profile

Aaronontheweb

The Latest from Aaronontheweb: Signing NuGet Packages Using Azure DevOps and Workload Identity Federation

Published 3 months ago • 1 min read

Signing NuGet Packages Using Azure DevOps and Workload Identity Federation

Published on April 14, 2025 in

12 minutes to read

Azure released a major update to some of their VM images last week and it’s caused a number of problems for me:

  1. mono support was removed from ubuntu-latest, which caused all of our FAKE v4.0 builds to no longer work for Akka.NET and several of our other mature projects;
  2. SignService, our workhorse for Authenticode signing all Petabridge NuGet packages for the past seven years, stopped working suddenly on the Azure App Service we’ve been using.

I have no idea what Microsoft did to kill this service off, but my guess is they finally stopped supporting the ancient version of .NET Framework this was running on starting on April 11th or so:

Rest in peace, SignService

We had owed a customer an update today and the race was on to find a replacement for SignClient - quickly. We quickly settled upon dotnet/sign - and then the race was on to figure out how to solve the infernal quagmire of Azure Entra / AAD permissions hell in order to access our Azure Key Vault where our signing certificate is stored.

This post explains how to do that.

Click here to read the full article.

Read more...

Aaronontheweb

.NET, Open Source, Startups, and Outer Space

I write about .NET, open source software, the Microsoft ecosystem, my adventures with startups, and outer space.

Read more from Aaronontheweb
Akka.Coordination.Azure package deleted by Microsoft

So Microsoft Deleted Some of Our Packages From NuGet.org Without Notice Published on July 11, 2025 in 7 minutes to read “Software supply chain management” is one of those terms that sounds like Venture Capital-funded vendor marketing bullshit right up until it isn’t. In 2016 the npm left-pad incident taught many of us in the software industry the importance of: The fragility of depending directly on central package management systems, such as npm or nuget.org, hence why artifact proxying...

6 days ago • 1 min read
Deploy with Docker Compose and GitHub Actions

Continuous Deployment of Docker Compose Applications Using GitHub Actions Published on April 23, 2025 in 12 minutes to read Intro Over the past year or so we’ve built out a decent-sized test lab environment for Akka.NET and I’ve also personally started a small homelab environment for creating some useful services for my family’s use. Both of these networks use the same components: Tailscale for secure networking and ssh access; docker compose for running infrastructure services such as...

3 months ago • 1 min read

The Future of AI Belongs to Experienced Operators with Good Taste Published on March 27, 2025 in 14 minutes to read I have a lot of respect for Geoffrey Huntley. So when I read his blog posts about AI over the past couple of months: “Dear Student: Yes, AI is here, you’re screwed unless you take action…” and “The future belongs to people who can just do things” among others, I thought to myself - “am I missing something?” This image of his, in particular, summarizes his take on AI and the...

4 months ago • 1 min read