VerifyFileHash task
Verifies that a file matches the expected file hash. If the hash doesn't match, the task fails.
This task was added in 15.8, but requires a workaround to use for MSBuild versions below 16.0.
Task parameters
The following table describes the parameters of the VerifyFileHash task.
| Parameter | Description |
|---|---|
File |
Required String parameter.The file to be hashed and validated. |
Hash |
Required String parameter.The expected hash of the file. |
Algorithm |
Optional String parameter.The algorithm. Allowed values: SHA256, SHA384, SHA512. Default = SHA256. |
HashEncoding |
Optional String parameter.The encoding to use for generated hashes. Defaults to hex. Allowed values = hex, base64. |
Example
The following example uses the VerifyFileHash task to verify its own checksum.
<Project>
<Target Name="VerifyHash">
<GetFileHash Files="$(MSBuildProjectFullPath)">
<Output
TaskParameter="Items"
ItemName="FilesWithHashes" />
</GetFileHash>
<Message Importance="High"
Text="@(FilesWithHashes->'%(Identity): %(FileHash)')" />
<VerifyFileHash File="$(MSBuildThisFileFullPath)"
Hash="$(ExpectedHash)" />
</Target>
</Project>
On MSBuild 16.5 and later, if you don't want the build to fail when the hash doesn't match, such as if you are using the hash comparison as a condition for control flow, you can downgrade the warning to a message using the following code:
<PropertyGroup>
<MSBuildWarningsAsMessages>$(MSBuildWarningsAsMessages);MSB3952</MSBuildWarningsAsMessages>
</PropertyGroup>
<Target Name="DemoVerifyCheck">
<VerifyFileHash File="$(MSBuildThisFileFullPath)"
Hash="1"
ContinueOnError="WarnAndContinue" />
<PropertyGroup>
<HashMatched>$(MSBuildLastTaskResult)</HashMatched>
</PropertyGroup>
<Message Condition=" '$(HashMatched)' != 'true'"
Text="The hash didn't match" />
<Message Condition=" '$(HashMatched)' == 'true'"
Text="The hash did match" />
</Target>