forked from Azure/azure-powershell
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathCodeSign.targets
97 lines (78 loc) · 5.13 KB
/
CodeSign.targets
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<UsingTask TaskName="ESRPSignTask" AssemblyFile="$(CISignRepoPath)\tools\sdkbuildtools\tasks\MS.Az.Sdk.OnPremise.Build.Tasks.dll" />
<PropertyGroup>
<!-- CISignRepo is an environment variable that points to ci-signing repo clone -->
<CISignRepoPath>$(CISignRepo)</CISignRepoPath>
</PropertyGroup>
<Target Name="CodeSignBinaries" DependsOnTargets="RestoreNugetPackages;BuildMsBuildTask">
<Message Text="====> Executing CodeSignBinaries Target..." Importance="high"/>
<PropertyGroup>
<!--public token associated with MSSharedLibKey.snk-->
<StrongNameToken Condition=" '$(StrongNameToken)' == '' ">31bf3856ad364e35</StrongNameToken>
</PropertyGroup>
<Message Text="----> Dlls signing section" Importance="high"/>
<!-- Azure -->
<ItemGroup Condition="'$(Scope)' == 'All' or '$(Scope)' == 'Latest' or '$(Scope)' == 'Netcore'">
<DelaySignedAssembliesToSign Include="$(PackageDirectory)\$(Configuration)\**\Microsoft*Azure*PowerShell*Cmdlets*.dll;
$(PackageDirectory)\$(Configuration)\Az.Accounts\Microsoft.Azure.PowerShell.Authentication.ResourceManager.dll;
$(PackageDirectory)\$(Configuration)\**\Microsoft.Azure.PowerShell.Authenticators.dll;
$(PackageDirectory)\$(Configuration)\Az.Accounts\Microsoft.Azure.PowerShell.Authentication.dll" />
</ItemGroup>
<Message Importance="high" Text="$(PackageDirectory)\$(Configuration) does not contains any files to sign. Code sign will skip." Condition="'@(DelaySignedAssembliesToSign)' == ''" />
<ESRPSignTask
CopyBackSignedFilesToOriginalLocation="true"
UnsignedFileList="@(DelaySignedAssembliesToSign)"
SignLogDirPath="$(LibraryRoot)dlls-signing.log"
Condition="!$(DelaySign) and '@(DelaySignedAssembliesToSign)' != ''"/>
<Exec Command="$(PowerShellCommandPrefix) ". $(LibraryToolsFolder)\UpdateModules.ps1 -BuildConfig $(Configuration) -Scope $(Scope) "" />
<!-- Copying shortcut to be signed -->
<Copy SourceFiles="$(LibraryRoot)tools\Az\Az.psm1" DestinationFolder="$(PackageDirectory)\$(Configuration)" Condition="'$(Scope)' == 'Netcore'" />
<Message Text="----> Scripts signing section" Importance="high"/>
<!-- Azure -->
<ItemGroup Condition="'$(Scope)' == 'All' or '$(Scope)' == 'Latest' or '$(Scope)' == 'Netcore'">
<ScriptsToSign Include="$(PackageDirectory)\$(Configuration)\**\*.ps1" />
<ScriptsToSign Include="$(PackageDirectory)\$(Configuration)\**\*.psm1" />
<ScriptsToSign Include="$(PackageDirectory)\$(Configuration)\**\*.ps1xml" />
<ScriptsToSign Include="$(PackageDirectory)\$(Configuration)\**\*.js" />
</ItemGroup>
<ESRPSignTask
CopyBackSignedFilesToOriginalLocation="true"
UnsignedFileList="@(ScriptsToSign)"
SignLogDirPath="$(LibraryRoot)scripts-signing.log"
Condition="!$(DelaySign) and '@(ScriptsToSign)' != ''"/>
<!-- RemoveCodeSignArtifacts.ps1 -->
<Message Text="----> Remove artifacts section" Importance="high"/>
<Exec Command="$(PowerShellCoreCommandPrefix) "Get-ChildItem -Path $(PackageDirectory) -Recurse -Include 'Signed','Unsigned' | Remove-Item -Recurse -Force -Confirm:$false -ErrorAction Ignore""
ContinueOnError="WarnAndContinue"
IgnoreExitCode="true" />
<!-- CheckSignature.ps1 -->
<Message Text="----> CheckSignature section" Importance="high"/>
<Exec Command="$(PowerShellCommandPrefix) ". $(LibraryToolsFolder)\CheckSignature.ps1 -CustomPath $(PackageDirectory)\$(Configuration) "" Condition="'$(Scope)' != 'Stack'" ContinueOnError="ErrorAndContinue" />
<!-- Copy files back after signing -->
<Copy SourceFiles="$(PackageDirectory)\$(Configuration)\Az.psm1" DestinationFolder="$(LibraryRoot)tools\Az" Condition="'$(Scope)' == 'Netcore'" />
</Target>
<Target Name="CodeSignInstaller">
<Message Text="----> CodeSignInstaller section" Importance="high"/>
<PropertyGroup>
<!--public token associated with MSSharedLibKey.snk-->
<StrongNameToken Condition=" '$(StrongNameToken)' == '' ">31bf3856ad364e35</StrongNameToken>
</PropertyGroup>
<GetFrameworkSdkPath>
<Output TaskParameter="Path" PropertyName="WindowsSdkPath"/>
</GetFrameworkSdkPath>
<ItemGroup>
<InstallersToSign Include="$(LibraryRoot)\setup\*.msi" />
</ItemGroup>
<Message Importance="high" Text="$(LibraryRoot)\setup does not contain any installers to sign. Code sign will skip."
Condition="'@(InstallersToSign)' == ''" />
<ESRPSignTask
SignedFilesRootDirPath="$(SignedOutputRootDir)"
UnsignedFileList="@(InstallersToSign)"
SignLogDirPath="$(LibraryRoot)\msi-signing.log"
Condition="!$(DelaySign) and '@(InstallersToSign)' != ''"/>
<!--If we are testing locally then we copy the binaries and do not submit to the code sign server-->
<Copy SourceFiles="@(InstallersToSign)" DestinationFolder="signed" Condition="$(DelaySign)" />
<SetEnvVar EnvName="SignedMsiDir" EnvValue="$(SignedOutputRootDir)" />
</Target>
</Project>