Mirrors/velopack
1
0
Fork 0
mirror of https://github.com/velopack/velopack.git synced 2025-10-25 15:19:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

Sign tool update

Browse Source 
WIP writing tests for Azure Code Signing

Fix issue to make sure we sign at least one file at a time

"Working" test with manually providing dependencies

Work on download dependencies.

Revert signtool.exe change
This commit is contained in:
Kevin Bost
2024-11-02 15:13:37 -07:00
committed by Caelan
parent 4eb319efc6
commit 3c61874cef
16 changed files with 181 additions and 97 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/lib-csharp/NuGet/ZipPackage.cs
View File

@@ -9,7 +9,7 @@ namespace Velopack.NuGet
{
public class ZipPackage : PackageManifest
{
public IEnumerable<ZipPackageFile> Files { get; private set; } = Enumerable.Empty<ZipPackageFile>();
public IEnumerable<ZipPackageFile> Files { get; }
public byte[]? UpdateExeBytes { get; private set; }

2
src/vpk/Velopack.Build/PackTask.cs
View File

@@ -80,7 +80,7 @@ public class PackTask : MSBuildAsyncTask
public bool SkipVelopackAppCheck { get; set; }
public string? SignParameters { get; set; }
public string? AzTrustedSign { get; set; }
public string? AzureTrustedSignFile { get; set; }
public bool SignSkipDll { get; set; }

4
src/vpk/Velopack.Packaging.Windows/CodeSign.cs
View File

@@ -70,8 +70,8 @@ public class CodeSign
}
do {
List<string> filesToSign = new List<string>();
for (int i = Math.Min(pendingSign.Count, parallelism); i > 0; i--) {
List<string> filesToSign = [];
for (int i = Math.Max(1, Math.Min(pendingSign.Count, parallelism)); i > 0; i--) {
filesToSign.Add(pendingSign.Dequeue());
}

72
src/vpk/Velopack.Packaging.Windows/Commands/WindowsPackCommandRunner.cs
View File

@@ -1,8 +1,11 @@
using Microsoft.Extensions.Logging;
using System.IO.Compression;
using System.Runtime.Versioning;
using Microsoft.Extensions.Logging;
using Velopack.Compression;
using Velopack.NuGet;
using Velopack.Packaging.Abstractions;
using Velopack.Packaging.Exceptions;
using Velopack.Packaging.NuGet;
using Velopack.Util;
using Velopack.Windows;
@@ -15,15 +18,14 @@ public class WindowsPackCommandRunner : PackageBuilder<WindowsPackOptions>
{
}
protected override Task CodeSign(Action<int> progress, string packDir)
protected override async Task CodeSign(Action<int> progress, string packDir)
{
var filesToSign = new DirectoryInfo(packDir).GetAllFilesRecursively()
.Where(x => Options.SignSkipDll ? PathUtil.PathPartEndsWith(x.Name, ".exe") : PathUtil.FileIsLikelyPEImage(x.Name))
.Select(x => x.FullName)
.ToArray();
SignFilesImpl(Options, progress, filesToSign);
return Task.CompletedTask;
await SignFilesImpl(Options, progress, filesToSign);
}
protected override Task<string> PreprocessPackDir(Action<int> progress, string packDir)
@@ -144,7 +146,7 @@ public class WindowsPackCommandRunner : PackageBuilder<WindowsPackOptions>
"net481",
};
List<string> validated = new();
List<string> validated = [];
foreach (var str in providedRuntimes) {
if (valid.Contains(str)) {
@@ -171,7 +173,7 @@ public class WindowsPackCommandRunner : PackageBuilder<WindowsPackOptions>
return String.Join(",", validated);
}
protected override Task CreateSetupPackage(Action<int> progress, string releasePkg, string packDir, string targetSetupExe)
protected override async Task CreateSetupPackage(Action<int> progress, string releasePkg, string packDir, string targetSetupExe)
{
var bundledZip = new ZipPackage(releasePkg);
IoUtil.Retry(() => File.Copy(HelperFile.SetupPath, targetSetupExe, true));
@@ -189,10 +191,9 @@ public class WindowsPackCommandRunner : PackageBuilder<WindowsPackOptions>
SetupBundle.CreatePackageBundle(targetSetupExe, releasePkg);
progress(50);
Log.Debug("Signing Setup bundle");
SignFilesImpl(Options, CoreUtil.CreateProgressDelegate(progress, 50, 100), targetSetupExe);
await SignFilesImpl(Options, CoreUtil.CreateProgressDelegate(progress, 50, 100), targetSetupExe);
Log.Debug($"Setup bundle created '{Path.GetFileName(targetSetupExe)}'.");
progress(100);
return Task.CompletedTask;
}
protected override async Task CreatePortablePackage(Action<int> progress, string packDir, string outputPath)
@@ -242,12 +243,12 @@ public class WindowsPackCommandRunner : PackageBuilder<WindowsPackOptions>
}
}
private void SignFilesImpl(WindowsSigningOptions options, Action<int> progress, params string[] filePaths)
private async Task SignFilesImpl(WindowsSigningOptions options, Action<int> progress, params string[] filePaths)
{
var signParams = options.SignParameters;
var signTemplate = options.SignTemplate;
var signParallel = options.SignParallel;
var trustedSignMetadataPath = options.AzTrustedSign;
var trustedSignMetadataPath = options.AzureTrustedSignFile;
var helper = new CodeSign(Log);
if (string.IsNullOrEmpty(signParams) && string.IsNullOrEmpty(signTemplate) && string.IsNullOrEmpty(trustedSignMetadataPath)) {
@@ -262,21 +263,60 @@ public class WindowsPackCommandRunner : PackageBuilder<WindowsPackOptions>
// signtool.exe does not work if we're not on windows.
if (!VelopackRuntimeInfo.IsWindows) return;
if(!string.IsNullOrEmpty(trustedSignMetadataPath)) {
if (!string.IsNullOrEmpty(trustedSignMetadataPath)) {
Log.Info($"Use Azure Trusted Signing service for code signing. Metadata file path: {trustedSignMetadataPath}");
signParams = $"/fd SHA256 /tr \"http://timestamp.acs.microsoft.com\" /v /debug /td SHA256 /dlib \"{HelperFile.AzTrustedSigningDlibPath}\" /dmdf \"{trustedSignMetadataPath}\"";
string dlibPath = await GetDlibPath(CancellationToken.None);
signParams = $"/fd SHA256 /tr \"http://timestamp.acs.microsoft.com\" /v /debug /td SHA256 /dlib \"{dlibPath}\" /dmdf \"{trustedSignMetadataPath}\"";
helper.Sign(filePaths, signParams, signParallel, progress, false);
}
else if (!string.IsNullOrEmpty(signParams)) {
} else if (!string.IsNullOrEmpty(signParams)) {
helper.Sign(filePaths, signParams, signParallel, progress, false);
}
}
[SupportedOSPlatform("windows")]
private async Task<string> GetDlibPath(CancellationToken cancellationToken)
{
// DLib library is required for Azure Trusted Signing. It must be in the same directory as SignTool.exe.
// https://learn.microsoft.com/azure/trusted-signing/how-to-signing-integrations#download-and-install-the-trusted-signing-dlib-package
var signToolPath = HelperFile.SignToolPath;
var signToolDirectory = Path.GetDirectoryName(signToolPath);
var dlibPath = Path.Combine(signToolDirectory, HelperFile.AzureDlibFileName);
if (File.Exists(dlibPath)) {
return dlibPath;
}
Log.Info($"Downloading Azure Trusted Signing dlib to '{dlibPath}'");
var dl = new NuGetDownloader();
using MemoryStream nupkgStream = new();
await dl.DownloadPackageToStream("Microsoft.Trusted.Signing.Client", "1.*", nupkgStream, cancellationToken);
nupkgStream.Position = 0;
string parentDir = NugetUtil.BinDirectory + Path.AltDirectorySeparatorChar;
if (Environment.Is64BitOperatingSystem) {
parentDir += "x64";
} else {
parentDir += "x86";
}
parentDir += Path.AltDirectorySeparatorChar;
ZipArchive zipPackage = new(nupkgStream);
var entries = zipPackage.Entries.Where(x => x.FullName.StartsWith(parentDir, StringComparison.OrdinalIgnoreCase));
foreach (var entry in entries) {
var relativePath = entry.FullName.Substring(parentDir.Length);
entry.ExtractToFile(Path.Combine(signToolDirectory, relativePath), true);
}
return dlibPath;
}
protected override string[] GetMainExeSearchPaths(string packDirectory, string mainExeName)
{
return new[] {
return [
Path.Combine(packDirectory, mainExeName),
Path.Combine(packDirectory, mainExeName) + ".exe",
};
];
}
}

2
src/vpk/Velopack.Packaging.Windows/Commands/WindowsSigningOptions.cs
View File

@@ -10,5 +10,5 @@ public class WindowsSigningOptions
public string SignTemplate { get; set; }
public string AzTrustedSign { get; set; }
public string AzureTrustedSignFile { get; set; }
}

11
src/vpk/Velopack.Packaging/HelperFile.cs
View File

@@ -71,7 +71,7 @@ public static class HelperFile
public static string SignToolPath => FindHelperFile("signtool.exe");
[SupportedOSPlatform("windows")]
public static string AzTrustedSigningDlibPath => FindHelperFile("Azure.CodeSigning.Dlib.dll");
public const string AzureDlibFileName = "Azure.CodeSigning.Dlib.dll";
public static string GetDefaultAppIcon(RuntimeOs os)
{
@@ -87,14 +87,15 @@ public static class HelperFile
}
}
private static readonly List<string> _searchPaths = new List<string>();
private static readonly List<string> _searchPaths = [];
static HelperFile()
{
#if DEBUG
AddSearchPath(AppContext.BaseDirectory, "..", "..", "..", "target", "debug");
AddSearchPath(AppContext.BaseDirectory, "..", "..", "..", "vendor");
AddSearchPath(AppContext.BaseDirectory, "..", "..", "..", "artwork");
AddSearchPath(AppContext.BaseDirectory, "..", "..", "..", "..", "..", "target", "debug");
AddSearchPath(AppContext.BaseDirectory, "..", "..", "..", "..", "..", "target", "release");
AddSearchPath(AppContext.BaseDirectory, "..", "..", "..", "..", "..", "vendor");
AddSearchPath(AppContext.BaseDirectory, "..", "..", "..", "..", "..", "artwork");
#else
AddSearchPath(AppContext.BaseDirectory, "..", "..", "..", "vendor");
#endif

23
src/vpk/Velopack.Vpk/Updates/NugetDownloader.cs → src/vpk/Velopack.Packaging/NuGet/NuGetDownloader.cs
View File

@@ -1,20 +1,24 @@
using System.Threading;
#nullable enable
using NuGet.Configuration;
using NuGet.Packaging.Core;
using NuGet.Protocol.Core.Types;
using NuGet.Versioning;
using NugetLogger = NuGet.Common.ILogger;
namespace Velopack.Vpk.Updates;
namespace Velopack.Packaging.NuGet;
public class NugetDownloader
public class NuGetDownloader
{
private readonly NugetLogger _logger;
private readonly PackageSource _packageSource;
private readonly SourceRepository _sourceRepository;
private readonly SourceCacheContext _sourceCacheContext;
public NugetDownloader(NugetLogger logger)
public NuGetDownloader()
: this(global::NuGet.Common.NullLogger.Instance)
{ }
public NuGetDownloader(NugetLogger logger)
{
_logger = logger;
_packageSource = new PackageSource("https://api.nuget.org/v3/index.json", "NuGet.org");
@@ -22,11 +26,11 @@ public class NugetDownloader
_sourceCacheContext = new SourceCacheContext();
}
public async Task<IPackageSearchMetadata> GetPackageMetadata(string packageName, string version, CancellationToken cancellationToken)
public async Task<IPackageSearchMetadata> GetPackageMetadata(string packageName, string? version, CancellationToken cancellationToken)
{
PackageMetadataResource packageMetadataResource = _sourceRepository.GetResource<PackageMetadataResource>();
FindPackageByIdResource packageByIdResource = _sourceRepository.GetResource<FindPackageByIdResource>();
IPackageSearchMetadata package = null;
IPackageSearchMetadata? package = null;
var prerelease = version?.Equals("pre", StringComparison.InvariantCultureIgnoreCase) == true;
if (version is null || version.Equals("latest", StringComparison.InvariantCultureIgnoreCase) || prerelease) {
@@ -66,4 +70,11 @@ public class NugetDownloader
.CopyNupkgToStreamAsync(package.Identity.Id, package.Identity.Version, targetStream, _sourceCacheContext, _logger, cancellationToken)
.ConfigureAwait(false);
}
public async Task DownloadPackageToStream(string packageName, string? version, Stream targetStream, CancellationToken cancellationToken)
{
IPackageSearchMetadata packageMetadata = await GetPackageMetadata(packageName, version, cancellationToken);
await DownloadPackageToStream(packageMetadata, targetStream, cancellationToken);
}
}

7
src/vpk/Velopack.Packaging/Velopack.Packaging.csproj
View File

@@ -19,6 +19,13 @@
<PackageReference Include="Microsoft.Identity.Client" Version="4.66.2" />
<PackageReference Include="Microsoft.Identity.Client.Broker" Version="4.66.2" />
<PackageReference Include="Microsoft.Identity.Client.Extensions.Msal" Version="4.66.2" />
<PackageReference Include="Microsoft.Identity.Client" Version="4.66.1" />
<PackageReference Include="Microsoft.Identity.Client.Broker" Version="4.66.1" />
<PackageReference Include="Microsoft.Identity.Client.Extensions.Msal" Version="4.66.1" />
<PackageReference Include="Microsoft.Identity.Client" Version="4.65.0" />
<PackageReference Include="Microsoft.Identity.Client.Broker" Version="4.65.0" />
<PackageReference Include="Microsoft.Identity.Client.Extensions.Msal" Version="4.65.0" />
<PackageReference Include="NuGet.Protocol" Version="6.11.1" />
</ItemGroup>
</Project>

4
src/vpk/Velopack.Vpk/Commands/WindowsPackCommand.cs
View File

@@ -15,7 +15,7 @@ public class WindowsPackCommand : PackCommand
public int SignParallel { get; private set; }
public string SignTemplate { get; private set; }
public string AzTrustedSign { get; private set; }
public string AzureTrustedSignFile { get; private set; }
public string Shortcuts { get; private set; }
@@ -63,7 +63,7 @@ public class WindowsPackCommand : PackCommand
.SetDescription("Sign files via signtool.exe using these parameters.")
.SetArgumentHelpName("PARAMS");
var azTrustedSign = AddOption<FileInfo>((v) => AzTrustedSign = v.ToFullNameOrNull(), "--azTrustedSign")
var azTrustedSign = AddOption<FileInfo>((v) => AzureTrustedSignFile = v.ToFullNameOrNull(), "--azureTrustedSignFile")
.SetDescription("Path to Azure Trusted Signing metadata.json.")
.SetArgumentHelpName("PATH");

54
src/vpk/Velopack.Vpk/Updates/NullNugetLogger.cs
View File

@@ -1,54 +0,0 @@
using NugetLevel = NuGet.Common.LogLevel;
using NugetLogger = NuGet.Common.ILogger;
using NugetMessage = NuGet.Common.ILogMessage;
namespace Velopack.Vpk.Updates;
class NullNugetLogger : NugetLogger
{
void NugetLogger.LogDebug(string data)
{
}
void NugetLogger.LogVerbose(string data)
{
}
void NugetLogger.LogInformation(string data)
{
}
void NugetLogger.LogMinimal(string data)
{
}
void NugetLogger.LogWarning(string data)
{
}
void NugetLogger.LogError(string data)
{
}
void NugetLogger.LogInformationSummary(string data)
{
}
void NugetLogger.Log(NugetLevel level, string data)
{
}
Task NugetLogger.LogAsync(NugetLevel level, string data)
{
return Task.CompletedTask;
}
void NugetLogger.Log(NugetMessage message)
{
}
Task NugetLogger.LogAsync(NugetMessage message)
{
return Task.CompletedTask;
}
}

3
src/vpk/Velopack.Vpk/Updates/UpdateChecker.cs
View File

@@ -1,5 +1,6 @@
using System.Threading;
using NuGet.Protocol.Core.Types;
using Velopack.Packaging.NuGet;
using Velopack.Util;
namespace Velopack.Vpk.Updates;
@@ -26,7 +27,7 @@ public class UpdateChecker
if (_cache == null) {
var cancel = new CancellationTokenSource(3000);
var dl = new NugetDownloader(new NullNugetLogger());
var dl = new NuGetDownloader();
_cache = await dl.GetPackageMetadata("vpk", isPre ? "pre" : "latest", cancel.Token).ConfigureAwait(false);
}

1
src/vpk/Velopack.Vpk/Velopack.Vpk.csproj
View File

@@ -28,6 +28,7 @@
<PackageReference Include="Riok.Mapperly" Version="4.1.0" />
<PackageReference Include="Humanizer.Core" Version="2.14.1" />
<PackageReference Include="System.Formats.Asn1" Version="8.0.1" />
<PackageReference Include="System.Text.Json" Version="8.0.5" />
</ItemGroup>
<ItemGroup>