Home Explore Help
Sign In
dotnet
/
aspnetcore
mirror of https://github.com/dotnet/aspnetcore.git
2
0
Fork 0
Files Issues 0 Wiki
Tree: d641dffdc1
Branches Tags
aspnetcore
/
eng
/
Signing.props

Signing.props 6.6 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101 
  1. <Project>
    2. 

  2. 

  3.   <!-- See https://github.com/dotnet/arcade/blob/master/Documentation/CorePackages/Signing.md for details. -->
    4. 

  4. 

  5.   <ItemGroup>
    6. 

  6.     <!-- Reset Arcade's defaults. -->
    7. 

  7.     <ItemsToSign Remove="@(ItemsToSign)" />
    8. 

  8.     <StrongNameSignInfo Remove="@(StrongNameSignInfo)" />
    9. 

  9.     <FileExtensionSignInfo Remove="@(FileExtensionSignInfo)" />
    10. 

  10.   </ItemGroup>
    11. 

  11. 

  12.   <ItemGroup Label="Signing config">
    13. 

  13.     <ItemsToSign Include="$(ArtifactsPackagesDir)**\*.nupkg" Exclude="$(ArtifactsPackagesDir)**\*symbols.nupkg" />
    14. 

  14.     <ItemsToSign Include="$(VisualStudioSetupOutputPath)**\*.vsix" />
    15. 

  15.     <ItemsToSign Include="$(ArtifactsPackagesDir)**\*.jar"  />
    16. 

  16.     <ItemsToSign Include="$(ArtifactsDir)installers\$(Configuration)\**\*.zip" />
    17. 

  17. 

  18.     <!--
    19. 

  19.       Map file extensions to a code-sign cert.
    20. 

  20.       "None" means don't sign the file itself, but still scan the contents for signable files.
    21. 

  21.     -->
    22. 

  22.     <FileExtensionSignInfo Include=".jar" CertificateName="MicrosoftJARSHA2" />
    23. 

  23.     <FileExtensionSignInfo Include=".ps1;.psd1;.psm1;.psc1" CertificateName="Microsoft400" />
    24. 

  24.     <FileExtensionSignInfo Include=".nupkg" CertificateName="NuGet" />
    25. 

  25.     <FileExtensionSignInfo Include=".vsix" CertificateName="VsixSHA2" />
    26. 

  26.     <FileExtensionSignInfo Include=".zip" CertificateName="None" />
    27. 

  27.     <FileExtensionSignInfo Include=".cab" CertificateName="None" />
    28. 

  28.     <FileExtensionSignInfo Include=".msi" CertificateName="None" />
    29. 

  29. 

  30.     <!--
    31. 

  31.       Use the PublicKeyToken of .NET assemblies to determine with authenticode cert to use.
    32. 

  32.       'None' is required to ensure code signing does not attempt to re-sign them or submit
    33. 

  33.       to ESPR for strong-naming signing. We don't delay sign, so we only need to authenticode sign.
    34. 

  34.       See https://github.com/dotnet/arcade/issues/1911 for context.
    35. 

  35.     -->
    36. 

  36.     <!-- The AspNetCore strong name. -->
    37. 

  37.     <StrongNameSignInfo Include="None" PublicKeyToken="adb9793829ddae60" CertificateName="Microsoft400" />
    38. 

  38.     <!-- The MsSharedLib72 strong name. -->
    39. 

  39.     <StrongNameSignInfo Include="None" PublicKeyToken="31bf3856ad364e35" CertificateName="Microsoft400" />
    40. 

  40.     <!-- The MsftStrongName strong name. -->
    41. 

  41.     <StrongNameSignInfo Include="None" PublicKeyToken="b03f5f7f11d50a3a" CertificateName="Microsoft400" />
    42. 

  42.     <!-- The MsftStrongName2 strong name. -->
    43. 

  43.     <StrongNameSignInfo Include="None" PublicKeyToken="b77a5c561934e089" CertificateName="Microsoft400" />
    44. 

  44.     <!-- The MsftOpenStrongName strong name. -->
    45. 

  45.     <StrongNameSignInfo Include="None" PublicKeyToken="cc7b13ffcd2ddd51" CertificateName="Microsoft400" />
    46. 

  46. 

  47.     <!-- Native .dll's. These don't have a public key token, but are from Microsoft and should be signed. -->
    48. 

  48.     <FileSignInfo Include="aspnetcore.dll" CertificateName="Microsoft400" />
    49. 

  49.     <FileSignInfo Include="aspnetcorev2_inprocess.dll" CertificateName="Microsoft400" />
    50. 

  50.     <FileSignInfo Include="aspnetcorev2_outofprocess.dll" CertificateName="Microsoft400" />
    51. 

  51.     <FileSignInfo Include="aspnetcorev2.dll" CertificateName="Microsoft400" />
    52. 

  52.     <FileSignInfo Include="blazor-devserver.exe" CertificateName="Microsoft400" />
    53. 

  53.     <FileSignInfo Include="dotnet-dev-certs.exe" CertificateName="Microsoft400" />
    54. 

  54.     <FileSignInfo Include="dotnet-sql-cache.exe" CertificateName="Microsoft400" />
    55. 

  55.     <FileSignInfo Include="dotnet-user-secrets.exe" CertificateName="Microsoft400" />
    56. 

  56.     <FileSignInfo Include="dotnet-watch.exe" CertificateName="Microsoft400" />
    57. 

  57.     <FileSignInfo Include="Microsoft.AspNetCore.Blazor.Build.exe" CertificateName="Microsoft400" />
    58. 

  58.     <FileSignInfo Include="sni.dll" CertificateName="Microsoft400" />
    59. 

  59. 

  60.     <!-- Third-party components which should be signed.  -->
    61. 

  61.     <FileSignInfo Include="Newtonsoft.Json.dll" CertificateName="3PartySHA2" />
    62. 

  62.     <FileSignInfo Include="AngleSharp.dll" CertificateName="3PartySHA2" />
    63. 

  63.     <FileSignInfo Include="Mono.Cecil.dll" CertificateName="3PartySHA2" />
    64. 

  64.     <FileSignInfo Include="Mono.Cecil.Mdb.dll" CertificateName="3PartySHA2" />
    65. 

  65.     <FileSignInfo Include="Mono.Cecil.Pdb.dll" CertificateName="3PartySHA2" />
    66. 

  66.     <FileSignInfo Include="Mono.Cecil.Rocks.dll" CertificateName="3PartySHA2" />
    67. 

  67.   </ItemGroup>
    68. 

  68. 

  69.   <PropertyGroup>
    70. 

  70.     <TargetRuntimeIdentifier Condition="'$(TargetRuntimeIdentifier)' == ''">$(TargetOsName)-$(TargetArchitecture)</TargetRuntimeIdentifier>
    71. 

  71.     <BaseRedistNetCorePath>$(ArtifactsObjDir)RedistSharedFx.Layout\$(Configuration)\</BaseRedistNetCorePath>
    72. 

  72.     <RedistNetCorePath>$(BaseRedistNetCorePath)$(TargetRuntimeIdentifier)\</RedistNetCorePath>
    73. 

  73.   </PropertyGroup>
    74. 

  74. 

  75.   <ItemGroup Label="Code sign exclusions">
    76. 

  76.     <!-- We don't need to code sign .js files because they are not used in Windows Script Host. -->
    77. 

  77.     <FileExtensionSignInfo Include=".js" CertificateName="None" />
    78. 

  78.     <!-- We don't produce font files. We rebundle some for using the web brower, so they do not need to be signed. -->
    79. 

  79.     <FileExtensionSignInfo Include=".otf" CertificateName="None" />
    80. 

  80.     <FileExtensionSignInfo Include=".ttf" CertificateName="None" />
    81. 

  81.     <!-- This is a text file which doesn't need to be code signed, even though some .mof files can be signed. -->
    82. 

  82.     <FileSignInfo Include="ancm.mof" CertificateName="None" />
    83. 

  83.     <!-- Exclude the apphost because this is expected to be code-signed by customers after the SDK modifies it. -->
    84. 

  84.     <FileSignInfo Include="apphost.exe" CertificateName="None" />
    85. 

  85. 

  86.     <!--
    87. 

  87.       These files should already be signed by the .NET Core team. They have to be listed again here because we recreate a redistributable which includes the Microsoft.NETCore.App runtime.
    88. 

  88.       List all combinations of Windows RID's because CI may build multiple combinations of artitectures on the same machine.
    89. 

  89.       This uses globs because some of the file names change on every build of .NET Core, like sos_amd64_$(fileversion).dll.
    90. 

  90.     -->
    91. 

  91.     <_DotNetFilesToExclude Include="$(BaseRedistNetCorePath)win-x64\shared\Microsoft.NETCore.App\**\*.dll" CertificateName="None" />
    92. 

  92.     <_DotNetFilesToExclude Include="$(BaseRedistNetCorePath)win-x86\shared\Microsoft.NETCore.App\**\*.dll" CertificateName="None" />
    93. 

  93.     <_DotNetFilesToExclude Include="$(BaseRedistNetCorePath)win-arm\shared\Microsoft.NETCore.App\**\*.dll" CertificateName="None" />
    94. 

  94.     <_DotNetFilesToExclude Include="$(BaseRedistNetCorePath)win-x64\host\**\*.dll" CertificateName="None" />
    95. 

  95.     <_DotNetFilesToExclude Include="$(BaseRedistNetCorePath)win-x86\host\**\*.dll" CertificateName="None" />
    96. 

  96.     <_DotNetFilesToExclude Include="$(BaseRedistNetCorePath)win-arm\host\**\*.dll" CertificateName="None" />
    97. 

  97.     <_DotNetFilesToExclude Include="$(RedistNetCorePath)dotnet.exe" CertificateName="None" />
    98. 

  98.     <FileSignInfo Include="@(_DotNetFilesToExclude->'%(FileName)%(Extension)'->Distinct())" CertificateName="None" />
    99. 

  99.   </ItemGroup>
    100. 

  100. 

  101. </Project>
    102.