implemented code signing parameter for azure trusted signing

2025-10-25 15:19:22 +00:00 · 2024-09-30 15:48:02 +02:00
parent dd19fdfd1e
commit 4eb319efc6
5 changed files with 21 additions and 4 deletions
--- a/src/vpk/Velopack.Build/PackTask.cs
+++ b/src/vpk/Velopack.Build/PackTask.cs
@@ -80,6 +80,7 @@ public class PackTask : MSBuildAsyncTask
    public bool SkipVelopackAppCheck { get; set; }
    public string? SignParameters { get; set; }
    public string? AzTrustedSign { get; set; }
    public bool SignSkipDll { get; set; }
--- a/src/vpk/Velopack.Packaging.Windows/Commands/WindowsPackCommandRunner.cs
+++ b/src/vpk/Velopack.Packaging.Windows/Commands/WindowsPackCommandRunner.cs
@@ -247,9 +247,10 @@ public class WindowsPackCommandRunner : PackageBuilder<WindowsPackOptions>
        var signParams = options.SignParameters;
        var signTemplate = options.SignTemplate;
        var signParallel = options.SignParallel;
        var trustedSignMetadataPath = options.AzTrustedSign;
        var helper = new CodeSign(Log);
-        if (string.IsNullOrEmpty(signParams) && string.IsNullOrEmpty(signTemplate)) {
+        if (string.IsNullOrEmpty(signParams) && string.IsNullOrEmpty(signTemplate) && string.IsNullOrEmpty(trustedSignMetadataPath)) {
            Log.Warn($"No signing parameters provided, {filePaths.Length} file(s) will not be signed.");
            return;
        }
@@ -261,7 +262,12 @@ public class WindowsPackCommandRunner : PackageBuilder<WindowsPackOptions>
        // signtool.exe does not work if we're not on windows.
        if (!VelopackRuntimeInfo.IsWindows) return;
-        if (!string.IsNullOrEmpty(signParams)) {
+        if(!string.IsNullOrEmpty(trustedSignMetadataPath)) {
            Log.Info($"Use Azure Trusted Signing service for code signing. Metadata file path: {trustedSignMetadataPath}");
            signParams = $"/fd SHA256 /tr \"http://timestamp.acs.microsoft.com\" /v /debug /td SHA256 /dlib \"{HelperFile.AzTrustedSigningDlibPath}\" /dmdf \"{trustedSignMetadataPath}\"";
            helper.Sign(filePaths, signParams, signParallel, progress, false);
        }
        else if (!string.IsNullOrEmpty(signParams)) {
            helper.Sign(filePaths, signParams, signParallel, progress, false);
        }
    }
--- a/src/vpk/Velopack.Packaging.Windows/Commands/WindowsSigningOptions.cs
+++ b/src/vpk/Velopack.Packaging.Windows/Commands/WindowsSigningOptions.cs
@@ -9,4 +9,6 @@ public class WindowsSigningOptions
    public int SignParallel { get; set; }
    public string SignTemplate { get; set; }
-}
+
    public string AzTrustedSign { get; set; }
 }
--- a/src/vpk/Velopack.Packaging/HelperFile.cs
+++ b/src/vpk/Velopack.Packaging/HelperFile.cs
@@ -70,6 +70,9 @@ public static class HelperFile
    [SupportedOSPlatform("windows")]
    public static string SignToolPath => FindHelperFile("signtool.exe");
    [SupportedOSPlatform("windows")]
    public static string AzTrustedSigningDlibPath => FindHelperFile("Azure.CodeSigning.Dlib.dll");
    public static string GetDefaultAppIcon(RuntimeOs os)
    {
        switch (os) {
--- a/src/vpk/Velopack.Vpk/Commands/WindowsPackCommand.cs
+++ b/src/vpk/Velopack.Vpk/Commands/WindowsPackCommand.cs
@@ -15,6 +15,7 @@ public class WindowsPackCommand : PackCommand
    public int SignParallel { get; private set; }
    public string SignTemplate { get; private set; }
    public string AzTrustedSign { get; private set; }
    public string Shortcuts { get; private set; }
@@ -62,7 +63,11 @@ public class WindowsPackCommand : PackCommand
                .SetDescription("Sign files via signtool.exe using these parameters.")
                .SetArgumentHelpName("PARAMS");
-            this.AreMutuallyExclusive(signTemplate, signParams);
+            var azTrustedSign = AddOption<FileInfo>((v) => AzTrustedSign = v.ToFullNameOrNull(), "--azTrustedSign")
                .SetDescription("Path to Azure Trusted Signing metadata.json.")
                .SetArgumentHelpName("PATH");
            this.AreMutuallyExclusive(signTemplate, signParams, azTrustedSign);
        }
    }
 }