eng/Signing.props


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56

<Project>
  <Import Project="..\dir.props"/>
  <Import Project="..\dir.targets" />

  <PropertyGroup>
    <!-- The SignFiles target needs OutDir to be defined -->
    <OutDir>$(BinDir)</OutDir>
  </PropertyGroup>

  <UsingTask AssemblyFile="$(BuildToolsTaskDir)Microsoft.DotNet.Build.Tasks.dll" TaskName="ReadSigningRequired" />

  <ItemGroup>
    <WindowsNativeLocation Include="$(BinDir)*.dll" />
    <WindowsNativeLocation Include="$(BinDir)*.exe" />
  </ItemGroup>

  <ItemGroup Condition="'$(BuildArch)' == 'x86'">
    <!-- Sign api-ms-win-core-xstate-l2-1-0 binary as it is only catalog signed in the current SDK. -->
    <WindowsNativeLocation Condition="'$(BuildType)'=='Release'" Include="$(BinDir)Redist\ucrt\DLLs\$(BuildArch)\api-ms-win-core-xstate-l2-1-0.dll" />
  </ItemGroup>

  <!-- sign the cross targeted files as well -->
  <ItemGroup Condition="'$(CrossTargetComponentFolder)' != ''">
    <WindowsNativeLocation Include="$(BinDir)$(CrossTargetComponentFolder)/*.dll" />
    <WindowsNativeLocation Include="$(BinDir)$(CrossTargetComponentFolder)/*.exe" />
  </ItemGroup>

  <Target Name="GenerateSignForWindowsNative">
    <!--
      Managed assemblies should already have a requires_signing file dropped so only generate
      a requires_signing file for ones that don't exist which should leave just native assembies
    -->
    <WriteSigningRequired AuthenticodeSig="$(AuthenticodeSig)"
                          MarkerFile="%(WindowsNativeLocation.Identity).requires_signing"
                          Condition="!Exists('%(WindowsNativeLocation.Identity).requires_signing')" />
  </Target>

  <!-- populates item group ItemsToSign with the list of files to sign -->
  <Target Name="GetFilesToSignItems"
          DependsOnTargets="GenerateSignForWindowsNative"
          BeforeTargets="ValidateSignFileListIsNotEmpty">
    <!-- read all of the marker files and populate the ItemsToSign item group -->
    <ItemGroup>
      <SignMarkerFile Include="$(OutDir)**\*.requires_signing" />
    </ItemGroup>
    <ReadSigningRequired MarkerFiles="@(SignMarkerFile)">
      <Output TaskParameter="SigningMetadata" ItemName="ItemsToSign" />
    </ReadSigningRequired>

    <Message Importance="High" Text="Attempting to sign %(ItemsToSign.Identity) with authenticode='%(ItemsToSign.Authenticode)' and strongname='%(ItemsToSign.StrongName)'" />
  </Target>

  <Target Name="ValidateSignFileListIsNotEmpty" BeforeTargets="Sign">
    <Error Condition="'@(ItemsToSign)' == ''" Text="List of files to sign is empty" />
  </Target>
</Project>