121 строка
3.5 KiB
YAML
121 строка
3.5 KiB
YAML
parameters:
|
|
- name: DoEsrp
|
|
type: boolean
|
|
default: true
|
|
|
|
- name: FolderPath
|
|
type: string
|
|
default: ''
|
|
|
|
- name: DisplayName
|
|
type: string
|
|
default: ''
|
|
|
|
- name: Pattern
|
|
type: string
|
|
default: '*.dll'
|
|
|
|
steps:
|
|
- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@5
|
|
displayName: ${{ parameters.DisplayName }}
|
|
condition: and(succeeded(), eq('${{ parameters.DoEsrp }}', true))
|
|
inputs:
|
|
ConnectedServiceName: 'OnnxrunTimeCodeSign_20240611'
|
|
AppRegistrationClientId: '53d54d02-978d-4305-8572-583cf6711c4f'
|
|
AppRegistrationTenantId: '72f988bf-86f1-41af-91ab-2d7cd011db47'
|
|
AuthAKVName: 'buildkeyvault'
|
|
AuthCertName: '53d54d02-SSL-AutoRotate'
|
|
AuthSignCertName: '53d54d02-978d-4305-8572-583cf6711c4f'
|
|
signConfigType: inlineSignParams
|
|
inlineOperation: |
|
|
[
|
|
{
|
|
"keyCode": "CP-230012",
|
|
"operationSetCode": "SigntoolSign",
|
|
"parameters": [
|
|
{
|
|
"parameterName": "OpusName",
|
|
"parameterValue": "Microsoft"
|
|
},
|
|
{
|
|
"parameterName": "OpusInfo",
|
|
"parameterValue": "http://www.microsoft.com"
|
|
},
|
|
{
|
|
"parameterName": "PageHash",
|
|
"parameterValue": "/NPH"
|
|
},
|
|
{
|
|
"parameterName": "FileDigest",
|
|
"parameterValue": "/fd sha256"
|
|
},
|
|
{
|
|
"parameterName": "TimeStamp",
|
|
"parameterValue": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256"
|
|
}
|
|
],
|
|
"toolName": "signtool.exe",
|
|
"toolVersion": "6.2.9304.0"
|
|
}
|
|
]
|
|
FolderPath: ${{ parameters.FolderPath }}
|
|
Pattern: ${{ parameters.Pattern }}
|
|
SessionTimeout: 90
|
|
ServiceEndpointUrl: 'https://api.esrp.microsoft.com/api/v2'
|
|
MaxConcurrency: 25
|
|
|
|
- task: PowerShell@2
|
|
displayName: 'Signature validation for signed file(s)'
|
|
inputs:
|
|
targetType: 'inline'
|
|
script: |
|
|
Write-Host "FolderPath: ${{ parameters.FolderPath }}"
|
|
Write-Host "Pattern(s): ${{ parameters.Pattern }}"
|
|
|
|
if ("${{ parameters.Pattern }}" -eq "")
|
|
{
|
|
Write-Host "Pattern is empty."
|
|
exit 0
|
|
}
|
|
|
|
$valid_flag=$true
|
|
$normal_sign_status="Valid"
|
|
|
|
$patterns="${{ parameters.Pattern }}" -split ','
|
|
|
|
foreach($pattern_original in $patterns)
|
|
{
|
|
$pattern=$pattern_original.Trim()
|
|
Write-Host "Validating pattern:" $pattern
|
|
|
|
$file_names=Get-ChildItem -Path ${{ parameters.FolderPath }} .\$pattern -Name -Recurse -Force
|
|
|
|
foreach($file in $file_names)
|
|
{
|
|
$file_path=Join-Path ${{ parameters.FolderPath }} -ChildPath $file
|
|
$sign=Get-AuthenticodeSignature -FilePath $file_path
|
|
$sign_status=$sign.Status.ToString()
|
|
Write-Host "File:" $file
|
|
Write-Host "Signature Status:" $sign_status
|
|
if ($sign_status -ne $normal_sign_status)
|
|
{
|
|
Write-Host "File" $file "does not have valid signature."
|
|
Write-Host "Signature status:" $sign.status
|
|
Write-Host "Signature message:" $sign.StatusMessage
|
|
$valid_flag=$false
|
|
break
|
|
}
|
|
}
|
|
}
|
|
|
|
if ($valid_flag -eq $false)
|
|
{
|
|
Write-Host "Signature validation failed."
|
|
exit 1
|
|
}
|
|
else
|
|
{
|
|
Write-Host "Signature validation passed."
|
|
exit 0
|
|
}
|
|
workingDirectory: ${{ parameters.FolderPath }} |