aspnetcore/eng/targets/Wix.Common.targets

<!-- Targets for making .wixproj better. -->
<Project>

  <ItemDefinitionGroup>
    <!-- Override the MicroBuild default certs which still uses MicrosoftSHA1 and Microsoft401 -->
    <SignCabs>
      <Authenticode>Microsoft400</Authenticode>
    </SignCabs>
    <SignMsi>
      <Authenticode>Microsoft400</Authenticode>
    </SignMsi>
    <SignBundle>
      <Authenticode>Microsoft400</Authenticode>
    </SignBundle>
    <SignBundleEngine>
      <Authenticode>Microsoft400</Authenticode>
    </SignBundleEngine>
  </ItemDefinitionGroup>

  <PropertyGroup Condition="'$(OutputType)' == 'package'">
    <!-- Set package version for SharedFx & TargetingPack wixproj's -->
    <!-- Everything built in those projects _except_ the final package & MSI are shipping assets. -->
    <_GeneratedPackageVersion>$(PackageVersion)</_GeneratedPackageVersion>
    <_GeneratedPackageVersion
        Condition="! $(PackageVersion.Contains('$(_PreReleaseLabel)'))">$(PackageVersion)-$(_PreReleaseLabel)$(_BuildNumberLabels)</_GeneratedPackageVersion>
    <!-- Insert PackageVersion into OutputName for SharedFx & TargetingPack -->
    <OutputName Condition="'$(OutputNamePrefix)' != '' AND '$(OutputNameSuffix)' != ''">$(OutputNamePrefix)$(_GeneratedPackageVersion)$(OutputNameSuffix)</OutputName>

    <EmbedCab Condition="'$(EmbedCab)' == ''">yes</EmbedCab>
    <InstallDir>$(ProductName)</InstallDir>

    <DefineConstants Condition="'$(Configuration)' == 'Debug'">$(DefineConstants);Debug</DefineConstants>
    <DefineConstants>$(DefineConstants);EmbedCab=$(EmbedCab)</DefineConstants>
  </PropertyGroup>

  <PropertyGroup Condition=" '$(OutputType)' == 'package' AND '$(Cabinet)' == '' ">
    <Cabinet>$(OutputName.Replace('-', '_')).cab</Cabinet>
    <Cabinet Condition=" '$(EmbedCab)' != 'yes' ">$(OutputName.Replace('_win', '')).cab</Cabinet>
  </PropertyGroup>

  <PropertyGroup>
    <Culture Condition=" '$(Culture)' == '' ">en-US</Culture>
    <Cultures Condition=" '$(Cultures)' == '' ">$(Culture)</Cultures>
    <InstallerPlatform>$(Platform)</InstallerPlatform>
    <OutDir Condition=" '$(OutDir)' == '' ">$(OutputPath)</OutDir>

    <DefineConstants>$(DefineConstants);Cabinet=$(Cabinet)</DefineConstants>
    <DefineConstants>$(DefineConstants);BinPath=$(OutputPath)$(Culture)\</DefineConstants>
    <DefineConstants>$(WixVariables);$(DefineConstants)</DefineConstants>
  </PropertyGroup>

  <Import Project="$(NuGetRestoreTargets)" />
  <Import Project="$(MSBuildProjectExtensionsPath)$(MSBuildProjectFile).*.targets" />
  <Import Project="$(WixTargetsPath)" Condition="'$(WixTargetsPath)' != '' " />
  <!-- Don't import the Microbuild signing targets when post build sign is enabled. They override the
       standard Wix targets for signing, and call ESRP directly (rather than through SignTool). So without this,
       ASPNetCore will sign even when PostbuildSign == true -->
  <Import Project="$(MicroBuildPluginDirectory)\MicroBuild.Plugins.*\**\build\MicroBuild.Plugins.*.targets" Condition="'$(DisableMicroBuild)' != 'true' AND '$(MicroBuildPluginDirectory)' != '' AND '$(PostBuildSign)' != 'true'" />
</Project>
Add code for building the Windows Hosting Bundle and ASP.NET Core runtime installers into this repo This code previously was in private repos because it had references to internal locations and drop shares. This code has been modified to remove these internal-only pieces. 2018-08-17 20:01:57 +03:00			`<!-- Targets for making .wixproj better. -->`
			`<Project>`

Set the signing cert for .msi files to the 'Microsoft' certificate 2018-09-07 02:29:04 +03:00			`<ItemDefinitionGroup>`
Use Microsoft400 for code signing CAB, MSI, and installer bundles (#1433) 2018-09-27 22:58:41 +03:00			`<!-- Override the MicroBuild default certs which still uses MicrosoftSHA1 and Microsoft401 -->`
			`<SignCabs>`
			`<Authenticode>Microsoft400</Authenticode>`
			`</SignCabs>`
Set the signing cert for .msi files to the 'Microsoft' certificate 2018-09-07 02:29:04 +03:00			`<SignMsi>`
Use Microsoft400 for installers signing, not 401 (#1426) 400 only uses a SHA2 cert instead of dual signing. 2018-09-27 20:39:18 +03:00			`<Authenticode>Microsoft400</Authenticode>`
Set the signing cert for .msi files to the 'Microsoft' certificate 2018-09-07 02:29:04 +03:00			`</SignMsi>`
Use Microsoft400 for code signing CAB, MSI, and installer bundles (#1433) 2018-09-27 22:58:41 +03:00			`<SignBundle>`
			`<Authenticode>Microsoft400</Authenticode>`
			`</SignBundle>`
			`<SignBundleEngine>`
			`<Authenticode>Microsoft400</Authenticode>`
			`</SignBundleEngine>`
Set the signing cert for .msi files to the 'Microsoft' certificate 2018-09-07 02:29:04 +03:00			`</ItemDefinitionGroup>`

Add code for building the Windows Hosting Bundle and ASP.NET Core runtime installers into this repo This code previously was in private repos because it had references to internal locations and drop shares. This code has been modified to remove these internal-only pieces. 2018-08-17 20:01:57 +03:00			`<PropertyGroup Condition="'$(OutputType)' == 'package'">`
Fix .msi names (#28572) 2020-12-10 23:01:51 +03:00			`<!-- Set package version for SharedFx & TargetingPack wixproj's -->`
			`<!-- Everything built in those projects _except_ the final package & MSI are shipping assets. -->`
			`<_GeneratedPackageVersion>$(PackageVersion)</_GeneratedPackageVersion>`
			`<_GeneratedPackageVersion`
			`Condition="! $(PackageVersion.Contains('$(_PreReleaseLabel)'))">$(PackageVersion)-$(_PreReleaseLabel)$(_BuildNumberLabels)</_GeneratedPackageVersion>`
			`<!-- Insert PackageVersion into OutputName for SharedFx & TargetingPack -->`
			`<OutputName Condition="'$(OutputNamePrefix)' != '' AND '$(OutputNameSuffix)' != ''">$(OutputNamePrefix)$(_GeneratedPackageVersion)$(OutputNameSuffix)</OutputName>`

Add code for building the Windows Hosting Bundle and ASP.NET Core runtime installers into this repo This code previously was in private repos because it had references to internal locations and drop shares. This code has been modified to remove these internal-only pieces. 2018-08-17 20:01:57 +03:00			`<EmbedCab Condition="'$(EmbedCab)' == ''">yes</EmbedCab>`
			`<InstallDir>$(ProductName)</InstallDir>`

			`<DefineConstants Condition="'$(Configuration)' == 'Debug'">$(DefineConstants);Debug</DefineConstants>`
			`<DefineConstants>$(DefineConstants);EmbedCab=$(EmbedCab)</DefineConstants>`
Build break: Shorten Windows targeting pack CAB name (#29605) - use `<MediaTemplate>` and auto-generated name when embedding - otherwise, stick with `<Media>` but remove `_win` from the CAB name 2021-01-26 01:43:11 +03:00			`</PropertyGroup>`

			`<PropertyGroup Condition=" '$(OutputType)' == 'package' AND '$(Cabinet)' == '' ">`
			`<Cabinet>$(OutputName.Replace('-', '_')).cab</Cabinet>`
			`<Cabinet Condition=" '$(EmbedCab)' != 'yes' ">$(OutputName.Replace('_win', '')).cab</Cabinet>`
Add code for building the Windows Hosting Bundle and ASP.NET Core runtime installers into this repo This code previously was in private repos because it had references to internal locations and drop shares. This code has been modified to remove these internal-only pieces. 2018-08-17 20:01:57 +03:00			`</PropertyGroup>`

			`<PropertyGroup>`
			`<Culture Condition=" '$(Culture)' == '' ">en-US</Culture>`
			`<Cultures Condition=" '$(Cultures)' == '' ">$(Culture)</Cultures>`
			`<InstallerPlatform>$(Platform)</InstallerPlatform>`
			`<OutDir Condition=" '$(OutDir)' == '' ">$(OutputPath)</OutDir>`
Build break: Shorten Windows targeting pack CAB name (#29605) - use `<MediaTemplate>` and auto-generated name when embedding - otherwise, stick with `<Media>` but remove `_win` from the CAB name 2021-01-26 01:43:11 +03:00
			`<DefineConstants>$(DefineConstants);Cabinet=$(Cabinet)</DefineConstants>`
Add code for building the Windows Hosting Bundle and ASP.NET Core runtime installers into this repo This code previously was in private repos because it had references to internal locations and drop shares. This code has been modified to remove these internal-only pieces. 2018-08-17 20:01:57 +03:00			`<DefineConstants>$(DefineConstants);BinPath=$(OutputPath)$(Culture)\</DefineConstants>`
			`<DefineConstants>$(WixVariables);$(DefineConstants)</DefineConstants>`
			`</PropertyGroup>`

			`<Import Project="$(NuGetRestoreTargets)" />`
			`<Import Project="$(MSBuildProjectExtensionsPath)$(MSBuildProjectFile).*.targets" />`
			`<Import Project="$(WixTargetsPath)" Condition="'$(WixTargetsPath)' != '' " />`
[release/5.0] Fix some post-build signing issues (#26506) * Fix some post-build signing issues This fixes some post-build signing issues that are present in the aspnetcore repo 1. Add the .msi extension to be signed by Microsoft400 - Msis must be signed. With in-build signing these get handled explicitly by the wixproj infrastructure. When we do post build signing, we must sign these files. 2. Remove the strong name exclusions. These exclusions are incorrect when applied in post-build and unnecessary for in-build signing. Most importantly, the aspnetcore PKT would not end up re-strong named (it doesn't need to be strong name signed by ESRP since it's strong named in-build) because the PKT doesn't match any of the StrongNameSignInfo specified in arcade. The rest of the entries seem to be mostly about optimization. I could not find any performance difference between these entries being present and not. I am not sure whether they actually even apply to any assets. Moreover, when doing post-build signing, they would conflict with the entries in runtime and other places. Verification - I have a tool that I wrote which unpacks every file between two directories and compares the strong name, nuget, and authenticode certs between equivalent files. This is the same tool being used to verify post-build signing. This tool shows no difference in any aspnetcore produced asset. Baseline: https://dev.azure.com/dnceng/internal/_build/results?buildId=836183&view=results Diff: https://dev.azure.com/dnceng/internal/_build/results?buildId=837176&view=results * Do not push VS packages for installers when PostBuildSign == true * Output wix command packages to the installers output path * Don't import microbuild signing targets from wix when PostBuildSign=true * Tweaks: - Don't sign wixpacks when not in post-build signing - Generate a wixpack for both the original msi name (which the wixproj generates) AND the name we use in the final outputs. This is because while these files are the same, signing differentiates the certificate based on the file name, and wixpack lookup is also based on the file names. Aspnetcore and other repos have uses the final outputs (e.g. dotnet-aspnetcore-runtime-123.5..) as well as the internal names (e.g. AspNetCoreSharedFramework_x64.msi). - Don't sign msi's when not post-build signing. * Avoid generating sha512 files for wixpack zips * Don't run xplat code sign jobs if PostBuildSign == true * Change original target names * Conditionalize codesign operations * Add publishing flag for linux x64 and add deb sha512 generation * Do not push the x64 linux runtime archive more than once 2020-10-14 20:19:10 +03:00			`<!-- Don't import the Microbuild signing targets when post build sign is enabled. They override the`
			`standard Wix targets for signing, and call ESRP directly (rather than through SignTool). So without this,`
			`ASPNetCore will sign even when PostbuildSign == true -->`
			`<Import Project="$(MicroBuildPluginDirectory)\MicroBuild.Plugins.\\build\MicroBuild.Plugins..targets" Condition="'$(DisableMicroBuild)' != 'true' AND '$(MicroBuildPluginDirectory)' != '' AND '$(PostBuildSign)' != 'true'" />`
Add code for building the Windows Hosting Bundle and ASP.NET Core runtime installers into this repo This code previously was in private repos because it had references to internal locations and drop shares. This code has been modified to remove these internal-only pieces. 2018-08-17 20:01:57 +03:00			`</Project>`