diff --git a/Tools/sign_binaries.ps1 b/Tools/sign_binaries.ps1 index 2fb824f2f..3e1277ca0 100644 --- a/Tools/sign_binaries.ps1 +++ b/Tools/sign_binaries.ps1 @@ -12,6 +12,7 @@ param ( $Exclude, [string] + [AllowEmptyString()] # The code signing certificate to use when signing the files. $CertificatePath, @@ -29,55 +30,59 @@ Write-Output "===== Beginning $($PSCmdlet.MyInvocation.MyCommand) =====" $timeserver = "http://timestamp.verisign.com/scripts/timstamp.dll" -if ($ConfigurationName -notmatch "Release") { - Write-Output "This is not a release build - we won't sign files." - return -} +# validate release versions and if the certificate value was passed +if ($ConfigurationName -match "Release" -And ($CertificatePath)) { -if(-Not ([string]::IsNullOrEmpty($Env:APPVEYOR_BUILD_FOLDER)) ) { - $CertificatePath = Join-Path -Path $SolutionDir -ChildPath $CertificatePath -} + if(-Not ([string]::IsNullOrEmpty($Env:APPVEYOR_BUILD_FOLDER)) ) { + $CertificatePath = Join-Path -Path $SolutionDir -ChildPath $CertificatePath + } -if ($CertificatePath -eq "" -or !(Test-Path -Path $CertificatePath -PathType Leaf)) { - Write-Output "Certificate is not present - we won't sign files." - return -} + # make sure the cert is actually available + if ($CertificatePath -eq "" -or !(Test-Path -Path $CertificatePath -PathType Leaf)) + { + Write-Output "Certificate is not present - we won't sign files." + return + } -if ($CertificatePassword -eq "") { - Write-Output "No certificate password was provided - we won't sign files." - return -} + if ($CertificatePassword -eq "") { + Write-Output "No certificate password was provided - we won't sign files." + return + } -try { - $certKeyStore = [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::MachineKeySet - $cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($CertificatePath, $CertificatePassword, $certKeyStore) -ErrorAction Stop -} catch { - Write-Output "Error loading certificate file - we won't sign files." - Write-Output $Error[0] - return -} + try { + $certKeyStore = [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::MachineKeySet + $cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($CertificatePath, $CertificatePassword, $certKeyStore) -ErrorAction Stop + } catch { + Write-Output "Error loading certificate file - we won't sign files." + Write-Output $Error[0] + return + } -# Sign MSI if we are building a release version and the certificate is available -Write-Output "Signing Binaries" -Write-Output "Getting files from path: $TargetDir" -$signableFiles = Get-ChildItem -Path $TargetDir -Recurse | ?{$_.Extension -match "dll|exe|msi"} | ?{$Exclude -notcontains $_.Name} + # Sign MSI if we are building a release version and the certificate is available + Write-Output "Signing Binaries" + Write-Output "Getting files from path: $TargetDir" + $signableFiles = Get-ChildItem -Path $TargetDir -Recurse | ?{$_.Extension -match "dll|exe|msi"} | ?{$Exclude -notcontains $_.Name} -$excluded_files = Get-ChildItem -Path $TargetDir -Recurse | ?{$_.Extension -match "dll|exe|msi"} | ?{$Exclude -contains $_.Name} -$excluded_files | ForEach-Object ` - -Begin { Write-Output "The following files were excluded from signing due to being on the exclusion list:" } ` - -Process { Write-Output "-- $($_.FullName)" } + $excluded_files = Get-ChildItem -Path $TargetDir -Recurse | ?{$_.Extension -match "dll|exe|msi"} | ?{$Exclude -contains $_.Name} + $excluded_files | ForEach-Object ` + -Begin { Write-Output "The following files were excluded from signing due to being on the exclusion list:" } ` + -Process { Write-Output "-- $($_.FullName)" } -Write-Output "Signable files count: $($signableFiles.Count)" + Write-Output "Signable files count: $($signableFiles.Count)" -foreach ($file in $signableFiles) { - Set-AuthenticodeSignature -Certificate $cert -TimestampServer $timeserver -IncludeChain all -FilePath $file.FullName -} + foreach ($file in $signableFiles) { + Set-AuthenticodeSignature -Certificate $cert -TimestampServer $timeserver -IncludeChain all -FilePath $file.FullName + } -# Release certificate -if ($cert -ne $null) { - $cert.Dispose() + # Release certificate + if ($cert -ne $null) { + $cert.Dispose() + } +} else { + Write-Output "This is not a release build or CertificatePath wasn't provided - we won't sign files." + Write-Output "Config: $($ConfigurationName)`tCertPath: $($CertificatePath)" } Write-Output "" \ No newline at end of file diff --git a/Tools/verify_binary_signatures.ps1 b/Tools/verify_binary_signatures.ps1 index f9420a9bd..ce9180da6 100644 --- a/Tools/verify_binary_signatures.ps1 +++ b/Tools/verify_binary_signatures.ps1 @@ -9,6 +9,7 @@ param ( [string] [Parameter(Mandatory=$true)] + [AllowEmptyString()] # The code signing certificate to use when signing the files. $CertificatePath, @@ -19,13 +20,14 @@ param ( Write-Output "===== Beginning $($PSCmdlet.MyInvocation.MyCommand) =====" -# validate release versions and if the certificate is available -if ($ConfigurationName -match "Release") { +# validate release versions and if the certificate value was passed +if ($ConfigurationName -match "Release" -And ($CertificatePath)) { if(-Not ([string]::IsNullOrEmpty($Env:APPVEYOR_BUILD_FOLDER)) ) { $CertificatePath = Join-Path -Path $SolutionDir -ChildPath $CertificatePath } + # make sure the cert is actually available if ($CertificatePath -eq "" -or !(Test-Path -Path $CertificatePath -PathType Leaf)) { Write-Output "Certificate is not present - files likely not signed - we won't verify file signatures." @@ -50,7 +52,8 @@ if ($ConfigurationName -match "Release") { Write-Output "All files have valid signatures." } } else { - Write-Output "This is not a release build - we won't verify file signatures." + Write-Output "This is not a release build or CertificatePath wasn't provided - we won't verify file signatures." + Write-Output "Config: $($ConfigurationName)`tCertPath: $($CertificatePath)" } Write-Output "" \ No newline at end of file diff --git a/mRemoteV1/mRemoteV1.csproj b/mRemoteV1/mRemoteV1.csproj index f378733fc..b34cb0ea7 100644 --- a/mRemoteV1/mRemoteV1.csproj +++ b/mRemoteV1/mRemoteV1.csproj @@ -1770,6 +1770,7 @@ :: When passing paths to powershell scripts, check if the path ends with a backslash "\" :: If it does, then the backslash may be interpreted as an escape character. Add another backslash to cancel the first one. +@echo off powershell -noprofile -command "sleep 2" set /p buildenv=<buildenv.tmp set solutionDir=$(SolutionDir)\ @@ -1777,6 +1778,7 @@ set targetDir=%25cd%25 set psScriptsDir=$(SolutionDir)Tools set certPath=$(CertPath) set certPassword=$(CertPassword) +@echo on :: Call the post build powershell script powershell.exe -ExecutionPolicy Bypass -File "%25psScriptsDir%25\postbuild_mremotev1.ps1" -SolutionDir "%25solutionDir%25" -TargetDir "%25targetDir%25" -TargetFileName "mRemoteNG.exe" -ConfigurationName "%25buildenv%25" -CertificatePath "%25certPath%25" -CertificatePassword "%25certPassword%25" -ExcludeFromSigning "PuTTYNG.exe"