mirror of
https://github.com/Microsoft/vscode
synced 2024-10-06 03:17:00 +00:00
ESRP Cert (#108366)
* update ESRP
* update to new ESRP cert
* make gulp fail when inno setup fails
* fix esrp
* debug
* update esrp client version
* 🤦
* argh
* update esrpclient
* argh
This commit is contained in:
parent
9dc0b9ce0a
commit
466a7b7daa
|
@ -1,4 +1,4 @@
|
|||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<packages>
|
||||
<package id="Microsoft.ESRPClient" version="1.2.25" />
|
||||
<package id="Microsoft.ESRPClient" version="1.2.47" />
|
||||
</packages>
|
||||
|
|
|
@ -1,14 +1,17 @@
|
|||
Param(
|
||||
[string]$AuthCertificateBase64,
|
||||
[string]$AuthCertificateKey
|
||||
)
|
||||
param ($CertBase64)
|
||||
$ErrorActionPreference = "Stop"
|
||||
|
||||
# Import auth certificate
|
||||
$AuthCertificateFileName = [System.IO.Path]::GetTempFileName()
|
||||
$AuthCertificateBytes = [Convert]::FromBase64String($AuthCertificateBase64)
|
||||
[IO.File]::WriteAllBytes($AuthCertificateFileName, $AuthCertificateBytes)
|
||||
$AuthCertificate = Import-PfxCertificate -FilePath $AuthCertificateFileName -CertStoreLocation Cert:\LocalMachine\My -Password (ConvertTo-SecureString $AuthCertificateKey -AsPlainText -Force)
|
||||
rm $AuthCertificateFileName
|
||||
$ESRPAuthCertificateSubjectName = $AuthCertificate.Subject
|
||||
$CertBytes = [System.Convert]::FromBase64String($CertBase64)
|
||||
$CertCollection = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2Collection
|
||||
$CertCollection.Import($CertBytes, $null, [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::Exportable)
|
||||
|
||||
Write-Output ("##vso[task.setvariable variable=ESRPAuthCertificateSubjectName;]$ESRPAuthCertificateSubjectName")
|
||||
$CertStore = New-Object System.Security.Cryptography.X509Certificates.X509Store("My","LocalMachine")
|
||||
$CertStore.Open("ReadWrite")
|
||||
$CertStore.AddRange($CertCollection)
|
||||
$CertStore.Close()
|
||||
|
||||
echo $CertCollection[0].HasPrivateKey
|
||||
echo $CertCollection[0].PrivateKey
|
||||
|
||||
$ESRPAuthCertificateSubjectName = $CertCollection[0].Subject
|
||||
Write-Output ("##vso[task.setvariable variable=ESRPAuthCertificateSubjectName;]$ESRPAuthCertificateSubjectName")
|
||||
|
|
|
@ -171,9 +171,11 @@ steps:
|
|||
inputs:
|
||||
ESRP: 'ESRP CodeSign'
|
||||
|
||||
- powershell: |
|
||||
$ErrorActionPreference = "Stop"
|
||||
.\build\azure-pipelines\win32\import-esrp-auth-cert.ps1 -AuthCertificateBase64 $(esrp-auth-certificate) -AuthCertificateKey $(esrp-auth-certificate-key)
|
||||
- task: PowerShell@2
|
||||
inputs:
|
||||
targetType: filePath
|
||||
filePath: .\build\azure-pipelines\win32\import-esrp-auth-cert.ps1
|
||||
arguments: "$(ESRP-SSL-AADAuth)"
|
||||
displayName: Import ESRP Auth Certificate
|
||||
|
||||
- powershell: |
|
||||
|
|
|
@ -233,9 +233,11 @@ steps:
|
|||
inputs:
|
||||
ESRP: 'ESRP CodeSign'
|
||||
|
||||
- powershell: |
|
||||
$ErrorActionPreference = "Stop"
|
||||
.\build\azure-pipelines\win32\import-esrp-auth-cert.ps1 -AuthCertificateBase64 $(esrp-auth-certificate) -AuthCertificateKey $(esrp-auth-certificate-key)
|
||||
- task: PowerShell@2
|
||||
inputs:
|
||||
targetType: filePath
|
||||
filePath: .\build\azure-pipelines\win32\import-esrp-auth-cert.ps1
|
||||
arguments: "$(ESRP-SSL-AADAuth)"
|
||||
displayName: Import ESRP Auth Certificate
|
||||
|
||||
- powershell: |
|
||||
|
|
|
@ -12,6 +12,7 @@ $Auth = Create-TmpJson @{
|
|||
SubjectName = $env:ESRPAuthCertificateSubjectName
|
||||
StoreLocation = "LocalMachine"
|
||||
StoreName = "My"
|
||||
SendX5c = "true"
|
||||
}
|
||||
RequestSigningCert = @{
|
||||
SubjectName = $env:ESRPCertificateSubjectName
|
||||
|
@ -67,4 +68,4 @@ $Input = Create-TmpJson @{
|
|||
|
||||
$Output = [System.IO.Path]::GetTempFileName()
|
||||
$ScriptPath = Split-Path -Path $MyInvocation.MyCommand.Definition -Parent
|
||||
& "$ScriptPath\ESRPClient\packages\Microsoft.ESRPClient.1.2.25\tools\ESRPClient.exe" Sign -a $Auth -p $Policy -i $Input -o $Output
|
||||
& "$ScriptPath\ESRPClient\packages\Microsoft.ESRPClient.*\tools\ESRPClient.exe" Sign -a $Auth -p $Policy -i $Input -o $Output
|
||||
|
|
|
@ -54,7 +54,13 @@ function packageInnoSetup(iss, options, cb) {
|
|||
|
||||
cp.spawn(innoSetupPath, args, { stdio: ['ignore', 'inherit', 'inherit'] })
|
||||
.on('error', cb)
|
||||
.on('exit', () => cb(null));
|
||||
.on('exit', code => {
|
||||
if (code === 0) {
|
||||
cb(null);
|
||||
} else {
|
||||
cb(new Error(`InnoSetup returned exit code: ${code}`));
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
function buildWin32Setup(arch, target) {
|
||||
|
|
Loading…
Reference in a new issue