Home Explore Help
Sign In
dotnet
/
aspnetcore
mirror of https://github.com/dotnet/aspnetcore.git
2
0
Fork 0
Files Issues 0 Wiki
Tree: e058c71aa2
Branches Tags
aspnetcore
/
eng
/
Signing.props

Signing.props 7.6 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105 
  1. <Project>
    2. 

  2.   <!-- See https://github.com/dotnet/arcade/blob/master/Documentation/CorePackages/Signing.md for details. -->
    3. 

  3.   <Import Project="Common.props" />
    4. 

  4. 

  5.   <PropertyGroup>
    6. 

  6.     <!-- Use the dotnet certificate for any remaining defaults (e.g. StrongNameSignInfo) -->
    7. 

  7.     <UseDotNetCertificate>true</UseDotNetCertificate>
    8. 

  8.   </PropertyGroup>
    9. 

  9. 

  10.   <ItemGroup Label="File signing information">
    11. 

  11.     <!-- Third-party components which should be signed.  -->
    12. 

  12.     <FileSignInfo Include="Newtonsoft.Json.dll" CertificateName="3PartySHA2" />
    13. 

  13.     <FileSignInfo Include="AngleSharp.dll" CertificateName="3PartySHA2" />
    14. 

  14.     <FileSignInfo Include="Mono.Cecil.dll" CertificateName="3PartySHA2" />
    15. 

  15.     <FileSignInfo Include="Mono.Cecil.Mdb.dll" CertificateName="3PartySHA2" />
    16. 

  16.     <FileSignInfo Include="Mono.Cecil.Pdb.dll" CertificateName="3PartySHA2" />
    17. 

  17.     <FileSignInfo Include="Mono.Cecil.Rocks.dll" CertificateName="3PartySHA2" />
    18. 

  18.   </ItemGroup>
    19. 

  19. 

  20.   <PropertyGroup>
    21. 

  21.     <BaseRedistNetCorePath>$(ArtifactsObjDir)RedistSharedFx.Layout\$(Configuration)\</BaseRedistNetCorePath>
    22. 

  22.     <RedistNetCorePath>$(BaseRedistNetCorePath)$(TargetRuntimeIdentifier)\</RedistNetCorePath>
    23. 

  23.   </PropertyGroup>
    24. 

  24. 

  25.   <ItemGroup Label="Code sign exclusions">
    26. 

  26.     <!-- We don't produce font files. We rebundle some for using the web browser, so they do not need to be signed. -->
    27. 

  27.     <FileExtensionSignInfo Update=".otf" CertificateName="None" />
    28. 

  28.     <FileExtensionSignInfo Update=".ttf" CertificateName="None" />
    29. 

  29.     <!-- This is a text file which doesn't need to be code signed, even though some .mof files can be signed. -->
    30. 

  30.     <FileSignInfo Include="ancm.mof" CertificateName="None" />
    31. 

  31.     <!-- Exclude the apphost because this is expected to be code-signed by customers after the SDK modifies it. -->
    32. 

  32.     <FileSignInfo Include="apphost.exe" CertificateName="None" />
    33. 

  33. 

  34.     <!--
    35. 

  35.       These files should already be signed by the .NET Core team. They have to be listed again here because we recreate a redistributable which includes the Microsoft.NETCore.App runtime.
    36. 

  36.       List all combinations of Windows RID's because CI may build multiple combinations of artitectures on the same machine.
    37. 

  37.       This uses globs because some of the file names change on every build of .NET Core, like sos_amd64_$(fileversion).dll.
    38. 

  38. 

  39.       Technically, this may not be necessary. SignTool does a good deal of detection to determine
    40. 

  40.       whether files are already signed.
    41. 

  41. 

  42.       Do not include these with cert "None" when doing post-build signing. In that case, we will recognize that
    43. 

  43.     -->
    44. 

  44.     <_DotNetFilesToExclude Include="$(BaseRedistNetCorePath)win-x64\shared\Microsoft.NETCore.App\**\*.dll" CertificateName="None" />
    45. 

  45.     <_DotNetFilesToExclude Include="$(BaseRedistNetCorePath)win-x86\shared\Microsoft.NETCore.App\**\*.dll" CertificateName="None" />
    46. 

  46.     <_DotNetFilesToExclude Include="$(BaseRedistNetCorePath)win-arm\shared\Microsoft.NETCore.App\**\*.dll" CertificateName="None" />
    47. 

  47.     <_DotNetFilesToExclude Include="$(BaseRedistNetCorePath)win-arm64\shared\Microsoft.NETCore.App\**\*.dll" CertificateName="None" />
    48. 

  48.     <_DotNetFilesToExclude Include="$(BaseRedistNetCorePath)win-x64\host\**\*.dll" CertificateName="None" />
    49. 

  49.     <_DotNetFilesToExclude Include="$(BaseRedistNetCorePath)win-x86\host\**\*.dll" CertificateName="None" />
    50. 

  50.     <_DotNetFilesToExclude Include="$(BaseRedistNetCorePath)win-arm\host\**\*.dll" CertificateName="None" />
    51. 

  51.     <_DotNetFilesToExclude Include="$(BaseRedistNetCorePath)win-arm64\host\**\*.dll" CertificateName="None" />
    52. 

  52.     <_DotNetFilesToExclude Include="$(RedistNetCorePath)dotnet.exe" CertificateName="None" />
    53. 

  53.     <FileSignInfo Include="@(_DotNetFilesToExclude->'%(FileName)%(Extension)'->Distinct())" CertificateName="None" Condition="'$(PostBuildSign)' != 'true'" />
    54. 

  54. 

  55.     <!-- Symbol packages should get no NuGet signature -->
    56. 

  56.     <!-- Requires https://github.com/dotnet/arcade/issues/6192 to be fixed -->
    57. 

  57.     <!-- <FileSignInfo Include="@(_SymbolPackages->'%(FileName)%(Extension)'->Distinct())" CertificateName="None" /> -->
    58. 

  58. 

  59.     <!--
    60. 

  60.       We include the Microsoft.Build.Locator.dll assembly in our global tool 'Microsoft.dotnet-openapi'.
    61. 

  61.       It is already signed by that team, so we don't need to sign it.
    62. 

  62.     -->
    63. 

  63.     <FileSignInfo Include="Microsoft.Build.Locator.dll" CertificateName="None" />
    64. 

  64. 

  65.     <!--
    66. 

  66.       We include the Microsoft.Data.SqlClient.dll and Microsoft.Identity.Client.dll assembly in our global tool 'dotnet-sql-cache'.
    67. 

  67.       It is already signed by that team, so we don't need to sign it.
    68. 

  68.     -->
    69. 

  69.     <FileSignInfo Include="Microsoft.Data.SqlClient.dll" CertificateName="None" />
    70. 

  70.     <FileSignInfo Include="Microsoft.Identity.Client.dll" CertificateName="None" />
    71. 

  71.   </ItemGroup>
    72. 

  72. 

  73.   <!-- $(InstallersOutputPath), $(SymbolsOutputPath), and $(ChecksumExtensions) are not defined. Root Directory.Build.props is not imported. -->
    74. 

  74.   <ItemGroup>
    75. 

  75.     <!-- Prepare for _PublishInstallersAndChecksums target. -->
    76. 

  76.     <_InstallersToPublish Include="$(ArtifactsPackagesDir)**\*.jar" UploadPathSegment="jar/" ChecksumPath="%(FullPath).sha512" Condition="'$(PublishAllBuildsAssetsInThisJob)' == 'true'" />
    77. 

  77.     <_InstallersToPublish Include="$(ArtifactsPackagesDir)**\*.pom" UploadPathSegment="jar/" ChecksumPath="%(FullPath).sha512" Condition="'$(PublishAllBuildsAssetsInThisJob)' == 'true'" />
    78. 

  78.     <!-- All builds produce npm assets - only publish them once -->
    79. 

  79.     <_InstallersToPublish Include="$(ArtifactsPackagesDir)**\*.tgz" UploadPathSegment="npm/"  ChecksumPath="%(FullPath).sha512" Condition="'$(PublishAllBuildsAssetsInThisJob)' == 'true'" />
    80. 

  80.     <_InstallersToPublish Include="$(ArtifactsDir)installers\$(Configuration)\**\*.version" UploadPathSegment="Runtime/" Condition="'$(PublishInstallerBaseVersion)' == 'true'" />
    81. 

  81. 

  82.     <!-- The following installers create checksums -->
    83. 

  83.     <_InstallersToPublish Include="$(ArtifactsPackagesDir)**\*.deb" UploadPathSegment="Runtime/" ChecksumPath="%(FullPath).sha512" />
    84. 

  84.     <_InstallersToPublish Include="$(ArtifactsPackagesDir)**\*.rpm" UploadPathSegment="Runtime/" ChecksumPath="%(FullPath).sha512" />
    85. 

  85.     <_InstallersToPublish Include="$(ArtifactsPackagesDir)**\*.tar.gz" UploadPathSegment="Runtime/" ChecksumPath="%(FullPath).sha512" />
    86. 

  86.     <_InstallersToPublish Include="$(ArtifactsPackagesDir)**\*.exe" UploadPathSegment="Runtime/" ChecksumPath="%(FullPath).sha512" />
    87. 

  87.     <_InstallersToPublish Include="$(ArtifactsPackagesDir)**\*.msi" UploadPathSegment="Runtime/" ChecksumPath="%(FullPath).sha512" />
    88. 

  88.     <_InstallersToPublish Include="$(ArtifactsPackagesDir)**\*.zip" UploadPathSegment="Runtime/" >
    89. 

  89.        <ChecksumPath Condition="$([System.String]::Copy('%(Filename)%(Extension)').EndsWith('.wixpack.zip')) != 'true'">%(FullPath).sha512</ChecksumPath>
    90. 

  90.     </_InstallersToPublish>
    91. 

  91. 

  92.     <_InstallersToPublish Include="$(ArtifactsDir)installers\$(Configuration)\**\*.exe" UploadPathSegment="Runtime/" ChecksumPath="%(FullPath).sha512" />
    93. 

  93.     <_InstallersToPublish Include="$(ArtifactsDir)installers\$(Configuration)\**\*.msi" UploadPathSegment="Runtime/" ChecksumPath="%(FullPath).sha512" />
    94. 

  94.     <_InstallersToPublish Include="$(ArtifactsDir)installers\$(Configuration)\**\*.zip" UploadPathSegment="Runtime/" >
    95. 

  95.       <ChecksumPath Condition="$([System.String]::Copy('%(Filename)%(Extension)').EndsWith('.wixpack.zip')) != 'true'">%(FullPath).sha512</ChecksumPath>
    96. 

  96.     </_InstallersToPublish>
    97. 

  97. 

  98.     <Artifact Include="@(_InstallersToPublish)" Kind="Blob">
    99. 

  99.       <IsShipping>true</IsShipping>
    100. 

  100.       <IsShipping Condition="$([System.String]::Copy('%(RecursiveDir)').StartsWith('NonShipping'))">false</IsShipping>
    101. 

  101.       <IsShipping Condition="$([System.String]::Copy('%(Filename)').ToLowerInvariant().Contains('wixpack.zip'))">false</IsShipping>
    102. 

  102.     </Artifact>
    103. 

  103.   </ItemGroup>
    104. 

  104. 

  105. </Project>
    106.