-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Microbuild signing #47
Changes from all commits
839ffe9
1f183d8
6faa640
81f142e
a79efd7
919e694
bcf56fc
f257431
ea97bdf
589f228
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
<?xml version="1.0" encoding="utf-8"?> | ||
<Project ToolsVersion="12.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> | ||
<Import Project="$([MSBuild]::GetDirectoryNameOfFileAbove($(MSBuildThisFileDirectory), 'Common.props'))\Common.props" /> | ||
|
||
<PropertyGroup> | ||
<SignTool>$(NuGet_Packages)\roslyntools.microsoft.signtool\0.2.0-beta\tools\SignTool.exe</SignTool> | ||
</PropertyGroup> | ||
|
||
<ItemGroup> | ||
<SigningConfig Include="$(MSBuildThisFileDirectory)SignToolConfig.json"/> | ||
|
||
<!-- Make note, without actually knowing what's included in the SigningConfig, | ||
we just assume that everything in the output dir is, and treat them | ||
as inputs so that we rerun packaging if they change. --> | ||
<PackageAssets Include="$(OutDir)\*.*" Exclude="*.log" /> | ||
</ItemGroup> | ||
|
||
<Target Name="Build" Inputs="@(SigningConfig);$(PackageAssets)" Outputs="@(PackageAssets)"> | ||
<!-- If not RealSigning --> | ||
<Message Text="Skipping Real Signing" Condition="'$(SignType)'!='real'"/> | ||
|
||
<!-- If RealSigning --> | ||
<Message Text="Performing Real Signing" Condition="'$(SignType)'=='real'"/> | ||
<Exec Command="$(SignTool) -nugetPackagesPath "$(NuGet_Packages)" -config "@(SigningConfig)" "$(OutDir.TrimEnd('\'))"" | ||
Condition="'$(SignType)'=='real'"/> | ||
</Target> | ||
</Project> |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
{ | ||
sign: [ | ||
{ | ||
"certificate": "Microsoft402", | ||
"strongName": "MsSharedLib72", | ||
"values": [ | ||
"Microsoft.DotNet.Core.Build.Tasks.dll" | ||
] | ||
} | ||
] | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
<?xml version="1.0" encoding="utf-8"?> | ||
<Project ToolsVersion="14.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> | ||
<Import Project="$([MSBuild]::GetDirectoryNameOfFileAbove($(MSBuildThisFileDirectory), 'Common.props'))\Common.props" /> | ||
<PropertyGroup> | ||
<TargetFrameworkIdentifier>.NETCoreApp</TargetFrameworkIdentifier> | ||
<TargetFrameworkVersion>v1.0</TargetFrameworkVersion> | ||
<CopyBuildOutputToOutputDirectory>false</CopyBuildOutputToOutputDirectory> | ||
<CopyOutputSymbolsToOutputDirectory>false</CopyOutputSymbolsToOutputDirectory> | ||
<OutputType>Library</OutputType> | ||
<GenerateDependencyFile>false</GenerateDependencyFile> | ||
<ResolvePackageDependenciesForBuild>false</ResolvePackageDependenciesForBuild> | ||
<NonShipping>true</NonShipping> | ||
</PropertyGroup> | ||
</Project> |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,80 @@ | ||
<?xml version="1.0" encoding="utf-8"?> | ||
<Project ToolsVersion="14.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> | ||
<PropertyGroup> | ||
<ShouldSignBuild Condition="'$(RunningInMicroBuild)' == 'true' AND '$(SignType)' == 'real'">true</ShouldSignBuild> | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Yep, that's the correct variable name. |
||
<StrongNameCertificate Condition="'$(StrongNameCertificate)' == ''">MicrosoftShared</StrongNameCertificate> | ||
<BuildDirPath Condition="'$(BuildDirPath)'==''">$(MSBuildThisFileDirectory)\..\</BuildDirPath> | ||
<RoslynInternalKey>002400000480000094000000060200000024000052534131000400000100010055e0217eb635f69281051f9a823e0c7edd90f28063eb6c7a742a19b4f6139778ee0af438f47aed3b6e9f99838aa8dba689c7a71ddb860c96d923830b57bbd5cd6119406ddb9b002cf1c723bf272d6acbb7129e9d6dd5a5309c94e0ff4b2c884d45a55f475cd7dba59198086f61f5a8c8b5e601c0edbf269733f6f578fc8579c2</RoslynInternalKey> | ||
</PropertyGroup> | ||
|
||
<Choose> | ||
<When Condition="'$(SignAssembly)' == 'true'"> | ||
<Choose> | ||
<!-- Shipping binaries in an "official" build are delay-signed with the MS key; later, the signing | ||
system will finish the strong-name signing. --> | ||
<When Condition="'$(NonShipping)' != 'true'"> | ||
|
||
<Choose> | ||
<!-- DelaySign if we're real signing, otherwise public sign --> | ||
<When Condition="'$(ShouldSignBuild)' == 'true'"> | ||
<PropertyGroup> | ||
<DelaySign>true</DelaySign> | ||
</PropertyGroup> | ||
</When> | ||
<Otherwise> | ||
<PropertyGroup> | ||
<PublicSign>true</PublicSign> | ||
</PropertyGroup> | ||
</Otherwise> | ||
</Choose> | ||
|
||
<Choose> | ||
<When Condition="'$(StrongNameCertificate)' == 'Microsoft'"> | ||
<PropertyGroup> | ||
<AssemblyOriginatorKeyFile>$(BuildDirPath)Strong Name Keys\MSFT.snk</AssemblyOriginatorKeyFile> | ||
<PublicKey>002400000480000094000000060200000024000052534131000400000100010007d1fa57c4aed9f0a32e84aa0faefd0de9e8fd6aec8f87fb03766c834c99921eb23be79ad9d5dcc1dd9ad236132102900b723cf980957fc4e177108fc607774f29e8320e92ea05ece4e821c0a5efe8f1645c4c0c93c1ab99285d622caa652c1dfad63d745d6f2de5f17e5eaf0fc4963d261c8a12436518206dc093344d5ad293</PublicKey> | ||
<PublicKeyToken>b03f5f7f11d50a3a</PublicKeyToken> | ||
<StrongNameCertificateFriendlyId>67</StrongNameCertificateFriendlyId> | ||
</PropertyGroup> | ||
</When> | ||
|
||
<When Condition="'$(StrongNameCertificate)' == 'MicrosoftShared'"> | ||
<PropertyGroup> | ||
<AssemblyOriginatorKeyFile>$(BuildDirPath)Strong Name Keys\35MSSharedLib1024.snk</AssemblyOriginatorKeyFile> | ||
<PublicKey>0024000004800000940000000602000000240000525341310004000001000100b5fc90e7027f67871e773a8fde8938c81dd402ba65b9201d60593e96c492651e889cc13f1415ebb53fac1131ae0bd333c5ee6021672d9718ea31a8aebd0da0072f25d87dba6fc90ffd598ed4da35e44c398c454307e8e33b8426143daec9f596836f97c8f74750e5975c64e2189f45def46b2a2b1247adc3652bf5c308055da9</PublicKey> | ||
<PublicKeyToken>31BF3856AD364E35</PublicKeyToken> | ||
<StrongNameCertificateFriendlyId>72</StrongNameCertificateFriendlyId> | ||
</PropertyGroup> | ||
</When> | ||
|
||
</Choose> | ||
|
||
</When> | ||
|
||
<!-- Non-shipping binaries are simply signed with the Roslyn internal key. --> | ||
<Otherwise> | ||
<PropertyGroup> | ||
<AssemblyOriginatorKeyFile>$(BuildDirPath)Strong Name Keys\RoslynInternalKey.Private.snk</AssemblyOriginatorKeyFile> | ||
<DelaySign>false</DelaySign> | ||
<PublicKey>$(RoslynInternalKey)</PublicKey> | ||
<PublicKeyToken>fc793a00266884fb</PublicKeyToken> | ||
</PropertyGroup> | ||
</Otherwise> | ||
</Choose> | ||
</When> | ||
</Choose> | ||
|
||
<!-- Because https://github.com/dotnet/roslyn/issues/7812 is not yet fixed, the IDE doesn't know if we set the PublicSign | ||
flag. As a result, all design-time builds will thing we're real-signing, which causes semantics to get all screwed up. | ||
The workaround for now is, for design-time builds only, to pass the DelaySign flag since that's "good enough". This | ||
must be done in a target versus conditioning on BuildingProject, since BuildingProject itself is correctly set in a | ||
target. --> | ||
<Target Name="FixPublicSignFlagForDesignTimeBuilds" BeforeTargets="CoreCompile" Condition="'$(PublicSign)' == 'true'"> | ||
<PropertyGroup Condition="'$(BuildingProject)' == 'false'"> | ||
<!-- Turn off PublicSign, because leaving both to true will make the Csc task unhappy --> | ||
<PublicSign>false</PublicSign> | ||
<DelaySign>true</DelaySign> | ||
</PropertyGroup> | ||
</Target> | ||
|
||
</Project> |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -14,13 +14,14 @@ | |
|
||
<ItemGroup> | ||
<SolutionFile Include="$(RepositoryRootDirectory)core-sdk.sln" /> | ||
<SigningProjectFile Include="$(RepositoryRootDirectory)build\Signing\Microsoft.DotNet.Core.Signing.proj"/> | ||
<NuGetProjectFile Include="$(RepositoryRootDirectory)build\Nuget\Microsoft.DotNet.Core.Nuget.proj" /> | ||
</ItemGroup> | ||
|
||
<Target Name="RestorePackages"> | ||
|
||
<Message Text="Restoring packages for %(SolutionFile.Filename)" Importance="high" /> | ||
|
||
<Exec Command="$(DotNetTool) restore --verbosity Minimal" | ||
WorkingDirectory="$(RepositoryRootDirectory)" | ||
/> | ||
|
@@ -29,7 +30,7 @@ | |
<Target Name="BuildSolution"> | ||
|
||
<Message Text="Building %(SolutionFile.Filename) [$(Configuration)]" Importance="high" /> | ||
|
||
<MSBuild BuildInParallel="true" | ||
Projects="@(SolutionFile)" | ||
Targets="Build" | ||
|
@@ -47,8 +48,17 @@ | |
Properties="$(CommonMSBuildGlobalProperties)" | ||
/> | ||
</Target> | ||
|
||
<Target Name="BuildNuGetPackages"> | ||
|
||
<Target Name="SignPackages"> | ||
|
||
<MSBuild BuildInParallel="true" | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. We should ensure that |
||
Projects="@(SigningProjectFile)" | ||
Targets="Build" | ||
Properties="$(CommonMSBuildGlobalProperties)" | ||
/> | ||
</Target> | ||
|
||
<Target Name="BuildNuGetPackages" DependsOnTargets="SignPackages"> | ||
|
||
<MSBuild BuildInParallel="true" | ||
Projects="@(NuGetProjectFile)" | ||
|
@@ -57,7 +67,7 @@ | |
/> | ||
</Target> | ||
|
||
<Target Name="RebuildNuGetPackages"> | ||
<Target Name="RebuildNuGetPackages" DependsOnTargets="SignPackages"> | ||
|
||
<MSBuild BuildInParallel="true" | ||
Projects="@(NuGetProjectFile)" | ||
|
@@ -76,14 +86,14 @@ | |
<ItemGroup> | ||
<NetCoreAppProductAssets Include="$(PackagesLayoutToolsNetCoreAppDir)\*" /> | ||
</ItemGroup> | ||
|
||
<Message Text="Running tests for %(SolutionFile.Filename) [$(Configuration)]" Importance="high" /> | ||
|
||
<!-- Copy all the 'netcore1.0' product assemblies to the test directory, so the tests can load them. --> | ||
<Copy SourceFiles="@(NetCoreAppProductAssets)" | ||
DestinationFolder="$(TestsDirectory)" | ||
/> | ||
|
||
<Exec Command="$(DotNetTool) "$(TestsDirectory)\xunit.console.netcore.exe" "@(TestAssembly, '" "')" -xml "@(XmlTestFile)"" | ||
LogStandardErrorAsError="true" | ||
WorkingDirectory="$(TestsDirectory)" | ||
|
@@ -96,7 +106,7 @@ | |
|
||
</Target> | ||
|
||
<Target Name="Build" DependsOnTargets="RestorePackages;BuildSolution;BuildNuGetPackages;Test" /> | ||
<Target Name="Rebuild" DependsOnTargets="RestorePackages;RebuildSolution;RebuildNuGetPackages;Test" /> | ||
<Target Name="Build" DependsOnTargets="RestorePackages;BuildSolution;SignPackages;BuildNuGetPackages;Test" /> | ||
<Target Name="Rebuild" DependsOnTargets="RestorePackages;RebuildSolution;SignPackages;RebuildNuGetPackages;Test" /> | ||
|
||
</Project> |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
<?xml version="1.0" encoding="utf-8"?> | ||
<Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> | ||
<Import Project="..\..\..\build\Targets\ProducesNoOutput.Settings.props" /> | ||
<Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" /> | ||
<PropertyGroup> | ||
<ProjectGuid>{98883ACD-BE3A-4533-953D-1BE25981BA02}</ProjectGuid> | ||
<ProjectTypeGuids>{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}</ProjectTypeGuids> | ||
</PropertyGroup> | ||
<ItemGroup> | ||
<Content Include="project.json" /> | ||
</ItemGroup> | ||
<Import Project="..\..\..\build\Targets\ProducesNoOutput.Imports.props" /> | ||
</Project> |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
{ | ||
"dependencies": { | ||
"RoslynTools.Microsoft.SignTool": "0.2.0-beta", | ||
"Microbuild.Core" : "0.2.0" | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Are we using Microbuild or plain VSO? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. MicroBuild. Signtool shells out to the native MSBuild (that's not xplat) and signs that way. |
||
}, | ||
"frameworks": { | ||
".netcoreapp1.0": {} | ||
} | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This change sort of conflicts with my latest PR #46. Basically, the output assembly is getting placed into the PackagesLayout folder during build of the tasks assembly. That's the assembly that needs to be signed.
What do you think about hooking the signing tool up during the Build of the tasks assembly, instead of in an outside project?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The part that tells MicroBuild what to sign is a combination of the path at the end and SignToolConfig.json. I'm not sure how this conflicts with that PR, we'll just have to pass
$(OutDir)PackagesLayoutDir
as the path instead of just$(OutDir)
. Is there something I'm missing?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The tasks assembly is located in 2 places in
$(OutDir)PackagesLayoutDir
, once in netcoreapp1.0 and once in net46. I'd rather we sign the file once, and then place/copy the signed file into the packages layout directory. So I think I'll move the "layout" code out of the Tasks.csproj and instead into the NuGet.proj file, which solves all these problems.