At some time, ILMerge was changed so that it now deletes security-related attributes.
Questions:
- Why is this functionality implemented?
- And/or can it (safely) be removed from a private build of the tool (used to create a published assembly)?
The implementation in the source code is here, fwiw:
#region Deal with [ComVisible] and security attributes
var thisAssemblyIsComVisible = GetComVisibleSettingForAssembly(a);
AttributeNode assemblyComVisibleAttribute = null;
if (thisAssemblyIsComVisible != targetAssemblyIsComVisible) {
InstanceInitializer ctor = SystemTypes.ComVisibleAttribute.GetConstructor(SystemTypes.Boolean);
assemblyComVisibleAttribute = new AttributeNode(new MemberBinding(null, ctor), new ExpressionList(new Literal(thisAssemblyIsComVisible, SystemTypes.Boolean)));
}
for (int i = 0, n = a.Attributes == null ? 0 : a.Attributes.Count; i < n; i++) {
AttributeNode aNode = a.Attributes[i];
if (aNode == null) continue;
if (aNode.Type == SystemTypes.ComVisibleAttribute) {
a.Attributes[i] = null;
continue;
}
if (aNode.Type == SystemTypes.SecurityCriticalAttribute
|| aNode.Type == SystemTypes.SecurityTransparentAttribute
|| aNode.Type == SystemTypes.AllowPartiallyTrustedCallersAttribute
|| aNode.Type.FullName.Equals("System.Security.SecurityRules")
) {
WriteToLog("Assembly level attribute '{0}' from assembly '{1}' being deleted from target assembly",
aNode.Type.FullName, a.Name);
a.Attributes[i] = null;
continue;
}
}
#endregion
It causes problems for some people:
- It's an open (currently unanswered) issue
- In 2012 someone was deliberately using an older version of ILMerge to avoid that problem (but I can't do that too, because I find that their old version of ILMerge won't run on WIndows 10).
I want to use ILMerge to build an assembly with the AllowPartiallyTrustedCallers attribute. I used to do that (with an older version of ILMerge) and don't know why I can't anymore.
I could presumably do it by not using ILMerge at all (i.e. by putting all the source code into one project, instead of building several projects to be merged), so I don't see what the harm is, i.e. why ILMerge will no longer do it.
I'm now using ILRepack instead, whose command-line is the same as ILMerge and which doesn't have this limitation.