Sign tool explicit files #410
Conversation
JohnTortugo
requested review from
tmat,
jaredpar,
MattGal,
maririos and
chcosta
| @@ -70,14 +87,30 @@ private void ExecuteImpl() | |||
| } | |||
| } | |||
|
|
|||
| var mapTokenToSignInfo = new Dictionary<string, SignInfo>(); | |||
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
| @@ -43,6 +44,22 @@ public class SignToolTask : Task | |||
| [Required] | |||
| public string MicroBuildCorePath { get; set; } | |||
|
|
|||
| /// <summary> | |||
| /// Explicit list of containers / files to be signed. | |||
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
| var map = new Dictionary<string, SignInfo>(StringComparer.OrdinalIgnoreCase); | ||
| foreach (var item in fileJson.SignList) | ||
| var mapFileToSignInfo = new Dictionary<string, SignInfo>(StringComparer.OrdinalIgnoreCase); | ||
| List<string> excludeList = new List<string>(); |
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
| { | ||
| if (IsManaged(filePath) == true) | ||
| { | ||
| var fileAsm = System.Reflection.Assembly.LoadFile(filePath); |
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
| else | ||
| { | ||
| log.LogError($"SignInfo for Public Key Token {publicKeyToken} not found."); | ||
| return new SignInfo(null, null); |
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
| /// <summary> | ||
| /// Explicit list of containers / files to NOT be signed. | ||
| /// </summary> | ||
| public string[] ExplicitExcludeItems { get; set; } |
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
|
PTAL |
| using Microsoft.DotNet.SignTool.Json; | ||
| using Microsoft.Build.Utilities; | ||
| using System.Reflection.Metadata; |
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
|
|
||
| /// <summary> | ||
| /// Mapping relating PublicKeyToken, Certificate and Strong Name. | ||
| /// During signing Certificate and Strong Name will be looked up here based on PublicKeyToken. |
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
| /// Mapping relating PublicKeyToken, Certificate and Strong Name. | ||
| /// During signing Certificate and Strong Name will be looked up here based on PublicKeyToken. | ||
| /// </summary> | ||
| public ITaskItem[] StrongNameSignInfo { get; set; } |
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
|
|
||
| mapTokenToSignInfo.Add(publicKeyToken, signInfo); | ||
| } | ||
| } |
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
|
|
||
| mapFileAndTargetFrameworkToCertificate.Add(new Tuple<string, string>(fileName, targetFramework), certificateName); | ||
| } | ||
| } |
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
| var targetFramework = item.GetMetadata("TargetFramework").ToLower(); | ||
| var certificateName = item.GetMetadata("CertificateName").ToLower(); | ||
|
|
||
| mapFileAndTargetFrameworkToCertificate.Add(new Tuple<string, string>(fileName, targetFramework), certificateName); |
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
| } | ||
| } | ||
|
|
||
| var mapFileAndTargetFrameworkToCertificate = new Dictionary<Tuple<string, string>, string>(); |
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
| foreach (var item in FileSignInfo) | ||
| { | ||
| var fileName = item.ItemSpec; | ||
| var targetFramework = item.GetMetadata("TargetFramework").ToLower(); |
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
| { | ||
| var fileName = item.ItemSpec; | ||
| var targetFramework = item.GetMetadata("TargetFramework").ToLower(); | ||
| var certificateName = item.GetMetadata("CertificateName").ToLower(); |
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
| internal static BatchSignInput TryReadConfigFile(TaskLoggingHelper log, TextReader configReader, string outputPath) | ||
| internal static BatchSignInput ParseConfigInfo(TaskLoggingHelper log, TextReader configReader, string outputPath, string[] explicitSignList, | ||
| Dictionary<string, SignInfo> mapTokenToSignInfo, | ||
| Dictionary<Tuple<string, string>, string> mapFileAndTargetFrameworkToCertificate) |
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
| foreach (var item in fileJson.SignList) | ||
| var mapFileToSignInfo = new Dictionary<string, SignInfo>(StringComparer.OrdinalIgnoreCase); | ||
| var excludeList = new List<string>(); | ||
| var publishUrl = "unset"; |
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
| var excludeList = new List<string>(); | ||
| var publishUrl = "unset"; | ||
|
|
||
| if (configReader != null) |
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
| { | ||
| foreach (var item in FileSignInfo) | ||
| { | ||
| var fileName = item.ItemSpec; |
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
| { | ||
| log.LogError($"Duplicate file entry: {relativeFileName}"); | ||
| log.LogError($"Duplicate file entry: {filePath}"); | ||
| } | ||
| else |
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
| /// </summary> | ||
| internal ImmutableArray<FileName> AssemblyNames { get; } | ||
| private readonly Dictionary<(string, string, string), string> _fileAndTokenToOverridingInfos; |
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
|
|
||
| /// Do we need to override the default certificate this file ? | ||
| if (_fileAndTokenToOverridingInfos.TryGetValue(keyForAllTargets, out overridingCertificate) || | ||
| _fileAndTokenToOverridingInfos.TryGetValue(keyForSpecificTarget, out overridingCertificate)) |
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
| _fileAndTokenToOverridingInfos.TryGetValue(keyForSpecificTarget, out overridingCertificate)) | ||
| { | ||
| /// If has overriding info, is it for ignoring the file? | ||
| if (overridingCertificate != null && overridingCertificate.Equals(SignToolConstants.IgnoreFileCertificateSentinel)) |
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
| /// </summary> | ||
| internal ImmutableArray<FileName> ZipContainerNames { get; } | ||
| private readonly Dictionary<string, SignInfo> _mapTokenToSignInfo; |
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
| namespace Microsoft.DotNet.SignTool | ||
| { | ||
| internal struct SignInfo | ||
| internal class SignInfo |
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
| return signInfo; | ||
| } | ||
| else | ||
| { |
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
|
|
||
| if (!string.IsNullOrEmpty(matchingFile)) | ||
| if (IsManaged(fileFullPath) == true) |
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
| var util = new BatchSignUtil(task.BuildEngine, task.Log, signTool, signingInput, null); | ||
|
|
||
| /// There is a validation inside this method that checks that the files where actually signed | ||
| /// so it's not duplicated here. |
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
| { | ||
| foreach (var item in ((FakeBuildEngine)task.BuildEngine).LogErrorEvents) | ||
| { | ||
| Console.WriteLine(item.Message); |
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
| candidate.SignInfo.Certificate == expected.SignInfo.Certificate && | ||
| candidate.SignInfo.StrongName == expected.SignInfo.StrongName)) | ||
| { | ||
| task.Log.LogError($"Expected this file ({expected.FullPath}) to be signed with this " + |
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
| } | ||
| } | ||
|
|
||
| if (expectedToBeSigned.Count != signingInput.FilesToSign.Count) |
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
- Added Assert for checking the .proj that is generated as side-effect of the signing. - Renamed some variables and some general refactoring. - Added new test case where a overriding certificate is informed.
|
Hey, I'd like to merge this PR today, can you PTAL and advise if there are any blocking issues? I'm willing to work on other changes but I'd like to merge this one so I can start working on some other things. I've just tested the tool by patching Sign.proj as suggested by @tmat #464 and it is able to find all files that we have listed to be signed in our current SignToolData.json file. |
| /// </summary> | ||
| internal ImmutableArray<string> ExternalFileNames { get; } | ||
| internal Dictionary<FileName, ZipData> ZipDataMap { get; set; } |
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
| internal ImmutableDictionary<FileName, FileSignInfo> FileSignInfoMap { get; } | ||
|
|
||
| private ContentUtil contentUtil = new ContentUtil(); | ||
| public List<FileName> FilesToSign = new List<FileName>(); |
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
| namespace Microsoft.DotNet.SignTool | ||
| { | ||
| struct ExplicitCertificateKey | ||
| { |
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
| { | ||
| public string FileName; | ||
| public string PublicKeyToken; | ||
| public string TargetFramework; |
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
|
|
||
| namespace Microsoft.DotNet.SignTool | ||
| { | ||
| internal struct FileName : IEquatable<FileName> | ||
| internal class FileName : IEquatable<FileName> |
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
- Adding back Configuration file/class - Making BatchSignInput a wrapper around Immutable properties - Fixes around coding convention
jaredpar
dismissed
their stale review
Looks like most of my feedback was addressed
| { | ||
| Log.LogError($"File '{MSBuildPath}' not found."); | ||
| Log.LogError($"MSBuild was not found at this path: '{MSBuildPath}'."); |
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
| foreach (var item in FileSignInfo) | ||
| { | ||
| var fileName = item.ItemSpec; | ||
| var targetFramework = item.GetMetadata("TargetFramework"); |
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
Closes: #396
ExplicitSignItems, a list of files to be ignoredExplicitExcludeItems