dotnet-installer/build/Signing.proj

<?xml version="1.0" encoding="utf-8"?>
<Project InitialTargets="SetSigningProperties" DefaultTargets="SignFiles" ToolsVersion="14.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  <PropertyGroup>
    <RepoRoot>$(MSBuildThisFileDirectory)/..</RepoRoot>
  </PropertyGroup>
  
  <Import Project="$(RepoRoot)/build_tools/MicroBuild.Core.props" />

  <!-- This will be overridden if we're building with MicroBuild. -->
  <Target Name="SignFiles">
    <Message Text="Fake sign target.  Would sign: @(FilesToSign)" />
  </Target>

  <Target Name="SetSigningProperties">
    <Error Condition="'$(Rid)' == ''" Text="Missing required property 'Rid'." />
    <PropertyGroup>
      <BaseOutputDirectory Condition="'$(BaseOutputDirectory)' == ''">$(RepoRoot)/artifacts/$(Rid)</BaseOutputDirectory>
      <OutputDirectory Condition="'$(OutputDirectory)' == ''">$(BaseOutputDirectory)/stage2</OutputDirectory>
      <CompilationDirectory Condition="'$(CompilationDirectory)' == ''">$(BaseOutputDirectory)/stage2compilation</CompilationDirectory>
      <PackagesDirectory Condition="'$(PackagesDirectory)' == ''">$(BaseOutputDirectory)/packages</PackagesDirectory>

      <!-- The OutDir and IntermediateOutputPath properties are required by MicroBuild. MicroBuild only
           signs files that are under these paths. -->
      <OutDir Condition="'$(OutDir)' == ''">$(BaseOutputDirectory)</OutDir>
      <IntermediateOutputPath Condition="'$(IntermediateOutputPath)' == ''">$(BaseOutputDirectory)/intermediate</IntermediateOutputPath>
    </PropertyGroup>
  </Target>

  <Target Name="PostCompileSign" DependsOnTargets="GetPostCompileSignFiles;SignFiles" />

  <Target Name="GetPostCompileSignFiles">
    <ItemGroup>
      <!-- External files -->
      <FilesToSign Include="$(OutputDirectory)/sdk/**/Newtonsoft.Json.dll;
                            $(OutputDirectory)/shared/**/libuv.dll">
        <Authenticode>$(ExternalCertificateId)</Authenticode>
      </FilesToSign>
      <!-- Built binaries -->
      <FilesToSign Include="$(OutputDirectory)/sdk/**/csc.exe;
                            $(OutputDirectory)/sdk/**/csc.dll;
                            $(OutputDirectory)/sdk/**/dotnet.dll;
                            $(OutputDirectory)/sdk/**/System.*.dll;
                            $(OutputDirectory)/sdk/**/Microsoft.*.dll;
                            $(OutputDirectory)/sdk/**/NuGet*.dll;
                            $(OutputDirectory)/sdk/**/datacollector.dll;
                            $(OutputDirectory)/sdk/**/MSBuild.dll;
                            $(OutputDirectory)/sdk/**/testhost.dll;
                            $(OutputDirectory)/sdk/**/vstest.console.dll">
        <Authenticode>$(InternalCertificateId)</Authenticode>
      </FilesToSign>
      <!-- Built files for the packages -->
      <FilesToSign Include="$(CompilationDirectory)/forPackaging/**/*dotnet*.dll;
                            $(CompilationDirectory)/forPackaging/**/Microsoft.Extensions.DependencyModel.dll;
                            $(CompilationDirectory)/forPackaging/**/Microsoft.Extensions.Testing.Abstractions.dll">
        <Authenticode>$(InternalCertificateId)</Authenticode>
      </FilesToSign>
    </ItemGroup>
  </Target>

  <Target Name="SignNuPkgContents" DependsOnTargets="GetSignNuPkgContentsFiles;SignFiles" />

  <Target Name="GetSignNuPkgContentsFiles">
    <PropertyGroup>
      <OutDir>$(RepoRoot)/src/Microsoft.DotNet.Cli.Utils</OutDir>
    </PropertyGroup>
    <ItemGroup>
      <!-- NuPkg contents -->
      <FilesToSign Include="$(OutDir)/bin/**/Microsoft.DotNet.Cli.Utils.dll">
        <Authenticode>$(InternalCertificateId)</Authenticode>
      </FilesToSign>
    </ItemGroup>
  </Target>

  <Target Name="SignMsiAndCab" DependsOnTargets="GetSignMsiAndCabFiles;SignFiles" />

  <Target Name="GetSignMsiAndCabFiles">
    <PropertyGroup>
      <OutDir>$(PackagesDirectory)</OutDir>
    </PropertyGroup>
    <ItemGroup>
      <FilesToSign Include="$(PackagesDirectory)/**/*.msi">
        <Authenticode>$(InternalCertificateId)</Authenticode>
      </FilesToSign>
      <FilesToSign Include="$(PackagesDirectory)/**/*.cab">
        <Authenticode>$(InternalCertificateId)</Authenticode>
      </FilesToSign>
    </ItemGroup>
  </Target>

  <Target Name="SignEngine" DependsOnTargets="GetSignEngineFiles;SignFiles" />

  <Target Name="GetSignEngineFiles">
    <PropertyGroup>
      <OutDir>$(PackagesDirectory)</OutDir>
    </PropertyGroup>
    <ItemGroup>
      <FilesToSign Include="$(PackagesDirectory)/**/*engine.exe">
        <Authenticode>$(InternalCertificateId)</Authenticode>
      </FilesToSign>
    </ItemGroup>
  </Target>

  <Target Name="SignCliBundle" DependsOnTargets="GetSignCliBundleFiles;SignFiles" />

  <Target Name="GetSignCliBundleFiles">
    <PropertyGroup>
      <OutDir>$(PackagesDirectory)</OutDir>
    </PropertyGroup>
    <ItemGroup>
      <FilesToSign Include="$(PackagesDirectory)/**/*.exe">
        <Authenticode>$(InternalCertificateId)</Authenticode>
      </FilesToSign>
    </ItemGroup>
  </Target>

  <Import Project="$(RepoRoot)/build_tools/MicroBuild.Core.targets" />
</Project>