From 634ddd5cc69bb15e814c9355ad48359789e2f025 Mon Sep 17 00:00:00 2001 From: Travis Plunk Date: Wed, 24 Mar 2021 11:21:17 -0700 Subject: [PATCH 01/23] refactor exe wrapper generation into separate function --- tools/packaging/packaging.psd1 | 2 +- tools/packaging/packaging.psm1 | 109 ++++++++++++++++++++++++++------- 2 files changed, 88 insertions(+), 23 deletions(-) diff --git a/tools/packaging/packaging.psd1 b/tools/packaging/packaging.psd1 index 2a1df399f13..d16cd9ec1f3 100644 --- a/tools/packaging/packaging.psd1 +++ b/tools/packaging/packaging.psd1 @@ -6,7 +6,7 @@ Copyright="Copyright (c) Microsoft Corporation." ModuleVersion="1.0.0" PowerShellVersion="5.0" CmdletsToExport=@() -FunctionsToExport=@('Start-PSPackage','New-PSSignedBuildZip', 'New-PSBuildZip', 'New-MSIPatch', 'Expand-PSSignedBuild', 'Publish-NugetToMyGet', 'New-DotnetSdkContainerFxdPackage', 'New-GlobalToolNupkg', 'New-ILNugetPackage', 'Update-PSSignedBuildFolder') +FunctionsToExport=@('Start-PSPackage','New-PSSignedBuildZip', 'New-PSBuildZip', 'New-MSIPatch', 'Expand-PSSignedBuild', 'Publish-NugetToMyGet', 'New-DotnetSdkContainerFxdPackage', 'New-GlobalToolNupkg', 'New-ILNugetPackage', 'Update-PSSignedBuildFolder', 'New-ExePackage') RootModule="packaging.psm1" RequiredModules = @("build") } diff --git a/tools/packaging/packaging.psm1 b/tools/packaging/packaging.psm1 index e9ede940673..a96449ba27a 100644 --- a/tools/packaging/packaging.psm1 +++ b/tools/packaging/packaging.psm1 @@ -3046,8 +3046,15 @@ function New-MSIPackage $wixPaths = Get-WixPath - $ProductSemanticVersion = Get-PackageSemanticVersion -Version $ProductVersion - $ProductVersion = Get-PackageVersionAsMajorMinorBuildRevision -Version $ProductVersion + $windowsNames = Get-WindowsNames -ProductName $ProductName -ProductNameSuffix $ProductNameSuffix -ProductVersion $ProductVersion + $productSemanticVersionWithName = $windowsNames.ProductSemanticVersionWithName + $ProductSemanticVersion = $windowsNames.ProductSemanticVersion + $packageName = $windowsNames.PackageName + $ProductVersion = $windowsNames.ProductVersion + Write-Verbose "Create MSI for Product $productSemanticVersionWithName" -Verbose + Write-Verbose "ProductSemanticVersion = $productSemanticVersion" -Verbose + Write-Verbose "packageName = $packageName" -Verbose + Write-Verbose "ProductVersion = $ProductVersion" -Verbose $simpleProductVersion = [string]([Version]$ProductVersion).Major $isPreview = Test-IsPreview -Version $ProductSemanticVersion @@ -3068,10 +3075,7 @@ function New-MSIPackage Write-Verbose "Place dependencies such as icons to $assetsInSourcePath" Copy-Item "$AssetsPath\*.ico" $assetsInSourcePath -Force - $productVersionWithName = $ProductName + '_' + $ProductVersion - $productSemanticVersionWithName = $ProductName + '-' + $ProductSemanticVersion - Write-Verbose "Create MSI for Product $productSemanticVersionWithName" $fileArchitecture = 'amd64' $ProductProgFilesDir = "ProgramFiles64Folder" @@ -3086,11 +3090,6 @@ function New-MSIPackage # cleanup any garbage on the system Remove-Item -ErrorAction SilentlyContinue $wixFragmentPath -Force - $packageName = $productSemanticVersionWithName - if ($ProductNameSuffix) { - $packageName += "-$ProductNameSuffix" - } - $msiLocationPath = Join-Path $CurrentLocation "$packageName.msi" $msiPdbLocationPath = Join-Path $CurrentLocation "$packageName.wixpdb" @@ -3150,6 +3149,83 @@ function New-MSIPackage $errorMessage = "Failed to create $msiLocationPath" throw $errorMessage } +} + +function Get-WindowsNames { + param( + # Name of the Product + [ValidateNotNullOrEmpty()] + [string] $ProductName = 'PowerShell', + + # Suffix of the Name + [string] $ProductNameSuffix, + + # Version of the Product + [Parameter(Mandatory = $true)] + [ValidateNotNullOrEmpty()] + [string] $ProductVersion + ) + + $ProductSemanticVersion = Get-PackageSemanticVersion -Version $ProductVersion + $ProductVersion = Get-PackageVersionAsMajorMinorBuildRevision -Version $ProductVersion + + $productVersionWithName = $ProductName + '_' + $ProductVersion + $productSemanticVersionWithName = $ProductName + '-' + $ProductSemanticVersion + + $packageName = $productSemanticVersionWithName + if ($ProductNameSuffix) { + $packageName += "-$ProductNameSuffix" + } + + return [PSCustomObject]@{ + PackageName = $packageName + ProductVersionWithName = $productVersionWithName + ProductSemanticVersion = $ProductSemanticVersion + ProductSemanticVersionWithName = $productSemanticVersionWithName + ProductVersion = $ProductVersion + } +} + +function New-ExePackage { + param( + # Name of the Product + [ValidateNotNullOrEmpty()] + [string] $ProductName = 'PowerShell', + + # Suffix of the Name + [string] $ProductNameSuffix, + + # Version of the Product + [Parameter(Mandatory = $true)] + [ValidateNotNullOrEmpty()] + + [string] $ProductVersion, + + # File describing the MSI Package creation semantics + [ValidateNotNullOrEmpty()] + [ValidateScript({Test-Path $_})] + [string] $BundleWxsPath = "$RepoRoot\assets\wix\bundle.wxs", + + # Architecture to use when creating the MSI + [Parameter(Mandatory = $true)] + [ValidateSet("x86", "x64")] + [ValidateNotNullOrEmpty()] + [string] $ProductTargetArchitecture, + + [string] + $MsiLocationPath, + + [string] $CurrentLocation = (Get-Location) + ) + + + $windowsNames = Get-WindowsNames -ProductName $ProductName -ProductNameSuffix $ProductNameSuffix -ProductVersion $ProductVersion + $productSemanticVersionWithName = $windowsNames.ProductSemanticVersionWithName + $packageName = $windowsNames.PackageName + $isPreview = Test-IsPreview -Version $ProductSemanticVersion + + Write-Verbose "Create EXE for Product $productSemanticVersionWithName" -verbose + Write-Verbose "packageName = $packageName" -Verbose $exeLocationPath = Join-Path $CurrentLocation "$packageName.exe" $exePdbLocationPath = Join-Path $CurrentLocation "$packageName.exe.wixpdb" @@ -3157,20 +3233,9 @@ function New-MSIPackage Start-MsiBuild -WxsFile $BundleWxsPath -ProductTargetArchitecture $ProductTargetArchitecture -Argument @{ IsPreview = $isPreview - TargetPath = $msiLocationPath + TargetPath = $MsiLocationPath WindowsVersion = $windowsVersion } -MsiLocationPath $exeLocationPath -MsiPdbLocationPath $exePdbLocationPath - - if (Test-Path $exeLocationPath) - { - Write-Verbose "You can find the MSI @ $exeLocationPath" -Verbose - $exeLocationPath - } - else - { - $errorMessage = "Failed to create $exeLocationPath" - throw $errorMessage - } } function New-MsiArgsArray { From 53d3d0f91e597e34deea24f9ed25554a19d236d6 Mon Sep 17 00:00:00 2001 From: Travis Plunk Date: Wed, 24 Mar 2021 11:21:54 -0700 Subject: [PATCH 02/23] generate exe wrapper after msi is signed --- .../templates/windows-packaging.yml | 48 ++++++++++++++++++- 1 file changed, 47 insertions(+), 1 deletion(-) diff --git a/tools/releaseBuild/azureDevOps/templates/windows-packaging.yml b/tools/releaseBuild/azureDevOps/templates/windows-packaging.yml index 15168d0aca6..475633a6a4d 100644 --- a/tools/releaseBuild/azureDevOps/templates/windows-packaging.yml +++ b/tools/releaseBuild/azureDevOps/templates/windows-packaging.yml @@ -261,7 +261,53 @@ jobs: Write-Host "Uploading $packagePath" Write-Host "##vso[artifact.upload containerfolder=signed;artifactname=signed]$packagePath" } - displayName: Upload packages + displayName: Upload unsigned packages + + - ${{ if and(ne(variables['BuildConfiguration'],'minSize'), startsWith(variables['Architecture'], 'x')) }}: + - template: EsrpSign.yml@ComplianceRepo + parameters: + buildOutputPath: $(System.ArtifactsDirectory)\pkgSigned + signOutputPath: $(Build.StagingDirectory)\signedPackages + certificateId: "CP-230012" + pattern: | + **\*.msi + useMinimatch: true + shouldSign: $(SHOULD_SIGN) + + - powershell: | + Get-ChildItem '$(System.ArtifactsDirectory)\signedPackages' | ForEach-Object { + $packagePath = $_.FullName + Write-Host "Uploading $packagePath" + Write-Host "##vso[artifact.upload containerfolder=finalResults;artifactname=finalResults]$packagePath" + } + displayName: Upload signed MSI to finalResults + + - task: AzureFileCopy@4 + displayName: 'upload signed msi to Azure - ${{ parameters.architecture }}' + inputs: + SourcePath: '$(Build.StagingDirectory)\signedPackages\PowerShell-$(version)-win-${{ parameters.architecture }}.msi' + azureSubscription: '$(AzureFileCopySubscription)' + Destination: AzureBlob + storage: '$(StorageAccount)' + ContainerName: '$(AzureVersion)' + resourceGroup: '$(StorageResourceGroup)' + + - powershell: | + Import-Module $(PowerShellRoot)/build.psm1 -Force + Import-Module $(PowerShellRoot)/tools/packaging -Force + + $msiPath = '$(Build.StagingDirectory)\signedPackages\PowerShell-$(version)-win-${{ parameters.architecture }}.msi' + + New-ExePackage -ProductVersion '$(version)' -MsiLocationPath $msiPath -ProductTargetArchitecture ${{ parameters.architecture }} + displayName: Create exe wrapper + + - powershell: | + Get-ChildItem '.\PowerShell-*.exe' | ForEach-Object { + $packagePath = $_.FullName + Write-Host "Uploading $packagePath" + Write-Host "##vso[artifact.upload containerfolder=signed;artifactname=signed]$packagePath" + } + displayName: Upload unsigned exe - task: ms.vss-governance-buildtask.governance-build-task-component-detection.ComponentGovernanceComponentDetection@0 displayName: 'Component Detection' From 93e4684b4a488e7a76bfd83ef7906449a28250d2 Mon Sep 17 00:00:00 2001 From: Travis Plunk Date: Wed, 24 Mar 2021 11:22:17 -0700 Subject: [PATCH 03/23] don't sign msi again --- .../azureDevOps/templates/windows-package-signing.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/tools/releaseBuild/azureDevOps/templates/windows-package-signing.yml b/tools/releaseBuild/azureDevOps/templates/windows-package-signing.yml index e1b5e378def..71c01fbce01 100644 --- a/tools/releaseBuild/azureDevOps/templates/windows-package-signing.yml +++ b/tools/releaseBuild/azureDevOps/templates/windows-package-signing.yml @@ -46,7 +46,6 @@ jobs: signOutputPath: $(Build.StagingDirectory)\signedPackages certificateId: "CP-230012" pattern: | - **\*.msi **\*.msix **\*.exe useMinimatch: true From cbe5f009dc03151403ec152df7a743679060c408 Mon Sep 17 00:00:00 2001 From: Travis Plunk Date: Wed, 24 Mar 2021 11:22:31 -0700 Subject: [PATCH 04/23] don't upload msi agin --- .../azureDevOps/templates/upload.yml | 30 +++++++++---------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/tools/releaseBuild/azureDevOps/templates/upload.yml b/tools/releaseBuild/azureDevOps/templates/upload.yml index b1d75ad7f99..1538ec35cbc 100644 --- a/tools/releaseBuild/azureDevOps/templates/upload.yml +++ b/tools/releaseBuild/azureDevOps/templates/upload.yml @@ -6,22 +6,22 @@ parameters: pdb: no steps: -- template: upload-final-results.yml - parameters: - artifactPath: $(Build.StagingDirectory)\signedPackages - artifactFilter: PowerShell-${{ parameters.version }}-win-${{ parameters.architecture }}.msi - condition: and(succeeded(), eq('${{ parameters.msi }}', 'yes')) +# - template: upload-final-results.yml +# parameters: +# artifactPath: $(Build.StagingDirectory)\signedPackages +# artifactFilter: PowerShell-${{ parameters.version }}-win-${{ parameters.architecture }}.msi +# condition: and(succeeded(), eq('${{ parameters.msi }}', 'yes')) -- task: AzureFileCopy@4 - displayName: 'upload signed msi to Azure - ${{ parameters.architecture }}' - inputs: - SourcePath: '$(Build.StagingDirectory)\signedPackages\PowerShell-${{ parameters.version }}-win-${{ parameters.architecture }}.msi' - azureSubscription: '$(AzureFileCopySubscription)' - Destination: AzureBlob - storage: '$(StorageAccount)' - ContainerName: '$(AzureVersion)' - resourceGroup: '$(StorageResourceGroup)' - condition: and(succeeded(), eq('${{ parameters.msi }}', 'yes')) +# - task: AzureFileCopy@4 +# displayName: 'upload signed msi to Azure - ${{ parameters.architecture }}' +# inputs: +# SourcePath: '$(Build.StagingDirectory)\signedPackages\PowerShell-${{ parameters.version }}-win-${{ parameters.architecture }}.msi' +# azureSubscription: '$(AzureFileCopySubscription)' +# Destination: AzureBlob +# storage: '$(StorageAccount)' +# ContainerName: '$(AzureVersion)' +# resourceGroup: '$(StorageResourceGroup)' +# condition: and(succeeded(), eq('${{ parameters.msi }}', 'yes')) - template: upload-final-results.yml parameters: From 3351bba3f72a65b122ac83c3d4c09d659bae8001 Mon Sep 17 00:00:00 2001 From: Travis Plunk Date: Wed, 24 Mar 2021 17:50:58 -0700 Subject: [PATCH 05/23] fix version --- tools/packaging/packaging.psm1 | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tools/packaging/packaging.psm1 b/tools/packaging/packaging.psm1 index a96449ba27a..81cab5b064e 100644 --- a/tools/packaging/packaging.psm1 +++ b/tools/packaging/packaging.psm1 @@ -3212,6 +3212,8 @@ function New-ExePackage { [ValidateNotNullOrEmpty()] [string] $ProductTargetArchitecture, + # Location of the signed MSI + [Parameter(Mandatory = $true)] [string] $MsiLocationPath, @@ -3222,7 +3224,7 @@ function New-ExePackage { $windowsNames = Get-WindowsNames -ProductName $ProductName -ProductNameSuffix $ProductNameSuffix -ProductVersion $ProductVersion $productSemanticVersionWithName = $windowsNames.ProductSemanticVersionWithName $packageName = $windowsNames.PackageName - $isPreview = Test-IsPreview -Version $ProductSemanticVersion + $isPreview = Test-IsPreview -Version $windowsNames.ProductSemanticVersion Write-Verbose "Create EXE for Product $productSemanticVersionWithName" -verbose Write-Verbose "packageName = $packageName" -Verbose From 3d82cbf57846b552e2c1c41708e3b2b4f0ee8cb4 Mon Sep 17 00:00:00 2001 From: Travis Plunk Date: Wed, 24 Mar 2021 18:08:08 -0700 Subject: [PATCH 06/23] fix working directory for exe build --- .../releaseBuild/azureDevOps/templates/windows-packaging.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tools/releaseBuild/azureDevOps/templates/windows-packaging.yml b/tools/releaseBuild/azureDevOps/templates/windows-packaging.yml index 475633a6a4d..9935aebb73a 100644 --- a/tools/releaseBuild/azureDevOps/templates/windows-packaging.yml +++ b/tools/releaseBuild/azureDevOps/templates/windows-packaging.yml @@ -292,7 +292,8 @@ jobs: ContainerName: '$(AzureVersion)' resourceGroup: '$(StorageResourceGroup)' - - powershell: | + - pwsh: | + cd $(PowerShellRoot) Import-Module $(PowerShellRoot)/build.psm1 -Force Import-Module $(PowerShellRoot)/tools/packaging -Force @@ -302,6 +303,7 @@ jobs: displayName: Create exe wrapper - powershell: | + cd $(PowerShellRoot) Get-ChildItem '.\PowerShell-*.exe' | ForEach-Object { $packagePath = $_.FullName Write-Host "Uploading $packagePath" From 9d2d9848d1d0e737eae1cce9e9190d31b7b2b1e3 Mon Sep 17 00:00:00 2001 From: Travis Plunk Date: Thu, 25 Mar 2021 11:41:58 -0700 Subject: [PATCH 07/23] add logging for getting windows names calculate product name suffix --- tools/packaging/packaging.psm1 | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tools/packaging/packaging.psm1 b/tools/packaging/packaging.psm1 index 81cab5b064e..5d4d2954b78 100644 --- a/tools/packaging/packaging.psm1 +++ b/tools/packaging/packaging.psm1 @@ -3166,6 +3166,8 @@ function Get-WindowsNames { [string] $ProductVersion ) + Write-Verbose -Message "Getting Windows Names for ProductName: $ProductName; ProductNameSuffix: $ProductNameSuffix; ProductVersion: $ProductVersion" -Verbose + $ProductSemanticVersion = Get-PackageSemanticVersion -Version $ProductVersion $ProductVersion = Get-PackageVersionAsMajorMinorBuildRevision -Version $ProductVersion @@ -3192,9 +3194,6 @@ function New-ExePackage { [ValidateNotNullOrEmpty()] [string] $ProductName = 'PowerShell', - # Suffix of the Name - [string] $ProductNameSuffix, - # Version of the Product [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] @@ -3220,8 +3219,9 @@ function New-ExePackage { [string] $CurrentLocation = (Get-Location) ) + $productNameSuffix = "win-$ProductTargetArchitecture" - $windowsNames = Get-WindowsNames -ProductName $ProductName -ProductNameSuffix $ProductNameSuffix -ProductVersion $ProductVersion + $windowsNames = Get-WindowsNames -ProductName $ProductName -ProductNameSuffix $productNameSuffix -ProductVersion $ProductVersion $productSemanticVersionWithName = $windowsNames.ProductSemanticVersionWithName $packageName = $windowsNames.PackageName $isPreview = Test-IsPreview -Version $windowsNames.ProductSemanticVersion From a804c47f00c01f6b442c7c260b604b4bad0e6ad3 Mon Sep 17 00:00:00 2001 From: Travis Plunk Date: Thu, 25 Mar 2021 15:02:29 -0700 Subject: [PATCH 08/23] add signing task display name --- tools/releaseBuild/azureDevOps/releaseBuild.yml | 2 +- tools/releaseBuild/azureDevOps/templates/linux.yml | 1 + tools/releaseBuild/azureDevOps/templates/mac-file-signing.yml | 1 + .../releaseBuild/azureDevOps/templates/mac-package-signing.yml | 1 + tools/releaseBuild/azureDevOps/templates/nuget.yml | 1 + .../azureDevOps/templates/windows-package-signing.yml | 1 + tools/releaseBuild/azureDevOps/templates/windows-packaging.yml | 3 +++ 7 files changed, 9 insertions(+), 1 deletion(-) diff --git a/tools/releaseBuild/azureDevOps/releaseBuild.yml b/tools/releaseBuild/azureDevOps/releaseBuild.yml index 756f2114d5a..d74203d66e1 100644 --- a/tools/releaseBuild/azureDevOps/releaseBuild.yml +++ b/tools/releaseBuild/azureDevOps/releaseBuild.yml @@ -16,7 +16,7 @@ resources: type: github endpoint: ComplianceGHRepo name: PowerShell/compliance - ref: master + ref: task-prefix variables: - name: DOTNET_CLI_TELEMETRY_OPTOUT diff --git a/tools/releaseBuild/azureDevOps/templates/linux.yml b/tools/releaseBuild/azureDevOps/templates/linux.yml index 5954b080bf7..3760d9ff698 100644 --- a/tools/releaseBuild/azureDevOps/templates/linux.yml +++ b/tools/releaseBuild/azureDevOps/templates/linux.yml @@ -161,6 +161,7 @@ jobs: **\*.rpm useMinimatch: true shouldSign: $(SHOULD_SIGN) + displayName: Sign RPM # requires windows - task: AzureFileCopy@4 diff --git a/tools/releaseBuild/azureDevOps/templates/mac-file-signing.yml b/tools/releaseBuild/azureDevOps/templates/mac-file-signing.yml index e0a11d36a06..7c1ed7e1431 100644 --- a/tools/releaseBuild/azureDevOps/templates/mac-file-signing.yml +++ b/tools/releaseBuild/azureDevOps/templates/mac-file-signing.yml @@ -78,6 +78,7 @@ jobs: **\*.zip useMinimatch: true shouldSign: $(SHOULD_SIGN) + displayName: Sign macOS Binaries - pwsh: | $destination = "$(System.ArtifactsDirectory)\azureMacOs" diff --git a/tools/releaseBuild/azureDevOps/templates/mac-package-signing.yml b/tools/releaseBuild/azureDevOps/templates/mac-package-signing.yml index 529e6e48356..a10a908afcb 100644 --- a/tools/releaseBuild/azureDevOps/templates/mac-package-signing.yml +++ b/tools/releaseBuild/azureDevOps/templates/mac-package-signing.yml @@ -64,6 +64,7 @@ jobs: **\*.zip useMinimatch: true shouldSign: $(SHOULD_SIGN) + displayName: Sign pkg - template: upload-final-results.yml parameters: diff --git a/tools/releaseBuild/azureDevOps/templates/nuget.yml b/tools/releaseBuild/azureDevOps/templates/nuget.yml index e606981f282..e7e8b84a4b7 100644 --- a/tools/releaseBuild/azureDevOps/templates/nuget.yml +++ b/tools/releaseBuild/azureDevOps/templates/nuget.yml @@ -144,6 +144,7 @@ jobs: **\*.nupkg useMinimatch: true shouldSign: $(SHOULD_SIGN) + displayName: Sign NuPkg - pwsh: | if (-not (Test-Path '$(System.ArtifactsDirectory)\signed\')) { $null = New-Item -ItemType Directory -Path '$(System.ArtifactsDirectory)\signed\' } diff --git a/tools/releaseBuild/azureDevOps/templates/windows-package-signing.yml b/tools/releaseBuild/azureDevOps/templates/windows-package-signing.yml index 71c01fbce01..df9c7c8c091 100644 --- a/tools/releaseBuild/azureDevOps/templates/windows-package-signing.yml +++ b/tools/releaseBuild/azureDevOps/templates/windows-package-signing.yml @@ -50,6 +50,7 @@ jobs: **\*.exe useMinimatch: true shouldSign: $(SHOULD_SIGN) + displayName: Sign exe and msix - powershell: | new-item -itemtype Directory -path '$(Build.StagingDirectory)\signedPackages' diff --git a/tools/releaseBuild/azureDevOps/templates/windows-packaging.yml b/tools/releaseBuild/azureDevOps/templates/windows-packaging.yml index 9935aebb73a..6d6a03d1bbb 100644 --- a/tools/releaseBuild/azureDevOps/templates/windows-packaging.yml +++ b/tools/releaseBuild/azureDevOps/templates/windows-packaging.yml @@ -155,6 +155,7 @@ jobs: **\*.exe useMinimatch: true shouldSign: $(SHOULD_SIGN) + displayName: Sign our binaries - pwsh: | Import-Module $(PowerShellRoot)/build.psm1 -Force @@ -198,6 +199,7 @@ jobs: **\*.dll useMinimatch: true shouldSign: $(SHOULD_SIGN) + displayName: Sign ThirdParty binaries - powershell: | Get-ChildItem '$(System.ArtifactsDirectory)\thirdPartySigned\*' @@ -273,6 +275,7 @@ jobs: **\*.msi useMinimatch: true shouldSign: $(SHOULD_SIGN) + displayName: Sign MSI - powershell: | Get-ChildItem '$(System.ArtifactsDirectory)\signedPackages' | ForEach-Object { From bbde77fea0d1537fe879783fe38d7223f310a0b1 Mon Sep 17 00:00:00 2001 From: Travis Plunk Date: Thu, 25 Mar 2021 15:05:40 -0700 Subject: [PATCH 09/23] sign engine exe in exe wrapper --- tools/packaging/packaging.psd1 | 2 +- tools/packaging/packaging.psm1 | 68 +++++++++++++++++-- .../templates/windows-packaging.yml | 24 +++++++ 3 files changed, 87 insertions(+), 7 deletions(-) diff --git a/tools/packaging/packaging.psd1 b/tools/packaging/packaging.psd1 index d16cd9ec1f3..463805a18e2 100644 --- a/tools/packaging/packaging.psd1 +++ b/tools/packaging/packaging.psd1 @@ -6,7 +6,7 @@ Copyright="Copyright (c) Microsoft Corporation." ModuleVersion="1.0.0" PowerShellVersion="5.0" CmdletsToExport=@() -FunctionsToExport=@('Start-PSPackage','New-PSSignedBuildZip', 'New-PSBuildZip', 'New-MSIPatch', 'Expand-PSSignedBuild', 'Publish-NugetToMyGet', 'New-DotnetSdkContainerFxdPackage', 'New-GlobalToolNupkg', 'New-ILNugetPackage', 'Update-PSSignedBuildFolder', 'New-ExePackage') +FunctionsToExport=@('Start-PSPackage','New-PSSignedBuildZip', 'New-PSBuildZip', 'New-MSIPatch', 'Expand-PSSignedBuild', 'Publish-NugetToMyGet', 'New-DotnetSdkContainerFxdPackage', 'New-GlobalToolNupkg', 'New-ILNugetPackage', 'Update-PSSignedBuildFolder', 'New-ExePackage', 'Dismount-ExePackageEngine', 'Mount-ExePackageEngine') RootModule="packaging.psm1" RequiredModules = @("build") } diff --git a/tools/packaging/packaging.psm1 b/tools/packaging/packaging.psm1 index 5d4d2954b78..f9e8459b3b5 100644 --- a/tools/packaging/packaging.psm1 +++ b/tools/packaging/packaging.psm1 @@ -2832,14 +2832,16 @@ function Get-WixPath $wixPyroExePath = Join-Path $wixToolsetBinPath "pyro.exe" $wixCandleExePath = Join-Path $wixToolsetBinPath "Candle.exe" $wixLightExePath = Join-Path $wixToolsetBinPath "Light.exe" + $wixInsigniaExePath = Join-Path $wixToolsetBinPath "Insignia.exe" return [PSCustomObject] @{ - WixHeatExePath = $wixHeatExePath - WixMeltExePath = $wixMeltExePath - WixTorchExePath = $wixTorchExePath - WixPyroExePath = $wixPyroExePath - WixCandleExePath = $wixCandleExePath - WixLightExePath = $wixLightExePath + WixHeatExePath = $wixHeatExePath + WixMeltExePath = $wixMeltExePath + WixTorchExePath = $wixTorchExePath + WixPyroExePath = $wixPyroExePath + WixCandleExePath = $wixCandleExePath + WixLightExePath = $wixLightExePath + WixInsigniaExePath = $wixInsigniaExePath } } @@ -3240,6 +3242,60 @@ function New-ExePackage { } -MsiLocationPath $exeLocationPath -MsiPdbLocationPath $exePdbLocationPath } +function Dismount-ExePackageEngine { + param( + # Location of the unsigned EXE + [Parameter(Mandatory = $true)] + [string] + $ExePath, + + # Location to put the dismounted engine. + [Parameter(Mandatory = $true)] + [string] + $EnginePath + ) + + <# + 2. detach the engine from TestInstaller.exe: + insignia -ib TestInstaller.exe -o engine.exe + #> + + $wixPaths = Get-WixPath + + $resolvedExePath = (Resolve-Path -Path $ExePath).ProviderPath + $resolvedEnginePath = System.IO.Path]::GetFullPath($EnginePath) + + Start-NativeExecution -VerboseOutputOnError { & $wixPaths.wixInsigniaExePath -ib $resolvedExePath -o $resolvedEnginePath} +} + +function Mount-ExePackageEngine { + param( + # Location of the unsigned EXE + [Parameter(Mandatory = $true)] + [string] + $ExePath, + + # Location of the signed engine + [Parameter(Mandatory = $true)] + [string] + $EnginePath + ) + + + <# + 4. re-attach the signed engine.exe to the bundle: + insignia -ab engine.exe TestInstaller.exe -o TestInstaller.exe + #> + + $wixPaths = Get-WixPath + + $resolvedEnginePath = (Resolve-Path -Path $EnginePath).ProviderPath + $resolvedExePath = (Resolve-Path -Path $ExePath).ProviderPath + + Start-NativeExecution -VerboseOutputOnError { & $wixPaths.wixInsigniaExePath -ab $resolvedEnginePath $resolvedExePath -o $resolvedExePath} +} + + function New-MsiArgsArray { param( [Parameter(Mandatory)] diff --git a/tools/releaseBuild/azureDevOps/templates/windows-packaging.yml b/tools/releaseBuild/azureDevOps/templates/windows-packaging.yml index 6d6a03d1bbb..6eb36bf602b 100644 --- a/tools/releaseBuild/azureDevOps/templates/windows-packaging.yml +++ b/tools/releaseBuild/azureDevOps/templates/windows-packaging.yml @@ -303,8 +303,32 @@ jobs: $msiPath = '$(Build.StagingDirectory)\signedPackages\PowerShell-$(version)-win-${{ parameters.architecture }}.msi' New-ExePackage -ProductVersion '$(version)' -MsiLocationPath $msiPath -ProductTargetArchitecture ${{ parameters.architecture }} + $exePath = Get-ChildItem '.\PowerShell-*.exe' | Select-Object -First 1 -ExpandProperty fullname + $engiePath = Join-Path -Path $PWD -ChildPath enigne.exe + Dismount-ExePackageEngine -ExePath $exePath -EnginePath $enginePath displayName: Create exe wrapper + - template: EsrpSign.yml@ComplianceRepo + parameters: + buildOutputPath: $(System.ArtifactsDirectory)\pkgSigned + signOutputPath: $(Build.StagingDirectory)\signedPackages + certificateId: "CP-230012" + pattern: | + **\*.msi + useMinimatch: true + shouldSign: $(SHOULD_SIGN) + displayName: Sign Exe Wrapper Engine + + - pwsh: | + cd $(PowerShellRoot) + Import-Module $(PowerShellRoot)/build.psm1 -Force + Import-Module $(PowerShellRoot)/tools/packaging -Force + + $exePath = Get-ChildItem '.\PowerShell-*.exe' | Select-Object -First 1 -ExpandProperty fullname + $engiePath = Join-Path -Path $PWD -ChildPath enigne.exe + Mount-ExePackageEngine -ExePath $exePath -EnginePath $enginePath + displayName: Use signed engine in exe wrapper + - powershell: | cd $(PowerShellRoot) Get-ChildItem '.\PowerShell-*.exe' | ForEach-Object { From a3bb63489bb92be78e59e582fd5e1507c9d3c322 Mon Sep 17 00:00:00 2001 From: Travis Plunk Date: Thu, 25 Mar 2021 16:33:36 -0700 Subject: [PATCH 10/23] fix typo fix engine signing --- .../azureDevOps/templates/windows-packaging.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/tools/releaseBuild/azureDevOps/templates/windows-packaging.yml b/tools/releaseBuild/azureDevOps/templates/windows-packaging.yml index 6eb36bf602b..872fe0c004a 100644 --- a/tools/releaseBuild/azureDevOps/templates/windows-packaging.yml +++ b/tools/releaseBuild/azureDevOps/templates/windows-packaging.yml @@ -203,7 +203,7 @@ jobs: - powershell: | Get-ChildItem '$(System.ArtifactsDirectory)\thirdPartySigned\*' - displayName: Captrue ThirdParty Signed files + displayName: Capture ThirdParty Signed files condition: and(succeeded(), eq(variables['SHOULD_SIGN'], 'true')) - powershell: | @@ -304,17 +304,17 @@ jobs: New-ExePackage -ProductVersion '$(version)' -MsiLocationPath $msiPath -ProductTargetArchitecture ${{ parameters.architecture }} $exePath = Get-ChildItem '.\PowerShell-*.exe' | Select-Object -First 1 -ExpandProperty fullname - $engiePath = Join-Path -Path $PWD -ChildPath enigne.exe + $enginePath = Join-Path -Path '$(System.ArtifactsDirectory)\unsignedEngine' -ChildPath engine.exe Dismount-ExePackageEngine -ExePath $exePath -EnginePath $enginePath displayName: Create exe wrapper - template: EsrpSign.yml@ComplianceRepo parameters: - buildOutputPath: $(System.ArtifactsDirectory)\pkgSigned - signOutputPath: $(Build.StagingDirectory)\signedPackages + buildOutputPath: $(System.ArtifactsDirectory)\unsignedEngine + signOutputPath: $(System.ArtifactsDirectory)\signedEngine certificateId: "CP-230012" pattern: | - **\*.msi + **\*.exe useMinimatch: true shouldSign: $(SHOULD_SIGN) displayName: Sign Exe Wrapper Engine @@ -325,7 +325,7 @@ jobs: Import-Module $(PowerShellRoot)/tools/packaging -Force $exePath = Get-ChildItem '.\PowerShell-*.exe' | Select-Object -First 1 -ExpandProperty fullname - $engiePath = Join-Path -Path $PWD -ChildPath enigne.exe + $enginePath = Join-Path -Path '$(System.ArtifactsDirectory)\signedEngine' -ChildPath engine.exe Mount-ExePackageEngine -ExePath $exePath -EnginePath $enginePath displayName: Use signed engine in exe wrapper From 4ff5f6e745ebeb656d94be8eebbe97478f60d2be Mon Sep 17 00:00:00 2001 From: Travis Plunk Date: Thu, 25 Mar 2021 17:16:51 -0700 Subject: [PATCH 11/23] fix typo --- tools/packaging/packaging.psm1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/packaging/packaging.psm1 b/tools/packaging/packaging.psm1 index f9e8459b3b5..d65fdcf26f0 100644 --- a/tools/packaging/packaging.psm1 +++ b/tools/packaging/packaging.psm1 @@ -3263,7 +3263,7 @@ function Dismount-ExePackageEngine { $wixPaths = Get-WixPath $resolvedExePath = (Resolve-Path -Path $ExePath).ProviderPath - $resolvedEnginePath = System.IO.Path]::GetFullPath($EnginePath) + $resolvedEnginePath = [System.IO.Path]::GetFullPath($EnginePath) Start-NativeExecution -VerboseOutputOnError { & $wixPaths.wixInsigniaExePath -ib $resolvedExePath -o $resolvedEnginePath} } From 1b10180b54264b79e3801f955acbabaab238aec9 Mon Sep 17 00:00:00 2001 From: Travis Plunk Date: Thu, 25 Mar 2021 17:18:16 -0700 Subject: [PATCH 12/23] go back to master for compliance repo --- tools/releaseBuild/azureDevOps/releaseBuild.yml | 2 +- .../azureDevOps/templates/upload.yml | 17 ----------------- 2 files changed, 1 insertion(+), 18 deletions(-) diff --git a/tools/releaseBuild/azureDevOps/releaseBuild.yml b/tools/releaseBuild/azureDevOps/releaseBuild.yml index d74203d66e1..756f2114d5a 100644 --- a/tools/releaseBuild/azureDevOps/releaseBuild.yml +++ b/tools/releaseBuild/azureDevOps/releaseBuild.yml @@ -16,7 +16,7 @@ resources: type: github endpoint: ComplianceGHRepo name: PowerShell/compliance - ref: task-prefix + ref: master variables: - name: DOTNET_CLI_TELEMETRY_OPTOUT diff --git a/tools/releaseBuild/azureDevOps/templates/upload.yml b/tools/releaseBuild/azureDevOps/templates/upload.yml index 1538ec35cbc..3f121e2f51f 100644 --- a/tools/releaseBuild/azureDevOps/templates/upload.yml +++ b/tools/releaseBuild/azureDevOps/templates/upload.yml @@ -6,23 +6,6 @@ parameters: pdb: no steps: -# - template: upload-final-results.yml -# parameters: -# artifactPath: $(Build.StagingDirectory)\signedPackages -# artifactFilter: PowerShell-${{ parameters.version }}-win-${{ parameters.architecture }}.msi -# condition: and(succeeded(), eq('${{ parameters.msi }}', 'yes')) - -# - task: AzureFileCopy@4 -# displayName: 'upload signed msi to Azure - ${{ parameters.architecture }}' -# inputs: -# SourcePath: '$(Build.StagingDirectory)\signedPackages\PowerShell-${{ parameters.version }}-win-${{ parameters.architecture }}.msi' -# azureSubscription: '$(AzureFileCopySubscription)' -# Destination: AzureBlob -# storage: '$(StorageAccount)' -# ContainerName: '$(AzureVersion)' -# resourceGroup: '$(StorageResourceGroup)' -# condition: and(succeeded(), eq('${{ parameters.msi }}', 'yes')) - - template: upload-final-results.yml parameters: artifactPath: $(System.ArtifactsDirectory)\signed From 4b8bc5575910a81c1d624b217834fbe1824b1b4d Mon Sep 17 00:00:00 2001 From: Travis Plunk Date: Thu, 25 Mar 2021 21:26:19 -0700 Subject: [PATCH 13/23] test engine mounted in exe wrapper --- tools/packaging/packaging.psd1 | 34 +++++++++++++------ tools/packaging/packaging.psm1 | 1 - .../templates/windows-packaging.yml | 1 + 3 files changed, 25 insertions(+), 11 deletions(-) diff --git a/tools/packaging/packaging.psd1 b/tools/packaging/packaging.psd1 index 463805a18e2..ac47f857ee6 100644 --- a/tools/packaging/packaging.psd1 +++ b/tools/packaging/packaging.psd1 @@ -1,12 +1,26 @@ @{ -GUID="41857994-4283-4757-a932-0b0edb104913" -Author="PowerShell" -CompanyName="Microsoft Corporation" -Copyright="Copyright (c) Microsoft Corporation." -ModuleVersion="1.0.0" -PowerShellVersion="5.0" -CmdletsToExport=@() -FunctionsToExport=@('Start-PSPackage','New-PSSignedBuildZip', 'New-PSBuildZip', 'New-MSIPatch', 'Expand-PSSignedBuild', 'Publish-NugetToMyGet', 'New-DotnetSdkContainerFxdPackage', 'New-GlobalToolNupkg', 'New-ILNugetPackage', 'Update-PSSignedBuildFolder', 'New-ExePackage', 'Dismount-ExePackageEngine', 'Mount-ExePackageEngine') -RootModule="packaging.psm1" -RequiredModules = @("build") + GUID = "41857994-4283-4757-a932-0b0edb104913" + Author = "PowerShell" + CompanyName = "Microsoft Corporation" + Copyright = "Copyright (c) Microsoft Corporation." + ModuleVersion = "1.0.0" + PowerShellVersion = "5.0" + CmdletsToExport = @() + FunctionsToExport = @( + 'Dismount-ExePackageEngine' + 'Expand-PSSignedBuild' + 'Mount-ExePackageEngine' + 'New-DotnetSdkContainerFxdPackage' + 'New-ExePackage' + 'New-GlobalToolNupkg' + 'New-ILNugetPackage' + 'New-MSIPatch' + 'New-PSBuildZip' + 'New-PSSignedBuildZip' + 'Publish-NugetToMyGet' + 'Start-PSPackage' + 'Update-PSSignedBuildFolder' + ) + RootModule = "packaging.psm1" + RequiredModules = @("build") } diff --git a/tools/packaging/packaging.psm1 b/tools/packaging/packaging.psm1 index d65fdcf26f0..47921ab268f 100644 --- a/tools/packaging/packaging.psm1 +++ b/tools/packaging/packaging.psm1 @@ -3295,7 +3295,6 @@ function Mount-ExePackageEngine { Start-NativeExecution -VerboseOutputOnError { & $wixPaths.wixInsigniaExePath -ab $resolvedEnginePath $resolvedExePath -o $resolvedExePath} } - function New-MsiArgsArray { param( [Parameter(Mandatory)] diff --git a/tools/releaseBuild/azureDevOps/templates/windows-packaging.yml b/tools/releaseBuild/azureDevOps/templates/windows-packaging.yml index 872fe0c004a..5f3d27f8697 100644 --- a/tools/releaseBuild/azureDevOps/templates/windows-packaging.yml +++ b/tools/releaseBuild/azureDevOps/templates/windows-packaging.yml @@ -326,6 +326,7 @@ jobs: $exePath = Get-ChildItem '.\PowerShell-*.exe' | Select-Object -First 1 -ExpandProperty fullname $enginePath = Join-Path -Path '$(System.ArtifactsDirectory)\signedEngine' -ChildPath engine.exe + $enginePath | Get-AuthenticodeSignature | out-string | Write-Verbose -verbose Mount-ExePackageEngine -ExePath $exePath -EnginePath $enginePath displayName: Use signed engine in exe wrapper From 94ac51f4cac2fe6a1c3e00c38ac1b562d509d321 Mon Sep 17 00:00:00 2001 From: Travis Plunk Date: Wed, 31 Mar 2021 14:57:12 -0700 Subject: [PATCH 14/23] exclude packaging from future windows CI builds --- .vsts-ci/linux.yml | 10 +++++----- .vsts-ci/mac.yml | 11 ++++++----- .vsts-ci/windows.yml | 7 ++++--- 3 files changed, 15 insertions(+), 13 deletions(-) diff --git a/.vsts-ci/linux.yml b/.vsts-ci/linux.yml index be7de6d8fc5..224c73eb60f 100644 --- a/.vsts-ci/linux.yml +++ b/.vsts-ci/linux.yml @@ -24,14 +24,14 @@ pr: include: - '*' exclude: - - test/common/markdown/* - - tools/releaseBuild/* - - tools/releaseBuild/azureDevOps/templates/* - - .vsts-ci/misc-analysis.yml - - .github/ISSUE_TEMPLATE/* - .dependabot/config.yml + - .github/ISSUE_TEMPLATE/* + - .vsts-ci/misc-analysis.yml - .vsts-ci/windows.yml - .vsts-ci/windows/* + - test/common/markdown/* + - tools/releaseBuild/* + - tools/releaseBuild/azureDevOps/templates/* variables: DOTNET_CLI_TELEMETRY_OPTOUT: 1 diff --git a/.vsts-ci/mac.yml b/.vsts-ci/mac.yml index 5f487275bf2..6b050122ff8 100644 --- a/.vsts-ci/mac.yml +++ b/.vsts-ci/mac.yml @@ -25,14 +25,15 @@ pr: include: - '*' exclude: - - test/common/markdown/* - - .vsts-ci/misc-analysis.yml - - .github/ISSUE_TEMPLATE/* - .dependabot/config.yml - - tools/releaseBuild/* - - tools/releaseBuild/azureDevOps/templates/* + - .github/ISSUE_TEMPLATE/* + - .vsts-ci/misc-analysis.yml - /.vsts-ci/windows.yml - /.vsts-ci/windows/* + - test/common/markdown/* + - tools/packaging/* + - tools/releaseBuild/* + - tools/releaseBuild/azureDevOps/templates/* variables: DOTNET_CLI_TELEMETRY_OPTOUT: 1 diff --git a/.vsts-ci/windows.yml b/.vsts-ci/windows.yml index bdaa015832e..ac6d350afaa 100644 --- a/.vsts-ci/windows.yml +++ b/.vsts-ci/windows.yml @@ -24,12 +24,13 @@ pr: include: - '*' exclude: - - .vsts-ci/misc-analysis.yml - - .github/ISSUE_TEMPLATE/* - .dependabot/config.yml + - .github/ISSUE_TEMPLATE/* + - .vsts-ci/misc-analysis.yml + - test/common/markdown/* + - tools/packaging/* - tools/releaseBuild/* - tools/releaseBuild/azureDevOps/templates/* - - test/common/markdown/* variables: GIT_CONFIG_PARAMETERS: "'core.autocrlf=false'" From f559332deddb9a4cb65c131a24dc5fb16413aff1 Mon Sep 17 00:00:00 2001 From: Travis Plunk Date: Wed, 31 Mar 2021 17:43:23 -0700 Subject: [PATCH 15/23] fix package CI --- tools/ci.psm1 | 6 +++++- tools/packaging/packaging.psm1 | 2 ++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/tools/ci.psm1 b/tools/ci.psm1 index 41e972b9bcf..95bacf612c4 100644 --- a/tools/ci.psm1 +++ b/tools/ci.psm1 @@ -502,7 +502,11 @@ function Invoke-CIFinish # the packaging tests find the MSI package using env:PSMsiX64Path $env:PSMsiX64Path = $artifacts | Where-Object { $_.EndsWith(".msi")} - $env:PSExePath = $artifacts | Where-Object { $_.EndsWith(".exe") } + $architechture = $Runtime.Split('-')[1] + $exePath = New-ExePackage -ProductVersion ($preReleaseVersion -replace '^v') -ProductTargetArchitecture $architechture -MsiLocationPath $env:PSMsiX64Path + Write-Verbose "exe Path: $exePath" -Verbose + $artifacts.Add($exePath) + $env:PSExePath = $exePath $env:PSMsiChannel = $Channel $env:PSMsiRuntime = $Runtime diff --git a/tools/packaging/packaging.psm1 b/tools/packaging/packaging.psm1 index 47921ab268f..7f8c42a0f48 100644 --- a/tools/packaging/packaging.psm1 +++ b/tools/packaging/packaging.psm1 @@ -3240,6 +3240,8 @@ function New-ExePackage { TargetPath = $MsiLocationPath WindowsVersion = $windowsVersion } -MsiLocationPath $exeLocationPath -MsiPdbLocationPath $exePdbLocationPath + + return $exeLocationPath } function Dismount-ExePackageEngine { From 89cb3db801c0dab86c9cacadaf97b15209ca17a4 Mon Sep 17 00:00:00 2001 From: Travis Plunk Date: Wed, 7 Apr 2021 15:12:46 -0700 Subject: [PATCH 16/23] change function names --- tools/packaging/packaging.psd1 | 4 ++-- tools/packaging/packaging.psm1 | 14 +++++++++++--- .../azureDevOps/templates/windows-packaging.yml | 4 ++-- 3 files changed, 15 insertions(+), 7 deletions(-) diff --git a/tools/packaging/packaging.psd1 b/tools/packaging/packaging.psd1 index ac47f857ee6..00f4bc90d95 100644 --- a/tools/packaging/packaging.psd1 +++ b/tools/packaging/packaging.psd1 @@ -7,9 +7,9 @@ PowerShellVersion = "5.0" CmdletsToExport = @() FunctionsToExport = @( - 'Dismount-ExePackageEngine' + 'Expand-ExePackageEngine' 'Expand-PSSignedBuild' - 'Mount-ExePackageEngine' + 'Compress-ExePackageEngine' 'New-DotnetSdkContainerFxdPackage' 'New-ExePackage' 'New-GlobalToolNupkg' diff --git a/tools/packaging/packaging.psm1 b/tools/packaging/packaging.psm1 index 7f8c42a0f48..130f7fb5a0f 100644 --- a/tools/packaging/packaging.psm1 +++ b/tools/packaging/packaging.psm1 @@ -3244,14 +3244,18 @@ function New-ExePackage { return $exeLocationPath } -function Dismount-ExePackageEngine { +<# +Allows you to extract the engine of exe package, mainly for signing +Any existing signature will be removed. + #> +function Expand-ExePackageEngine { param( # Location of the unsigned EXE [Parameter(Mandatory = $true)] [string] $ExePath, - # Location to put the dismounted engine. + # Location to put the expanded engine. [Parameter(Mandatory = $true)] [string] $EnginePath @@ -3270,7 +3274,11 @@ function Dismount-ExePackageEngine { Start-NativeExecution -VerboseOutputOnError { & $wixPaths.wixInsigniaExePath -ib $resolvedExePath -o $resolvedEnginePath} } -function Mount-ExePackageEngine { +<# +Allows you to replace the engine (installer) in the exe package. +Used to replace the engine with a signed version +#> +function Compress-ExePackageEngine { param( # Location of the unsigned EXE [Parameter(Mandatory = $true)] diff --git a/tools/releaseBuild/azureDevOps/templates/windows-packaging.yml b/tools/releaseBuild/azureDevOps/templates/windows-packaging.yml index 5f3d27f8697..022b2657e8e 100644 --- a/tools/releaseBuild/azureDevOps/templates/windows-packaging.yml +++ b/tools/releaseBuild/azureDevOps/templates/windows-packaging.yml @@ -305,7 +305,7 @@ jobs: New-ExePackage -ProductVersion '$(version)' -MsiLocationPath $msiPath -ProductTargetArchitecture ${{ parameters.architecture }} $exePath = Get-ChildItem '.\PowerShell-*.exe' | Select-Object -First 1 -ExpandProperty fullname $enginePath = Join-Path -Path '$(System.ArtifactsDirectory)\unsignedEngine' -ChildPath engine.exe - Dismount-ExePackageEngine -ExePath $exePath -EnginePath $enginePath + Expand-ExePackageEngine -ExePath $exePath -EnginePath $enginePath displayName: Create exe wrapper - template: EsrpSign.yml@ComplianceRepo @@ -327,7 +327,7 @@ jobs: $exePath = Get-ChildItem '.\PowerShell-*.exe' | Select-Object -First 1 -ExpandProperty fullname $enginePath = Join-Path -Path '$(System.ArtifactsDirectory)\signedEngine' -ChildPath engine.exe $enginePath | Get-AuthenticodeSignature | out-string | Write-Verbose -verbose - Mount-ExePackageEngine -ExePath $exePath -EnginePath $enginePath + Compress-ExePackageEngine -ExePath $exePath -EnginePath $enginePath displayName: Use signed engine in exe wrapper - powershell: | From df63723c63042d894d63db544c6a6be69afc46a1 Mon Sep 17 00:00:00 2001 From: Travis Plunk Date: Wed, 7 Apr 2021 15:18:41 -0700 Subject: [PATCH 17/23] Update tools/releaseBuild/azureDevOps/templates/windows-packaging.yml Co-authored-by: Robert Holt --- tools/releaseBuild/azureDevOps/templates/windows-packaging.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/releaseBuild/azureDevOps/templates/windows-packaging.yml b/tools/releaseBuild/azureDevOps/templates/windows-packaging.yml index 022b2657e8e..6cb04148b66 100644 --- a/tools/releaseBuild/azureDevOps/templates/windows-packaging.yml +++ b/tools/releaseBuild/azureDevOps/templates/windows-packaging.yml @@ -265,7 +265,7 @@ jobs: } displayName: Upload unsigned packages - - ${{ if and(ne(variables['BuildConfiguration'],'minSize'), startsWith(variables['Architecture'], 'x')) }}: + - ${{ if and(ne(variables['BuildConfiguration'],'minSize'), in(variables['Architecture'], 'x64', 'x86')) }}: - template: EsrpSign.yml@ComplianceRepo parameters: buildOutputPath: $(System.ArtifactsDirectory)\pkgSigned From 18b7f75d23e01f9c5c05e6a3c6596c65b6c5853c Mon Sep 17 00:00:00 2001 From: Travis Plunk Date: Wed, 7 Apr 2021 15:19:00 -0700 Subject: [PATCH 18/23] Update tools/releaseBuild/azureDevOps/templates/windows-packaging.yml Co-authored-by: Robert Holt --- tools/releaseBuild/azureDevOps/templates/windows-packaging.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/releaseBuild/azureDevOps/templates/windows-packaging.yml b/tools/releaseBuild/azureDevOps/templates/windows-packaging.yml index 6cb04148b66..f517d9d3b10 100644 --- a/tools/releaseBuild/azureDevOps/templates/windows-packaging.yml +++ b/tools/releaseBuild/azureDevOps/templates/windows-packaging.yml @@ -320,7 +320,7 @@ jobs: displayName: Sign Exe Wrapper Engine - pwsh: | - cd $(PowerShellRoot) + cd '$(PowerShellRoot)' Import-Module $(PowerShellRoot)/build.psm1 -Force Import-Module $(PowerShellRoot)/tools/packaging -Force From 6f884c54b913997278d9e50b980a6b14d366929c Mon Sep 17 00:00:00 2001 From: Travis Plunk Date: Wed, 7 Apr 2021 15:19:11 -0700 Subject: [PATCH 19/23] Update tools/releaseBuild/azureDevOps/templates/windows-packaging.yml Co-authored-by: Robert Holt --- tools/releaseBuild/azureDevOps/templates/windows-packaging.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/releaseBuild/azureDevOps/templates/windows-packaging.yml b/tools/releaseBuild/azureDevOps/templates/windows-packaging.yml index f517d9d3b10..8fc68fe4202 100644 --- a/tools/releaseBuild/azureDevOps/templates/windows-packaging.yml +++ b/tools/releaseBuild/azureDevOps/templates/windows-packaging.yml @@ -331,7 +331,7 @@ jobs: displayName: Use signed engine in exe wrapper - powershell: | - cd $(PowerShellRoot) + cd '$(PowerShellRoot)' Get-ChildItem '.\PowerShell-*.exe' | ForEach-Object { $packagePath = $_.FullName Write-Host "Uploading $packagePath" From 953bb7d5032d59b5e12e626a31f3f41246a50363 Mon Sep 17 00:00:00 2001 From: Travis Plunk Date: Wed, 7 Apr 2021 15:19:30 -0700 Subject: [PATCH 20/23] Update tools/releaseBuild/azureDevOps/templates/windows-packaging.yml Co-authored-by: Robert Holt --- .../releaseBuild/azureDevOps/templates/windows-packaging.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/releaseBuild/azureDevOps/templates/windows-packaging.yml b/tools/releaseBuild/azureDevOps/templates/windows-packaging.yml index 8fc68fe4202..67a81f022a3 100644 --- a/tools/releaseBuild/azureDevOps/templates/windows-packaging.yml +++ b/tools/releaseBuild/azureDevOps/templates/windows-packaging.yml @@ -321,8 +321,8 @@ jobs: - pwsh: | cd '$(PowerShellRoot)' - Import-Module $(PowerShellRoot)/build.psm1 -Force - Import-Module $(PowerShellRoot)/tools/packaging -Force + Import-Module '$(PowerShellRoot)/build.psm1' -Force + Import-Module '$(PowerShellRoot)/tools/packaging' -Force $exePath = Get-ChildItem '.\PowerShell-*.exe' | Select-Object -First 1 -ExpandProperty fullname $enginePath = Join-Path -Path '$(System.ArtifactsDirectory)\signedEngine' -ChildPath engine.exe From 24da08b48dff662346924db62861110f243fb67f Mon Sep 17 00:00:00 2001 From: Travis Plunk Date: Thu, 8 Apr 2021 15:42:45 -0700 Subject: [PATCH 21/23] Apply suggestions from code review --- .../releaseBuild/azureDevOps/templates/windows-packaging.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/releaseBuild/azureDevOps/templates/windows-packaging.yml b/tools/releaseBuild/azureDevOps/templates/windows-packaging.yml index 67a81f022a3..73a272bbd44 100644 --- a/tools/releaseBuild/azureDevOps/templates/windows-packaging.yml +++ b/tools/releaseBuild/azureDevOps/templates/windows-packaging.yml @@ -277,7 +277,7 @@ jobs: shouldSign: $(SHOULD_SIGN) displayName: Sign MSI - - powershell: | + - pwsh: | Get-ChildItem '$(System.ArtifactsDirectory)\signedPackages' | ForEach-Object { $packagePath = $_.FullName Write-Host "Uploading $packagePath" @@ -330,7 +330,7 @@ jobs: Compress-ExePackageEngine -ExePath $exePath -EnginePath $enginePath displayName: Use signed engine in exe wrapper - - powershell: | + - pwsh: | cd '$(PowerShellRoot)' Get-ChildItem '.\PowerShell-*.exe' | ForEach-Object { $packagePath = $_.FullName From a22dbddebe9436a153ffd45c531356e0173c72f7 Mon Sep 17 00:00:00 2001 From: Travis Plunk Date: Wed, 7 Apr 2021 15:25:11 -0700 Subject: [PATCH 22/23] add comments per review comments --- .../releaseBuild/azureDevOps/templates/windows-packaging.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/tools/releaseBuild/azureDevOps/templates/windows-packaging.yml b/tools/releaseBuild/azureDevOps/templates/windows-packaging.yml index 73a272bbd44..18247fb982d 100644 --- a/tools/releaseBuild/azureDevOps/templates/windows-packaging.yml +++ b/tools/releaseBuild/azureDevOps/templates/windows-packaging.yml @@ -305,6 +305,7 @@ jobs: New-ExePackage -ProductVersion '$(version)' -MsiLocationPath $msiPath -ProductTargetArchitecture ${{ parameters.architecture }} $exePath = Get-ChildItem '.\PowerShell-*.exe' | Select-Object -First 1 -ExpandProperty fullname $enginePath = Join-Path -Path '$(System.ArtifactsDirectory)\unsignedEngine' -ChildPath engine.exe + # Expand Burn Engine so we can sign it. Expand-ExePackageEngine -ExePath $exePath -EnginePath $enginePath displayName: Create exe wrapper @@ -317,7 +318,7 @@ jobs: **\*.exe useMinimatch: true shouldSign: $(SHOULD_SIGN) - displayName: Sign Exe Wrapper Engine + displayName: Sign Burn Engine - pwsh: | cd '$(PowerShellRoot)' @@ -328,7 +329,7 @@ jobs: $enginePath = Join-Path -Path '$(System.ArtifactsDirectory)\signedEngine' -ChildPath engine.exe $enginePath | Get-AuthenticodeSignature | out-string | Write-Verbose -verbose Compress-ExePackageEngine -ExePath $exePath -EnginePath $enginePath - displayName: Use signed engine in exe wrapper + displayName: Re-attach the signed Burn engine in exe wrapper - pwsh: | cd '$(PowerShellRoot)' From 042ae124540613ce9a4e0bf8930f689c1787eb06 Mon Sep 17 00:00:00 2001 From: Travis Plunk Date: Thu, 8 Apr 2021 15:53:23 -0700 Subject: [PATCH 23/23] fix replace --- tools/releaseBuild/setReleaseTag.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/releaseBuild/setReleaseTag.ps1 b/tools/releaseBuild/setReleaseTag.ps1 index 1659dbc74cb..df913471590 100644 --- a/tools/releaseBuild/setReleaseTag.ps1 +++ b/tools/releaseBuild/setReleaseTag.ps1 @@ -70,7 +70,7 @@ if($ReleaseTag -eq 'fromBranch' -or !$ReleaseTag) { $msixType = 'release' Write-Verbose "release branch:" -Verbose - $releaseTag = $Branch -replace $releaseBranchRegex + $releaseTag = $Branch -replace '^.*((release|rebuild)/)' $vstsCommandString = "vso[task.setvariable variable=$Variable]$releaseTag" Write-Verbose -Message "setting $Variable to $releaseTag" -Verbose Write-Host -Object "##$vstsCommandString"