-
Notifications
You must be signed in to change notification settings - Fork 4.7k
/
Signing.props
123 lines (98 loc) · 5.51 KB
/
Signing.props
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
<Project>
<PropertyGroup>
<!--
Windows arm/arm64 jobs don't have MSIs to sign. Keep it simple: allow not finding any matches
here and rely on overall signing validation.
-->
<AllowEmptySignList>true</AllowEmptySignList>
</PropertyGroup>
<!-- Get artifact locations to sign. -->
<Import Project="$(RepositoryEngineeringDir)Configurations.props" />
<Import Project="$(RepositoryEngineeringDir)liveBuilds.targets" />
<ItemGroup>
<!--
Replace the default items to sign with the specific set we want. This allows the build to call
Arcade's Sign.proj multiple times for different sets of files as the build progresses.
-->
<ItemsToSign Remove="@(ItemsToSign)" />
<!-- Find bundle artifacts, which need multiple stages to fully sign. -->
<BundleInstallerEngineArtifact Include="$(ArtifactsPackagesDir)**/*engine.exe" />
<BundleInstallerExeArtifact Include="$(ArtifactsPackagesDir)**/*.exe" />
<!-- apphost and comhost template files are not signed, by design. -->
<FileSignInfo Include="apphost.exe;comhost.dll" CertificateName="None" />
</ItemGroup>
<ItemGroup Condition="'$(CrossTargetComponentFolder)' != ''">
<CoreCLRCrossTargetItemsToSign Include="$(CoreCLRArtifactsPath)$(CrossTargetComponentFolder)/sharedFramework/*.dll" />
<CoreCLRCrossTargetItemsToSign Include="$(CoreCLRArtifactsPath)$(CrossTargetComponentFolder)/sharedFramework/*.exe" />
</ItemGroup>
<ItemGroup Condition="'$(SignBinaries)' == 'true'">
<!-- Sign CoreCLR. -->
<ItemsToSign Include="$(CoreCLRSharedFrameworkDir)*.dll" />
<ItemsToSign Include="$(CoreCLRSharedFrameworkDir)*.exe" />
<ItemsToSign Include="$(CoreCLRArtifactsPath)System.Private.CoreLib.dll" />
<ItemsToSign Include="$(CoreCLRCrossgen2Dir)crossgen2.exe" />
<ItemsToSign Include="$(CoreCLRCrossgen2Dir)crossgen2.dll" />
<ItemsToSign Include="$(CoreCLRCrossgen2Dir)ILCompiler.DependencyAnalysisFramework.dll" />
<ItemsToSign Include="$(CoreCLRCrossgen2Dir)ILCompiler.ReadyToRun.dll" />
<ItemsToSign Include="$(CoreCLRCrossgen2Dir)ILCompiler.TypeSystem.ReadyToRun.dll" />
<ItemsToSign Include="$(CoreCLRCrossgen2Dir)clrjitilc.dll" />
<ItemsToSign Include="$(CoreCLRCrossgen2Dir)jitinterface.dll" />
<ItemsToSign Include="@(CoreCLRCrossTargetItemsToSign)" />
<FileSignInfo Include="mscordaccore.dll" CertificateName="MicrosoftSHA2" />
<!-- Sign api-ms-win-core-xstate-l2-1-0 binary as it is only catalog signed in the current SDK. -->
<ItemsToSign
Condition="'$(Configuration)' == 'Release' and '$(TargetArchitecture)' == 'x86'"
Include="$(CoreCLRArtifactsPath)Redist\ucrt\DLLs\$(TargetArchitecture)\api-ms-win-core-xstate-l2-1-0.dll" />
<!-- Sign libraries. -->
<ItemsToSign Include="$(LibrariesNativeArtifactsPath)*.dll" />
<ItemsToSign Include="$(LibrariesSharedFrameworkRefArtifactsPath)*.dll" />
<!-- Most runtime artifacts will be crossgenned, so sign them post-crossgen. mscorlib isn't. -->
<ItemsToSign Include="$(LibrariesSharedFrameworkBinArtifactsPath)mscorlib.dll" />
<!-- Sign the host. -->
<ItemsToSign Include="$(BaseOutputRootPath)corehost/**/hostfxr.dll" />
<ItemsToSign Include="$(BaseOutputRootPath)corehost/**/hostpolicy.dll" />
<ItemsToSign Include="$(BaseOutputRootPath)corehost/**/dotnet.exe" />
<ItemsToSign Include="$(BaseOutputRootPath)corehost/**/ijwhost.dll" />
<ItemsToSign Include="$(BaseOutputRootPath)corehost/**/winrthost.dll" />
<ItemsToSign Include="$(BaseOutputRootPath)corehost/**/nethost.dll" />
<!-- Sign managed libraries in installer subset. -->
<ItemsToSign Include="$(ArtifactsBinDir)Microsoft.DotNet.PlatformAbstractions/**/*.dll" />
<ItemsToSign Include="$(ArtifactsBinDir)Microsoft.NET.HostModel/**/*.dll" />
</ItemGroup>
<!-- Sign ready-to-run binaries after crossgen is applied. -->
<ItemGroup Condition="'$(SignR2RBinaries)' == 'true'">
<ItemsToSign Include="$(CrossGenRootPath)**/*.dll" />
</ItemGroup>
<ItemGroup Condition="'$(SignMsiFiles)' == 'true'">
<ItemsToSign Include="$(ArtifactsPackagesDir)**/*.msi" />
<ItemsToSign Include="$(ArtifactsPackagesDir)**/*.cab" />
</ItemGroup>
<ItemGroup Condition="'$(SignBurnEngineFiles)' == 'true'">
<ItemsToSign Include="@(BundleInstallerEngineArtifact)" />
</ItemGroup>
<ItemGroup Condition="'$(SignBurnBundleFiles)' == 'true'">
<!-- Sign the bundles, now that the engine is reattached. Avoid re-signing the engine. -->
<ItemsToSign
Include="@(BundleInstallerExeArtifact)"
Exclude="@(BundleInstallerEngineArtifact)" />
<!-- Note: wixstdba is internal to the engine bundle and does not get signed. -->
</ItemGroup>
<ItemGroup Condition="'$(SignFinalPackages)' == 'true'">
<DownloadedSymbolPackages Include="$(DownloadDirectory)**\*.symbols.nupkg" />
<ItemsToSign Include="$(DownloadDirectory)**\*.nupkg" Exclude="@(DownloadedSymbolPackages)" />
<ItemsToSign Include="$(DownloadDirectory)**\*.deb" />
<ItemsToSign Include="$(DownloadDirectory)**\*.rpm" />
</ItemGroup>
<ItemGroup>
<!-- External files -->
<ItemsToSign Remove="@(ItemsToSign->WithMetadataValue('Filename', 'Newtonsoft.Json'))" />
</ItemGroup>
<ItemGroup>
<ItemsToSign Update="@(ItemsToSign)" Authenticode="$(CertificateId)" />
</ItemGroup>
<ItemGroup>
<FileExtensionSignInfo Include=".msi" CertificateName="Microsoft400" />
<FileExtensionSignInfo Include=".pkg" CertificateName="8003" />
<FileExtensionSignInfo Include=".deb;.rpm" CertificateName="LinuxSign" />
</ItemGroup>
</Project>