Sign layout
This commit is contained in:
Daniel Plaisted
parent
77b34b17c0
commit
406519bc8a
3 changed files with 174 additions and 1 deletions
|
|
@ -28,4 +28,6 @@
|
|||
<Import Project="targets\GenerateRPMs.targets" />
|
||||
<Import Project="targets\GeneratePKG.targets" />
|
||||
|
||||
<Import Project="targets\Signing.targets" />
|
||||
|
||||
</Project>
|
||||
|
|
|
|||
|
|
@ -292,7 +292,8 @@
|
|||
LayoutBundledTools;
|
||||
RetargetTools;
|
||||
LayoutAppHostTemplate;
|
||||
CrossgenLayout"
|
||||
CrossgenLayout;
|
||||
SignLayout"
|
||||
AfterTargets="Build">
|
||||
|
||||
</Target>
|
||||
|
|
|
|||
170
src/redist/targets/Signing.targets
Normal file
170
src/redist/targets/Signing.targets
Normal file
|
|
@ -0,0 +1,170 @@
|
|||
<Project>
|
||||
<Import Project="$(NuGetPackageRoot)microsoft.dotnet.signtool\$(MicrosoftDotNetSignToolVersion)\build\Microsoft.DotNet.SignTool.props" />
|
||||
|
||||
<Target Name="SetSignProps"
|
||||
Condition="'$(SignCoreSdk)' == 'true'">
|
||||
|
||||
<MakeDir Directories="$(ArtifactsTmpDir)" Condition="!Exists('$(ArtifactsTmpDir)')" />
|
||||
|
||||
<PropertyGroup>
|
||||
<ExternalCertificateId Condition="'$(ExternalCertificateId)' == ''">3PartySHA2</ExternalCertificateId>
|
||||
<InternalCertificateId Condition="'$(InternalCertificateId)' == ''">Microsoft400</InternalCertificateId>
|
||||
<NugetCertificateId Condition="'$(NugetCertificateId)' == ''">NuGet</NugetCertificateId>
|
||||
</PropertyGroup>
|
||||
|
||||
|
||||
<!-- Logic copied from https://github.com/dotnet/arcade/blob/master/src/Microsoft.DotNet.Arcade.Sdk/tools/Sign.proj -->
|
||||
|
||||
<ItemGroup>
|
||||
<!--
|
||||
This is intended to hold information about the certificates used for signing.
|
||||
For now the only information required is whether or not the certificate can be
|
||||
used for signing already signed files - DualSigningAllowed==true.
|
||||
-->
|
||||
<CertificatesSignInfo Include="3PartyDual" DualSigningAllowed="true" />
|
||||
<CertificatesSignInfo Include="3PartySHA2" DualSigningAllowed="true" />
|
||||
|
||||
<!-- List of container files that will be opened and checked for files that need to be signed. -->
|
||||
<!--<ItemsToSign Include="$(ArtifactsPackagesDir)**\*.nupkg" />
|
||||
<ItemsToSign Include="$(VisualStudioSetupOutputPath)**\*.vsix" />-->
|
||||
|
||||
<!-- Default certificate/strong-name to be used for all files with PKT=="31bf3856ad364e35". -->
|
||||
<StrongNameSignInfo Include="MsSharedLib72" PublicKeyToken="31bf3856ad364e35" CertificateName="Microsoft400" />
|
||||
<StrongNameSignInfo Include="SilverlightCert121" PublicKeyToken="7cec85d7bea7798e" CertificateName="Microsoft400" />
|
||||
<StrongNameSignInfo Include="StrongName" PublicKeyToken="b77a5c561934e089" CertificateName="Microsoft400" />
|
||||
<StrongNameSignInfo Include="StrongName" PublicKeyToken="b03f5f7f11d50a3a" CertificateName="Microsoft400" />
|
||||
<!--<StrongNameSignInfo Include="$(MSBuildThisFileDirectory)snk\Open.snk" PublicKeyToken="cc7b13ffcd2ddd51" CertificateName="Microsoft400" />-->
|
||||
|
||||
<!--
|
||||
Map of file extensions to default certificate name. Files with these extensions are
|
||||
signed with the specified certificate. Particularly useful for files that don't have
|
||||
a public key token.
|
||||
The certificate can be overriden using the StrongNameSignInfo or the FileSignInfo item group.
|
||||
-->
|
||||
<FileExtensionSignInfo Include=".jar" CertificateName="MicrosoftJAR" />
|
||||
<FileExtensionSignInfo Include=".js;.ps1;.psd1;.psm1;.psc1;.py" CertificateName="Microsoft400" />
|
||||
<FileExtensionSignInfo Include=".dll;.exe" CertificateName="Microsoft400" />
|
||||
<FileExtensionSignInfo Include=".nupkg" CertificateName="NuGet" />
|
||||
<FileExtensionSignInfo Include=".vsix" CertificateName="VsixSHA2" />
|
||||
<FileExtensionSignInfo Include=".zip" CertificateName="None" />
|
||||
</ItemGroup>
|
||||
|
||||
<PropertyGroup>
|
||||
<!-- Control whether an empty ItemsToSign item group is allowed when calling SignToolTask. -->
|
||||
<AllowEmptySignList>false</AllowEmptySignList>
|
||||
</PropertyGroup>
|
||||
|
||||
<!-- Allow repository to customize signing configuration -->
|
||||
<!--<Import Project="$(RepositoryEngineeringDir)Signing.props" Condition="Exists('$(RepositoryEngineeringDir)Signing.props')" />-->
|
||||
</Target>
|
||||
|
||||
<Target Name="SignLayout"
|
||||
Condition="'$(SignCoreSdk)' == 'true'"
|
||||
DependsOnTargets="SetSignProps">
|
||||
|
||||
<ItemGroup>
|
||||
<!-- External files -->
|
||||
<LayoutFilesToSign Include="$(SdkOutputDirectory)**/Newtonsoft.Json.dll">
|
||||
<CertificateName>$(ExternalCertificateId)</CertificateName>
|
||||
</LayoutFilesToSign>
|
||||
<!-- Built binaries -->
|
||||
<LayoutFilesToSign Include="$(SdkOutputDirectory)**/csc.exe;
|
||||
$(SdkOutputDirectory)**/csc.dll;
|
||||
$(SdkOutputDirectory)**/VBCSCompiler.dll;
|
||||
$(SdkOutputDirectory)**/vbc.exe;
|
||||
$(SdkOutputDirectory)**/vbc.dll;
|
||||
$(SdkOutputDirectory)**/fsc.exe;
|
||||
$(SdkOutputDirectory)**/fsi.exe;
|
||||
$(SdkOutputDirectory)**/FSharp.*.dll;
|
||||
$(SdkOutputDirectory)**/dotnet.dll;
|
||||
$(SdkOutputDirectory)**/dotnet.resources.dll;
|
||||
$(SdkOutputDirectory)**/System.*.dll;
|
||||
$(SdkOutputDirectory)**/Microsoft.*.dll;
|
||||
$(SdkOutputDirectory)**/NuGet*.dll;
|
||||
$(SdkOutputDirectory)**/datacollector.dll;
|
||||
$(SdkOutputDirectory)**/datacollector.exe;
|
||||
$(SdkOutputDirectory)**/MSBuild.dll;
|
||||
$(SdkOutputDirectory)**/MSBuild.resources.dll;
|
||||
$(SdkOutputDirectory)**/testhost.dll;
|
||||
$(SdkOutputDirectory)**/testhost.exe;
|
||||
$(SdkOutputDirectory)**/testhost.x86.exe;
|
||||
$(SdkOutputDirectory)**/vstest.console.dll;
|
||||
$(SdkOutputDirectory)**/vstest.console.resources.dll">
|
||||
<CertificateName>$(InternalCertificateId)</CertificateName>
|
||||
</LayoutFilesToSign>
|
||||
|
||||
|
||||
<LayoutFileSignInfo Include="@(LayoutFilesToSign->'%(Filename)%(Extension)')">
|
||||
<CertificateName>%(CertificateName)</CertificateName>
|
||||
</LayoutFileSignInfo>
|
||||
<DistinctLayoutFileSignInfo Include="@(LayoutFileSignInfo->Distinct())" />
|
||||
|
||||
<!-- Workaround: cert not recognized as for third parties, or assemblies don't have copyright set -->
|
||||
<!--<FilesNotToSign Include="Newtonsoft.Json.dll"/>-->
|
||||
<FilesNotToSign Include="Microsoft.TestPlatform.Extensions.BlameDataCollector.dll"/>
|
||||
<FilesNotToSign Include="Microsoft.TestPlatform.TestHostRuntimeProvider.dll"/>
|
||||
<FilesNotToSign Include="Microsoft.VisualStudio.TestPlatform.Extensions.Trx.TestLogger.dll"/>
|
||||
<FilesNotToSign Include="Microsoft.TestPlatform.Build.dll"/>
|
||||
<FilesNotToSign Include="Microsoft.TestPlatform.CommunicationUtilities.dll"/>
|
||||
<FilesNotToSign Include="Microsoft.TestPlatform.CoreUtilities.dll"/>
|
||||
<FilesNotToSign Include="Microsoft.TestPlatform.CrossPlatEngine.dll"/>
|
||||
<FilesNotToSign Include="Microsoft.TestPlatform.PlatformAbstractions.dll"/>
|
||||
<FilesNotToSign Include="Microsoft.TestPlatform.Utilities.dll"/>
|
||||
<FilesNotToSign Include="Microsoft.TestPlatform.VsTestConsole.TranslationLayer.dll"/>
|
||||
<FilesNotToSign Include="Microsoft.VisualStudio.TestPlatform.Client.dll"/>
|
||||
<FilesNotToSign Include="Microsoft.VisualStudio.TestPlatform.Common.dll"/>
|
||||
<FilesNotToSign Include="Microsoft.VisualStudio.TestPlatform.ObjectModel.dll"/>
|
||||
<FilesNotToSign Include="datacollector.dll"/>
|
||||
<FilesNotToSign Include="vstest.console.dll"/>
|
||||
|
||||
<DistinctLayoutFileSignInfo Remove="@(FilesNotToSign)" />
|
||||
<DistinctLayoutFileSignInfo Include="@(FilesNotToSign)" CertificateName="None" />
|
||||
</ItemGroup>
|
||||
|
||||
<!-- Logic copied from https://github.com/dotnet/arcade/blob/master/src/Microsoft.DotNet.Arcade.Sdk/tools/Sign.proj -->
|
||||
<Error Text="The value of DotNetSignType is invalid: '$(DotNetSignType)'"
|
||||
Condition="'$(DotNetSignType)' != 'real' and '$(DotNetSignType)' != 'test' and '$(DotNetSignType)' != ''" />
|
||||
|
||||
<PropertyGroup>
|
||||
<_DryRun>true</_DryRun>
|
||||
<_DryRun Condition="'$(OfficialBuild)' == 'true'">false</_DryRun>
|
||||
|
||||
<_TestSign>false</_TestSign>
|
||||
<_TestSign Condition="'$(DotNetSignType)' == 'test'">true</_TestSign>
|
||||
|
||||
<_DesktopMSBuildRequired>false</_DesktopMSBuildRequired>
|
||||
<_DesktopMSBuildRequired Condition="'$(_DryRun)' != 'true' and '$(MSBuildRuntimeType)' == 'Core'">true</_DesktopMSBuildRequired>
|
||||
</PropertyGroup>
|
||||
|
||||
<!-- We only need this if we are going to use the executable version. -->
|
||||
<Exec Command='"$(NuGetPackageRoot)vswhere\$(VSWhereVersion)\tools\vswhere.exe" -latest -prerelease -property installationPath -requires Microsoft.Component.MSBuild'
|
||||
ConsoleToMsBuild="true"
|
||||
StandardErrorImportance="high"
|
||||
Condition="$(_DesktopMSBuildRequired)">
|
||||
<Output TaskParameter="ConsoleOutput" PropertyName="_VSInstallDir" />
|
||||
</Exec>
|
||||
|
||||
<PropertyGroup>
|
||||
<_DesktopMSBuildPath Condition="$(_DesktopMSBuildRequired)">$(_VSInstallDir)\MSBuild\15.0\Bin\msbuild.exe</_DesktopMSBuildPath>
|
||||
</PropertyGroup>
|
||||
|
||||
<Error Condition="'$(AllowEmptySignList)' != 'true' AND '@(LayoutFilesToSign)' == ''"
|
||||
Text="List of files to sign is empty. Make sure that LayoutFilesToSign is configured correctly." />
|
||||
|
||||
|
||||
<Microsoft.DotNet.SignTool.SignToolTask
|
||||
DryRun="$(_DryRun)"
|
||||
TestSign="$(_TestSign)"
|
||||
CertificatesSignInfo="$(CertificatesSignInfo)"
|
||||
ItemsToSign="@(LayoutFilesToSign)"
|
||||
StrongNameSignInfo="@(StrongNameSignInfo)"
|
||||
FileSignInfo="@(DistinctLayoutFileSignInfo)"
|
||||
FileExtensionSignInfo="@(FileExtensionSignInfo)"
|
||||
TempDir="$(ArtifactsTmpDir)"
|
||||
LogDir="$(ArtifactsLogDir)"
|
||||
MSBuildPath="$(_DesktopMSBuildPath)"
|
||||
SNBinaryPath="$(NuGetPackageRoot)sn\$(SNVersion)\sn.exe"
|
||||
MicroBuildCorePath="$(NuGetPackageRoot)microbuild.core\$(MicroBuildCoreVersion)"/>
|
||||
|
||||
</Target>
|
||||
</Project>
|
||||
Loading…
Add table
Reference in a new issue