From 898e7c635263a75e21ec156a274a5c4e2754781a Mon Sep 17 00:00:00 2001 From: "Dustin L. Howett" Date: Thu, 15 May 2025 14:47:03 -0700 Subject: [PATCH] build: strong name sign the Extension Toolkit (#39469) Strong-name signing embeds publisher identity into the signature of a .NET assembly. This is required if *any other* strong name signed project wants to take a dependency on it. To make this work, we need to delay-sign it with a public key (.snk file)--e.g. say we are going to sign it, but not actually sign it--to give it an identity and then later submit it to ESRP for final signing. The snk file does not contain any private material. Some minor changes were required to build properly: - `InternalsVisibleTo` requires a PublicKeyToken, but we aren't using it in the SDK build so it's fine to just leave it out. - I had to mark a class `sealed` and I can only guess it's because strong named assemblies have more guarantees? --- .github/actions/spell-check/expect.txt | 1 + .pipelines/272MSSharedLibSN2048.snk | Bin 0 -> 288 bytes .pipelines/ESRPSigning_sdk.json | 59 +++++++++++++++++- .../JsonSerializationContext.cs | 2 +- .../MatchOption.cs | 2 - .../MatchResult.cs | 2 - ...t.CommandPalette.Extensions.Toolkit.csproj | 6 ++ .../extensionsdk/nuget/BuildSDKHelper.ps1 | 4 ++ 8 files changed, 70 insertions(+), 6 deletions(-) create mode 100644 .pipelines/272MSSharedLibSN2048.snk diff --git a/.github/actions/spell-check/expect.txt b/.github/actions/spell-check/expect.txt index bdae0338be..f9d35feab1 100644 --- a/.github/actions/spell-check/expect.txt +++ b/.github/actions/spell-check/expect.txt @@ -1535,6 +1535,7 @@ SMALLICON smartphone SMTO SNAPPROCESS +snk snwprintf softline SOURCECLIENTAREAONLY diff --git a/.pipelines/272MSSharedLibSN2048.snk b/.pipelines/272MSSharedLibSN2048.snk new file mode 100644 index 0000000000000000000000000000000000000000..bd766f84a23ac0323c0589df14827e0644f6a6ae GIT binary patch literal 288 zcmV+*0pI=rBme*mfB*m#0RR970ssI2Bme+XQ$aBR2mk;90097ns?fghXpI}0N)347 z{VDt;tTgRCI>Y;$Jq$=VYp67;hyXPP3W!Lu*sb-BXAaT{6uvfrsFBIYz#i`^vM6#? zd^x@VuMTW-NL_sW8d2YgN7HQUshE)lwTixZ=A-8t0qtwthHw&yJ_{O6HLp+enc>H;SZF)np*8VQkMZhY=?#0CI&6piJ=rt}<6RP#`KS4*d|kC{4?MzJ m(H@s~`ArjxJnB=qs52ZcZOe@=sZJQb5o7-mDk9t2Ekc^_F@YHX literal 0 HcmV?d00001 diff --git a/.pipelines/ESRPSigning_sdk.json b/.pipelines/ESRPSigning_sdk.json index 066acf9e4e..e2e2db7701 100644 --- a/.pipelines/ESRPSigning_sdk.json +++ b/.pipelines/ESRPSigning_sdk.json @@ -4,9 +4,66 @@ "SignBatches": [ { "MatchedPath": [ - "Microsoft.CommandPalette.Extensions.dll", "Microsoft.CommandPalette.Extensions.Toolkit.dll" ], + "SigningInfo": { + "Operations": [ + { + "KeyCode": "CP-233904-SN", + "OperationSetCode": "StrongNameSign", + "ToolName": "sign", + "ToolVersion": "1.0", + "Parameters": [] + }, + { + "KeyCode": "CP-233904-SN", + "OperationSetCode": "StrongNameVerify", + "ToolName": "sign", + "ToolVersion": "1.0", + "Parameters": [] + }, + { + "KeyCode": "CP-230012", + "OperationSetCode": "SigntoolSign", + "Parameters": [ + { + "parameterName": "OpusName", + "parameterValue": "Microsoft" + }, + { + "parameterName": "OpusInfo", + "parameterValue": "http://www.microsoft.com" + }, + { + "parameterName": "FileDigest", + "parameterValue": "/fd \"SHA256\"" + }, + { + "parameterName": "PageHash", + "parameterValue": "/NPH" + }, + { + "parameterName": "TimeStamp", + "parameterValue": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256" + } + ], + "ToolName": "sign", + "ToolVersion": "1.0" + }, + { + "KeyCode": "CP-230012", + "OperationSetCode": "SigntoolVerify", + "Parameters": [], + "ToolName": "sign", + "ToolVersion": "1.0" + } + ] + } + }, + { + "MatchedPath": [ + "Microsoft.CommandPalette.Extensions.dll" + ], "SigningInfo": { "Operations": [ { diff --git a/src/modules/cmdpal/extensionsdk/Microsoft.CommandPalette.Extensions.Toolkit/JsonSerializationContext.cs b/src/modules/cmdpal/extensionsdk/Microsoft.CommandPalette.Extensions.Toolkit/JsonSerializationContext.cs index 6d92cdc146..6a0dde88cc 100644 --- a/src/modules/cmdpal/extensionsdk/Microsoft.CommandPalette.Extensions.Toolkit/JsonSerializationContext.cs +++ b/src/modules/cmdpal/extensionsdk/Microsoft.CommandPalette.Extensions.Toolkit/JsonSerializationContext.cs @@ -16,6 +16,6 @@ namespace Microsoft.CommandPalette.Extensions.Toolkit; [JsonSerializable(typeof(List))] [JsonSerializable(typeof(Dictionary), TypeInfoPropertyName = "Dictionary")] [JsonSourceGenerationOptions(UseStringEnumConverter = true, WriteIndented = true)] -internal partial class JsonSerializationContext : JsonSerializerContext +internal sealed partial class JsonSerializationContext : JsonSerializerContext { } diff --git a/src/modules/cmdpal/extensionsdk/Microsoft.CommandPalette.Extensions.Toolkit/MatchOption.cs b/src/modules/cmdpal/extensionsdk/Microsoft.CommandPalette.Extensions.Toolkit/MatchOption.cs index 5f56c5a5b0..9f740e4ade 100644 --- a/src/modules/cmdpal/extensionsdk/Microsoft.CommandPalette.Extensions.Toolkit/MatchOption.cs +++ b/src/modules/cmdpal/extensionsdk/Microsoft.CommandPalette.Extensions.Toolkit/MatchOption.cs @@ -5,8 +5,6 @@ using System; using System.Runtime.CompilerServices; -[assembly: InternalsVisibleTo("Microsoft.Plugin.Program.UnitTests")] - namespace Microsoft.CommandPalette.Extensions.Toolkit; public partial class MatchOption diff --git a/src/modules/cmdpal/extensionsdk/Microsoft.CommandPalette.Extensions.Toolkit/MatchResult.cs b/src/modules/cmdpal/extensionsdk/Microsoft.CommandPalette.Extensions.Toolkit/MatchResult.cs index ad61733f9e..3848065f25 100644 --- a/src/modules/cmdpal/extensionsdk/Microsoft.CommandPalette.Extensions.Toolkit/MatchResult.cs +++ b/src/modules/cmdpal/extensionsdk/Microsoft.CommandPalette.Extensions.Toolkit/MatchResult.cs @@ -4,8 +4,6 @@ using System.Runtime.CompilerServices; -[assembly: InternalsVisibleTo("Microsoft.Plugin.Program.UnitTests")] - namespace Microsoft.CommandPalette.Extensions.Toolkit; public partial class MatchResult diff --git a/src/modules/cmdpal/extensionsdk/Microsoft.CommandPalette.Extensions.Toolkit/Microsoft.CommandPalette.Extensions.Toolkit.csproj b/src/modules/cmdpal/extensionsdk/Microsoft.CommandPalette.Extensions.Toolkit/Microsoft.CommandPalette.Extensions.Toolkit.csproj index 8f3cdaed91..4ceae15953 100644 --- a/src/modules/cmdpal/extensionsdk/Microsoft.CommandPalette.Extensions.Toolkit/Microsoft.CommandPalette.Extensions.Toolkit.csproj +++ b/src/modules/cmdpal/extensionsdk/Microsoft.CommandPalette.Extensions.Toolkit/Microsoft.CommandPalette.Extensions.Toolkit.csproj @@ -15,6 +15,12 @@ None + + true + true + $(MSBuildThisFileDirectory)..\..\..\..\..\.pipelines\272MSSharedLibSN2048.snk + + Microsoft.CommandPalette.Extensions $(OutDir) diff --git a/src/modules/cmdpal/extensionsdk/nuget/BuildSDKHelper.ps1 b/src/modules/cmdpal/extensionsdk/nuget/BuildSDKHelper.ps1 index 52e2f17586..8270e7bb4a 100644 --- a/src/modules/cmdpal/extensionsdk/nuget/BuildSDKHelper.ps1 +++ b/src/modules/cmdpal/extensionsdk/nuget/BuildSDKHelper.ps1 @@ -69,6 +69,10 @@ if (($BuildStep -ieq "all") -Or ($BuildStep -ieq "build")) { ("/p:VersionNumber="+$VersionOfSDK) ) + if ($IsAzurePipelineBuild) { + $msbuildArgs += "/p:CIBuild=true" + } + & $msbuildPath $msbuildArgs } }