Add signing manifest and script to update it with production values (#5397)
* Add signing configuration file * add updatesigning.ps1
This commit is contained in:
parent
34600c4100
commit
1a5134f9e4
50
tools/releaseBuild/signing.xml
Normal file
50
tools/releaseBuild/signing.xml
Normal file
|
@ -0,0 +1,50 @@
|
|||
<?xml version="1.0" encoding="utf-8" ?>
|
||||
<SignConfigXML>
|
||||
<!-- ****Begin**** BothDual - Dual (Sha256 and Sha1) AuthenticodeDual) and should be StrongName, but we will add this in 6.1.0 ******** -->
|
||||
<job platform="" configuration="" dest="__OUTPATHROOT__\signed" jobname="PowerShell" approvers="vigarg;gstolt">
|
||||
<file src="__INPATHROOT__\Microsoft.Management.Infrastructure.CimCmdlets.dll" signType="AuthenticodeDual" dest="__OUTPATHROOT__\Microsoft.Management.Infrastructure.CimCmdlets.dll" />
|
||||
<file src="__INPATHROOT__\Microsoft.PowerShell.Commands.Diagnostics.dll" signType="AuthenticodeDual" dest="__OUTPATHROOT__\Microsoft.PowerShell.Commands.Diagnostics.dll" />
|
||||
<file src="__INPATHROOT__\Microsoft.PowerShell.Commands.Management.dll" signType="AuthenticodeDual" dest="__OUTPATHROOT__\Microsoft.PowerShell.Commands.Management.dll" />
|
||||
<file src="__INPATHROOT__\Microsoft.PowerShell.Commands.Utility.dll" signType="AuthenticodeDual" dest="__OUTPATHROOT__\Microsoft.PowerShell.Commands.Utility.dll" />
|
||||
<file src="__INPATHROOT__\Microsoft.PowerShell.ConsoleHost.dll" signType="AuthenticodeDual" dest="__OUTPATHROOT__\Microsoft.PowerShell.ConsoleHost.dll" />
|
||||
<file src="__INPATHROOT__\Microsoft.PowerShell.CoreCLR.Eventing.dll" signType="AuthenticodeDual" dest="__OUTPATHROOT__\Microsoft.PowerShell.CoreCLR.Eventing.dll" />
|
||||
<file src="__INPATHROOT__\Microsoft.PowerShell.Security.dll" signType="AuthenticodeDual" dest="__OUTPATHROOT__\Microsoft.PowerShell.Security.dll" />
|
||||
<file src="__INPATHROOT__\Microsoft.WSMan.Management.dll" signType="AuthenticodeDual" dest="__OUTPATHROOT__\Microsoft.WSMan.Management.dll" />
|
||||
<file src="__INPATHROOT__\Microsoft.WSMan.Runtime.dll" signType="AuthenticodeDual" dest="__OUTPATHROOT__\Microsoft.WSMan.Runtime.dll" />
|
||||
<file src="__INPATHROOT__\System.Management.Automation.dll" signType="AuthenticodeDual" dest="__OUTPATHROOT__\System.Management.Automation.dll" />
|
||||
<file src="__INPATHROOT__\pwsh.dll" signType="AuthenticodeDual" dest="__OUTPATHROOT__\pwsh.dll" />
|
||||
|
||||
<!-- not actually a code file, don't sign for now
|
||||
<file src="__INPATHROOT__\Microsoft.PowerShell.SDK.dll" signType="BothDual" dest="__OUTPATHROOT__\Microsoft.PowerShell.SDK.dll" />
|
||||
-->
|
||||
|
||||
<!-- ****Begin**** AuthenticodeDual - Dual (Sha256 and Sha1) Authenticode ************* -->
|
||||
|
||||
<file src="__INPATHROOT__\pwsh.exe" signType="AuthenticodeDual" dest="__OUTPATHROOT__\pwsh.exe" />
|
||||
|
||||
|
||||
<!--
|
||||
<file src="__INPATHROOT__\Install-PowerShellRemoting.ps1" signType="AuthenticodeDual" dest="__OUTPATHROOT__\Install-PowerShellRemoting.ps1" />
|
||||
-->
|
||||
<!-- ****Begin**** Authenticode - Authenticode SHA256 ************* -->
|
||||
<!-- PowerShell script files cannot be dual signed, so we will sign them only with a SHA256 cert -->
|
||||
|
||||
<file src="__INPATHROOT__\Modules\CimCmdlets\CimCmdlets.psd1" signType="Authenticode" dest="__OUTPATHROOT__\Modules\CimCmdlets\CimCmdlets.psd1" />
|
||||
<file src="__INPATHROOT__\Modules\Microsoft.PowerShell.Diagnostics\Microsoft.PowerShell.Diagnostics.psd1" signType="Authenticode" dest="__OUTPATHROOT__\Modules\Microsoft.PowerShell.Diagnostics\Microsoft.PowerShell.Diagnostics.psd1" />
|
||||
<file src="__INPATHROOT__\Modules\Microsoft.PowerShell.Host\Microsoft.PowerShell.Host.psd1" signType="Authenticode" dest="__OUTPATHROOT__\Modules\Microsoft.PowerShell.Host\Microsoft.PowerShell.Host.psd1" />
|
||||
<file src="__INPATHROOT__\Modules\Microsoft.PowerShell.Management\Microsoft.PowerShell.Management.psd1" signType="Authenticode" dest="__OUTPATHROOT__\Modules\Microsoft.PowerShell.Management\Microsoft.PowerShell.Management.psd1" />
|
||||
<file src="__INPATHROOT__\Modules\Microsoft.PowerShell.Security\Microsoft.PowerShell.Security.psd1" signType="Authenticode" dest="__OUTPATHROOT__\Modules\Microsoft.PowerShell.Security\Microsoft.PowerShell.Security.psd1" />
|
||||
<file src="__INPATHROOT__\Modules\Microsoft.PowerShell.Utility\Microsoft.PowerShell.Utility.psd1" signType="Authenticode" dest="__OUTPATHROOT__\Modules\Microsoft.PowerShell.Utility\Microsoft.PowerShell.Utility.psd1" />
|
||||
<file src="__INPATHROOT__\Modules\Microsoft.PowerShell.Utility\Microsoft.PowerShell.Utility.psm1" signType="Authenticode" dest="__OUTPATHROOT__\Modules\Microsoft.PowerShell.Utility\Microsoft.PowerShell.Utility.psm1" />
|
||||
<file src="__INPATHROOT__\Modules\Microsoft.WSMan.Management\Microsoft.WSMan.Management.psd1" signType="Authenticode" dest="__OUTPATHROOT__\Modules\Microsoft.WSMan.Management\Microsoft.WSMan.Management.psd1" />
|
||||
<file src="__INPATHROOT__\Modules\PSDesiredStateConfiguration\PSDesiredStateConfiguration.psm1" signType="Authenticode" dest="__OUTPATHROOT__\Modules\PSDesiredStateConfiguration\PSDesiredStateConfiguration.psm1" />
|
||||
<file src="__INPATHROOT__\Modules\PSDiagnostics\PSDiagnostics.psd1" signType="Authenticode" dest="__OUTPATHROOT__\Modules\PSDiagnostics\PSDiagnostics.psd1" />
|
||||
<file src="__INPATHROOT__\Modules\PSDiagnostics\PSDiagnostics.psm1" signType="Authenticode" dest="__OUTPATHROOT__\Modules\PSDiagnostics\PSDiagnostics.psm1" />
|
||||
<file src="__INPATHROOT__\Modules\PSReadLine\PSReadLine.psd1" signType="Authenticode" dest="__OUTPATHROOT__\Modules\PSReadLine\PSReadLine.psd1" />
|
||||
<file src="__INPATHROOT__\Modules\PSReadLine\PSReadLine.psm1" signType="Authenticode" dest="__OUTPATHROOT__\Modules\PSReadLine\PSReadLine.psm1" />
|
||||
<file src="__INPATHROOT__\Modules\Microsoft.WSMan.Management\WSMan.format.ps1xml" signType="Authenticode" dest="__OUTPATHROOT__\Modules\Microsoft.WSMan.Management\WSMan.format.ps1xml" />
|
||||
<file src="__INPATHROOT__\Modules\Microsoft.PowerShell.Diagnostics\Event.format.ps1xml" signType="Authenticode" dest="__OUTPATHROOT__\Modules\Microsoft.PowerShell.Diagnostics\Event.format.ps1xml" />
|
||||
<file src="__INPATHROOT__\Modules\Microsoft.PowerShell.Diagnostics\GetEvent.types.ps1xml" signType="Authenticode" dest="__OUTPATHROOT__\Modules\Microsoft.PowerShell.Diagnostics\GetEvent.types.ps1xml" />
|
||||
<file src="__INPATHROOT__\Modules\Microsoft.PowerShell.Diagnostics\Diagnostics.format.ps1xml" signType="Authenticode" dest="__OUTPATHROOT__\Modules\Microsoft.PowerShell.Diagnostics\Diagnostics.format.ps1xml" />
|
||||
</job>
|
||||
</SignConfigXML>
|
33
tools/releaseBuild/updateSigning.ps1
Normal file
33
tools/releaseBuild/updateSigning.ps1
Normal file
|
@ -0,0 +1,33 @@
|
|||
# Script for use in VSTS to update signing.xml
|
||||
|
||||
# Parse the signing xml
|
||||
$signingXmlPath = Join-Path -Path $PSScriptRoot -ChildPath 'signing.xml'
|
||||
$signingXml = [xml](Get-Content $signingXmlPath)
|
||||
|
||||
# Get any variables to updating 'signType' in the XML
|
||||
# Define a varabile named `<signTypeInXml>SignType' in VSTS to updating that signing type
|
||||
# Example: $env:AuthenticodeSignType='newvalue'
|
||||
# will cause all files with the 'Authenticode' signtype to be updated with the 'newvalue' signtype
|
||||
$signTypes = @{}
|
||||
Get-ChildItem -Path env:/*SignType | ForEach-Object -Process {
|
||||
$signType = $_.Name.ToUpperInvariant().Replace('SIGNTYPE','')
|
||||
Write-Host "Found SigningType $signType with value $($_.value)"
|
||||
$signTypes[$signType] = $_.Value
|
||||
}
|
||||
|
||||
# examine each job in the xml
|
||||
$signingXml.SignConfigXML.job | ForEach-Object -Process {
|
||||
# examine each file in the job
|
||||
$_.file | ForEach-Object -Process {
|
||||
# if the sign type is one of the variables we found, update it to the new value
|
||||
$signType = $_.SignType.ToUpperInvariant()
|
||||
if($signTypes.ContainsKey($signType))
|
||||
{
|
||||
$newSignType = $signTypes[$signType]
|
||||
Write-Host "Updating $($_.src) to $newSignType"
|
||||
$_.signType = $signTypes[$signType]
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$signingXml.Save($signingXmlPath)
|
Loading…
Reference in a new issue