forked from dotnet/aspnetcore
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathCodeSign.targets
46 lines (41 loc) · 2.92 KB
/
CodeSign.targets
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
<Project>
<PropertyGroup>
<CodeSignDependsOn>$(CodeSignDependsOn);CollectFileSignInfo</CodeSignDependsOn>
</PropertyGroup>
<ItemGroup>
<!-- Configures signcheck to inspect well-known folders for signed content. -->
<SignCheckDirectory Include="$(ArtifactsPackagesDir)" />
<SignCheckDirectory Include="$(InstallersOutputPath)" />
<SignCheckDirectory Include="$(VisualStudioSetupOutputPath)" />
<!-- KoreBuild by default scans everything in artifacts/, but this causes problems because we put unsigned content in artifacts/obj/ and bin/ which can be ignored. -->
<SignCheckDirectory Remove="$(ArtifactsDir)" />
</ItemGroup>
<Target Name="CollectFileSignInfo">
<PropertyGroup>
<BaseRedistNetCorePath>$(ArtifactsDir)obj\RedistSharedFx.Layout\$(Configuration)\</BaseRedistNetCorePath>
<RedistNetCorePath>$(BaseRedistNetCorePath)$(TargetRuntimeIdentifier)\</RedistNetCorePath>
</PropertyGroup>
<ItemGroup>
<FilesToSign Include="$(ArtifactsShippingPackagesDir)*.jar" Certificate="MicrosoftJARSHA2" />
<FilesToSign Include="$(ArtifactsShippingPackagesDir)*.nupkg" Exclude="$(ArtifactsShippingPackagesDir)*.symbols.nupkg" Certificate="NuGet" />
<FilesToSign Include="$(ArtifactsNonShippingPackagesDir)*.nupkg" Exclude="$(ArtifactsNonShippingPackagesDir)*.symbols.nupkg" Certificate="NuGet" />
<FilesToSign Include="$(VisualStudioSetupOutputPath)*.vsix" Certificate="VsixSHA2" />
<!-- "None" means don't sign the .zip file itself, but still scan the contents of the .zip for signable files. -->
<FilesToSign Include="$(InstallersOutputPath)*.zip" Certificate="None" />
<!--
These files should already be signed by the .NET Core team. They have to be listed again here because we recreate a redistributable which includes the Microsoft.NETCore.App runtime.
List all combinations of Windows RID's because CI may build multiple combinations of artitectures on the same machine.
This uses globs because some of the file names change on every build of .NET Core, like sos_amd64_$(fileversion).dll.
-->
<FilesToExcludeFromSigning Include="$(BaseRedistNetCorePath)win-x64\shared\Microsoft.NETCore.App\**\*.dll" />
<FilesToExcludeFromSigning Include="$(BaseRedistNetCorePath)win-x86\shared\Microsoft.NETCore.App\**\*.dll" />
<FilesToExcludeFromSigning Include="$(BaseRedistNetCorePath)win-arm\shared\Microsoft.NETCore.App\**\*.dll" />
<FilesToExcludeFromSigning Include="$(BaseRedistNetCorePath)win-x64\host\**\*.dll" />
<FilesToExcludeFromSigning Include="$(BaseRedistNetCorePath)win-x86\host\**\*.dll" />
<FilesToExcludeFromSigning Include="$(BaseRedistNetCorePath)win-arm\host\**\*.dll" />
<FilesToExcludeFromSigning Include="$(RedistNetCorePath)dotnet.exe" />
<FilesToExcludeFromSigning Include="hostpolicy.dll" />
<FilesToExcludeFromSigning Include="hostfxr.dll" />
</ItemGroup>
</Target>
</Project>