From 0d177d12fe8c22de89f3d486abf0b2c1d0c1e286 Mon Sep 17 00:00:00 2001
From: David Sparer <David.Sparer@pearson.com>
Date: Fri, 17 Mar 2017 09:17:10 -0600
Subject: [PATCH] added ability to exclude files for signing. cleaned up script

---
 InstallerProjects/Installer/Installer.wixproj | 32 +++++++++----------
 Tools/signfiles.ps1                           | 32 +++++++++++++++----
 mRemoteV1/mRemoteV1.csproj                    |  2 +-
 3 files changed, 42 insertions(+), 24 deletions(-)

diff --git a/InstallerProjects/Installer/Installer.wixproj b/InstallerProjects/Installer/Installer.wixproj
index f5f28af7..33ffb222 100644
--- a/InstallerProjects/Installer/Installer.wixproj
+++ b/InstallerProjects/Installer/Installer.wixproj
@@ -114,22 +114,6 @@
   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release Portable|x86' ">
     <DefineConstants>HarvestPath=$(SolutionDir)mRemoteV1\bin\Release Portable;HelpFilesHarvestPath=$(SolutionDir)mRemoteV1\Resources\Help</DefineConstants>
   </PropertyGroup>
-  <PropertyGroup>
-    <PostBuildEvent>set /p buildenv=&lt;buildenv.tmp
-
-REM Sign MSI
-IF EXIST C:\mRemoteNG_code_signing_cert.pfx (
-    IF %25buildenv: Portable=%25==Release (
-        powershell "&amp;""$(SolutionDir)Tools\signfiles.ps1""" %27%25cd%25%27
-    )
-)
-
-REM Rename MSI to include version number
-powershell -ExecutionPolicy Bypass -File "$(SolutionDir)Tools\rename_installer_with_version.ps1" $(SolutionDir)
-
-REM Copy MSI to Release folder
-IF %25buildenv: Portable=%25==Release (powershell -ExecutionPolicy Bypass -File  "$(SolutionDir)Tools\copy_release_installer.ps1" $(TargetDir) $(SolutionDir)Release)</PostBuildEvent>
-  </PropertyGroup>
   <PropertyGroup>
     <PreBuildEvent>REM Clean the TargetDir
 rmdir /S /Q "$(TargetDir)"
@@ -142,4 +126,20 @@ call "$(WIX)bin\heat.exe" dir "$(SolutionDir)mRemoteV1\bin\$(Configuration)" -ag
 REM Convert the license file "COPYING.TXT" to "License.rtf" to be shown in the installer GUI
 call "$(ProjectDir)Resources\Pandoc\pandoc.exe" -s -t rtf -o "$(ProjectDir)\Resources\License.rtf" "$(SolutionDir)COPYING.TXT"</PreBuildEvent>
   </PropertyGroup>
+  <PropertyGroup>
+    <PostBuildEvent>set /p buildenv=&lt;buildenv.tmp
+
+REM Sign MSI
+IF EXIST C:\mRemoteNG_code_signing_cert.pfx (
+    IF %25buildenv: Portable=%25==Release (
+        powershell -File "$(SolutionDir)Tools\signfiles.ps1" -PathToSignableFiles %25cd%25
+    )
+)
+
+REM Rename MSI to include version number
+powershell -ExecutionPolicy Bypass -File "$(SolutionDir)Tools\rename_installer_with_version.ps1" $(SolutionDir)
+
+REM Copy MSI to Release folder
+IF %25buildenv: Portable=%25==Release (powershell -ExecutionPolicy Bypass -File  "$(SolutionDir)Tools\copy_release_installer.ps1" $(TargetDir) $(SolutionDir)Release)</PostBuildEvent>
+  </PropertyGroup>
 </Project>
\ No newline at end of file
diff --git a/Tools/signfiles.ps1 b/Tools/signfiles.ps1
index 49c60c72..5b59cd1e 100644
--- a/Tools/signfiles.ps1
+++ b/Tools/signfiles.ps1
@@ -1,13 +1,31 @@
-$timeserver = "http://timestamp.verisign.com/scripts/timstamp.dll"
-$certPath = "C:\mRemoteNG_code_signing_cert.pfx"
-$certPassword = (Get-Credential -Message "Enter the password for the certificate" -UserName "USERNAME NOT NEEDED").Password
-$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($certPath, $certPassword)
-$targetPath = $args[0]
+param(
+    [string]
+    [Parameter(Mandatory=$true)]
+    # Folder path that contains the files you would like to sign. Recursive.
+    $PathToSignableFiles,
+
+    [string]
+    # The code signing certificate to use when signing the files.
+    $CertificatePath = "C:\mRemoteNG_code_signing_cert.pfx",
+
+    [SecureString]
+    # Password to unlock the code signing certificate.
+    $CertificatePassword = (Get-Credential -Message "Enter password for the mRemoteNG code signing certificate" -UserName "USERNAME NOT NEEDED").Password,
+
+    [string[]]
+    # File names to exclude from signing
+    $Exclude
+)
 
 
-Write-Output "Getting files from path: $targetPath"
-$signableFiles = Get-ChildItem -Path $targetPath -Recurse | ?{$_.Extension -match "dll|exe|msi"}
+$timeserver = "http://timestamp.verisign.com/scripts/timstamp.dll"
+$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($CertificatePath, $CertificatePassword)
+
+
+Write-Output "Getting files from path: $PathToSignableFiles"
+$signableFiles = Get-ChildItem -Path $PathToSignableFiles -Recurse | ?{$_.Extension -match "dll|exe|msi"} | ?{$Exclude -notcontains $_.Name}
 Write-Output "Signable files count: $($signableFiles.Count)"
+
 foreach ($file in $signableFiles) {
     Set-AuthenticodeSignature -Certificate $cert -TimestampServer $timeserver -IncludeChain all -FilePath $file.FullName
 }
\ No newline at end of file
diff --git a/mRemoteV1/mRemoteV1.csproj b/mRemoteV1/mRemoteV1.csproj
index 69866f39..7a93cd72 100644
--- a/mRemoteV1/mRemoteV1.csproj
+++ b/mRemoteV1/mRemoteV1.csproj
@@ -1402,7 +1402,7 @@ editbin /largeaddressaware mRemoteNG.exe
 IF EXIST C:\mRemoteNG_code_signing_cert.pfx (
     echo Signing binaries
     IF %25buildenv: Portable=%25==Release (
-        powershell "&amp;""$(SolutionDir)Tools\signfiles.ps1""" '%25cd%25'
+        powershell -File "$(SolutionDir)Tools\signfiles.ps1"  -PathToSignableFiles %25cd%25 -Exclude 'PuTTYNG.exe'
     )
 )