Sign layout
This commit is contained in:
parent
77b34b17c0
commit
406519bc8a
3 changed files with 174 additions and 1 deletions
|
@ -28,4 +28,6 @@
|
||||||
<Import Project="targets\GenerateRPMs.targets" />
|
<Import Project="targets\GenerateRPMs.targets" />
|
||||||
<Import Project="targets\GeneratePKG.targets" />
|
<Import Project="targets\GeneratePKG.targets" />
|
||||||
|
|
||||||
|
<Import Project="targets\Signing.targets" />
|
||||||
|
|
||||||
</Project>
|
</Project>
|
||||||
|
|
|
@ -292,7 +292,8 @@
|
||||||
LayoutBundledTools;
|
LayoutBundledTools;
|
||||||
RetargetTools;
|
RetargetTools;
|
||||||
LayoutAppHostTemplate;
|
LayoutAppHostTemplate;
|
||||||
CrossgenLayout"
|
CrossgenLayout;
|
||||||
|
SignLayout"
|
||||||
AfterTargets="Build">
|
AfterTargets="Build">
|
||||||
|
|
||||||
</Target>
|
</Target>
|
||||||
|
|
170
src/redist/targets/Signing.targets
Normal file
170
src/redist/targets/Signing.targets
Normal file
|
@ -0,0 +1,170 @@
|
||||||
|
<Project>
|
||||||
|
<Import Project="$(NuGetPackageRoot)microsoft.dotnet.signtool\$(MicrosoftDotNetSignToolVersion)\build\Microsoft.DotNet.SignTool.props" />
|
||||||
|
|
||||||
|
<Target Name="SetSignProps"
|
||||||
|
Condition="'$(SignCoreSdk)' == 'true'">
|
||||||
|
|
||||||
|
<MakeDir Directories="$(ArtifactsTmpDir)" Condition="!Exists('$(ArtifactsTmpDir)')" />
|
||||||
|
|
||||||
|
<PropertyGroup>
|
||||||
|
<ExternalCertificateId Condition="'$(ExternalCertificateId)' == ''">3PartySHA2</ExternalCertificateId>
|
||||||
|
<InternalCertificateId Condition="'$(InternalCertificateId)' == ''">Microsoft400</InternalCertificateId>
|
||||||
|
<NugetCertificateId Condition="'$(NugetCertificateId)' == ''">NuGet</NugetCertificateId>
|
||||||
|
</PropertyGroup>
|
||||||
|
|
||||||
|
|
||||||
|
<!-- Logic copied from https://github.com/dotnet/arcade/blob/master/src/Microsoft.DotNet.Arcade.Sdk/tools/Sign.proj -->
|
||||||
|
|
||||||
|
<ItemGroup>
|
||||||
|
<!--
|
||||||
|
This is intended to hold information about the certificates used for signing.
|
||||||
|
For now the only information required is whether or not the certificate can be
|
||||||
|
used for signing already signed files - DualSigningAllowed==true.
|
||||||
|
-->
|
||||||
|
<CertificatesSignInfo Include="3PartyDual" DualSigningAllowed="true" />
|
||||||
|
<CertificatesSignInfo Include="3PartySHA2" DualSigningAllowed="true" />
|
||||||
|
|
||||||
|
<!-- List of container files that will be opened and checked for files that need to be signed. -->
|
||||||
|
<!--<ItemsToSign Include="$(ArtifactsPackagesDir)**\*.nupkg" />
|
||||||
|
<ItemsToSign Include="$(VisualStudioSetupOutputPath)**\*.vsix" />-->
|
||||||
|
|
||||||
|
<!-- Default certificate/strong-name to be used for all files with PKT=="31bf3856ad364e35". -->
|
||||||
|
<StrongNameSignInfo Include="MsSharedLib72" PublicKeyToken="31bf3856ad364e35" CertificateName="Microsoft400" />
|
||||||
|
<StrongNameSignInfo Include="SilverlightCert121" PublicKeyToken="7cec85d7bea7798e" CertificateName="Microsoft400" />
|
||||||
|
<StrongNameSignInfo Include="StrongName" PublicKeyToken="b77a5c561934e089" CertificateName="Microsoft400" />
|
||||||
|
<StrongNameSignInfo Include="StrongName" PublicKeyToken="b03f5f7f11d50a3a" CertificateName="Microsoft400" />
|
||||||
|
<!--<StrongNameSignInfo Include="$(MSBuildThisFileDirectory)snk\Open.snk" PublicKeyToken="cc7b13ffcd2ddd51" CertificateName="Microsoft400" />-->
|
||||||
|
|
||||||
|
<!--
|
||||||
|
Map of file extensions to default certificate name. Files with these extensions are
|
||||||
|
signed with the specified certificate. Particularly useful for files that don't have
|
||||||
|
a public key token.
|
||||||
|
The certificate can be overriden using the StrongNameSignInfo or the FileSignInfo item group.
|
||||||
|
-->
|
||||||
|
<FileExtensionSignInfo Include=".jar" CertificateName="MicrosoftJAR" />
|
||||||
|
<FileExtensionSignInfo Include=".js;.ps1;.psd1;.psm1;.psc1;.py" CertificateName="Microsoft400" />
|
||||||
|
<FileExtensionSignInfo Include=".dll;.exe" CertificateName="Microsoft400" />
|
||||||
|
<FileExtensionSignInfo Include=".nupkg" CertificateName="NuGet" />
|
||||||
|
<FileExtensionSignInfo Include=".vsix" CertificateName="VsixSHA2" />
|
||||||
|
<FileExtensionSignInfo Include=".zip" CertificateName="None" />
|
||||||
|
</ItemGroup>
|
||||||
|
|
||||||
|
<PropertyGroup>
|
||||||
|
<!-- Control whether an empty ItemsToSign item group is allowed when calling SignToolTask. -->
|
||||||
|
<AllowEmptySignList>false</AllowEmptySignList>
|
||||||
|
</PropertyGroup>
|
||||||
|
|
||||||
|
<!-- Allow repository to customize signing configuration -->
|
||||||
|
<!--<Import Project="$(RepositoryEngineeringDir)Signing.props" Condition="Exists('$(RepositoryEngineeringDir)Signing.props')" />-->
|
||||||
|
</Target>
|
||||||
|
|
||||||
|
<Target Name="SignLayout"
|
||||||
|
Condition="'$(SignCoreSdk)' == 'true'"
|
||||||
|
DependsOnTargets="SetSignProps">
|
||||||
|
|
||||||
|
<ItemGroup>
|
||||||
|
<!-- External files -->
|
||||||
|
<LayoutFilesToSign Include="$(SdkOutputDirectory)**/Newtonsoft.Json.dll">
|
||||||
|
<CertificateName>$(ExternalCertificateId)</CertificateName>
|
||||||
|
</LayoutFilesToSign>
|
||||||
|
<!-- Built binaries -->
|
||||||
|
<LayoutFilesToSign Include="$(SdkOutputDirectory)**/csc.exe;
|
||||||
|
$(SdkOutputDirectory)**/csc.dll;
|
||||||
|
$(SdkOutputDirectory)**/VBCSCompiler.dll;
|
||||||
|
$(SdkOutputDirectory)**/vbc.exe;
|
||||||
|
$(SdkOutputDirectory)**/vbc.dll;
|
||||||
|
$(SdkOutputDirectory)**/fsc.exe;
|
||||||
|
$(SdkOutputDirectory)**/fsi.exe;
|
||||||
|
$(SdkOutputDirectory)**/FSharp.*.dll;
|
||||||
|
$(SdkOutputDirectory)**/dotnet.dll;
|
||||||
|
$(SdkOutputDirectory)**/dotnet.resources.dll;
|
||||||
|
$(SdkOutputDirectory)**/System.*.dll;
|
||||||
|
$(SdkOutputDirectory)**/Microsoft.*.dll;
|
||||||
|
$(SdkOutputDirectory)**/NuGet*.dll;
|
||||||
|
$(SdkOutputDirectory)**/datacollector.dll;
|
||||||
|
$(SdkOutputDirectory)**/datacollector.exe;
|
||||||
|
$(SdkOutputDirectory)**/MSBuild.dll;
|
||||||
|
$(SdkOutputDirectory)**/MSBuild.resources.dll;
|
||||||
|
$(SdkOutputDirectory)**/testhost.dll;
|
||||||
|
$(SdkOutputDirectory)**/testhost.exe;
|
||||||
|
$(SdkOutputDirectory)**/testhost.x86.exe;
|
||||||
|
$(SdkOutputDirectory)**/vstest.console.dll;
|
||||||
|
$(SdkOutputDirectory)**/vstest.console.resources.dll">
|
||||||
|
<CertificateName>$(InternalCertificateId)</CertificateName>
|
||||||
|
</LayoutFilesToSign>
|
||||||
|
|
||||||
|
|
||||||
|
<LayoutFileSignInfo Include="@(LayoutFilesToSign->'%(Filename)%(Extension)')">
|
||||||
|
<CertificateName>%(CertificateName)</CertificateName>
|
||||||
|
</LayoutFileSignInfo>
|
||||||
|
<DistinctLayoutFileSignInfo Include="@(LayoutFileSignInfo->Distinct())" />
|
||||||
|
|
||||||
|
<!-- Workaround: cert not recognized as for third parties, or assemblies don't have copyright set -->
|
||||||
|
<!--<FilesNotToSign Include="Newtonsoft.Json.dll"/>-->
|
||||||
|
<FilesNotToSign Include="Microsoft.TestPlatform.Extensions.BlameDataCollector.dll"/>
|
||||||
|
<FilesNotToSign Include="Microsoft.TestPlatform.TestHostRuntimeProvider.dll"/>
|
||||||
|
<FilesNotToSign Include="Microsoft.VisualStudio.TestPlatform.Extensions.Trx.TestLogger.dll"/>
|
||||||
|
<FilesNotToSign Include="Microsoft.TestPlatform.Build.dll"/>
|
||||||
|
<FilesNotToSign Include="Microsoft.TestPlatform.CommunicationUtilities.dll"/>
|
||||||
|
<FilesNotToSign Include="Microsoft.TestPlatform.CoreUtilities.dll"/>
|
||||||
|
<FilesNotToSign Include="Microsoft.TestPlatform.CrossPlatEngine.dll"/>
|
||||||
|
<FilesNotToSign Include="Microsoft.TestPlatform.PlatformAbstractions.dll"/>
|
||||||
|
<FilesNotToSign Include="Microsoft.TestPlatform.Utilities.dll"/>
|
||||||
|
<FilesNotToSign Include="Microsoft.TestPlatform.VsTestConsole.TranslationLayer.dll"/>
|
||||||
|
<FilesNotToSign Include="Microsoft.VisualStudio.TestPlatform.Client.dll"/>
|
||||||
|
<FilesNotToSign Include="Microsoft.VisualStudio.TestPlatform.Common.dll"/>
|
||||||
|
<FilesNotToSign Include="Microsoft.VisualStudio.TestPlatform.ObjectModel.dll"/>
|
||||||
|
<FilesNotToSign Include="datacollector.dll"/>
|
||||||
|
<FilesNotToSign Include="vstest.console.dll"/>
|
||||||
|
|
||||||
|
<DistinctLayoutFileSignInfo Remove="@(FilesNotToSign)" />
|
||||||
|
<DistinctLayoutFileSignInfo Include="@(FilesNotToSign)" CertificateName="None" />
|
||||||
|
</ItemGroup>
|
||||||
|
|
||||||
|
<!-- Logic copied from https://github.com/dotnet/arcade/blob/master/src/Microsoft.DotNet.Arcade.Sdk/tools/Sign.proj -->
|
||||||
|
<Error Text="The value of DotNetSignType is invalid: '$(DotNetSignType)'"
|
||||||
|
Condition="'$(DotNetSignType)' != 'real' and '$(DotNetSignType)' != 'test' and '$(DotNetSignType)' != ''" />
|
||||||
|
|
||||||
|
<PropertyGroup>
|
||||||
|
<_DryRun>true</_DryRun>
|
||||||
|
<_DryRun Condition="'$(OfficialBuild)' == 'true'">false</_DryRun>
|
||||||
|
|
||||||
|
<_TestSign>false</_TestSign>
|
||||||
|
<_TestSign Condition="'$(DotNetSignType)' == 'test'">true</_TestSign>
|
||||||
|
|
||||||
|
<_DesktopMSBuildRequired>false</_DesktopMSBuildRequired>
|
||||||
|
<_DesktopMSBuildRequired Condition="'$(_DryRun)' != 'true' and '$(MSBuildRuntimeType)' == 'Core'">true</_DesktopMSBuildRequired>
|
||||||
|
</PropertyGroup>
|
||||||
|
|
||||||
|
<!-- We only need this if we are going to use the executable version. -->
|
||||||
|
<Exec Command='"$(NuGetPackageRoot)vswhere\$(VSWhereVersion)\tools\vswhere.exe" -latest -prerelease -property installationPath -requires Microsoft.Component.MSBuild'
|
||||||
|
ConsoleToMsBuild="true"
|
||||||
|
StandardErrorImportance="high"
|
||||||
|
Condition="$(_DesktopMSBuildRequired)">
|
||||||
|
<Output TaskParameter="ConsoleOutput" PropertyName="_VSInstallDir" />
|
||||||
|
</Exec>
|
||||||
|
|
||||||
|
<PropertyGroup>
|
||||||
|
<_DesktopMSBuildPath Condition="$(_DesktopMSBuildRequired)">$(_VSInstallDir)\MSBuild\15.0\Bin\msbuild.exe</_DesktopMSBuildPath>
|
||||||
|
</PropertyGroup>
|
||||||
|
|
||||||
|
<Error Condition="'$(AllowEmptySignList)' != 'true' AND '@(LayoutFilesToSign)' == ''"
|
||||||
|
Text="List of files to sign is empty. Make sure that LayoutFilesToSign is configured correctly." />
|
||||||
|
|
||||||
|
|
||||||
|
<Microsoft.DotNet.SignTool.SignToolTask
|
||||||
|
DryRun="$(_DryRun)"
|
||||||
|
TestSign="$(_TestSign)"
|
||||||
|
CertificatesSignInfo="$(CertificatesSignInfo)"
|
||||||
|
ItemsToSign="@(LayoutFilesToSign)"
|
||||||
|
StrongNameSignInfo="@(StrongNameSignInfo)"
|
||||||
|
FileSignInfo="@(DistinctLayoutFileSignInfo)"
|
||||||
|
FileExtensionSignInfo="@(FileExtensionSignInfo)"
|
||||||
|
TempDir="$(ArtifactsTmpDir)"
|
||||||
|
LogDir="$(ArtifactsLogDir)"
|
||||||
|
MSBuildPath="$(_DesktopMSBuildPath)"
|
||||||
|
SNBinaryPath="$(NuGetPackageRoot)sn\$(SNVersion)\sn.exe"
|
||||||
|
MicroBuildCorePath="$(NuGetPackageRoot)microbuild.core\$(MicroBuildCoreVersion)"/>
|
||||||
|
|
||||||
|
</Target>
|
||||||
|
</Project>
|
Loading…
Add table
Add a link
Reference in a new issue