forked from microsoft/testfx
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* Add multiple sign tasks for each platform. * Fix path to Microsoft.TestPlatform.Build for signing. * Add script to verify signing. * Add quality tools files regex. * Write to stderr on failure. * Add datacollector executables to assemblies pattern. * Make certificate a parameter to verify script. * Add signing for datacollector assemblies. Mark assembly as signed if they are signed with prod certs. * Add desktop trxlogger to sign assemblies.
- Loading branch information
Showing
2 changed files
with
123 additions
and
13 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,85 @@ | ||
# Copyright (c) Microsoft. All rights reserved. | ||
# Build script for Test Platform. | ||
|
||
[CmdletBinding()] | ||
Param( | ||
[Parameter(Mandatory=$false)] | ||
[ValidateSet("Debug", "Release")] | ||
[Alias("c")] | ||
[System.String] $Configuration = "Debug", | ||
|
||
[Parameter(Mandatory=$true)] | ||
[Alias("cert")] | ||
[System.String] $Certificate | ||
) | ||
|
||
$ErrorActionPreference = "Continue" | ||
|
||
# | ||
# Variables | ||
# | ||
Write-Verbose "Setup environment variables." | ||
$env:TP_ROOT_DIR = (Get-Item (Split-Path $MyInvocation.MyCommand.Path)).Parent.FullName | ||
$env:TP_OUT_DIR = Join-Path $env:TP_ROOT_DIR "artifacts" | ||
|
||
# | ||
# Signing configuration | ||
# | ||
# Authenticode signature details | ||
Write-Verbose "Setup build configuration." | ||
$TPB_SignCertificate = $Certificate | ||
$TPB_Configuration = $Configuration | ||
$TPB_AssembliesPattern = @("*test*.dll", "*qualitytools*.dll", "*test*.exe", "*datacollector*.dll", "*datacollector*.exe", "Microsoft.TestPlatform.Build.dll") | ||
|
||
function Verify-Signature | ||
{ | ||
Write-Log "Verify-Signature: Start" | ||
$artifactsDirectory = Join-Path $env:TP_OUT_DIR $TPB_Configuration | ||
foreach ($pattern in $TPB_AssembliesPattern) { | ||
Write-Log "... Pattern: $pattern" | ||
Get-ChildItem -Recurse -Include $pattern $artifactsDirectory | Where-Object { -not $_.PSIsContainer } | % { | ||
$signature = Get-AuthenticodeSignature -FilePath $_.FullName | ||
|
||
if ($signature.Status -eq "Valid") { | ||
if ($signature.SignerCertificate.Thumbprint -eq $TPB_SignCertificate) { | ||
Write-Log "Valid: $($_.FullName)" | ||
} | ||
else { | ||
# For legacy components, sign certificate is always "prod" signature. Skip such binaries. | ||
if ($signature.SignerCertificate.Thumbprint -eq "98ED99A67886D020C564923B7DF25E9AC019DF26") { | ||
Write-Log "Valid (Prod Signed): $($_.FullName)." | ||
} | ||
else { | ||
Write-FailLog "Incorrect certificate. File: $($_.FullName). Certificate: $($signature.SignerCertificate.Thumbprint)." | ||
} | ||
} | ||
} | ||
else { | ||
Write-FailLog "Not signed. File: $($_.FullName)." | ||
} | ||
} | ||
} | ||
|
||
Write-Log "Verify-Signature: Complete" | ||
} | ||
|
||
function Write-Log ([string] $message) | ||
{ | ||
$currentColor = $Host.UI.RawUI.ForegroundColor | ||
$Host.UI.RawUI.ForegroundColor = "Green" | ||
if ($message) | ||
{ | ||
Write-Output "... $message" | ||
} | ||
$Host.UI.RawUI.ForegroundColor = $currentColor | ||
} | ||
|
||
function Write-FailLog ([string] $message) | ||
{ | ||
if ($message) | ||
{ | ||
Write-Error "... $message" | ||
} | ||
} | ||
|
||
Verify-Signature |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters