forked from dotnet/arcade
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Sign.proj
103 lines (85 loc) · 5.43 KB
/
Sign.proj
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
<!-- Licensed to the .NET Foundation under one or more agreements. The .NET Foundation licenses this file to you under the MIT license. See the LICENSE file in the project root for more information. -->
<Project DefaultTargets="Sign">
<Import Project="BuildStep.props" />
<Import Project="$(NuGetPackageRoot)microsoft.dotnet.signtool\$(MicrosoftDotNetSignToolVersion)\build\Microsoft.DotNet.SignTool.props" />
<ItemGroup>
<!--
This is intended to hold information about the certificates used for signing.
For now the only information required is whether or not the certificate can be
used for signing already signed files - DualSigningAllowed==true.
-->
<CertificatesSignInfo Include="3PartyDual" DualSigningAllowed="true" />
<CertificatesSignInfo Include="3PartySHA2" DualSigningAllowed="true" />
<!-- List of container files that will be opened and checked for files that need to be signed. -->
<ItemsToSign Include="$(ArtifactsPackagesDir)**\*.nupkg" />
<ItemsToSign Include="$(VisualStudioSetupOutputPath)**\*.vsix" />
<ItemsToSign Include="$(VisualStudioBuildPackagesDir)**\*.nupkg" />
<!-- Default certificate/strong-name to be used for all files with PKT=="31bf3856ad364e35". -->
<StrongNameSignInfo Include="MsSharedLib72" PublicKeyToken="31bf3856ad364e35" CertificateName="Microsoft400" />
<StrongNameSignInfo Include="SilverlightCert121" PublicKeyToken="7cec85d7bea7798e" CertificateName="Microsoft400" />
<StrongNameSignInfo Include="StrongName" PublicKeyToken="b77a5c561934e089" CertificateName="Microsoft400" />
<StrongNameSignInfo Include="StrongName" PublicKeyToken="b03f5f7f11d50a3a" CertificateName="Microsoft400" />
<StrongNameSignInfo Include="$(MSBuildThisFileDirectory)snk\Open.snk" PublicKeyToken="cc7b13ffcd2ddd51" CertificateName="Microsoft400" />
<!--
Map of file extensions to default certificate name. Files with these extensions are
signed with the specified certificate. Particularly useful for files that don't have
a public key token.
The certificate can be overriden using the StrongNameSignInfo or the FileSignInfo item group.
-->
<FileExtensionSignInfo Include=".jar" CertificateName="MicrosoftJARSHA2" />
<FileExtensionSignInfo Include=".js;.ps1;.psd1;.psm1;.psc1;.py" CertificateName="Microsoft400" />
<FileExtensionSignInfo Include=".dll;.exe" CertificateName="Microsoft400" />
<FileExtensionSignInfo Include=".nupkg" CertificateName="NuGet" />
<FileExtensionSignInfo Include=".vsix" CertificateName="VsixSHA2" />
<FileExtensionSignInfo Include=".zip" CertificateName="None" />
</ItemGroup>
<PropertyGroup>
<!-- Control whether an empty ItemsToSign item group is allowed when calling SignToolTask. -->
<AllowEmptySignList>false</AllowEmptySignList>
</PropertyGroup>
<PropertyGroup>
<NETCORE_ENGINEERING_TELEMETRY>Signing</NETCORE_ENGINEERING_TELEMETRY>
</PropertyGroup>
<!-- Allow repository to customize signing configuration -->
<Import Project="$(RepositoryEngineeringDir)Signing.props" Condition="Exists('$(RepositoryEngineeringDir)Signing.props')" />
<Target Name="Sign">
<Error Text="The value of DotNetSignType is invalid: '$(DotNetSignType)'"
Condition="'$(DotNetSignType)' != 'real' and '$(DotNetSignType)' != 'test' and '$(DotNetSignType)' != ''" />
<PropertyGroup>
<_DryRun>true</_DryRun>
<_DryRun Condition="'$(OfficialBuild)' == 'true'">false</_DryRun>
<_TestSign>false</_TestSign>
<_TestSign Condition="'$(DotNetSignType)' == 'test'">true</_TestSign>
<_DesktopMSBuildRequired>false</_DesktopMSBuildRequired>
<_DesktopMSBuildRequired Condition="'$(_DryRun)' != 'true' and '$(MSBuildRuntimeType)' == 'Core'">true</_DesktopMSBuildRequired>
</PropertyGroup>
<!-- We only need this if we are going to use the executable version. -->
<Exec Command='"$(NuGetPackageRoot)vswhere\$(VSWhereVersion)\tools\vswhere.exe" -latest -prerelease -property installationPath -requires Microsoft.Component.MSBuild'
ConsoleToMsBuild="true"
StandardErrorImportance="high"
Condition="$(_DesktopMSBuildRequired)">
<Output TaskParameter="ConsoleOutput" PropertyName="_VSInstallDir" />
</Exec>
<PropertyGroup Condition="$(_DesktopMSBuildRequired)">
<_DesktopMSBuildPath>$(_VSInstallDir)\MSBuild\Current\Bin\msbuild.exe</_DesktopMSBuildPath>
<_DesktopMSBuildPath Condition="!Exists('$(_DesktopMSBuildPath)')">$(_VSInstallDir)\MSBuild\15.0\Bin\msbuild.exe</_DesktopMSBuildPath>
</PropertyGroup>
<Error Condition="'$(AllowEmptySignList)' != 'true' AND '@(ItemsToSign)' == ''"
Text="List of files to sign is empty. Make sure that ItemsToSign is configured correctly." />
<Microsoft.DotNet.SignTool.SignToolTask
DryRun="$(_DryRun)"
TestSign="$(_TestSign)"
DoStrongNameCheck="$(DoStrongNameCheck)"
AllowEmptySignList="$(AllowEmptySignList)"
CertificatesSignInfo="@(CertificatesSignInfo)"
ItemsToSign="@(ItemsToSign)"
StrongNameSignInfo="@(StrongNameSignInfo)"
FileSignInfo="@(FileSignInfo)"
FileExtensionSignInfo="@(FileExtensionSignInfo)"
TempDir="$(ArtifactsTmpDir)"
LogDir="$(ArtifactsLogDir)"
MSBuildPath="$(_DesktopMSBuildPath)"
SNBinaryPath="$(NuGetPackageRoot)sn\$(SNVersion)\sn.exe"
MicroBuildCorePath="$(NuGetPackageRoot)microbuild.core\$(MicroBuildCoreVersion)"/>
</Target>
</Project>