From 84f35d25a384f74907262f889216e76eeb3973e1 Mon Sep 17 00:00:00 2001
From: Timothy Mothra <tilee@microsoft.com>
Date: Fri, 18 Dec 2020 11:37:26 -0800
Subject: [PATCH] Update release_NupkgAudit.ps1 (#2128)

* Update release_NupkgAudit.ps1

removing the hardcoded hash.
will put the value in the build definition. This will be easier to update when certs rotate.

* Update release_NupkgAudit.ps1

punctuation
---
 .scripts/release_NupkgAudit.ps1 | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/.scripts/release_NupkgAudit.ps1 b/.scripts/release_NupkgAudit.ps1
index 3fb53b4dd9..b09bba5af9 100644
--- a/.scripts/release_NupkgAudit.ps1
+++ b/.scripts/release_NupkgAudit.ps1
@@ -17,10 +17,13 @@ Param(
     [bool]
     $verboseLog,
 
-    [Parameter(Mandatory=$false,HelpMessage="Full Log?:")] 
+    [Parameter(Mandatory=$false,HelpMessage="Enable or disable signing verification:")] 
     [bool]
-    $verifySigning = $true
+    $verifySigning = $true,
 
+    [Parameter(Mandatory=$false,HelpMessage="Enable or disable signing verification:")] 
+    [string]
+    $expectedCertHash = ""
 ) 
 
 
@@ -107,7 +110,7 @@ function Test-MultiCondition ([bool]$requiredCondition, [bool]$recommendedCondit
 
 function Get-IsPackageSigned([string]$nupkgPath) {
     $verifyOutput = "";
-    $null = & $nugetExePath verify -signature -CertificateFingerprint 3F9001EA83C560D712C24CF213C3D312CB3BFF51EE89435D3430BD06B5D0EECE $nupkgPath -verbosity detailed 2>&1 | Tee-Object -Variable verifyOutput
+    $null = & $nugetExePath verify -signature -CertificateFingerprint $expectedCertHash $nupkgPath -verbosity detailed 2>&1 | Tee-Object -Variable verifyOutput
     
 	#TEST OUTPUT
 	Write-Host $verifyOutput