diff --git a/azure-pipelines-master.yml b/azure-pipelines-master.yml index 84abccde0c6..1f1a0d8f3bb 100644 --- a/azure-pipelines-master.yml +++ b/azure-pipelines-master.yml @@ -33,12 +33,122 @@ steps: workingFolder: tools/Deployment - task: EsrpCodeSigning@1 - displayName: Sign executables and dlls + displayName: Sign docfx executables and dlls inputs: ConnectedServiceName: 'CodeSigning-APEX' FolderPath: '$(Build.SourcesDirectory)/target/Release' - signType: 'batchSigning' - batchSignPolicyFile: '$(Build.SourcesDirectory)/codesign_policy.json' + Pattern: | + **\Microsoft.DocAsCode.*.dll + **\*.exe + UseMinimatch: true + signConfigType: inlineSignParams + inlineOperation: | + [ + { + "KeyCode": "CP-230012", + "OperationSetCode": "SigntoolSign", + "parameters": [ + { + "parameterName": "OpusName", + "parameterValue": "Microsoft" + }, + { + "parameterName": "OpusInfo", + "parameterValue": "http://www.microsoft.com" + }, + { + "parameterName": "PageHash", + "parameterValue": "/NPH" + }, + { + "parameterName": "TimeStamp", + "parameterValue": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256" + }, + { + "parameterName": "FileDigest", + "parameterValue": "/fd \"SHA256\"" + } + ], + "ToolName": "sign", + "ToolVersion": "1.0" + }, + { + "KeyCode": "CP-230012", + "OperationSetCode": "SigntoolVerify", + "Parameters": [ + { + "parameterName": "VerifyAll", + "parameterValue": "/all" + } + ], + "ToolName": "sign", + "ToolVersion": "1.0" + } + ] + SessionTimeout: '60' + MaxConcurrency: '50' + MaxRetryAttempts: '5' + +- task: EsrpCodeSigning@1 + displayName: Sign dependent dlls + inputs: + ConnectedServiceName: 'CodeSigning-APEX' + FolderPath: '$(Build.SourcesDirectory)/target/Release' + Pattern: | + **\*.dll + !**\System.*.dll + !**\Microsoft.*.dll + !**\NuGet.*.dll + !**\FSharp.Core.*.dll + UseMinimatch: true + signConfigType: inlineSignParams + inlineOperation: | + [ + { + "KeyCode": "CP-231522", + "OperationSetCode": "SigntoolSign", + "parameters": [ + { + "parameterName": "OpusName", + "parameterValue": "Microsoft" + }, + { + "parameterName": "OpusInfo", + "parameterValue": "http://www.microsoft.com" + }, + { + "parameterName": "Append", + "parameterValue": "/as" + }, + { + "parameterName": "PageHash", + "parameterValue": "/NPH" + }, + { + "parameterName": "TimeStamp", + "parameterValue": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256" + }, + { + "parameterName": "FileDigest", + "parameterValue": "/fd \"SHA256\"" + } + ], + "ToolName": "sign", + "ToolVersion": "1.0" + }, + { + "KeyCode": "CP-231522", + "OperationSetCode": "SigntoolVerify", + "Parameters": [ + { + "parameterName": "VerifyAll", + "parameterValue": "/all" + } + ], + "ToolName": "sign", + "ToolVersion": "1.0" + } + ] SessionTimeout: '60' MaxConcurrency: '50' MaxRetryAttempts: '5' diff --git a/azure-pipelines-stable.yml b/azure-pipelines-stable.yml index 73532d3070e..2539aa1cb8a 100644 --- a/azure-pipelines-stable.yml +++ b/azure-pipelines-stable.yml @@ -34,12 +34,122 @@ steps: workingFolder: tools/Deployment - task: EsrpCodeSigning@1 - displayName: Sign executables and dlls + displayName: Sign docfx executables and dlls inputs: ConnectedServiceName: 'CodeSigning-APEX' FolderPath: '$(Build.SourcesDirectory)/target/Release' - signType: 'batchSigning' - batchSignPolicyFile: '$(Build.SourcesDirectory)/codesign_policy.json' + Pattern: | + **\Microsoft.DocAsCode.*.dll + **\*.exe + UseMinimatch: true + signConfigType: inlineSignParams + inlineOperation: | + [ + { + "KeyCode": "CP-230012", + "OperationSetCode": "SigntoolSign", + "parameters": [ + { + "parameterName": "OpusName", + "parameterValue": "Microsoft" + }, + { + "parameterName": "OpusInfo", + "parameterValue": "http://www.microsoft.com" + }, + { + "parameterName": "PageHash", + "parameterValue": "/NPH" + }, + { + "parameterName": "TimeStamp", + "parameterValue": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256" + }, + { + "parameterName": "FileDigest", + "parameterValue": "/fd \"SHA256\"" + } + ], + "ToolName": "sign", + "ToolVersion": "1.0" + }, + { + "KeyCode": "CP-230012", + "OperationSetCode": "SigntoolVerify", + "Parameters": [ + { + "parameterName": "VerifyAll", + "parameterValue": "/all" + } + ], + "ToolName": "sign", + "ToolVersion": "1.0" + } + ] + SessionTimeout: '60' + MaxConcurrency: '50' + MaxRetryAttempts: '5' + +- task: EsrpCodeSigning@1 + displayName: Sign dependent dlls + inputs: + ConnectedServiceName: 'CodeSigning-APEX' + FolderPath: '$(Build.SourcesDirectory)/target/Release' + Pattern: | + **\*.dll + !**\System.*.dll + !**\Microsoft.*.dll + !**\NuGet.*.dll + !**\FSharp.Core.*.dll + UseMinimatch: true + signConfigType: inlineSignParams + inlineOperation: | + [ + { + "KeyCode": "CP-231522", + "OperationSetCode": "SigntoolSign", + "parameters": [ + { + "parameterName": "OpusName", + "parameterValue": "Microsoft" + }, + { + "parameterName": "OpusInfo", + "parameterValue": "http://www.microsoft.com" + }, + { + "parameterName": "Append", + "parameterValue": "/as" + }, + { + "parameterName": "PageHash", + "parameterValue": "/NPH" + }, + { + "parameterName": "TimeStamp", + "parameterValue": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256" + }, + { + "parameterName": "FileDigest", + "parameterValue": "/fd \"SHA256\"" + } + ], + "ToolName": "sign", + "ToolVersion": "1.0" + }, + { + "KeyCode": "CP-231522", + "OperationSetCode": "SigntoolVerify", + "Parameters": [ + { + "parameterName": "VerifyAll", + "parameterValue": "/all" + } + ], + "ToolName": "sign", + "ToolVersion": "1.0" + } + ] SessionTimeout: '60' MaxConcurrency: '50' MaxRetryAttempts: '5' diff --git a/codesign_policy.json b/codesign_policy.json deleted file mode 100644 index 511f9f45c42..00000000000 --- a/codesign_policy.json +++ /dev/null @@ -1,125 +0,0 @@ -{ - "Version": "1.0.0", - "UseMinimatch": true, - "SignBatches": [ - { - "MatchedPath": [ - "Microsoft.DocAsCode*.dll", - "*.exe" - ], - "SigningInfo": { - "Operations": [ - { - "KeyCode": "CP-230012", - "OperationSetCode": "SigntoolSign", - "parameters": [ - { - "parameterName": "OpusName", - "parameterValue": "Microsoft" - }, - { - "parameterName": "OpusInfo", - "parameterValue": "http://www.microsoft.com" - }, - { - "parameterName": "PageHash", - "parameterValue": "/NPH" - }, - { - "parameterName": "TimeStamp", - "parameterValue": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256" - }, - { - "parameterName": "FileDigest", - "parameterValue": "/fd \"SHA256\"" - } - ], - "ToolName": "sign", - "ToolVersion": "1.0" - }, - { - "KeyCode": "CP-230012", - "OperationSetCode": "SigntoolVerify", - "Parameters": [ - { - "parameterName": "VerifyAll", - "parameterValue": "/all" - } - ], - "ToolName": "sign", - "ToolVersion": "1.0" - } - ] - } - }, - { - "MatchedPath": [ - "DotLiquid.resources.dll", - "AutoMapper.dll", - "CommandLine.dll", - "DotLiquid.dll", - "Dotnet.ProjInfo.dll", - "Dotnet.ProjInfo.Helpers.dll", - "FSharp.Compiler.*.dll", - "HtmlAgilityPack.dll", - "itextsharp.dll", - "Jint.dll", - "Markdig.dll", - "Newtonsoft.Json.dll", - "Newtonsoft.Json.Schema.dll", - "Nustache.Core.dll", - "Owin.dll", - "SQLitePCLRaw.core.dll", - "YamlDotNet.dll" - ], - "SigningInfo": { - "Operations": [ - { - "KeyCode": "CP-231522", - "OperationSetCode": "SigntoolSign", - "parameters": [ - { - "parameterName": "OpusName", - "parameterValue": "Microsoft" - }, - { - "parameterName": "OpusInfo", - "parameterValue": "http://www.microsoft.com" - }, - { - "parameterName": "Append", - "parameterValue": "/as" - }, - { - "parameterName": "PageHash", - "parameterValue": "/NPH" - }, - { - "parameterName": "TimeStamp", - "parameterValue": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256" - }, - { - "parameterName": "FileDigest", - "parameterValue": "/fd \"SHA256\"" - } - ], - "ToolName": "sign", - "ToolVersion": "1.0" - }, - { - "KeyCode": "CP-231522", - "OperationSetCode": "SigntoolVerify", - "Parameters": [ - { - "parameterName": "VerifyAll", - "parameterValue": "/all" - } - ], - "ToolName": "sign", - "ToolVersion": "1.0" - } - ] - } - } - ] -} \ No newline at end of file