Update the build to sign any unsigned files as 3rd party Dlls (#12581)
This commit is contained in:
parent
cefbf3d6a9
commit
ab65ac918c
|
@ -6,7 +6,7 @@ Copyright="Copyright (c) Microsoft Corporation."
|
|||
ModuleVersion="1.0.0"
|
||||
PowerShellVersion="5.0"
|
||||
CmdletsToExport=@()
|
||||
FunctionsToExport=@('Start-PSPackage','New-PSSignedBuildZip', 'New-MSIPatch', 'Expand-PSSignedBuild', 'Publish-NugetToMyGet', 'New-DotnetSdkContainerFxdPackage', 'New-GlobalToolNupkg', 'New-ILNugetPackage')
|
||||
FunctionsToExport=@('Start-PSPackage','New-PSSignedBuildZip', 'New-PSBuildZip', 'New-MSIPatch', 'Expand-PSSignedBuild', 'Publish-NugetToMyGet', 'New-DotnetSdkContainerFxdPackage', 'New-GlobalToolNupkg', 'New-ILNugetPackage', 'Update-PSSignedBuildFolder')
|
||||
RootModule="packaging.psm1"
|
||||
RequiredModules = @("build")
|
||||
}
|
||||
|
|
|
@ -598,14 +598,7 @@ function New-PSSignedBuildZip
|
|||
[string]$VstsVariableName
|
||||
)
|
||||
|
||||
# Replace unsigned binaries with signed
|
||||
$signedFilesFilter = Join-Path -Path $signedFilesPath -ChildPath '*'
|
||||
Get-ChildItem -path $signedFilesFilter -Recurse -File | Select-Object -ExpandProperty FullName | Foreach-Object -Process {
|
||||
$relativePath = $_.ToLowerInvariant().Replace($signedFilesPath.ToLowerInvariant(),'')
|
||||
$destination = Join-Path -Path $buildPath -ChildPath $relativePath
|
||||
Write-Log "replacing $destination with $_"
|
||||
Copy-Item -Path $_ -Destination $destination -force
|
||||
}
|
||||
Update-PSSignedBuildFolder -BuildPath $BuildPath -SignedFilesPath $SignedFilesPath
|
||||
|
||||
# Remove '$signedFilesPath' now that signed binaries are copied
|
||||
if (Test-Path $signedFilesPath)
|
||||
|
@ -613,6 +606,20 @@ function New-PSSignedBuildZip
|
|||
Remove-Item -Recurse -Force -Path $signedFilesPath
|
||||
}
|
||||
|
||||
New-PSBuildZip -BuildPath $BuildPath -DestinationFolder $DestinationFolder -VstsVariableName $VstsVariableName
|
||||
}
|
||||
|
||||
function New-PSBuildZip
|
||||
{
|
||||
param(
|
||||
[Parameter(Mandatory)]
|
||||
[string]$BuildPath,
|
||||
[Parameter(Mandatory)]
|
||||
[string]$DestinationFolder,
|
||||
[parameter(HelpMessage='VSTS variable to set for path to zip')]
|
||||
[string]$VstsVariableName
|
||||
)
|
||||
|
||||
$name = split-path -Path $BuildPath -Leaf
|
||||
$zipLocationPath = Join-Path -Path $DestinationFolder -ChildPath "$name-signed.zip"
|
||||
Compress-Archive -Path $BuildPath\* -DestinationPath $zipLocationPath
|
||||
|
@ -628,6 +635,27 @@ function New-PSSignedBuildZip
|
|||
}
|
||||
}
|
||||
|
||||
|
||||
function Update-PSSignedBuildFolder
|
||||
{
|
||||
param(
|
||||
[Parameter(Mandatory)]
|
||||
[string]$BuildPath,
|
||||
[Parameter(Mandatory)]
|
||||
[string]$SignedFilesPath
|
||||
)
|
||||
|
||||
# Replace unsigned binaries with signed
|
||||
$signedFilesFilter = Join-Path -Path $SignedFilesPath -ChildPath '*'
|
||||
Get-ChildItem -path $signedFilesFilter -Recurse -File | Select-Object -ExpandProperty FullName | Foreach-Object -Process {
|
||||
$relativePath = $_.ToLowerInvariant().Replace($SignedFilesPath.ToLowerInvariant(),'')
|
||||
$destination = Join-Path -Path $BuildPath -ChildPath $relativePath
|
||||
Write-Log "replacing $destination with $_"
|
||||
Copy-Item -Path $_ -Destination $destination -force
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
function Expand-PSSignedBuild
|
||||
{
|
||||
param(
|
||||
|
|
|
@ -134,14 +134,52 @@ jobs:
|
|||
- powershell: |
|
||||
Import-Module $(PowerShellRoot)/build.psm1 -Force
|
||||
Import-Module $(PowerShellRoot)/tools/packaging -Force
|
||||
|
||||
$signedFilesPath = '$(System.ArtifactsDirectory)\signed\'
|
||||
$BuildPath = '$(System.ArtifactsDirectory)\$(SymbolsFolder)'
|
||||
|
||||
Update-PSSignedBuildFolder -BuildPath $BuildPath -SignedFilesPath $SignedFilesPath
|
||||
$dlls = Get-ChildItem $BuildPath\*.dll -Recurse
|
||||
$signatures = $dlls | Get-AuthenticodeSignature
|
||||
$missingSignatures = $signatures | Where-Object { $_.status -eq 'notsigned'}| select-object -ExpandProperty Path
|
||||
tools/releaseBuild/generatePackgeSigning.ps1 -ThirdPartyFiles $missingSignatures -path "$(System.ArtifactsDirectory)\thirtdparty.xml"
|
||||
displayName: Create ThirdParty Signing Xml
|
||||
condition: and(succeeded(), eq(variables['SHOULD_SIGN'], 'true'))
|
||||
|
||||
- task: PkgESCodeSign@10
|
||||
displayName: 'CodeSign ThirdParty $(Architecture)'
|
||||
env:
|
||||
SYSTEM_ACCESSTOKEN: $(System.AccessToken)
|
||||
inputs:
|
||||
signConfigXml: '$(System.ArtifactsDirectory)\thirtdparty.xml'
|
||||
inPathRoot: '$(System.ArtifactsDirectory)\$(SymbolsFolder)'
|
||||
outPathRoot: '$(System.ArtifactsDirectory)\signedThirdParty'
|
||||
condition: and(succeeded(), eq(variables['SHOULD_SIGN'], 'true'))
|
||||
|
||||
- powershell: |
|
||||
Get-ChildItem '$(System.ArtifactsDirectory)\signedThirdParty\*'
|
||||
displayName: Captrue ThirdParty Signed files
|
||||
condition: and(succeeded(), eq(variables['SHOULD_SIGN'], 'true'))
|
||||
|
||||
- powershell: |
|
||||
Import-Module $(PowerShellRoot)/build.psm1 -Force
|
||||
Import-Module $(PowerShellRoot)/tools/packaging -Force
|
||||
$signedFilesPath = '$(System.ArtifactsDirectory)\signedThirdParty\'
|
||||
$BuildPath = '$(System.ArtifactsDirectory)\$(SymbolsFolder)'
|
||||
|
||||
Update-PSSignedBuildFolder -BuildPath $BuildPath -SignedFilesPath $SignedFilesPath
|
||||
displayName: Merge ThirdParty signed files with Build
|
||||
condition: and(succeeded(), eq(variables['SHOULD_SIGN'], 'true'))
|
||||
|
||||
- powershell: |
|
||||
Import-Module $(PowerShellRoot)/build.psm1 -Force
|
||||
Import-Module $(PowerShellRoot)/tools/packaging -Force
|
||||
|
||||
$destFolder = '$(System.ArtifactsDirectory)\signedZip'
|
||||
$BuildPath = '$(System.ArtifactsDirectory)\$(SymbolsFolder)'
|
||||
|
||||
New-Item -ItemType Directory -Path $destFolder -Force
|
||||
|
||||
$BuildPackagePath = New-PSSignedBuildZip -BuildPath $BuildPath -SignedFilesPath $SignedFilesPath -DestinationFolder $destFolder
|
||||
$BuildPackagePath = New-PSBuildZip -BuildPath $BuildPath -DestinationFolder $destFolder
|
||||
|
||||
Write-Verbose -Verbose "New-PSSignedBuildZip returned `$BuildPackagePath as: $BuildPackagePath"
|
||||
Write-Host "##vso[artifact.upload containerfolder=results;artifactname=results]$BuildPackagePath"
|
||||
|
|
|
@ -7,14 +7,16 @@ param(
|
|||
[string[]] $AuthenticodeFiles,
|
||||
[string[]] $NuPkgFiles,
|
||||
[string[]] $MacDeveloperFiles,
|
||||
[string[]] $LinuxFiles
|
||||
[string[]] $LinuxFiles,
|
||||
[string[]] $ThirdPartyFiles
|
||||
)
|
||||
|
||||
if ((!$AuthenticodeDualFiles -or $AuthenticodeDualFiles.Count -eq 0) -and
|
||||
(!$AuthenticodeFiles -or $AuthenticodeFiles.Count -eq 0) -and
|
||||
(!$NuPkgFiles -or $NuPkgFiles.Count -eq 0) -and
|
||||
(!$MacDeveloperFiles -or $MacDeveloperFiles.Count -eq 0) -and
|
||||
(!$LinuxFiles -or $LinuxFiles.Count -eq 0))
|
||||
(!$LinuxFiles -or $LinuxFiles.Count -eq 0) -and
|
||||
(!$ThirdPartyFiles -or $ThirdPartyFiles.Count -eq 0))
|
||||
{
|
||||
throw "At least one file must be specified"
|
||||
}
|
||||
|
@ -89,6 +91,10 @@ foreach ($file in $LinuxFiles) {
|
|||
New-FileElement -File $file -SignType 'LinuxPack' -XmlDoc $signingXml -Job $job
|
||||
}
|
||||
|
||||
foreach ($file in $ThirdPartyFiles) {
|
||||
New-FileElement -File $file -SignType 'ThirdParty' -XmlDoc $signingXml -Job $job
|
||||
}
|
||||
|
||||
$signingXml.Save($path)
|
||||
$updateScriptPath = Join-Path -Path $PSScriptRoot -ChildPath 'updateSigning.ps1'
|
||||
& $updateScriptPath -SigningXmlPath $path
|
||||
|
|
Loading…
Reference in a new issue