aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorRob Mensching <rob@firegiant.com>2023-09-12 14:08:34 -0700
committerRob Mensching <rob@firegiant.com>2023-09-13 12:39:38 -0700
commite570ce580afa981d3cf7750bea1d129309b48a06 (patch)
tree816e7daec7b5177a54e044156045bc24d9557516 /src
parent409d3b63bff29df0859a217ba2843b85d65d2efe (diff)
downloadwix-e570ce580afa981d3cf7750bea1d129309b48a06.tar.gz
wix-e570ce580afa981d3cf7750bea1d129309b48a06.tar.bz2
wix-e570ce580afa981d3cf7750bea1d129309b48a06.zip
Update to latest signing infrastructure
Fixes 7546
Diffstat (limited to 'src')
-rw-r--r--src/Directory.Build.targets42
-rw-r--r--src/internal/SetBuildNumber/SetBuildNumber.proj9
-rw-r--r--src/signing-empty-file-list.txt1
-rw-r--r--src/signing.json13
4 files changed, 19 insertions, 46 deletions
diff --git a/src/Directory.Build.targets b/src/Directory.Build.targets
index 0dd56353..74a381ba 100644
--- a/src/Directory.Build.targets
+++ b/src/Directory.Build.targets
@@ -4,9 +4,9 @@
4<Project> 4<Project>
5 <PropertyGroup> 5 <PropertyGroup>
6 <SigningToolFolder>$(ToolsFolder)</SigningToolFolder> 6 <SigningToolFolder>$(ToolsFolder)</SigningToolFolder>
7 <SigningToolExe>$(SigningToolFolder)\SignClient.exe</SigningToolExe> 7 <SigningToolExe>$(SigningToolFolder)\sign.exe</SigningToolExe>
8 <SigningFilelist>$(SigningToolFolder)\empty-filelist.txt</SigningFilelist> 8 <SigningFilelist>$(MSBuildThisFileDirectory)signing-empty-file-list.txt</SigningFilelist>
9 <SigningConfiguration>$([MSBuild]::GetDirectoryNameOfFileAbove($(MSBuildProjectDirectory), signing.json))\signing.json</SigningConfiguration> 9 <SigningConfiguration>--description "WiX Toolset" --description-url "https://wixtoolset.org/" --timestamp-url "http://timestamp.digicert.com" --file-list "$(SigningFilelist)" --azure-key-vault-managed-identity true --azure-key-vault-url "$(SigningVaultUri)" --azure-key-vault-certificate "$(SigningCertName)"</SigningConfiguration>
10 </PropertyGroup> 10 </PropertyGroup>
11 11
12 <PropertyGroup Condition=" '$(IsWixTestSupportProject)'=='true' "> 12 <PropertyGroup Condition=" '$(IsWixTestSupportProject)'=='true' ">
@@ -113,47 +113,39 @@
113 </ItemGroup> 113 </ItemGroup>
114 </Target> 114 </Target>
115 115
116 <Target Name="_GetSignClient" 116 <Target Name="SignOutput" AfterTargets="AfterBuild"
117 Condition=" !Exists('$(SigningToolExe)') "> 117 Condition=" '$(SigningCertName)'!='' and '$(SignOutput)'!='false' and
118
119 <WriteLinesToFile File='$(SigningFilelist)' Lines='do-not-sign-files-in-nupkg' Overwrite='true' />
120
121 <Exec Command='dotnet.exe tool install --tool-path "$(SigningToolFolder)" SignClient' IgnoreExitCode='true' />
122 </Target>
123
124 <Target Name="SignOutput" DependsOnTargets="_GetSignClient" AfterTargets="AfterBuild"
125 Condition=" '$(SigningUser)'!='' and '$(SignOutput)'!='false' and
126 ('$(MSBuildProjectExtension)'=='.csproj' or ('$(MSBuildProjectExtension)'=='.vcxproj' and '$(ConfigurationType)'!='StaticLibrary'))"> 118 ('$(MSBuildProjectExtension)'=='.csproj' or ('$(MSBuildProjectExtension)'=='.vcxproj' and '$(ConfigurationType)'!='StaticLibrary'))">
127 119
128 <Message Importance="high" Text="Signing file: $(TargetPath) using configuration from: $(SigningConfiguration)" /> 120 <Message Importance="high" Text="Signing file: $(TargetPath)" />
129 121
130 <Exec Command='"$(SigningToolExe)" sign -i $(TargetPath) -c "$(SigningConfiguration)" -n "WiX Toolset" -d "WiX Toolset" -u https://wixtoolset.org/ -r "$(SigningUser)" -s "$(SigningSecret)"' 122 <Exec Command='"$(SigningToolExe)" code azure-key-vault $(TargetPath) $(SigningConfiguration)'
131 WorkingDirectory="$(MSBuildProjectDirectory)" EchoOff="true" /> 123 WorkingDirectory="$(MSBuildProjectDirectory)" EchoOff="true" />
132 </Target> 124 </Target>
133 125
134 <Target Name="SignNupkg" DependsOnTargets="_GetSignClient" AfterTargets="Pack;PackNative" 126 <Target Name="SignNupkg" AfterTargets="Pack;PackNative"
135 Condition=" '$(SigningUser)'!='' and '@(NuGetPackOutput)'!='' and '$(SignNupkg)'!='false' "> 127 Condition=" '$(SigningCertName)'!='' and '@(NuGetPackOutput)'!='' and '$(SignNupkg)'!='false' ">
136 <ItemGroup> 128 <ItemGroup>
137 <SigningNupkgs Include="@(NuGetPackOutput)" Condition=" '%(Extension)'=='.nupkg' " /> 129 <SigningNupkgs Include="@(NuGetPackOutput)" Condition=" '%(Extension)'=='.nupkg' " />
138 </ItemGroup> 130 </ItemGroup>
139 131
140 <Message Importance="high" Text="Signing nupkg: @(SigningNupkgs->&apos;%(Identity)&apos;) using configuration from: $(SigningConfiguration)" /> 132 <Message Importance="high" Text="Signing nupkg: @(SigningNupkgs->&apos;%(Identity)&apos;)" />
141 133
142 <Exec Command='"$(SigningToolExe)" sign -i "@(SigningNupkgs->&apos;%(Identity)&apos;)" -c "$(SigningConfiguration)" -f "$(SigningFilelist)" -n "WiX Toolset" -d "WiX Toolset" -u https://wixtoolset.org/ -r "$(SigningUser)" -s "$(SigningSecret)"' 134 <Exec Command='"$(SigningToolExe)" code azure-key-vault "@(SigningNupkgs->&apos;%(Identity)&apos;)" $(SigningConfiguration)'
143 WorkingDirectory="$(MSBuildProjectDirectory)" EchoOff="true" /> 135 WorkingDirectory="$(MSBuildProjectDirectory)" EchoOff="true" />
144 </Target> 136 </Target>
145 137
146 <Target Name="SignBundleEngine" DependsOnTargets="_GetSignClient" Condition=" '$(SigningUser)'!='' and '$(SignOutput)'!='false' "> 138 <Target Name="SignBundleEngine" Condition=" '$(SigningCertName)'!='' and '$(SignOutput)'!='false' ">
147 <Message Importance="high" Text="Signing bundle engine: @(SignBundleEngine->&apos;%(Identity)&apos;) using configuration from: $(SigningConfiguration)" /> 139 <Message Importance="high" Text="Signing bundle engine: @(SignBundleEngine->&apos;%(Identity)&apos;)" />
148 140
149 <Exec Command='"$(SigningToolExe)" sign -i "@(SignBundleEngine->&apos;%(Identity)&apos;)" -c "$(SigningConfiguration)" -f "$(SigningFilelist)" -n "WiX Toolset" -d "WiX Toolset" -u https://wixtoolset.org/ -r "$(SigningUser)" -s "$(SigningSecret)"' 141 <Exec Command='"$(SigningToolExe)" code azure-key-vault "@(SignBundleEngine->&apos;%(Identity)&apos;)" $(SigningConfiguration)'
150 WorkingDirectory="$(MSBuildProjectDirectory)" EchoOff="true" /> 142 WorkingDirectory="$(MSBuildProjectDirectory)" EchoOff="true" />
151 </Target> 143 </Target>
152 144
153 <Target Name="SignBundle" DependsOnTargets="_GetSignClient" Condition=" '$(SigningUser)'!='' and '$(SignOutput)'!='false' "> 145 <Target Name="SignBundle" Condition=" '$(SigningCertName)'!='' and '$(SignOutput)'!='false' ">
154 <Message Importance="high" Text="Signing bundle: @(SignBundle->&apos;%(Identity)&apos;) using configuration from: $(SigningConfiguration)" /> 146 <Message Importance="high" Text="Signing bundle: @(SignBundle->&apos;%(Identity)&apos;)" />
155 147
156 <Exec Command='"$(SigningToolExe)" sign -i "@(SignBundle->&apos;%(Identity)&apos;)" -c "$(SigningConfiguration)" -f "$(SigningFilelist)" -n "WiX Toolset" -d "WiX Toolset" -u https://wixtoolset.org/ -r "$(SigningUser)" -s "$(SigningSecret)"' 148 <Exec Command='"$(SigningToolExe)" code azure-key-vault "@(SignBundle->&apos;%(Identity)&apos;)" $(SigningConfiguration)'
157 WorkingDirectory="$(MSBuildProjectDirectory)" EchoOff="true" /> 149 WorkingDirectory="$(MSBuildProjectDirectory)" EchoOff="true" />
158 </Target> 150 </Target>
159 151
diff --git a/src/internal/SetBuildNumber/SetBuildNumber.proj b/src/internal/SetBuildNumber/SetBuildNumber.proj
index cf98234e..9ff4e7c3 100644
--- a/src/internal/SetBuildNumber/SetBuildNumber.proj
+++ b/src/internal/SetBuildNumber/SetBuildNumber.proj
@@ -22,8 +22,7 @@
22 GitThisAssembly; 22 GitThisAssembly;
23 SetGlobalJson; 23 SetGlobalJson;
24 SetDirectoryPackagesProps; 24 SetDirectoryPackagesProps;
25 SetOverallWixVersions; 25 SetOverallWixVersions
26 InstallSigningClient
27 </SetBuildNumbersDependsOn> 26 </SetBuildNumbersDependsOn>
28 27
29 <GlobalJsonPath>$([System.IO.Path]::GetFullPath($(MSBuildThisFileDirectory)..\..\..\global.json))</GlobalJsonPath> 28 <GlobalJsonPath>$([System.IO.Path]::GetFullPath($(MSBuildThisFileDirectory)..\..\..\global.json))</GlobalJsonPath>
@@ -106,12 +105,6 @@
106 </Target> 105 </Target>
107 106
108 107
109 <Target Name="InstallSigningClient"
110 DependsOnTargets="_GetSignClient"
111 Condition=" '$(SigningUser)'!='' ">
112 </Target>
113
114
115 <Target Name="SetBuildNumbers" 108 <Target Name="SetBuildNumbers"
116 DependsOnTargets="$(SetBuildNumbersDependsOn)" 109 DependsOnTargets="$(SetBuildNumbersDependsOn)"
117 BeforeTargets="AfterBuild" /> 110 BeforeTargets="AfterBuild" />
diff --git a/src/signing-empty-file-list.txt b/src/signing-empty-file-list.txt
new file mode 100644
index 00000000..246cc9b6
--- /dev/null
+++ b/src/signing-empty-file-list.txt
@@ -0,0 +1 @@
this-file-prevents-files-from-being-signed-in-nupkgs \ No newline at end of file
diff --git a/src/signing.json b/src/signing.json
deleted file mode 100644
index fe1c8c9b..00000000
--- a/src/signing.json
+++ /dev/null
@@ -1,13 +0,0 @@
1{
2 "SignClient": {
3 "AzureAd": {
4 "AADInstance": "https://login.microsoftonline.com/",
5 "ClientId": "c248d68a-ba6f-4aa9-8a68-71fe872063f8",
6 "TenantId": "16076fdc-fcc1-4a15-b1ca-32c9a255900e"
7 },
8 "Service": {
9 "Url": "https://codesign.dotnetfoundation.org/",
10 "ResourceId": "https://SignService/3c30251f-36f3-490b-a955-520addb85001"
11 }
12 }
13}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-21 13:20:26 +0000