Forcing build to validate signing and versioning (#15432)

* ps script for validation * intentionally breaking for testing * including script in release * fixing script * removing old ignore * Fixing unit tests to be versioned * fixing version path * Authenticode * Update release.yml * Update versionAndSignCheck.ps1 * Update release.yml * Update versionAndSignCheck.ps1 * Update release.yml * Update versionAndSignCheck.ps1 * Update versionAndSignCheck.ps1 * Update versionAndSignCheck.ps1 * Update versionAndSignCheck.ps1 * Update versionAndSignCheck.ps1 * Update release.yml * Update versionAndSignCheck.ps1 * Update versionAndSignCheck.ps1 * Update release.yml * Update versionAndSignCheck.ps1 * Update ESRPSigning_core.json * Update versionAndSignCheck.ps1 * Update versionAndSignCheck.ps1 * Update versionAndSignCheck.ps1 * Update release.yml
2025-12-16 11:48:06 +01:00 · 2022-01-10 18:26:27 -08:00
parent cf0c45a319
commit f303c29d4c
6 changed files with 76 additions and 6 deletions
--- a/.pipelines/versionAndSignCheck.ps1
+++ b/.pipelines/versionAndSignCheck.ps1
@@ -0,0 +1,53 @@
+[CmdletBinding()]
+# todo: send in arch / conf, could send in actual path
+Param(
+  [Parameter(Mandatory=$True,Position=1)]
+  [AllowEmptyString()]
+  [string]$targetDir = $PSScriptRoot + '/../extractedMsi/File'
+)
+
+$DirPath = $targetDir;  #this file is in pipeline, we need root.
+$items = Get-ChildItem -Path $DirPath -File -Include *.exe,*.dll -Recurse -Force -ErrorAction SilentlyContinue
+$totalFailure = 0;
+
+Write-Host $DirPath;
+
+if(-not (Test-Path $DirPath))
+{  
+    Write-Host "Folder does not exist!"
+}
+
+Write-Host "Total items: " $items.Count
+
+if($items.Count -eq 0)
+{
+	# no items means something bad happened.  We should fail ASAP
+	exit 1;
+}
+
+$items | ForEach-Object { 
+    if($_.VersionInfo.FileVersion -eq "1.0.0.0" )
+	{
+		if(-not $_.Name.EndsWith("Microsoft.Search.Interop.dll"))
+		{
+			Write-Host "Version not set: " + $_.FullName
+			$totalFailure++;
+		}
+	}
+}
+
+$items | ForEach-Object { 
+	$auth = Get-AuthenticodeSignature $_.FullName
+	if($auth.SignerCertificate -eq $null)
+	{
+		Write-Host "Not Signed: " + $_.FullName
+		$totalFailure++;
+	}
+}
+
+if($totalFailure -gt 0)
+{
+	exit 1
+}
+
+exit 0