Update to latest signing infrastructure

Fixes 7546
author: Rob Mensching <rob@firegiant.com> 2023-09-12 14:08:34 -0700
committer: Rob Mensching <rob@firegiant.com> 2023-09-13 12:39:38 -0700
commit: e570ce580afa981d3cf7750bea1d129309b48a06 (patch)
tree: 816e7daec7b5177a54e044156045bc24d9557516 /src/Directory.Build.targets
parent: 409d3b63bff29df0859a217ba2843b85d65d2efe (diff)
download: wix-e570ce580afa981d3cf7750bea1d129309b48a06.tar.gz
wix-e570ce580afa981d3cf7750bea1d129309b48a06.tar.bz2
wix-e570ce580afa981d3cf7750bea1d129309b48a06.zip
1 files changed, 17 insertions, 25 deletions
diff --git a/src/Directory.Build.targets b/src/Directory.Build.targets
index 0dd56353..74a381ba 100644
--- a/src/Directory.Build.targets
+++ b/src/Directory.Build.targets
@@ -4,9 +4,9 @@
 <Project>
  <PropertyGroup>
    <SigningToolFolder>$(ToolsFolder)</SigningToolFolder>
-    <SigningToolExe>$(SigningToolFolder)\SignClient.exe</SigningToolExe>
+    <SigningToolExe>$(SigningToolFolder)\sign.exe</SigningToolExe>
-    <SigningFilelist>$(SigningToolFolder)\empty-filelist.txt</SigningFilelist>
+    <SigningFilelist>$(MSBuildThisFileDirectory)signing-empty-file-list.txt</SigningFilelist>
-    <SigningConfiguration>$([MSBuild]::GetDirectoryNameOfFileAbove($(MSBuildProjectDirectory), signing.json))\signing.json</SigningConfiguration>
+    <SigningConfiguration>--description "WiX Toolset" --description-url "https://wixtoolset.org/" --timestamp-url "http://timestamp.digicert.com" --file-list "$(SigningFilelist)" --azure-key-vault-managed-identity true --azure-key-vault-url "$(SigningVaultUri)" --azure-key-vault-certificate "$(SigningCertName)"</SigningConfiguration>
  </PropertyGroup>
  <PropertyGroup Condition=" '$(IsWixTestSupportProject)'=='true' ">
@@ -113,47 +113,39 @@
    </ItemGroup>
  </Target>
-  <Target Name="_GetSignClient"
+  <Target Name="SignOutput" AfterTargets="AfterBuild"
-          Condition=" !Exists('$(SigningToolExe)') ">
+          Condition=" '$(SigningCertName)'!='' and '$(SignOutput)'!='false' and 
-    <WriteLinesToFile File='$(SigningFilelist)' Lines='do-not-sign-files-in-nupkg' Overwrite='true' />
-    <Exec Command='dotnet.exe tool install --tool-path "$(SigningToolFolder)" SignClient' IgnoreExitCode='true' />
-  </Target>
-  <Target Name="SignOutput" DependsOnTargets="_GetSignClient" AfterTargets="AfterBuild"
-          Condition=" '$(SigningUser)'!='' and '$(SignOutput)'!='false' and 
                      ('$(MSBuildProjectExtension)'=='.csproj' or ('$(MSBuildProjectExtension)'=='.vcxproj' and '$(ConfigurationType)'!='StaticLibrary'))">
-    <Message Importance="high" Text="Signing file: $(TargetPath) using configuration from: $(SigningConfiguration)" />
+    <Message Importance="high" Text="Signing file: $(TargetPath)" />
-    <Exec Command='"$(SigningToolExe)" sign -i $(TargetPath) -c "$(SigningConfiguration)" -n "WiX Toolset" -d "WiX Toolset" -u https://wixtoolset.org/ -r "$(SigningUser)" -s "$(SigningSecret)"'
+    <Exec Command='"$(SigningToolExe)" code azure-key-vault $(TargetPath) $(SigningConfiguration)'
          WorkingDirectory="$(MSBuildProjectDirectory)" EchoOff="true" />
  </Target>
-  <Target Name="SignNupkg" DependsOnTargets="_GetSignClient" AfterTargets="Pack;PackNative"
+  <Target Name="SignNupkg" AfterTargets="Pack;PackNative"
-          Condition=" '$(SigningUser)'!='' and '@(NuGetPackOutput)'!='' and '$(SignNupkg)'!='false' ">
+          Condition=" '$(SigningCertName)'!='' and '@(NuGetPackOutput)'!='' and '$(SignNupkg)'!='false' ">
    <ItemGroup>
      <SigningNupkgs Include="@(NuGetPackOutput)" Condition=" '%(Extension)'=='.nupkg' " />
    </ItemGroup>
-    <Message Importance="high" Text="Signing nupkg: @(SigningNupkgs->&apos;%(Identity)&apos;) using configuration from: $(SigningConfiguration)" />
+    <Message Importance="high" Text="Signing nupkg: @(SigningNupkgs->&apos;%(Identity)&apos;)" />
-    <Exec Command='"$(SigningToolExe)" sign -i "@(SigningNupkgs->&apos;%(Identity)&apos;)" -c "$(SigningConfiguration)" -f "$(SigningFilelist)" -n "WiX Toolset" -d "WiX Toolset" -u https://wixtoolset.org/ -r "$(SigningUser)" -s "$(SigningSecret)"'
+    <Exec Command='"$(SigningToolExe)" code azure-key-vault "@(SigningNupkgs->&apos;%(Identity)&apos;)" $(SigningConfiguration)'
          WorkingDirectory="$(MSBuildProjectDirectory)" EchoOff="true" />
  </Target>
-  <Target Name="SignBundleEngine" DependsOnTargets="_GetSignClient" Condition=" '$(SigningUser)'!='' and '$(SignOutput)'!='false' ">
+  <Target Name="SignBundleEngine" Condition=" '$(SigningCertName)'!='' and '$(SignOutput)'!='false' ">
-    <Message Importance="high" Text="Signing bundle engine: @(SignBundleEngine->&apos;%(Identity)&apos;) using configuration from: $(SigningConfiguration)" />
+    <Message Importance="high" Text="Signing bundle engine: @(SignBundleEngine->&apos;%(Identity)&apos;)" />
-    <Exec Command='"$(SigningToolExe)" sign -i "@(SignBundleEngine->&apos;%(Identity)&apos;)" -c "$(SigningConfiguration)" -f "$(SigningFilelist)" -n "WiX Toolset" -d "WiX Toolset" -u https://wixtoolset.org/ -r "$(SigningUser)" -s "$(SigningSecret)"'
+    <Exec Command='"$(SigningToolExe)" code azure-key-vault "@(SignBundleEngine->&apos;%(Identity)&apos;)" $(SigningConfiguration)'
          WorkingDirectory="$(MSBuildProjectDirectory)" EchoOff="true" />
  </Target>
-  <Target Name="SignBundle" DependsOnTargets="_GetSignClient" Condition=" '$(SigningUser)'!='' and '$(SignOutput)'!='false' ">
+  <Target Name="SignBundle" Condition=" '$(SigningCertName)'!='' and '$(SignOutput)'!='false' ">
-    <Message Importance="high" Text="Signing bundle: @(SignBundle->&apos;%(Identity)&apos;) using configuration from: $(SigningConfiguration)" />
+    <Message Importance="high" Text="Signing bundle: @(SignBundle->&apos;%(Identity)&apos;)" />
-    <Exec Command='"$(SigningToolExe)" sign -i "@(SignBundle->&apos;%(Identity)&apos;)" -c "$(SigningConfiguration)" -f "$(SigningFilelist)" -n "WiX Toolset" -d "WiX Toolset" -u https://wixtoolset.org/ -r "$(SigningUser)" -s "$(SigningSecret)"'
+    <Exec Command='"$(SigningToolExe)" code azure-key-vault "@(SignBundle->&apos;%(Identity)&apos;)" $(SigningConfiguration)'
          WorkingDirectory="$(MSBuildProjectDirectory)" EchoOff="true" />
  </Target>
author	Rob Mensching <rob@firegiant.com>	2023-09-12 14:08:34 -0700
committer	Rob Mensching <rob@firegiant.com>	2023-09-13 12:39:38 -0700
commit	e570ce580afa981d3cf7750bea1d129309b48a06 (patch)
tree	816e7daec7b5177a54e044156045bc24d9557516 /src/Directory.Build.targets
parent	409d3b63bff29df0859a217ba2843b85d65d2efe (diff)
download	wix-e570ce580afa981d3cf7750bea1d129309b48a06.tar.gz wix-e570ce580afa981d3cf7750bea1d129309b48a06.tar.bz2 wix-e570ce580afa981d3cf7750bea1d129309b48a06.zip

diff --git a/src/Directory.Build.targets b/src/Directory.Build.targets index 0dd56353..74a381ba 100644 --- a/src/Directory.Build.targets +++ b/src/Directory.Build.targets
@@ -4,9 +4,9 @@
4	<Project>	4	<Project>
5	<PropertyGroup>	5	<PropertyGroup>
6	<SigningToolFolder>$(ToolsFolder)</SigningToolFolder>	6	<SigningToolFolder>$(ToolsFolder)</SigningToolFolder>
7	<SigningToolExe>$(SigningToolFolder)\SignClient.exe</SigningToolExe>	7	<SigningToolExe>$(SigningToolFolder)\sign.exe</SigningToolExe>
8	<SigningFilelist>$(SigningToolFolder)\empty-filelist.txt</SigningFilelist>	8	<SigningFilelist>$(MSBuildThisFileDirectory)signing-empty-file-list.txt</SigningFilelist>
9	<SigningConfiguration>$([MSBuild]::GetDirectoryNameOfFileAbove($(MSBuildProjectDirectory), signing.json))\signing.json</SigningConfiguration>	9	<SigningConfiguration>--description "WiX Toolset" --description-url "https://wixtoolset.org/" --timestamp-url "http://timestamp.digicert.com" --file-list "$(SigningFilelist)" --azure-key-vault-managed-identity true --azure-key-vault-url "$(SigningVaultUri)" --azure-key-vault-certificate "$(SigningCertName)"</SigningConfiguration>
10	</PropertyGroup>	10	</PropertyGroup>
11		11
12	<PropertyGroup Condition=" '$(IsWixTestSupportProject)'=='true' ">	12	<PropertyGroup Condition=" '$(IsWixTestSupportProject)'=='true' ">
@@ -113,47 +113,39 @@
113	</ItemGroup>	113	</ItemGroup>
114	</Target>	114	</Target>
115		115
116	<Target Name="_GetSignClient"	116	<Target Name="SignOutput" AfterTargets="AfterBuild"
117	Condition=" !Exists('$(SigningToolExe)') ">	117	Condition=" '$(SigningCertName)'!='' and '$(SignOutput)'!='false' and
118
119	<WriteLinesToFile File='$(SigningFilelist)' Lines='do-not-sign-files-in-nupkg' Overwrite='true' />
120
121	<Exec Command='dotnet.exe tool install --tool-path "$(SigningToolFolder)" SignClient' IgnoreExitCode='true' />
122	</Target>
123
124	<Target Name="SignOutput" DependsOnTargets="_GetSignClient" AfterTargets="AfterBuild"
125	Condition=" '$(SigningUser)'!='' and '$(SignOutput)'!='false' and
126	('$(MSBuildProjectExtension)'=='.csproj' or ('$(MSBuildProjectExtension)'=='.vcxproj' and '$(ConfigurationType)'!='StaticLibrary'))">	118	('$(MSBuildProjectExtension)'=='.csproj' or ('$(MSBuildProjectExtension)'=='.vcxproj' and '$(ConfigurationType)'!='StaticLibrary'))">
127		119
128	<Message Importance="high" Text="Signing file: $(TargetPath) using configuration from: $(SigningConfiguration)" />	120	<Message Importance="high" Text="Signing file: $(TargetPath)" />
129		121
130	<Exec Command='"$(SigningToolExe)" sign -i $(TargetPath) -c "$(SigningConfiguration)" -n "WiX Toolset" -d "WiX Toolset" -u https://wixtoolset.org/ -r "$(SigningUser)" -s "$(SigningSecret)"'	122	<Exec Command='"$(SigningToolExe)" code azure-key-vault $(TargetPath) $(SigningConfiguration)'
131	WorkingDirectory="$(MSBuildProjectDirectory)" EchoOff="true" />	123	WorkingDirectory="$(MSBuildProjectDirectory)" EchoOff="true" />
132	</Target>	124	</Target>
133		125
134	<Target Name="SignNupkg" DependsOnTargets="_GetSignClient" AfterTargets="Pack;PackNative"	126	<Target Name="SignNupkg" AfterTargets="Pack;PackNative"
135	Condition=" '$(SigningUser)'!='' and '@(NuGetPackOutput)'!='' and '$(SignNupkg)'!='false' ">	127	Condition=" '$(SigningCertName)'!='' and '@(NuGetPackOutput)'!='' and '$(SignNupkg)'!='false' ">
136	<ItemGroup>	128	<ItemGroup>
137	<SigningNupkgs Include="@(NuGetPackOutput)" Condition=" '%(Extension)'=='.nupkg' " />	129	<SigningNupkgs Include="@(NuGetPackOutput)" Condition=" '%(Extension)'=='.nupkg' " />
138	</ItemGroup>	130	</ItemGroup>
139		131
140	<Message Importance="high" Text="Signing nupkg: @(SigningNupkgs->'%(Identity)') using configuration from: $(SigningConfiguration)" />	132	<Message Importance="high" Text="Signing nupkg: @(SigningNupkgs->'%(Identity)')" />
141		133
142	<Exec Command='"$(SigningToolExe)" sign -i "@(SigningNupkgs->'%(Identity)')" -c "$(SigningConfiguration)" -f "$(SigningFilelist)" -n "WiX Toolset" -d "WiX Toolset" -u https://wixtoolset.org/ -r "$(SigningUser)" -s "$(SigningSecret)"'	134	<Exec Command='"$(SigningToolExe)" code azure-key-vault "@(SigningNupkgs->'%(Identity)')" $(SigningConfiguration)'
143	WorkingDirectory="$(MSBuildProjectDirectory)" EchoOff="true" />	135	WorkingDirectory="$(MSBuildProjectDirectory)" EchoOff="true" />
144	</Target>	136	</Target>
145		137
146	<Target Name="SignBundleEngine" DependsOnTargets="_GetSignClient" Condition=" '$(SigningUser)'!='' and '$(SignOutput)'!='false' ">	138	<Target Name="SignBundleEngine" Condition=" '$(SigningCertName)'!='' and '$(SignOutput)'!='false' ">
147	<Message Importance="high" Text="Signing bundle engine: @(SignBundleEngine->'%(Identity)') using configuration from: $(SigningConfiguration)" />	139	<Message Importance="high" Text="Signing bundle engine: @(SignBundleEngine->'%(Identity)')" />
148		140
149	<Exec Command='"$(SigningToolExe)" sign -i "@(SignBundleEngine->'%(Identity)')" -c "$(SigningConfiguration)" -f "$(SigningFilelist)" -n "WiX Toolset" -d "WiX Toolset" -u https://wixtoolset.org/ -r "$(SigningUser)" -s "$(SigningSecret)"'	141	<Exec Command='"$(SigningToolExe)" code azure-key-vault "@(SignBundleEngine->'%(Identity)')" $(SigningConfiguration)'
150	WorkingDirectory="$(MSBuildProjectDirectory)" EchoOff="true" />	142	WorkingDirectory="$(MSBuildProjectDirectory)" EchoOff="true" />
151	</Target>	143	</Target>
152		144
153	<Target Name="SignBundle" DependsOnTargets="_GetSignClient" Condition=" '$(SigningUser)'!='' and '$(SignOutput)'!='false' ">	145	<Target Name="SignBundle" Condition=" '$(SigningCertName)'!='' and '$(SignOutput)'!='false' ">
154	<Message Importance="high" Text="Signing bundle: @(SignBundle->'%(Identity)') using configuration from: $(SigningConfiguration)" />	146	<Message Importance="high" Text="Signing bundle: @(SignBundle->'%(Identity)')" />
155		147
156	<Exec Command='"$(SigningToolExe)" sign -i "@(SignBundle->'%(Identity)')" -c "$(SigningConfiguration)" -f "$(SigningFilelist)" -n "WiX Toolset" -d "WiX Toolset" -u https://wixtoolset.org/ -r "$(SigningUser)" -s "$(SigningSecret)"'	148	<Exec Command='"$(SigningToolExe)" code azure-key-vault "@(SignBundle->'%(Identity)')" $(SigningConfiguration)'
157	WorkingDirectory="$(MSBuildProjectDirectory)" EchoOff="true" />	149	WorkingDirectory="$(MSBuildProjectDirectory)" EchoOff="true" />
158	</Target>	150	</Target>
159		151