Skip to content

Commit

Permalink
Use dotnet certificate
Browse files Browse the repository at this point in the history
  • Loading branch information
@mmitche
mmitche committed May 11, 2021
1 parent 1755ed9 commit e0e14d8
Showing 1 changed file with 20 additions and 15 deletions.
35 changes: 20 additions & 15 deletions eng/Signing.props
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,11 @@
<FileExtensionSignInfo Remove="@(FileExtensionSignInfo)" />
</ItemGroup>

<PropertyGroup>
<!-- Use the dotnet certificate for any remaining defaults (e.g. StrongNameSignInfo) -->
<UseDotNetCertificate>true</UseDotNetCertificate>
</PropertyGroup>

<!-- Files that should be always be signed between in-build and post-build signing -->
<ItemGroup Label="Common Files to Sign">
<CommonFilesToSign Include="$(ArtifactsPackagesDir)**\*.nupkg" />
Expand Down Expand Up @@ -52,30 +57,30 @@
"None" means don't sign the file itself, but still scan the contents for signable files.
-->
<FileExtensionSignInfo Include=".jar" CertificateName="MicrosoftJARSHA2" />
<FileExtensionSignInfo Include=".ps1;.psd1;.psm1;.psc1" CertificateName="Microsoft400" />
<FileExtensionSignInfo Include=".dll;.exe" CertificateName="Microsoft400" />
<FileExtensionSignInfo Include=".ps1;.psd1;.psm1;.psc1" CertificateName="MicrosoftDotNet500" />
<FileExtensionSignInfo Include=".dll;.exe" CertificateName="MicrosoftDotNet500" />
<FileExtensionSignInfo Include=".nupkg" CertificateName="NuGet" />
<FileExtensionSignInfo Include=".vsix" CertificateName="VsixSHA2" />
<FileExtensionSignInfo Include=".zip" CertificateName="None" />
<FileExtensionSignInfo Include=".cab" CertificateName="None" />
<!-- If doing post build sign, explicitly give MSIs a cert. If doing in build signing,
this is handled by the wix targets, and .msi should be "None" -->
<FileExtensionSignInfo Include=".msi" CertificateName="Microsoft400" Condition="'$(PostBuildSign)' == 'true'" />
<FileExtensionSignInfo Include=".msi" CertificateName="MicrosoftDotNet500" Condition="'$(PostBuildSign)' == 'true'" />
<FileExtensionSignInfo Include=".msi" CertificateName="None" Condition="'$(PostBuildSign)' != 'true'" />

<!-- Native .dll's. These don't have a public key token, but are from Microsoft and should be signed. -->
<FileSignInfo Include="aspnetcore.dll" CertificateName="Microsoft400" />
<FileSignInfo Include="aspnetcorev2_inprocess.dll" CertificateName="Microsoft400" />
<FileSignInfo Include="aspnetcorev2_outofprocess.dll" CertificateName="Microsoft400" />
<FileSignInfo Include="aspnetcorev2.dll" CertificateName="Microsoft400" />
<FileSignInfo Include="blazor-devserver.exe" CertificateName="Microsoft400" />
<FileSignInfo Include="dotnet-dev-certs.exe" CertificateName="Microsoft400" />
<FileSignInfo Include="dotnet-sql-cache.exe" CertificateName="Microsoft400" />
<FileSignInfo Include="dotnet-user-secrets.exe" CertificateName="Microsoft400" />
<FileSignInfo Include="dotnet-watch.exe" CertificateName="Microsoft400" />
<FileSignInfo Include="dotnet-openapi.exe" CertificateName="Microsoft400" />
<FileSignInfo Include="Microsoft.AspNetCore.Blazor.Build.exe" CertificateName="Microsoft400" />
<FileSignInfo Include="sni.dll" CertificateName="Microsoft400" />
<FileSignInfo Include="aspnetcore.dll" CertificateName="MicrosoftDotNet500" />
<FileSignInfo Include="aspnetcorev2_inprocess.dll" CertificateName="MicrosoftDotNet500" />
<FileSignInfo Include="aspnetcorev2_outofprocess.dll" CertificateName="MicrosoftDotNet500" />
<FileSignInfo Include="aspnetcorev2.dll" CertificateName="MicrosoftDotNet500" />
<FileSignInfo Include="blazor-devserver.exe" CertificateName="MicrosoftDotNet500" />
<FileSignInfo Include="dotnet-dev-certs.exe" CertificateName="MicrosoftDotNet500" />
<FileSignInfo Include="dotnet-sql-cache.exe" CertificateName="MicrosoftDotNet500" />
<FileSignInfo Include="dotnet-user-secrets.exe" CertificateName="MicrosoftDotNet500" />
<FileSignInfo Include="dotnet-watch.exe" CertificateName="MicrosoftDotNet500" />
<FileSignInfo Include="dotnet-openapi.exe" CertificateName="MicrosoftDotNet500" />
<FileSignInfo Include="Microsoft.AspNetCore.Blazor.Build.exe" CertificateName="MicrosoftDotNet500" />
<FileSignInfo Include="sni.dll" CertificateName="MicrosoftDotNet500" />

<!-- Third-party components which should be signed. -->
<FileSignInfo Include="Newtonsoft.Json.dll" CertificateName="3PartySHA2" />
Expand Down

0 comments on commit e0e14d8

Please sign in to comment.