Skip to content

Commit 3b4ccbf

Browse files
Kevin-AndrewKevin-Andrew
authored
Merge pull request #463 from Kevin-Andrew/sign
TFS 490896 Code Signing Certificate
2 parents 44b50ab + 7470ce0 commit 3b4ccbf

1 file changed

Lines changed: 1 addition & 1 deletion

File tree

SafeguardDevOpsServiceWix/SetupSafeguardDevOpsService.wixproj

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -65,7 +65,7 @@
6565
</Target>
6666
<Target Name="BeforeBuild">
6767
<Exec Command="dotnet publish $(ProjectDir)\..\SafeguardDevOpsService\SafeguardDevOpsService.csproj -c $(Configuration) -o $(ProjectDir)bin\$(Configuration)\Publish --self-contained true -r win-x64" />
68-
<Exec Condition="'$(SignFiles)'=='true'" Command="&quot;$(SignToolPath)&quot; sign /v /fd SHA256 /tr http://ts.ssl.com /td sha256 /n &quot;One Identity LLC&quot; &quot;$(ProjectDir)bin\$(Configuration)\Publish\*.dll&quot; &quot;$(ProjectDir)bin\$(Configuration)\Publish\*.exe&quot;" />
68+
<Exec Condition="'$(SignFiles)'=='true'" Command="REM Sign target file(s). Use new SSL.com Extended Validation Code Signing certificate that requires&#xD;&#xA;REM special setup and use of their eSignerCKA. That setup is done in the Azure Pipeline build script.&#xD;&#xA;REM Then, use of the signtool.exe should remain pretty much the same. We will now have signtool.exe&#xD;&#xA;REM lookup the certificate by the subject/issued to name, instead of the thumbprint. Hopefully that&#xD;&#xA;REM won't change when the certificate is renewed. We also don't have to specify the certificate password&#xD;&#xA;REM here since we are effectively accessing it from the Windows Certificate Store, and the setup of&#xD;&#xA;REM the SSL.com eSignerCKA has our credentials.&#xD;&#xA;REM There are a ton of Microsoft files already signed, so no need to waste time. We'll try to move them&#xD;&#xA;REM and then sign the remaining, then move the files back. Signing all 300+ files took over 20 minutes.&#xD;&#xA;mkdir &quot;$(ProjectDir)bin\$(Configuration)\Publish\signed&quot;&#xD;&#xA;move /Y &quot;$(ProjectDir)bin\$(Configuration)\Publish\aspnetcorev2*.dll&quot; &quot;$(ProjectDir)bin\$(Configuration)\Publish\signed&quot;&#xD;&#xA;move /Y &quot;$(ProjectDir)bin\$(Configuration)\Publish\clr*.dll&quot; &quot;$(ProjectDir)bin\$(Configuration)\Publish\signed&quot;&#xD;&#xA;move /Y &quot;$(ProjectDir)bin\$(Configuration)\Publish\coreclr.dll&quot; &quot;$(ProjectDir)bin\$(Configuration)\Publish\signed&quot;&#xD;&#xA;move /Y &quot;$(ProjectDir)bin\$(Configuration)\Publish\createdump.exe&quot; &quot;$(ProjectDir)bin\$(Configuration)\Publish\signed&quot;&#xD;&#xA;move /Y &quot;$(ProjectDir)bin\$(Configuration)\Publish\host*.dll&quot; &quot;$(ProjectDir)bin\$(Configuration)\Publish\signed&quot;&#xD;&#xA;move /Y &quot;$(ProjectDir)bin\$(Configuration)\Publish\Microsoft.*.dll&quot; &quot;$(ProjectDir)bin\$(Configuration)\Publish\signed&quot;&#xD;&#xA;move /Y &quot;$(ProjectDir)bin\$(Configuration)\Publish\mscor*.dll&quot; &quot;$(ProjectDir)bin\$(Configuration)\Publish\signed&quot;&#xD;&#xA;move /Y &quot;$(ProjectDir)bin\$(Configuration)\Publish\msquic.dll&quot; &quot;$(ProjectDir)bin\$(Configuration)\Publish\signed&quot;&#xD;&#xA;move /Y &quot;$(ProjectDir)bin\$(Configuration)\Publish\netstandard.dll&quot; &quot;$(ProjectDir)bin\$(Configuration)\Publish\signed&quot;&#xD;&#xA;move /Y &quot;$(ProjectDir)bin\$(Configuration)\Publish\Newtonsoft.Json*.dll&quot; &quot;$(ProjectDir)bin\$(Configuration)\Publish\signed&quot;&#xD;&#xA;move /Y &quot;$(ProjectDir)bin\$(Configuration)\Publish\System.*.dll&quot; &quot;$(ProjectDir)bin\$(Configuration)\Publish\signed&quot;&#xD;&#xA;move /Y &quot;$(ProjectDir)bin\$(Configuration)\Publish\WindowsBase.dll&quot; &quot;$(ProjectDir)bin\$(Configuration)\Publish\signed&quot;&#xD;&#xA;&#xD;&#xA;REM Sign all remaining files. It's not perfect, but much better.&#xD;&#xA;&quot;$(SignToolPath)&quot; sign /v /fd SHA256 /tr http://ts.ssl.com /td sha256 /n &quot;One Identity LLC&quot; &quot;$(ProjectDir)bin\$(Configuration)\Publish\*.dll&quot; &quot;$(ProjectDir)bin\$(Configuration)\Publish\*.exe&quot;&#xD;&#xA;&#xD;&#xA;REM Finally, move all files back.&#xD;&#xA;move &quot;$(ProjectDir)bin\$(Configuration)\Publish\signed\*.*&quot; &quot;$(ProjectDir)bin\$(Configuration)\Publish\&quot;&#xD;&#xA;rmdir &quot;$(ProjectDir)bin\$(Configuration)\Publish\signed&quot;" />
6969
<HeatDirectory SuppressAllWarnings="true" ToolPath="$(WixToolPath)" AutogenerateGuids="$(HarvestDirectoryAutogenerateGuids)" OutputFile="Component-generated.wxs" SuppressFragments="true" SuppressUniqueIds="true" Transforms="%(HarvestDirectory.Transforms)" Directory="$(ProjectDir)bin\$(Configuration)\Publish" ComponentGroupName="DevOps_CommonAssemblies" DirectoryRefId="INSTALLLOCATION" KeepEmptyDirectories="false" PreprocessorVariable="var.SourceDir" SuppressRootDirectory="true" SuppressRegistry="true">
7070
</HeatDirectory>
7171
<GetAssemblyIdentity AssemblyFiles="$(ProjectDir)bin\$(Configuration)\Publish\OneIdentity.SafeguardSecretsBroker.PluginCommon.dll">

0 commit comments

Comments
 (0)