Skip to content

Commit

Permalink
Update signtool plan (#453)
Browse files Browse the repository at this point in the history 
* Update signtool plan

Changing to always generate manifest during build to reflect the decision that happened recently in #58

* change the wording
  • Loading branch information
@maririos
maririos committed Aug 9, 2018
1 parent eb06afd commit 33ca91a
Showing 1 changed file with 3 additions and 6 deletions.
9 changes: 3 additions & 6 deletions Documentation/CorePackages/SigningPlan.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,19 +5,16 @@ The goal of the signing plan is to provide guidance on how the tier 1 (T1) produ
- Leverage pre-existing solutions so that work isn't duplicated.
- Where possible, avoid dependency on software installed on the machine to facilitate the consumtion of the tool accross the .NET Core repositories.
- The consumption method of the SignTool should follow the [Methods for Consuming the .NET Core Shared Infrastructure Components](https://github.com/dotnet/arcade/blob/master/Documentation/Overview.md#methods-for-consuming-the-net-core-shared-infrastructure-components).
- Signtool will need a manifest (list of files) in order to know what to sign. The manifest can be checked in (explicit) or
can be generated during the build (implicit).
- SignTool should provide validation to guarantee that all assets that need signing are going to be signed, and also verify
that the binaries were actually signed.
- Signtool will need a list of containers in order to know what to sign.

## Roadmap
1. (S137) Migrate SignTool from Repo tool set to Arcade.
2. (S138) Add SignTool to Arcade SDK.
3. (S138) Arcade should sign its packages using the SignTool that is in the SDK.
4. (S138 - S139) Refactor the SignTool to accomodate scenarios for other repositories. Examples of the changes are:
- Convert to MsBuild task.
- Accept a manifest file from different source (implicit or explicit).
- Read the strong name from the metadata of a build.
- Accept a list of containers that need to be signed. Those containers will be expanded and nested assemblies signed. Current support will be to VSIX and NuGet packages.
- Read the strong name from the metadata of the file.
5. (S140) Onboard one repository from T1 to use the SignTool from the SDK to sign its binaries.
6. (S140) Once validated in a repository, start onboarding the other T1 repositories.

Expand Down

0 comments on commit 33ca91a

Please sign in to comment.