From eba014d534ef34ea88ce6c3879b92743b825a7fe Mon Sep 17 00:00:00 2001
From: Nate McMaster <nate.mcmaster@microsoft.com>
Date: Sat, 27 Oct 2018 01:59:37 -0700
Subject: [PATCH] Add additional signing configuration for external assemblies
in the tools packages
---
.vsts-pipelines/builds/ci-internal.yml | 13 ++++++
.vsts-pipelines/builds/ci-public.yml | 15 +++++++
Directory.Build.props | 2 -
build/VSIX.targets | 1 +
run.ps1 | 32 ++++++++++-----
run.sh | 40 ++++++++++++++++---
src/dotnet-sql-cache/dotnet-sql-cache.csproj | 13 ++++++
.../dotnet-user-secrets.csproj | 17 ++++++++
8 files changed, 116 insertions(+), 17 deletions(-)
create mode 100644 .vsts-pipelines/builds/ci-internal.yml
create mode 100644 .vsts-pipelines/builds/ci-public.yml
diff --git a/.vsts-pipelines/builds/ci-internal.yml b/.vsts-pipelines/builds/ci-internal.yml
new file mode 100644
index 00000000000..3693598d93e
--- /dev/null
+++ b/.vsts-pipelines/builds/ci-internal.yml
@@ -0,0 +1,13 @@
+trigger:
+- master
+- release/*
+
+resources:
+ repositories:
+ - repository: buildtools
+ type: git
+ name: aspnet-BuildTools
+ ref: refs/heads/release/2.1
+
+phases:
+- template: .vsts-pipelines/templates/project-ci.yml@buildtools
diff --git a/.vsts-pipelines/builds/ci-public.yml b/.vsts-pipelines/builds/ci-public.yml
new file mode 100644
index 00000000000..c459e62eb6b
--- /dev/null
+++ b/.vsts-pipelines/builds/ci-public.yml
@@ -0,0 +1,15 @@
+trigger:
+- master
+- release/*
+
+# See https://github.com/aspnet/BuildTools
+resources:
+ repositories:
+ - repository: buildtools
+ type: github
+ endpoint: DotNet-Bot GitHub Connection
+ name: aspnet/BuildTools
+ ref: refs/heads/release/2.1
+
+phases:
+- template: .vsts-pipelines/templates/project-ci.yml@buildtools
diff --git a/Directory.Build.props b/Directory.Build.props
index 29d623306fa..8c12d37b2da 100644
--- a/Directory.Build.props
+++ b/Directory.Build.props
@@ -14,8 +14,6 @@
<RepositoryRoot>$(MSBuildThisFileDirectory)</RepositoryRoot>
<AssemblyOriginatorKeyFile>$(MSBuildThisFileDirectory)build\Key.snk</AssemblyOriginatorKeyFile>
<SignAssembly>true</SignAssembly>
- <PublicSign Condition="'$(OS)' != 'Windows_NT'">true</PublicSign>
- <AssemblySigningCertName>Microsoft</AssemblySigningCertName>
<TreatWarningsAsErrors>true</TreatWarningsAsErrors>
<!-- Binary compatiblity is not a goal for command-line tools. -->
diff --git a/build/VSIX.targets b/build/VSIX.targets
index 558570b7bb8..ccafe5bf76d 100644
--- a/build/VSIX.targets
+++ b/build/VSIX.targets
@@ -41,6 +41,7 @@
</ArtifactInfo>
<FilesToSign Include="$(VSIXOutputPath)" Certificate="$(VsixSigningCertName)" IsContainer="true" />
+ <FilesToSign Include="$(RepositoryRoot)tooling/Microsoft.VisualStudio.SecretManager/bin/$(Configuration)/Microsoft.VisualStudio.SecretManager.dll" Certificate="$(AssemblySigningCertName)" />
<FilesToExcludeFromSigning Include="$(VSIXManifestOutputPath)" />
<FilesToExcludeFromSigning Include="$(VSIXSymbolsOutputPath)" />
</ItemGroup>
diff --git a/run.ps1 b/run.ps1
index 27dcf848f84..2f892843e02 100644
--- a/run.ps1
+++ b/run.ps1
@@ -26,12 +26,18 @@ The base url where build tools can be downloaded. Overrides the value from the c
.PARAMETER Update
Updates KoreBuild to the latest version even if a lock file is present.
+.PARAMETER Reinstall
+Re-installs KoreBuild
+
.PARAMETER ConfigFile
The path to the configuration file that stores values. Defaults to korebuild.json.
.PARAMETER ToolsSourceSuffix
The Suffix to append to the end of the ToolsSource. Useful for query strings in blob stores.
+.PARAMETER CI
+Sets up CI specific settings and variables.
+
.PARAMETER Arguments
Arguments to be passed to the command
@@ -46,8 +52,8 @@ in the file are overridden by command line parameters.
Example config file:
```json
{
- "$schema": "https://raw.githubusercontent.com/aspnet/BuildTools/dev/tools/korebuild.schema.json",
- "channel": "dev",
+ "$schema": "https://raw.githubusercontent.com/aspnet/BuildTools/master/tools/korebuild.schema.json",
+ "channel": "master",
"toolsSource": "https://aspnetcore.blob.core.windows.net/buildtools"
}
```
@@ -65,8 +71,10 @@ param(
[string]$ToolsSource,
[Alias('u')]
[switch]$Update,
- [string]$ConfigFile,
+ [switch]$Reinstall,
[string]$ToolsSourceSuffix,
+ [string]$ConfigFile = $null,
+ [switch]$CI,
[Parameter(ValueFromRemainingArguments = $true)]
[string[]]$Arguments
)
@@ -93,6 +101,10 @@ function Get-KoreBuild {
$version = $version.TrimStart('version:').Trim()
$korebuildPath = Join-Paths $DotNetHome ('buildtools', 'korebuild', $version)
+ if ($Reinstall -and (Test-Path $korebuildPath)) {
+ Remove-Item -Force -Recurse $korebuildPath
+ }
+
if (!(Test-Path $korebuildPath)) {
Write-Host -ForegroundColor Magenta "Downloading KoreBuild $version"
New-Item -ItemType Directory -Path $korebuildPath | Out-Null
@@ -101,9 +113,9 @@ function Get-KoreBuild {
try {
$tmpfile = Join-Path ([IO.Path]::GetTempPath()) "KoreBuild-$([guid]::NewGuid()).zip"
Get-RemoteFile $remotePath $tmpfile $ToolsSourceSuffix
- if (Get-Command -Name 'Expand-Archive' -ErrorAction Ignore) {
+ if (Get-Command -Name 'Microsoft.PowerShell.Archive\Expand-Archive' -ErrorAction Ignore) {
# Use built-in commands where possible as they are cross-plat compatible
- Expand-Archive -Path $tmpfile -DestinationPath $korebuildPath
+ Microsoft.PowerShell.Archive\Expand-Archive -Path $tmpfile -DestinationPath $korebuildPath
}
else {
# Fallback to old approach for old installations of PowerShell
@@ -167,19 +179,21 @@ if (Test-Path $ConfigFile) {
}
}
catch {
- Write-Warning "$ConfigFile could not be read. Its settings will be ignored."
- Write-Warning $Error[0]
+ Write-Host -ForegroundColor Red $Error[0]
+ Write-Error "$ConfigFile contains invalid JSON."
+ exit 1
}
}
if (!$DotNetHome) {
$DotNetHome = if ($env:DOTNET_HOME) { $env:DOTNET_HOME } `
+ elseif ($CI) { Join-Path $PSScriptRoot '.dotnet' } `
elseif ($env:USERPROFILE) { Join-Path $env:USERPROFILE '.dotnet'} `
elseif ($env:HOME) {Join-Path $env:HOME '.dotnet'}`
else { Join-Path $PSScriptRoot '.dotnet'}
}
-if (!$Channel) { $Channel = 'dev' }
+if (!$Channel) { $Channel = 'master' }
if (!$ToolsSource) { $ToolsSource = 'https://aspnetcore.blob.core.windows.net/buildtools' }
# Execute
@@ -188,7 +202,7 @@ $korebuildPath = Get-KoreBuild
Import-Module -Force -Scope Local (Join-Path $korebuildPath 'KoreBuild.psd1')
try {
- Set-KoreBuildSettings -ToolsSource $ToolsSource -DotNetHome $DotNetHome -RepoPath $Path -ConfigFile $ConfigFile
+ Set-KoreBuildSettings -ToolsSource $ToolsSource -DotNetHome $DotNetHome -RepoPath $Path -ConfigFile $ConfigFile -CI:$CI
Invoke-KoreBuildCommand $Command @Arguments
}
finally {
diff --git a/run.sh b/run.sh
index 834961fc3a5..129b0b95763 100755
--- a/run.sh
+++ b/run.sh
@@ -11,13 +11,14 @@ RED="\033[0;31m"
YELLOW="\033[0;33m"
MAGENTA="\033[0;95m"
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
-[ -z "${DOTNET_HOME:-}" ] && DOTNET_HOME="$HOME/.dotnet"
verbose=false
update=false
+reinstall=false
repo_path="$DIR"
channel=''
tools_source=''
tools_source_suffix=''
+ci=false
#
# Functions
@@ -38,6 +39,8 @@ __usage() {
echo " -s|--tools-source|-ToolsSource <URL> The base url where build tools can be downloaded. Overrides the value from the config file."
echo " --tools-source-suffix|-ToolsSourceSuffix <SUFFIX> The suffix to append to tools-source. Useful for query strings."
echo " -u|--update Update to the latest KoreBuild even if the lock file is present."
+ echo " --reinstall Reinstall KoreBuild."
+ echo " --ci Apply CI specific settings and environment variables."
echo ""
echo "Description:"
echo " This function will create a file \$DIR/korebuild-lock.txt. This lock file can be committed to source, but does not have to be."
@@ -62,6 +65,10 @@ get_korebuild() {
version="$(echo "${version#version:}" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')"
local korebuild_path="$DOTNET_HOME/buildtools/korebuild/$version"
+ if [ "$reinstall" = true ] && [ -d "$korebuild_path" ]; then
+ rm -rf "$korebuild_path"
+ fi
+
{
if [ ! -d "$korebuild_path" ]; then
mkdir -p "$korebuild_path"
@@ -175,6 +182,15 @@ while [[ $# -gt 0 ]]; do
-u|--update|-Update)
update=true
;;
+ --reinstall|-[Rr]einstall)
+ reinstall=true
+ ;;
+ --ci|-[Cc][Ii])
+ ci=true
+ if [[ -z "${DOTNET_HOME:-}" ]]; then
+ DOTNET_HOME="$DIR/.dotnet"
+ fi
+ ;;
--verbose|-Verbose)
verbose=true
;;
@@ -206,26 +222,38 @@ if [ -f "$config_file" ]; then
config_channel="$(jq -r 'select(.channel!=null) | .channel' "$config_file")"
config_tools_source="$(jq -r 'select(.toolsSource!=null) | .toolsSource' "$config_file")"
else
- __warn "$config_file is invalid JSON. Its settings will be ignored."
+ __error "$config_file contains invalid JSON."
+ exit 1
fi
elif __machine_has python ; then
if python -c "import json,codecs;obj=json.load(codecs.open('$config_file', 'r', 'utf-8-sig'))" >/dev/null ; then
config_channel="$(python -c "import json,codecs;obj=json.load(codecs.open('$config_file', 'r', 'utf-8-sig'));print(obj['channel'] if 'channel' in obj else '')")"
config_tools_source="$(python -c "import json,codecs;obj=json.load(codecs.open('$config_file', 'r', 'utf-8-sig'));print(obj['toolsSource'] if 'toolsSource' in obj else '')")"
else
- __warn "$config_file is invalid JSON. Its settings will be ignored."
+ __error "$config_file contains invalid JSON."
+ exit 1
+ fi
+ elif __machine_has python3 ; then
+ if python3 -c "import json,codecs;obj=json.load(codecs.open('$config_file', 'r', 'utf-8-sig'))" >/dev/null ; then
+ config_channel="$(python3 -c "import json,codecs;obj=json.load(codecs.open('$config_file', 'r', 'utf-8-sig'));print(obj['channel'] if 'channel' in obj else '')")"
+ config_tools_source="$(python3 -c "import json,codecs;obj=json.load(codecs.open('$config_file', 'r', 'utf-8-sig'));print(obj['toolsSource'] if 'toolsSource' in obj else '')")"
+ else
+ __error "$config_file contains invalid JSON."
+ exit 1
fi
else
- __warn 'Missing required command: jq or pyton. Could not parse the JSON file. Its settings will be ignored.'
+ __error 'Missing required command: jq or python. Could not parse the JSON file.'
+ exit 1
fi
[ ! -z "${config_channel:-}" ] && channel="$config_channel"
[ ! -z "${config_tools_source:-}" ] && tools_source="$config_tools_source"
fi
-[ -z "$channel" ] && channel='dev'
+[ -z "${DOTNET_HOME:-}" ] && DOTNET_HOME="$HOME/.dotnet"
+[ -z "$channel" ] && channel='master'
[ -z "$tools_source" ] && tools_source='https://aspnetcore.blob.core.windows.net/buildtools'
get_korebuild
-set_korebuildsettings "$tools_source" "$DOTNET_HOME" "$repo_path" "$config_file"
+set_korebuildsettings "$tools_source" "$DOTNET_HOME" "$repo_path" "$config_file" "$ci"
invoke_korebuild_command "$command" "$@"
diff --git a/src/dotnet-sql-cache/dotnet-sql-cache.csproj b/src/dotnet-sql-cache/dotnet-sql-cache.csproj
index da0ce30a219..15c32295445 100644
--- a/src/dotnet-sql-cache/dotnet-sql-cache.csproj
+++ b/src/dotnet-sql-cache/dotnet-sql-cache.csproj
@@ -19,4 +19,17 @@
<PackageReference Include="System.Data.SqlClient" Version="$(SystemDataSqlClientPackageVersion)" />
</ItemGroup>
+ <ItemGroup>
+ <!-- These files should be signed by corefx -->
+ <ExcludePackageFileFromSigning Include="$(PublishDir)runtimes/win-arm64/native/sni.dll" PackagePath="tools/$(TargetFramework)/any/runtimes/win-arm64/native/sni.dll" />
+ <ExcludePackageFileFromSigning Include="$(PublishDir)runtimes/win-x64/native/sni.dll" PackagePath="tools/$(TargetFramework)/any/runtimes/win-x64/native/sni.dll" />
+ <ExcludePackageFileFromSigning Include="$(PublishDir)runtimes/win-x86/native/sni.dll" PackagePath="tools/$(TargetFramework)/any/runtimes/win-x86/native/sni.dll" />
+ <ExcludePackageFileFromSigning Include="$(PublishDir)System.Data.SqlClient.dll" PackagePath="tools/$(TargetFramework)/any/System.Data.SqlClient.dll" />
+ <ExcludePackageFileFromSigning Include="$(PublishDir)runtimes/unix/lib/netcoreapp2.1/System.Data.SqlClient.dll" PackagePath="tools/$(TargetFramework)/any/runtimes/unix/lib/netcoreapp2.1/System.Data.SqlClient.dll" />
+ <ExcludePackageFileFromSigning Include="$(PublishDir)runtimes/win/lib/netcoreapp2.1/System.Data.SqlClient.dll" PackagePath="tools/$(TargetFramework)/any/runtimes/win/lib/netcoreapp2.1/System.Data.SqlClient.dll" />
+ <ExcludePackageFileFromSigning Include="$(PublishDir)System.Runtime.CompilerServices.Unsafe.dll" PackagePath="tools/$(TargetFramework)/any/System.Runtime.CompilerServices.Unsafe.dll" />
+ <ExcludePackageFileFromSigning Include="$(PublishDir)System.Text.Encoding.CodePages.dll" PackagePath="tools/$(TargetFramework)/any/System.Text.Encoding.CodePages.dll" />
+ <ExcludePackageFileFromSigning Include="$(PublishDir)runtimes/win/lib/netcoreapp2.0/System.Text.Encoding.CodePages.dll" PackagePath="tools/$(TargetFramework)/any/runtimes/win/lib/netcoreapp2.0/System.Text.Encoding.CodePages.dll" />
+ </ItemGroup>
+
</Project>
diff --git a/src/dotnet-user-secrets/dotnet-user-secrets.csproj b/src/dotnet-user-secrets/dotnet-user-secrets.csproj
index 6624e898099..99258ea0f6a 100644
--- a/src/dotnet-user-secrets/dotnet-user-secrets.csproj
+++ b/src/dotnet-user-secrets/dotnet-user-secrets.csproj
@@ -22,4 +22,21 @@
<PackageReference Include="Microsoft.Extensions.Configuration.UserSecrets" Version="$(MicrosoftExtensionsConfigurationUserSecretsPackageVersion)" />
</ItemGroup>
+ <ItemGroup>
+ <!-- 3rd party binary -->
+ <SignedPackageFile Include="$(PublishDir)Newtonsoft.Json.dll" PackagePath="tools/$(TargetFramework)/any/Newtonsoft.Json.dll" Certificate="$(AssemblySigning3rdPartyCertName)" />
+
+ <!-- Exclude files that should already be signed -->
+ <ExcludePackageFileFromSigning Include="$(PublishDir)Microsoft.Extensions.Configuration.dll" PackagePath="tools/$(TargetFramework)/any/Microsoft.Extensions.Configuration.dll" />
+ <ExcludePackageFileFromSigning Include="$(PublishDir)Microsoft.Extensions.Configuration.Abstractions.dll" PackagePath="tools/$(TargetFramework)/any/Microsoft.Extensions.Configuration.Abstractions.dll" />
+ <ExcludePackageFileFromSigning Include="$(PublishDir)Microsoft.Extensions.Configuration.FileExtensions.dll" PackagePath="tools/$(TargetFramework)/any/Microsoft.Extensions.Configuration.FileExtensions.dll" />
+ <ExcludePackageFileFromSigning Include="$(PublishDir)Microsoft.Extensions.Configuration.Json.dll" PackagePath="tools/$(TargetFramework)/any/Microsoft.Extensions.Configuration.Json.dll" />
+ <ExcludePackageFileFromSigning Include="$(PublishDir)Microsoft.Extensions.Configuration.UserSecrets.dll" PackagePath="tools/$(TargetFramework)/any/Microsoft.Extensions.Configuration.UserSecrets.dll" />
+ <ExcludePackageFileFromSigning Include="$(PublishDir)Microsoft.Extensions.FileProviders.Abstractions.dll" PackagePath="tools/$(TargetFramework)/any/Microsoft.Extensions.FileProviders.Abstractions.dll" />
+ <ExcludePackageFileFromSigning Include="$(PublishDir)Microsoft.Extensions.FileProviders.Physical.dll" PackagePath="tools/$(TargetFramework)/any/Microsoft.Extensions.FileProviders.Physical.dll" />
+ <ExcludePackageFileFromSigning Include="$(PublishDir)Microsoft.Extensions.FileSystemGlobbing.dll" PackagePath="tools/$(TargetFramework)/any/Microsoft.Extensions.FileSystemGlobbing.dll" />
+ <ExcludePackageFileFromSigning Include="$(PublishDir)Microsoft.Extensions.Primitives.dll" PackagePath="tools/$(TargetFramework)/any/Microsoft.Extensions.Primitives.dll" />
+ <ExcludePackageFileFromSigning Include="$(PublishDir)System.Runtime.CompilerServices.Unsafe.dll" PackagePath="tools/$(TargetFramework)/any/System.Runtime.CompilerServices.Unsafe.dll" />
+ </ItemGroup>
+
</Project>
--
GitLab