Signing changes (microsoft#91)

* Add multiple sign tasks for each platform. * Fix path to Microsoft.TestPlatform.Build for signing. * Add script to verify signing. * Add quality tools files regex. * Write to stderr on failure. * Add datacollector executables to assemblies pattern. * Make certificate a parameter to verify script. * Add signing for datacollector assemblies. Mark assembly as signed if they are signed with prod certs. * Add desktop trxlogger to sign assemblies.
singhsarab · Sep 28, 2016 · b25c6ad · b25c6ad
1 parent bcb6f57
commit b25c6ad
Show file tree

Hide file tree

Showing 2 changed files with 123 additions and 13 deletions.
diff --git a/scripts/verify-sign.ps1 b/scripts/verify-sign.ps1
@@ -0,0 +1,85 @@
+# Copyright (c) Microsoft. All rights reserved.
+# Build script for Test Platform.
+
+[CmdletBinding()]
+Param(
+    [Parameter(Mandatory=$false)]
+    [ValidateSet("Debug", "Release")]
+    [Alias("c")]
+    [System.String] $Configuration = "Debug",
+
+    [Parameter(Mandatory=$true)]
+    [Alias("cert")]
+    [System.String] $Certificate
+)
+
+$ErrorActionPreference = "Continue"
+
+#
+# Variables
+#
+Write-Verbose "Setup environment variables."
+$env:TP_ROOT_DIR = (Get-Item (Split-Path $MyInvocation.MyCommand.Path)).Parent.FullName
+$env:TP_OUT_DIR = Join-Path $env:TP_ROOT_DIR "artifacts"
+
+#
+# Signing configuration
+#
+# Authenticode signature details
+Write-Verbose "Setup build configuration."
+$TPB_SignCertificate = $Certificate
+$TPB_Configuration = $Configuration
+$TPB_AssembliesPattern = @("*test*.dll", "*qualitytools*.dll", "*test*.exe", "*datacollector*.dll", "*datacollector*.exe", "Microsoft.TestPlatform.Build.dll")
+
+function Verify-Signature
+{
+    Write-Log "Verify-Signature: Start"
+    $artifactsDirectory = Join-Path $env:TP_OUT_DIR $TPB_Configuration
+    foreach ($pattern in $TPB_AssembliesPattern) {
+        Write-Log "... Pattern: $pattern"
+        Get-ChildItem -Recurse -Include $pattern $artifactsDirectory | Where-Object { -not $_.PSIsContainer } | % {
+            $signature = Get-AuthenticodeSignature -FilePath $_.FullName
+
+            if ($signature.Status -eq "Valid") {
+                if ($signature.SignerCertificate.Thumbprint -eq $TPB_SignCertificate) {
+                    Write-Log "Valid: $($_.FullName)"
+                }
+                else {
+                    # For legacy components, sign certificate is always "prod" signature. Skip such binaries.
+                    if ($signature.SignerCertificate.Thumbprint -eq "98ED99A67886D020C564923B7DF25E9AC019DF26") {
+                        Write-Log "Valid (Prod Signed): $($_.FullName)."
+                    }
+                    else {
+                        Write-FailLog "Incorrect certificate. File: $($_.FullName). Certificate: $($signature.SignerCertificate.Thumbprint)."
+                    }
+                }
+            }
+            else {
+                Write-FailLog "Not signed. File: $($_.FullName)."
+            }
+        }
+    }
+
+    Write-Log "Verify-Signature: Complete"
+}
+
+function Write-Log ([string] $message)
+{
+    $currentColor = $Host.UI.RawUI.ForegroundColor
+    $Host.UI.RawUI.ForegroundColor = "Green"
+    if ($message)
+    {
+        Write-Output "... $message"
+    }
+    $Host.UI.RawUI.ForegroundColor = $currentColor
+}
+
+function Write-FailLog ([string] $message)
+{
+    if ($message)
+    {
+        Write-Error "... $message"
+    }
+}
+
+Verify-Signature
diff --git a/src/package/sign/sign.proj b/src/package/sign/sign.proj
@@ -65,7 +65,10 @@
       <AssembliesToSign Include="$(ArtifactsDirectory)Microsoft.VisualStudio.TestPlatform.ObjectModel.dll" />
       <AssembliesToSign Include="$(ArtifactsDirectory)testhost.exe" />
       <AssembliesToSign Include="$(ArtifactsDirectory)testhost.x86.exe" />
+      <AssembliesToSign Include="$(ArtifactsDirectory)datacollector.exe" />
+      <AssembliesToSign Include="$(ArtifactsDirectory)datacollector.x86.exe" />
       <AssembliesToSign Include="$(ArtifactsDirectory)vstest.console.exe" />
+      <AssembliesToSign Include="$(ArtifactsDirectory)Extensions\Microsoft.VisualStudio.TestPlatform.Extensions.TrxLogger.dll" />
 
       <AssembliesToSign Include="$(ArtifactsDirectory)NetCore\DataCollector.dll" />
       <AssembliesToSign Include="$(ArtifactsDirectory)NetCore\Microsoft.TestPlatform.CommunicationUtilities.dll" />
@@ -85,39 +88,61 @@
 
     <!-- Sign test platform v2 assemblies for .NET Core -->
     <ItemGroup>
-      <AssembliesToSign Include="$(ArtifactsCoreDirectory)DataCollector.dll" />
-      <AssembliesToSign Include="$(ArtifactsCoreDirectory)Microsoft.TestPlatform.CommunicationUtilities.dll" />
-      <AssembliesToSign Include="$(ArtifactsCoreDirectory)Microsoft.TestPlatform.CoreUtilities.dll" />
-      <AssembliesToSign Include="$(ArtifactsCoreDirectory)Microsoft.TestPlatform.CrossPlatEngine.dll" />
-      <AssembliesToSign Include="$(ArtifactsCoreDirectory)Microsoft.TestPlatform.Utilities.dll" />
-      <AssembliesToSign Include="$(ArtifactsCoreDirectory)Microsoft.TestPlatform.VsTestConsole.TranslationLayer.dll" />
-      <AssembliesToSign Include="$(ArtifactsCoreDirectory)Microsoft.VisualStudio.TestPlatform.Client.dll" />
-      <AssembliesToSign Include="$(ArtifactsCoreDirectory)Microsoft.VisualStudio.TestPlatform.Common.dll" />
-      <AssembliesToSign Include="$(ArtifactsCoreDirectory)Microsoft.VisualStudio.TestPlatform.ObjectModel.dll" />
-      <AssembliesToSign Include="$(ArtifactsCoreDirectory)testhost.dll" />
-      <AssembliesToSign Include="$(ArtifactsCoreDirectory)vstest.console.dll" />
+      <CoreAssembliesToSign Include="$(ArtifactsCoreDirectory)DataCollector.dll" />
+      <CoreAssembliesToSign Include="$(ArtifactsCoreDirectory)Microsoft.TestPlatform.CommunicationUtilities.dll" />
+      <CoreAssembliesToSign Include="$(ArtifactsCoreDirectory)Microsoft.TestPlatform.CoreUtilities.dll" />
+      <CoreAssembliesToSign Include="$(ArtifactsCoreDirectory)Microsoft.TestPlatform.CrossPlatEngine.dll" />
+      <CoreAssembliesToSign Include="$(ArtifactsCoreDirectory)Microsoft.TestPlatform.Utilities.dll" />
+      <CoreAssembliesToSign Include="$(ArtifactsCoreDirectory)Microsoft.TestPlatform.VsTestConsole.TranslationLayer.dll" />
+      <CoreAssembliesToSign Include="$(ArtifactsCoreDirectory)Microsoft.VisualStudio.TestPlatform.Client.dll" />
+      <CoreAssembliesToSign Include="$(ArtifactsCoreDirectory)Microsoft.VisualStudio.TestPlatform.Common.dll" />
+      <CoreAssembliesToSign Include="$(ArtifactsCoreDirectory)Microsoft.VisualStudio.TestPlatform.ObjectModel.dll" />
+      <CoreAssembliesToSign Include="$(ArtifactsCoreDirectory)testhost.dll" />
+      <CoreAssembliesToSign Include="$(ArtifactsCoreDirectory)vstest.console.dll" />
 
       <!-- NetCoreExtensions -->
-      <AssembliesToSign Include="$(ArtifactsCoreDirectory)Extensions\Microsoft.VisualStudio.TestPlatform.Extensions.TrxLogger.dll" />
+      <CoreAssembliesToSign Include="$(ArtifactsCoreDirectory)Extensions\Microsoft.VisualStudio.TestPlatform.Extensions.TrxLogger.dll" />
     </ItemGroup>
 
     <!-- Sign Microsoft.TestPlatform.Build -->
     <ItemGroup>
-      <AssembliesToSign Include="$(ArtifactsBaseDirectory)Microsoft.TestPlatform.Build\Microsoft.TestPlatform.Build.dll" />
+      <BuildAssembliesToSign Include="$(ArtifactsBaseDirectory)Microsoft.TestPlatform.Build\netstandard1.3\Microsoft.TestPlatform.Build.dll" />
     </ItemGroup>
 
     <ItemGroup>
       <AssembliesToSign>
         <Authenticode>Microsoft</Authenticode>
         <StrongName>StrongName</StrongName>
       </AssembliesToSign>
+
+      <CoreAssembliesToSign>
+        <Authenticode>Microsoft</Authenticode>
+        <StrongName>StrongName</StrongName>
+      </CoreAssembliesToSign>
+
+      <BuildAssembliesToSign>
+        <Authenticode>Microsoft</Authenticode>
+        <StrongName>StrongName</StrongName>
+      </BuildAssembliesToSign>
     </ItemGroup>
 
     <Message Text="Signing using authenticode certificate '%(AssembliesToSign.Authenticode)' for @(AssembliesToSign)"/>
     <SignFiles Files="@(AssembliesToSign)"
                BinariesDirectory="$(ArtifactsDirectory)"
                IntermediatesDirectory="$(IntermediatesDirectory)"
                Type="$(SignType)" />
+
+    <Message Text="Signing using authenticode certificate '%(AssembliesToSign.Authenticode)' for @(CoreAssembliesToSign)"/>
+    <SignFiles Files="@(CoreAssembliesToSign)"
+               BinariesDirectory="$(ArtifactsCoreDirectory)"
+               IntermediatesDirectory="$(IntermediatesDirectory)"
+               Type="$(SignType)" />
+
+    <Message Text="Signing using authenticode certificate '%(AssembliesToSign.Authenticode)' for @(BuildAssembliesToSign)"/>
+    <SignFiles Files="@(BuildAssembliesToSign)"
+               BinariesDirectory="$(ArtifactsBaseDirectory)Microsoft.TestPlatform.Build"
+               IntermediatesDirectory="$(IntermediatesDirectory)"
+               Type="$(SignType)" />
   </Target>
 
   <Target Name="SignVsix">