-
Notifications
You must be signed in to change notification settings - Fork 585
/
SignToolHelper.fs
120 lines (94 loc) · 5.39 KB
/
SignToolHelper.fs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
[<AutoOpen>]
[<System.Obsolete("Open Fake.Tools instead (FAKE0001 - package: Fake.Tools.SignTool, module: SignTool)")>]
/// Contains a task to sign assemblies using the [SignTool](http://msdn.microsoft.com/en-us/library/windows/desktop/aa387764(v=vs.85).aspx).
///
/// ## Certificates
/// The SignTool needs a certificate to sign assemblies. It is not a good idea to include a certficate in your
/// source control system, but the sign step should be usable on developer machines. Because of this, you can
/// specify a dev certificate that can safely included in your source control system. Whenever the real certificate
/// can not be found, the dev certificate will be used.
module Fake.SignToolHelper
open System
open System.IO
/// Represents a certificate file and an optional password
[<System.Obsolete("Open Fake.Tools instead (FAKE0001 - package: Fake.Tools.SignTool, module: SignTool, type: SignCertificate)")>]
type SignCert = {
/// The certificate files
CertFile : string
/// The file containing the password
PasswordFile : string option
}
/// Parameters used for signing.
[<CLIMutable>]
[<System.Obsolete("Open Fake.Tools instead (FAKE0001 - package: Fake.Tools.SignTool, module: SignTool, type: SignOptions)")>]
type SignParams = {
/// The dev certificate that will be used when the real certificate can not be found
DevCertificate : SignCert
/// The optional real certificate that will be used when it is found
Certificate : SignCert option
/// The optional url of the timestamp server to use
TimeStampUrl : Uri option
}
/// Signs assemblies according to the settings specified in the parameters using signtool.exe.
/// This will be looked up using the toolsPath parameter.
[<System.Obsolete("Open Fake.Tools instead (FAKE0001 - package: Fake.Tools.SignTool, module: SignTool, function: sign)")>]
let Sign (toolsPath : string) (parameters : SignParams) (filesToSign : seq<string>) =
use __ = traceStartTaskUsing "SignTool" "Trying to sign the specified assemblies"
let signPath = toolsPath @@ "signtool.exe"
let certToUse = match parameters.Certificate with
| Some cert -> if File.Exists cert.CertFile then cert else parameters.DevCertificate
| None -> parameters.DevCertificate
let baseCall = sprintf "sign /a /f \"%s\"" certToUse.CertFile
let withTimeStamp = baseCall + match parameters.TimeStampUrl with
| Some url -> sprintf " /t \"%s\"" url.AbsoluteUri
| None -> ""
let withPassword = withTimeStamp + match certToUse.PasswordFile with
| Some pass -> sprintf " /p \"%s\"" (ReadLine pass)
| None -> ""
filesToSign
|> Seq.iter (fun fileToSign ->
let withFileToSign = withPassword + sprintf " \"%s\"" fileToSign
let result =
ExecProcess (fun info ->
info.FileName <- signPath
info.Arguments <- withFileToSign) System.TimeSpan.MaxValue
if result <> 0 then failwithf "Error during sign call ")
/// Appends a SHA 256 signature to assemblies according to the settings specified in the parameters using signtool.exe.
/// This will be looked up using the toolsPath parameter.
[<System.Obsolete("Open Fake.Tools instead (FAKE0001 - package: Fake.Tools.SignTool, module: SignTool, function: sign)")>]
let AppendSignature (toolsPath : string) (parameters : SignParams) (filesToSign : seq<string>) =
use __ = traceStartTaskUsing "SignTool" "Trying to dual sign the specified assemblies"
let signPath = toolsPath @@ "signtool.exe"
let certToUse = match parameters.Certificate with
| Some cert -> if File.Exists cert.CertFile then cert else parameters.DevCertificate
| None -> parameters.DevCertificate
let baseCall = sprintf "sign /f \"%s\" /as /fd sha256 " certToUse.CertFile
let withTimeStamp = baseCall + match parameters.TimeStampUrl with
| Some url -> sprintf " /tr \"%s\" /td sha256" url.AbsoluteUri
| None -> ""
let withPassword = withTimeStamp + match certToUse.PasswordFile with
| Some pass -> sprintf " /p \"%s\"" (ReadLine pass)
| None -> ""
filesToSign
|> Seq.iter (fun fileToSign ->
let withFileToSign = withPassword + sprintf " \"%s\"" fileToSign
let result =
ExecProcess (fun info ->
info.FileName <- signPath
info.Arguments <- withFileToSign) System.TimeSpan.MaxValue
if result <> 0 then failwithf "Error during sign call ")
[<System.Obsolete("Open Fake.Tools instead (FAKE0001 - package: Fake.Tools.SignTool, module: SignTool, function: sign)")>]
/// Signs all files in filesToSign with the certification file certFile,
/// protected with the password in the file passFile.
/// The signtool will be search in the toolPath.
let SignTool toolsPath certFile passFile filesToSign =
let certToUse = {
CertFile = certFile
PasswordFile = passFile
}
let signParams = {
Certificate = Some certToUse
DevCertificate = certToUse
TimeStampUrl = None
}
Sign toolsPath signParams filesToSign