build: strong name sign the Extension Toolkit

Strong-name signing embeds publisher identity into the signature of a .NET assembly. This is required if *any other* strong name signed project wants to take a dependency on it. To make this work, we need to delay-sign it with a public key (.snk file)--e.g. say we are going to sign it, but not actually sign it--to give it an identity and then later submit it to ESRP for final signing. The snk file does not contain any private material.
2026-02-23 19:49:43 +01:00 · 2025-05-15 12:28:36 -05:00
parent 1837dc5ee6
commit 5cd235b303
4 changed files with 68 additions and 1 deletions
--- a/.pipelines/272MSSharedLibSN2048.snk
+++ b/.pipelines/272MSSharedLibSN2048.snk
--- a/.pipelines/ESRPSigning_sdk.json
+++ b/.pipelines/ESRPSigning_sdk.json
@@ -4,9 +4,66 @@
    "SignBatches": [
        {
            "MatchedPath": [
-                "Microsoft.CommandPalette.Extensions.dll",
                "Microsoft.CommandPalette.Extensions.Toolkit.dll"
            ],
+            "SigningInfo": {
+                "Operations": [
+                    {
+                        "KeyCode": "CP-233904-SN",
+                        "OperationSetCode": "StrongNameSign",
+                        "ToolName": "sign",
+                        "ToolVersion": "1.0",
+                        "Parameters": []
+                    },
+                    {
+                        "KeyCode": "CP-233904-SN",
+                        "OperationSetCode": "StrongNameVerify",
+                        "ToolName": "sign",
+                        "ToolVersion": "1.0",
+                        "Parameters": []
+                    },
+                    {
+                        "KeyCode": "CP-230012",
+                        "OperationSetCode": "SigntoolSign",
+                        "Parameters": [
+                            {
+                                "parameterName": "OpusName",
+                                "parameterValue": "Microsoft"
+                            },
+                            {
+                                "parameterName": "OpusInfo",
+                                "parameterValue": "http://www.microsoft.com"
+                            },
+                            {
+                                "parameterName": "FileDigest",
+                                "parameterValue": "/fd \"SHA256\""
+                            },
+                            {
+                                "parameterName": "PageHash",
+                                "parameterValue": "/NPH"
+                            },
+                            {
+                                "parameterName": "TimeStamp",
+                                "parameterValue": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256"
+                            }
+                        ],
+                        "ToolName": "sign",
+                        "ToolVersion": "1.0"
+                    },
+                    {
+                        "KeyCode": "CP-230012",
+                        "OperationSetCode": "SigntoolVerify",
+                        "Parameters": [],
+                        "ToolName": "sign",
+                        "ToolVersion": "1.0"
+                    }
+                ]
+            }
+        },
+        {
+            "MatchedPath": [
+                "Microsoft.CommandPalette.Extensions.dll"
+            ],
            "SigningInfo": {
                "Operations": [
                    {
--- a/src/modules/cmdpal/extensionsdk/Microsoft.CommandPalette.Extensions.Toolkit/Microsoft.CommandPalette.Extensions.Toolkit.csproj
+++ b/src/modules/cmdpal/extensionsdk/Microsoft.CommandPalette.Extensions.Toolkit/Microsoft.CommandPalette.Extensions.Toolkit.csproj
@@ -15,6 +15,12 @@
    <ResolveAssemblyWarnOrErrorOnTargetArchitectureMismatch>None</ResolveAssemblyWarnOrErrorOnTargetArchitectureMismatch>
  </PropertyGroup>

+  <PropertyGroup Condition="'$(CIBuild)'=='true'">
+    <SignAssembly>true</SignAssembly>
+    <DelaySign>true</DelaySign>
+    <AssemblyOriginatorKeyFile>$(SolutionDir)\.pipelines\272MSSharedLibSN2048.snk</AssemblyOriginatorKeyFile>
+  </PropertyGroup>
+
  <PropertyGroup>
    <CsWinRTIncludes>Microsoft.CommandPalette.Extensions</CsWinRTIncludes>
    <CsWinRTGeneratedFilesDir>$(OutDir)</CsWinRTGeneratedFilesDir>
--- a/src/modules/cmdpal/extensionsdk/nuget/BuildSDKHelper.ps1
+++ b/src/modules/cmdpal/extensionsdk/nuget/BuildSDKHelper.ps1
@@ -69,6 +69,10 @@ if (($BuildStep -ieq "all") -Or ($BuildStep -ieq "build")) {
          ("/p:VersionNumber="+$VersionOfSDK)
          )

+        if ($IsAzurePipelineBuild) {
+          $msbuildArgs += "/p:CIBuild=true"
+        }
+
        & $msbuildPath $msbuildArgs
      }
    }