Add option to force replace strong name on some assemblies
augustoproiete opened this issue · comments
It would be very useful if we could force replacing the strong name of some referenced assemblies.
Example scenario:
Deploying an assembly to SQL Server / SQL CLR
In order to deploy an assembly to SQL Server, the assembly must have a strong name, and we need to create an asymmetric key for every different strong name public key in every assembly referenced (as they have to be added to SQL Server too).
e.g.:
MyCompanyAssembly.dll
(signed withMyCompany.snk
)OpenSourceLibraryANotSigned.dll
(signed withMyCompany.snk
via StrongNamer)ClosedSourceVendorLibraryBSigned.dll
(signed with their privateProjectB.snk
)OpenSourceLibraryCSigned.dll
(signed with their publicProjectC.snk
)OpenSourceLibraryDSigned.dll
(signed with StrongNamer'sSharedKey.snk
, by the maintainer)- ...
Based on the examples above, we'll need to create 4 asymmetric keys in SQL Server. One for each different strong name key file.
Besides the extra work, it brings security concerns as we're now enabling SQL Server to allow the registration of any assembly that is signed with one of these keys, some of which are publicly available.
In this scenario, it would be ideal to have StrongNamer replace the strong name on all of these referenced assemblies with MyCompany.snk
, which would make the deployment a lot simpler as only one asymmetric key would be needed in SQL Server, and it's the one we trust.