Skip to content

Commit

Permalink
Skip already signed packages (dotnet#1142)
Browse files Browse the repository at this point in the history
  • Loading branch information
@natemcmaster
natemcmaster committed Oct 10, 2018
1 parent e49c019 commit 20bd340
Show file tree
Hide file tree
Showing 5 changed files with 151 additions and 4 deletions.
28 changes: 26 additions & 2 deletions build/Prepare.targets
View file
Expand Up @@ -17,14 +17,38 @@

<Target Name="ExtractInputs">
<ItemGroup>
<UnsignedPackages Include="$(UnsignedPackagesDir)*.nupkg" />
<UnsignedVSIX Include="$(DepsDirectory)build\*.vsix" />
<_InputPackages Include="$(UnsignedPackagesDir)*.nupkg" />
<_InputVSIX Include="$(DepsDirectory)build\*.vsix" />
<UnsignedSharedFx Include="$(DepsDirectory)runtime\*.zip" />
<UnsignedOobArchive Include="$(DepsDirectory)build\AspNetCoreModule.zip" Condition="Exists('$(DepsDirectory)build\AspNetCoreModule.zip')" />
<UnsignedOobArchive Include="$(DepsDirectory)build\runtime-site-extension-*.zip" />
<PoliCheckPackages Include="@(UnsignedPackages)" />
<UnsignedMPacks Include="$(DepsDirectory)build\**\*.mpack" />
</ItemGroup>

<!-- Filter already signed .nupkgs -->
<FilterSignedPackagesFiles Files="@(_InputPackages)">
<Output TaskParameter="Signed" ItemName="AlreadySignedPackages" />
<Output TaskParameter="Unsigned" ItemName="UnsignedPackages" />
</FilterSignedPackagesFiles>

<StupidCopy Condition="'@(AlreadySignedPackages)' != ''"
SourceFiles="@(AlreadySignedPackages)"
DestinationFolder="$(PackagesOutputPath)" />

<!-- Filter already signed .vsix -->
<FilterSignedPackagesFiles Files="@(_InputVSIX)">
<Output TaskParameter="Signed" ItemName="AlreadySignedVSIX" />
<Output TaskParameter="Unsigned" ItemName="UnsignedVSIX" />
</FilterSignedPackagesFiles>

<MakeDir Directories="$(SignedVSIXPath)%(AlreadySignedVSIX.FileName)\" />

<StupidCopy Condition="'@(AlreadySignedVSIX)' != ''"
SourceFiles="%(AlreadySignedVSIX.FullPath);$(DepsDirectory)build\%(AlreadySignedVSIX.FileName).json"
DestinationFolder="$(SignedVSIXPath)%(AlreadySignedVSIX.FileName)\" />

<ItemGroup>
<_UnzipFiles Include="@(UnsignedPackages)" Destination="$(UnsignedPackagesPath)" />
<_UnzipFiles Include="@(UnsignedVSIX)" Destination="$(UnsignedVSIXPath)" />
<_UnzipFiles Include="@(UnsignedSharedFx)" Destination="$(UnsignedSharedFxPath)" />
Expand Down
15 changes: 13 additions & 2 deletions build/Sign.targets
View file
Expand Up @@ -162,8 +162,18 @@
</PropertyGroup>

<ItemGroup>
<_UnsignedJars Include="$(UnsignedPackagesDir)**\*.jar" />
<_InputJar Include="$(UnsignedPackagesDir)**\*.jar" />
</ItemGroup>

<!-- Filter already signed .jar -->
<FilterSignedPackagesFiles Files="@(_InputJar)">
<Output TaskParameter="Signed" ItemName="AlreadySignedJar" />
<Output TaskParameter="Unsigned" ItemName="_UnsignedJars" />
</FilterSignedPackagesFiles>

<StupidCopy Condition="'@(AlreadySignedJar)' != ''"
SourceFiles="@(AlreadySignedJar)"
DestinationFolder="$(PackagesOutputPath)" />

<Microsoft.Build.OOB.ESRP.CreateSignManifests Condition="'@(_UnsignedJars)'!=''"
ApplicationId="$(ESRPApplicationId)"
Expand Down Expand Up @@ -373,7 +383,8 @@
<ZipArchive
File="$(OutputFile)"
SourceFiles="@(Files)"
WorkingDirectory="$(ZipRoot)" />
WorkingDirectory="$(ZipRoot)"
Overwrite="true" />
</Target>

<Target Name="SignCheck" >
Expand Down
77 changes: 77 additions & 0 deletions build/tasks/FilterSignedPackagesFiles.cs
View file
@@ -0,0 +1,77 @@
using System.Collections.Concurrent;
using System.Diagnostics;
using System.IO;
using System.IO.Compression;
using System.Threading.Tasks;
using Microsoft.Build.Framework;

namespace RepoTasks
{
/// <summary>
/// Determine which files are already signed.
/// </summary>
public class FilterSignedPackagesFiles : Microsoft.Build.Utilities.Task
{
/// <summary>
/// The files to be hashed.
/// </summary>
[Required]
public ITaskItem[] Files { get; set; }

/// <summary>
/// The files which are signed.
/// </summary>
[Output]
public ITaskItem[] Signed { get; set; }

/// <summary>
/// The files which are not
/// </summary>
[Output]
public ITaskItem[] Unsigned { get; set; }

public override bool Execute()
{
var signed = new ConcurrentBag<ITaskItem>();
var unsigned = new ConcurrentBag<ITaskItem>();
Parallel.ForEach(Files, file =>
{
if (IsPackageSigned(file.ItemSpec))
{
signed.Add(file);
}
else
{
Log.LogMessage(MessageImportance.High, "Package {0} is not signed.", Path.GetFileName(file.ItemSpec));
unsigned.Add(file);
}
});

Signed = signed.ToArray();
Unsigned = unsigned.ToArray();
Log.LogMessage(MessageImportance.High, "Found {0} signed and {1} unsigned files", Signed.Length, Unsigned.Length);
Debug.Assert(Signed.Length + Unsigned.Length == Files.Length, "Make sure all files are accounted for");
return !Log.HasLoggedErrors;
}

private bool IsPackageSigned(string filePath)
{
using (var file = File.OpenRead(filePath))
using (var zip = new ZipArchive(file, ZipArchiveMode.Read))
{
switch (Path.GetExtension(filePath).ToLowerInvariant())
{
case ".nupkg":
return zip.GetEntry(".signature.p7s") != null;
case ".vsix":
return zip.GetEntry("package/services/digital-signature/_rels/origin.psdor.rels") != null;
case ".jar":
return zip.GetEntry("META-INF/MSFTSIG.RSA") != null;
default:
Log.LogError("Unrecognized package type: {0}", filePath);
return false;
}
}
}
}
}
1 change: 1 addition & 0 deletions build/tasks/RepoTasks.tasks
View file
Expand Up @@ -7,6 +7,7 @@

<UsingTask TaskName="RepoTasks.GetFileHash" AssemblyFile="$(_RepoTaskAssembly)" />
<UsingTask TaskName="RepoTasks.FilterAuthenticodeSignedFiles" AssemblyFile="$(_RepoTaskAssembly)" />
<UsingTask TaskName="RepoTasks.FilterSignedPackagesFiles" AssemblyFile="$(_RepoTaskAssembly)" />
<UsingTask TaskName="RepoTasks.StupidCopy" AssemblyFile="$(_RepoTaskAssembly)" />
<UsingTask TaskName="RepoTasks.VerifyPoliCheckResults" AssemblyFile="$(_RepoTaskAssembly)" />
<UsingTask TaskName="Microsoft.Build.OOB.ESRP.CreateSignManifests" AssemblyFile="$(_RepoTaskAssembly)" />
Expand Down
34 changes: 34 additions & 0 deletions build/tasks/tasks.sln
View file
@@ -0,0 +1,34 @@

Microsoft Visual Studio Solution File, Format Version 12.00
# Visual Studio 15
VisualStudioVersion = 15.0.26124.0
MinimumVisualStudioVersion = 15.0.26124.0
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "RepoTasks", "RepoTasks.csproj", "{78054E53-3D57-4401-AFAA-B31F50E64CEC}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Debug|x64 = Debug|x64
Debug|x86 = Debug|x86
Release|Any CPU = Release|Any CPU
Release|x64 = Release|x64
Release|x86 = Release|x86
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{78054E53-3D57-4401-AFAA-B31F50E64CEC}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{78054E53-3D57-4401-AFAA-B31F50E64CEC}.Debug|Any CPU.Build.0 = Debug|Any CPU
{78054E53-3D57-4401-AFAA-B31F50E64CEC}.Debug|x64.ActiveCfg = Debug|Any CPU
{78054E53-3D57-4401-AFAA-B31F50E64CEC}.Debug|x64.Build.0 = Debug|Any CPU
{78054E53-3D57-4401-AFAA-B31F50E64CEC}.Debug|x86.ActiveCfg = Debug|Any CPU
{78054E53-3D57-4401-AFAA-B31F50E64CEC}.Debug|x86.Build.0 = Debug|Any CPU
{78054E53-3D57-4401-AFAA-B31F50E64CEC}.Release|Any CPU.ActiveCfg = Release|Any CPU
{78054E53-3D57-4401-AFAA-B31F50E64CEC}.Release|Any CPU.Build.0 = Release|Any CPU
{78054E53-3D57-4401-AFAA-B31F50E64CEC}.Release|x64.ActiveCfg = Release|Any CPU
{78054E53-3D57-4401-AFAA-B31F50E64CEC}.Release|x64.Build.0 = Release|Any CPU
{78054E53-3D57-4401-AFAA-B31F50E64CEC}.Release|x86.ActiveCfg = Release|Any CPU
{78054E53-3D57-4401-AFAA-B31F50E64CEC}.Release|x86.Build.0 = Release|Any CPU
EndGlobalSection
EndGlobal

0 comments on commit 20bd340

Please sign in to comment.