Sign the MSIX
files for the store (#12582)
Co-authored-by: Aditya Patwardhan <adityap@microsoft.com>
This commit is contained in:
parent
b80375f497
commit
2fe34993c3
|
@ -11,7 +11,6 @@ trigger:
|
|||
include:
|
||||
- '*'
|
||||
exclude:
|
||||
- /tools/releaseBuild/**/*
|
||||
- /.vsts-ci/misc-analysis.yml
|
||||
- /.github/ISSUE_TEMPLATE/*
|
||||
- /.dependabot/config.yml
|
||||
|
@ -25,7 +24,8 @@ pr:
|
|||
include:
|
||||
- '*'
|
||||
exclude:
|
||||
- /tools/releaseBuild/**/*
|
||||
- tools/releaseBuild/*
|
||||
- tools/releaseBuild/azureDevOps/templates/*
|
||||
- /.vsts-ci/misc-analysis.yml
|
||||
- /.github/ISSUE_TEMPLATE/*
|
||||
- /.dependabot/config.yml
|
||||
|
|
|
@ -25,10 +25,11 @@ pr:
|
|||
include:
|
||||
- '*'
|
||||
exclude:
|
||||
- /tools/releaseBuild/**/*
|
||||
- /.vsts-ci/misc-analysis.yml
|
||||
- /.github/ISSUE_TEMPLATE/*
|
||||
- /.dependabot/config.yml
|
||||
- tools/releaseBuild/*
|
||||
- tools/releaseBuild/azureDevOps/templates/*
|
||||
|
||||
variables:
|
||||
DOTNET_CLI_TELEMETRY_OPTOUT: 1
|
||||
|
|
|
@ -27,6 +27,8 @@ pr:
|
|||
- /.vsts-ci/misc-analysis.yml
|
||||
- /.github/ISSUE_TEMPLATE/*
|
||||
- /.dependabot/config.yml
|
||||
- tools/releaseBuild/*
|
||||
- tools/releaseBuild/azureDevOps/templates/*
|
||||
|
||||
variables:
|
||||
GIT_CONFIG_PARAMETERS: "'core.autocrlf=false'"
|
||||
|
|
|
@ -9,7 +9,7 @@
|
|||
xmlns:desktop6="http://schemas.microsoft.com/appx/manifest/desktop/windows10/6"
|
||||
xmlns:rescap="http://schemas.microsoft.com/appx/manifest/foundation/windows10/restrictedcapabilities">
|
||||
|
||||
<Identity Name="Microsoft.$PRODUCTNAME$" ProcessorArchitecture="$ARCH$" Publisher="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" Version="$VERSION$" />
|
||||
<Identity Name="Microsoft.$PRODUCTNAME$" ProcessorArchitecture="$ARCH$" Publisher="$PUBLISHER$" Version="$VERSION$" />
|
||||
|
||||
<Properties>
|
||||
<DisplayName>$DISPLAYNAME$</DisplayName>
|
||||
|
|
|
@ -3183,9 +3183,18 @@ function New-MSIXPackage
|
|||
|
||||
Write-Verbose "Version: $productversion" -Verbose
|
||||
|
||||
$isPreview = Test-IsPreview -Version $ProductSemanticVersion
|
||||
if ($isPreview) {
|
||||
Write-Verbose "Using Preview assets" -Verbose
|
||||
}
|
||||
|
||||
# Appx manifest needs to be in root of source path, but the embedded version needs to be updated
|
||||
# cp-459155 is 'CN=Microsoft Windows Store Publisher (Store EKU), O=Microsoft Corporation, L=Redmond, S=Washington, C=US'
|
||||
# authenticodeFormer is 'CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US'
|
||||
$releasePublisher = 'CN=Microsoft Windows Store Publisher (Store EKU), O=Microsoft Corporation, L=Redmond, S=Washington, C=US'
|
||||
|
||||
$appxManifest = Get-Content "$RepoRoot\assets\AppxManifest.xml" -Raw
|
||||
$appxManifest = $appxManifest.Replace('$VERSION$', $ProductVersion).Replace('$ARCH$', $Architecture).Replace('$PRODUCTNAME$', $productName).Replace('$DISPLAYNAME$', $displayName)
|
||||
$appxManifest = $appxManifest.Replace('$VERSION$', $ProductVersion).Replace('$ARCH$', $Architecture).Replace('$PRODUCTNAME$', $productName).Replace('$DISPLAYNAME$', $displayName).Replace('$PUBLISHER$', $releasePublisher)
|
||||
Set-Content -Path "$ProductSourcePath\AppxManifest.xml" -Value $appxManifest -Force
|
||||
# Necessary image assets need to be in source assets folder
|
||||
$assets = @(
|
||||
|
@ -3200,11 +3209,6 @@ function New-MSIXPackage
|
|||
$null = New-Item -ItemType Directory -Path "$ProductSourcePath\assets"
|
||||
}
|
||||
|
||||
$isPreview = Test-IsPreview -Version $ProductSemanticVersion
|
||||
if ($isPreview) {
|
||||
Write-Verbose "Using Preview assets" -Verbose
|
||||
}
|
||||
|
||||
$assets | ForEach-Object {
|
||||
if ($isPreview) {
|
||||
Copy-Item -Path "$RepoRoot\assets\$_-Preview.png" -Destination "$ProductSourcePath\assets\$_.png"
|
||||
|
|
|
@ -61,5 +61,5 @@ steps:
|
|||
azureSubscription: '$(AzureFileCopySubscription)'
|
||||
Destination: AzureBlob
|
||||
storage: '$(StorageAccount)'
|
||||
ContainerName: '$(AzureVersion)'
|
||||
ContainerName: '$(AzureVersion)-private'
|
||||
condition: and(succeeded(), eq('${{ parameters.msix }}', 'yes'), eq(variables['SHOULD_SIGN'], 'true'))
|
||||
|
|
|
@ -38,12 +38,16 @@ jobs:
|
|||
$authenticodefiles = @(
|
||||
"$(System.ArtifactsDirectory)\signed\PowerShell-$(Version)-win-x64.msi"
|
||||
"$(System.ArtifactsDirectory)\signed\PowerShell-$(Version)-win-x86.msi"
|
||||
)
|
||||
|
||||
$msixFiles = @(
|
||||
"$(System.ArtifactsDirectory)\signed\PowerShell-$(Version)-win-x86.msix"
|
||||
"$(System.ArtifactsDirectory)\signed\PowerShell-$(Version)-win-x64.msix"
|
||||
"$(System.ArtifactsDirectory)\signed\PowerShell-$(Version)-win-arm32.msix"
|
||||
"$(System.ArtifactsDirectory)\signed\PowerShell-$(Version)-win-arm64.msix"
|
||||
)
|
||||
tools/releaseBuild/generatePackgeSigning.ps1 -AuthenticodeFiles $authenticodeFiles -path "$(System.ArtifactsDirectory)\package.xml"
|
||||
|
||||
tools/releaseBuild/generatePackgeSigning.ps1 -AuthenticodeFiles $authenticodeFiles -path "$(System.ArtifactsDirectory)\package.xml" -MsixCertType $env:MSIX_TYPE -MsixFiles $msixFiles
|
||||
displayName: 'Generate Package Signing Xml'
|
||||
|
||||
- powershell: |
|
||||
|
|
|
@ -8,7 +8,10 @@ param(
|
|||
[string[]] $NuPkgFiles,
|
||||
[string[]] $MacDeveloperFiles,
|
||||
[string[]] $LinuxFiles,
|
||||
[string[]] $ThirdPartyFiles
|
||||
[string[]] $ThirdPartyFiles,
|
||||
[string[]] $MsixFiles,
|
||||
[ValidateSet('release','preview')]
|
||||
[string] $MsixCertType = 'preview'
|
||||
)
|
||||
|
||||
if ((!$AuthenticodeDualFiles -or $AuthenticodeDualFiles.Count -eq 0) -and
|
||||
|
@ -16,6 +19,7 @@ if ((!$AuthenticodeDualFiles -or $AuthenticodeDualFiles.Count -eq 0) -and
|
|||
(!$NuPkgFiles -or $NuPkgFiles.Count -eq 0) -and
|
||||
(!$MacDeveloperFiles -or $MacDeveloperFiles.Count -eq 0) -and
|
||||
(!$LinuxFiles -or $LinuxFiles.Count -eq 0) -and
|
||||
(!$MsixFiles -or $MsixFiles.Count -eq 0) -and
|
||||
(!$ThirdPartyFiles -or $ThirdPartyFiles.Count -eq 0))
|
||||
{
|
||||
throw "At least one file must be specified"
|
||||
|
@ -95,6 +99,14 @@ foreach ($file in $ThirdPartyFiles) {
|
|||
New-FileElement -File $file -SignType 'ThirdParty' -XmlDoc $signingXml -Job $job
|
||||
}
|
||||
|
||||
foreach ($file in $MsixFiles) {
|
||||
# 'CP-459155' signs for the store only
|
||||
# AuthenticodeFormer works only for sideloading
|
||||
# ----------------------------------------------
|
||||
# update releasePublisher in packaging.psm1 when this is changed
|
||||
New-FileElement -File $file -SignType 'CP-459155' -XmlDoc $signingXml -Job $job
|
||||
}
|
||||
|
||||
$signingXml.Save($path)
|
||||
$updateScriptPath = Join-Path -Path $PSScriptRoot -ChildPath 'updateSigning.ps1'
|
||||
& $updateScriptPath -SigningXmlPath $path
|
||||
|
|
|
@ -58,6 +58,8 @@ function New-BuildInfoJson {
|
|||
$branchOnly = $Branch -replace '^refs/heads/';
|
||||
$branchOnly = $branchOnly -replace '[_\-]'
|
||||
|
||||
$msixType = 'preview'
|
||||
|
||||
$isDaily = $false
|
||||
|
||||
if($ReleaseTag -eq 'fromBranch' -or !$ReleaseTag)
|
||||
|
@ -65,6 +67,7 @@ if($ReleaseTag -eq 'fromBranch' -or !$ReleaseTag)
|
|||
# Branch is named release-<semver>
|
||||
if($Branch -match '^.*(release[-/])')
|
||||
{
|
||||
$msixType = 'release'
|
||||
Write-Verbose "release branch:" -Verbose
|
||||
$releaseTag = $Branch -replace '^.*(release[-/])'
|
||||
$vstsCommandString = "vso[task.setvariable variable=$Variable]$releaseTag"
|
||||
|
@ -127,4 +130,8 @@ $vstsCommandString = "vso[task.setvariable variable=IS_DAILY]$($isDaily.ToString
|
|||
Write-Verbose -Message "$vstsCommandString" -Verbose
|
||||
Write-Host -Object "##$vstsCommandString"
|
||||
|
||||
$vstsCommandString = "vso[task.setvariable variable=MSIX_TYPE]$msixType"
|
||||
Write-Verbose -Message "$vstsCommandString" -Verbose
|
||||
Write-Host -Object "##$vstsCommandString"
|
||||
|
||||
Write-Output $releaseTag
|
||||
|
|
Loading…
Reference in a new issue