.com /td SHA256 /dlib "C:\Users\ContainerAdministrator\AppData\Local\TrustedSigning\Microsoft.Trusted.Signing.Client\Microsoft.Trusted.Signing.Client.1.0.53\bin\x64\Azure.CodeSigning.Dlib.dll" /dmdf "C:\Users\ContainerAdministrator\AppData\Local\TrustedSigning\Microsoft.Trusted.Signing.Client\Microsoft.Trusted.Signing.Client.1.0.53\bin\x64\metadata.json" "C:\actions-runner\_work\1.dll" "C:\actions-runner\_work\2.dll"

Trusted Signing

Version: 1.0.53

"Metadata": {
  "Endpoint": "https://wus2.codesigning.azure.net/",
  "CodeSigningAccountName": "REDACTED",
  "CertificateProfileName": "REDACTED",
  "ExcludeCredentials": [
    "EnvironmentCredential",
    "WorkloadIdentityCredential",
    "ManagedIdentityCredential",
    "SharedTokenCacheCredential",
    "VisualStudioCredential",
    "VisualStudioCodeCredential",
    "AzurePowerShellCredential",
    "AzureDeveloperCliCredential",
    "InteractiveBrowserCredential"
  ]
}

Submitting digest for signing...

OperationId 44339b37-7fae-4dc7-baad-8440f650a44a: InProgress

Signing completed with status 'Succeeded' in 1.7856174s


Trusted Signing

Version: 1.0.53

"Metadata": {
  "Endpoint": "https://wus2.codesigning.azure.net/",
  "CodeSigningAccountName": "REDACTED",
  "CertificateProfileName": "REDACTED",
  "ExcludeCredentials": [
    "EnvironmentCredential",
    "WorkloadIdentityCredential",
    "ManagedIdentityCredential",
    "SharedTokenCacheCredential",
    "VisualStudioCredential",
    "VisualStudioCodeCredential",
    "AzurePowerShellCredential",
    "AzureDeveloperCliCredential",
    "InteractiveBrowserCredential"
  ]
}

Submitting digest for signing...

OperationId 7f2d2fc7-9b3a-4043-9155-6f7b97572b2d: InProgress

Signing completed with status 'Succeeded' in 2.0597305s

Successfully signed: C:\actions-runner\_work\1.dll

Successfully signed: C:\actions-runner\_work\2.dll


Number of files successfully Signed: 2

Number of warnings: 0

Number of errors: 0


Trusted Signing completed successfully
Trusted Signing completed successfully

For each file to sign, it logs:

  • "Trusted Signing"
  • Version
  • Metadata (including all the excluded credentials)
  • "Submitting digest"
  • Operation ID
  • Success

I think most (if not all) of this could be omitted. On a build with more than a few DLLs, this output runs into thousands of lines (most of them redundant). I'd be happy with just "Signing completed with status 'X' in Ys" for each file/batch.

I dropped down to using SignTool directly and omitting the /v /debug (verbose and debug) flags, but it made no difference.

Metadata

Metadata

Assignees

Labels

enhancementNew feature or request

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions