Dela via


VerifyFileHash task

Verifies that a file matches the expected file hash. If the hash doesn't match, the task fails.

This task was added in 15.8, but requires a workaround to use for MSBuild versions below 16.0.

Task parameters

The following table describes the parameters of the VerifyFileHash task.

Parameter Description
File Required String parameter.

The file to be hashed and validated.
Hash Required String parameter.

The expected hash of the file.
Algorithm Optional String parameter.

The algorithm. Allowed values: SHA256, SHA384, SHA512. Default = SHA256.
HashEncoding Optional String parameter.

The encoding to use for generated hashes. Defaults to hex. Allowed values = hex, base64.

Example

The following example uses the VerifyFileHash task to verify its own checksum.

<Project>
  <Target Name="VerifyHash">
    <GetFileHash Files="$(MSBuildProjectFullPath)">
      <Output
          TaskParameter="Items"
          ItemName="FilesWithHashes" />
    </GetFileHash>

    <Message Importance="High"
             Text="@(FilesWithHashes->'%(Identity): %(FileHash)')" />

    <VerifyFileHash File="$(MSBuildThisFileFullPath)"
                    Hash="$(ExpectedHash)" />
  </Target>
</Project>

On MSBuild 16.5 and later, if you don't want the build to fail when the hash doesn't match, such as if you are using the hash comparison as a condition for control flow, you can downgrade the warning to a message using the following code:

  <PropertyGroup>
    <MSBuildWarningsAsMessages>$(MSBuildWarningsAsMessages);MSB3952</MSBuildWarningsAsMessages>
  </PropertyGroup>

  <Target Name="DemoVerifyCheck">
    <VerifyFileHash File="$(MSBuildThisFileFullPath)"
                    Hash="1"
                    ContinueOnError="WarnAndContinue" />

    <PropertyGroup>
      <HashMatched>$(MSBuildLastTaskResult)</HashMatched>
    </PropertyGroup>

    <Message Condition=" '$(HashMatched)' != 'true'"
             Text="The hash didn't match" />

    <Message Condition=" '$(HashMatched)' == 'true'"
             Text="The hash did match" />
  </Target>

See also