Here's sample output from using trusted-signing-action to sign two DLLs:
Signing SignTool file batch 1 of 1.
Executing signtool.exe: C:\Users\ContainerAdministrator\AppData\Local\TrustedSigning\Microsoft.Windows.SDK.BuildTools\Microsoft.Windows.SDK.BuildTools.10.0.22621.3233\bin\10.0.22621.0\x64\signtool.exe sign /v /debug /fd SHA256 /tr http://timestamp.acs.microsoft.com /td SHA256 /dlib "C:\Users\ContainerAdministrator\AppData\Local\TrustedSigning\Microsoft.Trusted.Signing.Client\Microsoft.Trusted.Signing.Client.1.0.53\bin\x64\Azure.CodeSigning.Dlib.dll" /dmdf "C:\Users\ContainerAdministrator\AppData\Local\TrustedSigning\Microsoft.Trusted.Signing.Client\Microsoft.Trusted.Signing.Client.1.0.53\bin\x64\metadata.json" "C:\actions-runner\_work\1.dll" "C:\actions-runner\_work\2.dll"
Trusted Signing
Version: 1.0.53
"Metadata": {
"Endpoint": "https://wus2.codesigning.azure.net/",
"CodeSigningAccountName": "REDACTED",
"CertificateProfileName": "REDACTED",
"ExcludeCredentials": [
"EnvironmentCredential",
"WorkloadIdentityCredential",
"ManagedIdentityCredential",
"SharedTokenCacheCredential",
"VisualStudioCredential",
"VisualStudioCodeCredential",
"AzurePowerShellCredential",
"AzureDeveloperCliCredential",
"InteractiveBrowserCredential"
]
}
Submitting digest for signing...
OperationId 44339b37-7fae-4dc7-baad-8440f650a44a: InProgress
Signing completed with status 'Succeeded' in 1.7856174s
Trusted Signing
Version: 1.0.53
"Metadata": {
"Endpoint": "https://wus2.codesigning.azure.net/",
"CodeSigningAccountName": "REDACTED",
"CertificateProfileName": "REDACTED",
"ExcludeCredentials": [
"EnvironmentCredential",
"WorkloadIdentityCredential",
"ManagedIdentityCredential",
"SharedTokenCacheCredential",
"VisualStudioCredential",
"VisualStudioCodeCredential",
"AzurePowerShellCredential",
"AzureDeveloperCliCredential",
"InteractiveBrowserCredential"
]
}
Submitting digest for signing...
OperationId 7f2d2fc7-9b3a-4043-9155-6f7b97572b2d: InProgress
Signing completed with status 'Succeeded' in 2.0597305s
Successfully signed: C:\actions-runner\_work\1.dll
Successfully signed: C:\actions-runner\_work\2.dll
Number of files successfully Signed: 2
Number of warnings: 0
Number of errors: 0
Trusted Signing completed successfully
Trusted Signing completed successfully
For each file to sign, it logs:
- "Trusted Signing"
- Version
- Metadata (including all the excluded credentials)
- "Submitting digest"
- Operation ID
- Success
I think most (if not all) of this could be omitted. On a build with more than a few DLLs, this output runs into thousands of lines (most of them redundant). I'd be happy with just "Signing completed with status 'X' in Ys" for each file/batch.
I dropped down to using SignTool directly and omitting the /v /debug (verbose and debug) flags, but it made no difference.
Here's sample output from using
trusted-signing-actionto sign two DLLs:For each file to sign, it logs:
I think most (if not all) of this could be omitted. On a build with more than a few DLLs, this output runs into thousands of lines (most of them redundant). I'd be happy with just "Signing completed with status 'X' in Ys" for each file/batch.
I dropped down to using SignTool directly and omitting the
/v /debug(verbose and debug) flags, but it made no difference.