-
Notifications
You must be signed in to change notification settings - Fork 359
/
Copy pathSign.props
105 lines (91 loc) · 6.09 KB
/
Sign.props
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
<!-- Licensed to the .NET Foundation under one or more agreements. The .NET Foundation licenses this file to you under the MIT license. -->
<Project>
<PropertyGroup>
<!-- By default, search for sign aritfacts under the list of known directories. -->
<EnableDefaultArtifacts>true</EnableDefaultArtifacts>
</PropertyGroup>
<!-- Repo extension point to sign and/or publish. Artifacts are shipping and blobs by default. -->
<ItemDefinitionGroup>
<Artifact>
<PublishFlatContainer>true</PublishFlatContainer>
<IsShipping>true</IsShipping>
<Visibility>External</Visibility>
</Artifact>
</ItemDefinitionGroup>
<ItemGroup>
<!--
This is intended to hold information about the certificates used for signing.
For now the only information required is whether or not the certificate can be
used for signing already signed files - DualSigningAllowed==true.
-->
<CertificatesSignInfo Include="3PartyDual" DualSigningAllowed="true" />
<CertificatesSignInfo Include="3PartySHA2" DualSigningAllowed="true" />
</ItemGroup>
<ItemGroup Condition="'$(EnableDefaultArtifacts)' == 'true'">
<!-- List of container files that will be opened and checked for files that need to be signed. -->
<_DefaultItemsToSign Include="$(ArtifactsPackagesDir)**\*.nupkg" />
<_DefaultItemsToSign Include="$(VisualStudioSetupOutputPath)**\*.vsix" />
<_DefaultItemsToSign Include="$(VisualStudioBuildPackagesDir)**\*.nupkg" />
<!-- If PostBuildSign == true, these are added to ItemsToSignPostBuild, otherwise these are added to ItemsToSign -->
<ItemsToSign Include="@(_DefaultItemsToSign)" Condition="'$(PostBuildSign)' != 'true'" />
<ItemsToSignPostBuild Include="@(_DefaultItemsToSign->'%(Filename)%(Extension)')" Condition="'$(PostBuildSign)' == 'true'" />
</ItemGroup>
<ItemGroup>
<!-- Default certificate/strong-name to be used for all files with PKT=="31bf3856ad364e35". -->
<StrongNameSignInfo Include="MsSharedLib72" PublicKeyToken="31bf3856ad364e35" CertificateName="Microsoft400" />
<StrongNameSignInfo Include="SilverlightCert121" PublicKeyToken="7cec85d7bea7798e" CertificateName="Microsoft400" />
<StrongNameSignInfo Include="StrongName" PublicKeyToken="b77a5c561934e089" CertificateName="Microsoft400" />
<StrongNameSignInfo Include="StrongName" PublicKeyToken="b03f5f7f11d50a3a" CertificateName="Microsoft400" />
<!-- Do not include specific key files if full assembly signing is not supported, as they will not be usable when we sign. -->
<StrongNameSignInfo Include="$(MSBuildThisFileDirectory)snk\Open.snk" PublicKeyToken="cc7b13ffcd2ddd51" CertificateName="Microsoft400" Condition="'$(FullAssemblySigningSupported)' != 'false'" />
<!--
Map of file extensions to default certificate name. Files with these extensions are
signed with the specified certificate. Particularly useful for files that don't have
a public key token.
The certificate can be overriden using the StrongNameSignInfo or the FileSignInfo item group.
-->
<FileExtensionSignInfo Include=".deb" CertificateName="LinuxSign" />
<FileExtensionSignInfo Include=".jar" CertificateName="MicrosoftJARSHA2" />
<FileExtensionSignInfo Include=".js;.ps1;.psd1;.psm1;.psc1;.py" CertificateName="Microsoft400" />
<FileExtensionSignInfo Include=".dll;.exe;.mibc" CertificateName="Microsoft400" />
<FileExtensionSignInfo Include=".nupkg" CertificateName="NuGet" />
<FileExtensionSignInfo Include=".vsix" CertificateName="VsixSHA2" />
<FileExtensionSignInfo Include=".zip" CertificateName="None" />
<FileExtensionSignInfo Include=".tgz" CertificateName="None" />
<FileExtensionSignInfo Include=".tar.gz" CertificateName="None" />
</ItemGroup>
<!-- The name of the .NET specific certificate, which is a general replacement for Microsoft400
If UseDotNetCert is specific in a repo's eng/Signing.props, all usage of Microsoft400 is replaced
with MicrosoftDotNet500 -->
<PropertyGroup>
<DotNetCertificateName>MicrosoftDotNet500</DotNetCertificateName>
<UseDotNetCertificate>false</UseDotNetCertificate>
</PropertyGroup>
<PropertyGroup>
<!-- Flags for controlling whether empty signing lists are detected for in build and post-build signing.
These flags are split (rather than just a single check based on PostBuildSign == true/false because
some repos may do both in-build and post-build signing. -->
<!-- Control whether an empty ItemsToSign item group is allowed when calling SignToolTask. -->
<AllowEmptySignList Condition="'$(PostBuildSign)' != 'true'">false</AllowEmptySignList>
<AllowEmptySignList Condition="'$(PostBuildSign)' == 'true'">true</AllowEmptySignList>
<!-- Control whether an empty ItemsToSignPostBuild item group is allowed during publishing -->
<AllowEmptySignPostBuildList Condition="'$(PostBuildSign)' != 'true'">true</AllowEmptySignPostBuildList>
<AllowEmptySignPostBuildList Condition="'$(PostBuildSign)' == 'true'">false</AllowEmptySignPostBuildList>
<NETCORE_ENGINEERING_TELEMETRY>Signing</NETCORE_ENGINEERING_TELEMETRY>
</PropertyGroup>
<!-- Sign tool parallelism limits. These may be overridden by a repo. -->
<PropertyGroup>
<!-- Number of containers to repack in parallel -->
<SignToolRepackParallelism>16</SignToolRepackParallelism>
<!-- Maximum size in MB that a file may be before it is repacked serially -->
<SignToolRepackMaximumParallelFileSize>128</SignToolRepackMaximumParallelFileSize>
</PropertyGroup>
<!-- Allow repository to customize signing configuration -->
<Import Project="$(RepositoryEngineeringDir)Signing.props" Condition="Exists('$(RepositoryEngineeringDir)Signing.props')" />
<!-- Respect Artifact item repo extension point -->
<ItemGroup Condition="'@(Artifact)' != ''">
<!-- If PostBuildSign == true, these are added to ItemsToSignPostBuild, otherwise these are added to ItemsToSign -->
<ItemsToSign Include="@(Artifact)" Condition="'$(PostBuildSign)' != 'true'" />
<ItemsToSignPostBuild Include="@(Artifact->'%(Filename)%(Extension)')" Condition="'$(PostBuildSign)' == 'true'" />
</ItemGroup>
</Project>