Skip to content

Commit d2e414d

Browse files
joaomorenojoaomoreno
authored
ESRP Cert (#108366) (#108598)
* ESRP Cert (#108366) * update ESRP * update to new ESRP cert * make gulp fail when inno setup fails * fix esrp * debug * update esrp client version * 🤦 * argh * update esrpclient * argh * remove echos
1 parent c069731 commit d2e414d

File tree

6 files changed

+32
-21
lines changed

6 files changed

+32
-21
lines changed

build/azure-pipelines/win32/ESRPClient/packages.config

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
11
<?xml version="1.0" encoding="utf-8"?>
22
<packages>
3-
<package id="Microsoft.ESRPClient" version="1.2.25" />
3+
<package id="Microsoft.ESRPClient" version="1.2.47" />
44
</packages>

build/azure-pipelines/win32/import-esrp-auth-cert.ps1

Lines changed: 12 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -1,14 +1,14 @@
1-
Param(
2-
[string]$AuthCertificateBase64,
3-
[string]$AuthCertificateKey
4-
)
1+
param ($CertBase64)
2+
$ErrorActionPreference = "Stop"
53

6-
# Import auth certificate
7-
$AuthCertificateFileName = [System.IO.Path]::GetTempFileName()
8-
$AuthCertificateBytes = [Convert]::FromBase64String($AuthCertificateBase64)
9-
[IO.File]::WriteAllBytes($AuthCertificateFileName, $AuthCertificateBytes)
10-
$AuthCertificate = Import-PfxCertificate -FilePath $AuthCertificateFileName -CertStoreLocation Cert:\LocalMachine\My -Password (ConvertTo-SecureString $AuthCertificateKey -AsPlainText -Force)
11-
rm $AuthCertificateFileName
12-
$ESRPAuthCertificateSubjectName = $AuthCertificate.Subject
4+
$CertBytes = [System.Convert]::FromBase64String($CertBase64)
5+
$CertCollection = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2Collection
6+
$CertCollection.Import($CertBytes, $null, [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::Exportable)
137

14-
Write-Output ("##vso[task.setvariable variable=ESRPAuthCertificateSubjectName;]$ESRPAuthCertificateSubjectName")
8+
$CertStore = New-Object System.Security.Cryptography.X509Certificates.X509Store("My","LocalMachine")
9+
$CertStore.Open("ReadWrite")
10+
$CertStore.AddRange($CertCollection)
11+
$CertStore.Close()
12+
13+
$ESRPAuthCertificateSubjectName = $CertCollection[0].Subject
14+
Write-Output ("##vso[task.setvariable variable=ESRPAuthCertificateSubjectName;]$ESRPAuthCertificateSubjectName")

build/azure-pipelines/win32/product-build-win32-arm64.yml

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -171,9 +171,11 @@ steps:
171171
inputs:
172172
ESRP: 'ESRP CodeSign'
173173

174-
- powershell: |
175-
$ErrorActionPreference = "Stop"
176-
.\build\azure-pipelines\win32\import-esrp-auth-cert.ps1 -AuthCertificateBase64 $(esrp-auth-certificate) -AuthCertificateKey $(esrp-auth-certificate-key)
174+
- task: PowerShell@2
175+
inputs:
176+
targetType: filePath
177+
filePath: .\build\azure-pipelines\win32\import-esrp-auth-cert.ps1
178+
arguments: "$(ESRP-SSL-AADAuth)"
177179
displayName: Import ESRP Auth Certificate
178180

179181
- powershell: |

build/azure-pipelines/win32/product-build-win32.yml

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -233,9 +233,11 @@ steps:
233233
inputs:
234234
ESRP: 'ESRP CodeSign'
235235

236-
- powershell: |
237-
$ErrorActionPreference = "Stop"
238-
.\build\azure-pipelines\win32\import-esrp-auth-cert.ps1 -AuthCertificateBase64 $(esrp-auth-certificate) -AuthCertificateKey $(esrp-auth-certificate-key)
236+
- task: PowerShell@2
237+
inputs:
238+
targetType: filePath
239+
filePath: .\build\azure-pipelines\win32\import-esrp-auth-cert.ps1
240+
arguments: "$(ESRP-SSL-AADAuth)"
239241
displayName: Import ESRP Auth Certificate
240242

241243
- powershell: |

build/azure-pipelines/win32/sign.ps1

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,7 @@ $Auth = Create-TmpJson @{
1212
SubjectName = $env:ESRPAuthCertificateSubjectName
1313
StoreLocation = "LocalMachine"
1414
StoreName = "My"
15+
SendX5c = "true"
1516
}
1617
RequestSigningCert = @{
1718
SubjectName = $env:ESRPCertificateSubjectName
@@ -67,4 +68,4 @@ $Input = Create-TmpJson @{
6768

6869
$Output = [System.IO.Path]::GetTempFileName()
6970
$ScriptPath = Split-Path -Path $MyInvocation.MyCommand.Definition -Parent
70-
& "$ScriptPath\ESRPClient\packages\Microsoft.ESRPClient.1.2.25\tools\ESRPClient.exe" Sign -a $Auth -p $Policy -i $Input -o $Output
71+
& "$ScriptPath\ESRPClient\packages\Microsoft.ESRPClient.*\tools\ESRPClient.exe" Sign -a $Auth -p $Policy -i $Input -o $Output

build/gulpfile.vscode.win32.js

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -54,7 +54,13 @@ function packageInnoSetup(iss, options, cb) {
5454

5555
cp.spawn(innoSetupPath, args, { stdio: ['ignore', 'inherit', 'inherit'] })
5656
.on('error', cb)
57-
.on('exit', () => cb(null));
57+
.on('exit', code => {
58+
if (code === 0) {
59+
cb(null);
60+
} else {
61+
cb(new Error(`InnoSetup returned exit code: ${code}`));
62+
}
63+
});
5864
}
5965

6066
function buildWin32Setup(arch, target) {

0 commit comments

Comments
 (0)