Skip to content

fix package build to not check some files for a signature. #21458

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
TravisEz13 merged 6 commits into from
Apr 11, 2024
Merged

fix package build to not check some files for a signature. #21458

Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
6923326
Do not check for signature on non-Windows.
JamesWTruher Apr 10, 2024
7eea85a
skip replacing pwsh.
JamesWTruher Apr 10, 2024
2ca6fa5
Change location of where pwsh is skipped.
JamesWTruher Apr 10, 2024
f546dbd
skip the check of the global tool.
JamesWTruher Apr 10, 2024
b0e5289
Update tools/packaging/packaging.psm1
JamesWTruher Apr 11, 2024
df87f35
Update tools/packaging/packaging.psm1
TravisEz13 Apr 11, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
40 changes: 30 additions & 10 deletions tools/packaging/packaging.psm1
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -905,20 +905,32 @@ function Update-PSSignedBuildFolder
$signedFilesFilter = Join-Path -Path $SignedFilesPathNormalized -ChildPath '*'
Write-Verbose -Verbose "signedFilesFilter = $signedFilesFilter"

Get-ChildItem -Path $signedFilesFilter -Recurse -File | Select-Object -ExpandProperty FullName | ForEach-Object -Process {
Write-Verbose -Verbose "Processing $_"
$signedFilesList = Get-ChildItem -Path $signedFilesFilter -Recurse -File
foreach ($signedFileObject in $signedFilesList) {
# completely skip replacing pwsh on non-windows systems (there is no .exe extension here)
# and it may not be signed correctly

# The Shim will not be signed in CI.

if ($signedFileObject.Name -eq "pwsh" -or ($signedFileObject.Name -eq "Microsoft.PowerShell.GlobalTool.Shim.exe" -and $env:BUILD_REASON -eq 'PullRequest')) {
Write-Verbose -Verbose "Skipping $signedFileObject"
continue
}

$signedFilePath = $signedFileObject.FullName
Write-Verbose -Verbose "Processing $signedFilePath"

# Agents seems to be on a case sensitive file system
if ($IsLinux) {
$relativePath = $_.Replace($SignedFilesPathNormalized, '')
$relativePath = $signedFilePath.Replace($SignedFilesPathNormalized, '')
} else {
$relativePath = $_.ToLowerInvariant().Replace($SignedFilesPathNormalized.ToLowerInvariant(), '')
$relativePath = $signedFilePath.ToLowerInvariant().Replace($SignedFilesPathNormalized.ToLowerInvariant(), '')
}

Write-Verbose -Verbose "relativePath = $relativePath"
$destination = (Get-Item (Join-Path -Path $BuildPathNormalized -ChildPath $relativePath)).FullName
Write-Verbose -Verbose "destination = $destination"
Write-Log "replacing $destination with $_"
Write-Log "replacing $destination with $signedFilePath"

if (-not (Test-Path $destination)) {
$parent = Split-Path -Path $destination -Parent
Expand All @@ -932,13 +944,21 @@ function Update-PSSignedBuildFolder
Write-Error "File not found: $destination, parent - $parent exists: $exists"
}

$signature = Get-AuthenticodeSignature -FilePath $_

if ($signature.Status -ne 'Valid') {
Write-Error "Invalid signature for $_"
# Get-AuthenticodeSignature will only work on Windows
if ($IsWindows)
{
$signature = Get-AuthenticodeSignature -FilePath $signedFilePath
if ($signature.Status -ne 'Valid') {
Write-Error "Invalid signature for $signedFilePath"
}
}
else
{
Write-Verbose -Verbose "Skipping certificate check of $signedFilePath on non-Windows"
}

Copy-Item -Path $signedFilePath -Destination $destination -Force

Copy-Item -Path $_ -Destination $destination -Force
}

foreach($filter in $RemoveFilter) {
Expand Down