Skip to content

Commit

Permalink
Signing: Support signature verification on .NET Core
Browse files Browse the repository at this point in the history 
Remove 2nd N.B.T.P package (#2984)

remove WorkaroundNetStandard target, change SDK for build from 3.0 preview to 3.1 stable (#3161)

* remove WorkaroundNetStandard target, change SDK for build from 3.0 preview to 3.1 stable version, fix error; change LockSDKVersion default value from empty string to false; apply Linux workaround in my change

Retarget to netcore5.0 (#3162)

* retarget to netcore5.0;  Linux script workaround need to apply for downloading SDK for build

add pkcs and cng packages

Temporary fix on patching SDK, add System.Security.Cryptography.Pkcs.dll and update deps.json, use dll from .nuget/packages

Address PR comments

implement add cert to store on Mac; display openssl version (#3166)

Implement timestamp integrity verification; Implement an equivalent NativeCms; enable signing APIs and tests (#3168)

* implement timestamp integrity verification; implement ManagedCms; enable signing APIs and tests

fix xplat verification branch after rebase (#3191)

Fixes: NuGet/Home#9012

check different cross-platform error messages for self-signed cert test (#3208)

Fixes: NuGet/Home#8933

Xplat Signing/Verification : Fix broken tests for setting privatekey of a X509Certificate2 (#3195)

use workaround to set private key for X509Certificate2 (netcore), change ToRSA to workaround for netcore(especially for non-windows)

enable PathTooLongException test (#3216)

Fixes: NuGet/Home#8920

enable TrustedSignerActionsProvider on netcore, along with tests (#3213)

Fixes: NuGet/Home#8921

Enable SignedPackageIntegrityVerificationTests for netcore5.0 (#3220)

Enable SignedPackageIntegrityVerificationTests for netcore, remove extra preprocessors

Enable timestamp provider test and fix 3 broken tests (#3210)

enable all unit tests; enable 8 more tests; enable timestampProviderTest; fix 3 broken tests in TimestampProviderTests

Fix 4 tests in SignatureTrustAndValidityVerificationProviderTests (#3242)

fix untrusted msg for different platforms

fixed broken tests using utility methods (#3263)

disable outdated tests (#3274)

enable 4 tests on Mac (#3275)

fix 5 broken tests in SignatureTrustAndValidityVerificationProviderTests, add workaround for Linux (#3252)

fix broken test case ExecuteCommandAsync_WithAmbiguousMatch_ThrowsAsync (#3291)
  • Loading branch information
@heng-liu
heng-liu committed Mar 27, 2020
1 parent 1f8cd7c commit e94f122
Show file tree
Hide file tree
Showing 165 changed files with 2,412 additions and 652 deletions.
4 changes: 2 additions & 2 deletions build/build.proj
View file
Original file line number Diff line number Diff line change
Expand Up @@ -225,7 +225,7 @@
Projects="@(SolutionProjects)"
Targets="PackProjects"
Properties="$(CommonMSBuildProperties);
VisualStudioVersion=$(VisualStudioVersion);" />
VisualStudioVersion=$(VisualStudioVersion)" />
</Target>

<!--
Expand All @@ -240,7 +240,7 @@
Projects="@(XPLATProjects)"
Targets="PackProjects"
Properties="$(CommonMSBuildProperties);
VisualStudioVersion=$(VisualStudioVersion);" />
VisualStudioVersion=$(VisualStudioVersion)" />
</Target>

<!--
Expand Down
8 changes: 6 additions & 2 deletions build/common.project.props
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,9 +14,13 @@
<NETFXTargetFrameworkVersion>v4.7.2</NETFXTargetFrameworkVersion>
<NETFXTargetFramework>net472</NETFXTargetFramework>
<NETCoreTargetFramework>netcoreapp2.1</NETCoreTargetFramework>
<NETCoreTargetFrameworks Condition=" '$(RequiresSigningXplatAPIs)' != 'true' ">netcoreapp2.1</NETCoreTargetFrameworks>
<NETCoreTargetFrameworks Condition=" '$(RequiresSigningXplatAPIs)' == 'true' and '$(TestForLatestNetCoreOnly)' != 'true' ">netcoreapp2.1;netcoreapp5.0</NETCoreTargetFrameworks>
<NETCoreTargetFrameworks Condition=" '$(RequiresSigningXplatAPIs)' == 'true' and '$(TestForLatestNetCoreOnly)' == 'true' ">netcoreapp5.0</NETCoreTargetFrameworks>
<NetStandardVersion>netstandard2.0</NetStandardVersion>
<TargetFrameworksExe>$(NETFXTargetFramework);$(NETCoreTargetFramework)</TargetFrameworksExe>
<TargetFrameworksLibrary>$(NETFXTargetFramework);$(NetStandardVersion)</TargetFrameworksLibrary>
<TargetFrameworksExe>$(NETFXTargetFramework);$(NETCoreTargetFrameworks)</TargetFrameworksExe>
<TargetFrameworksLibrary Condition=" '$(RequiresSigningXplatAPIs)' != 'true' ">$(NETFXTargetFramework);$(NetStandardVersion)</TargetFrameworksLibrary>
<TargetFrameworksLibrary Condition=" '$(RequiresSigningXplatAPIs)' == 'true' ">$(NETFXTargetFramework);$(NetStandardVersion);netstandard2.1</TargetFrameworksLibrary>
<RepositoryRootDirectory>$([MSBuild]::GetDirectoryNameOfFileAbove($(MSBuildThisFileDirectory), 'README.md'))\</RepositoryRootDirectory>
<BuildCommonDirectory>$(RepositoryRootDirectory)build\</BuildCommonDirectory>
<SolutionFile>$(RepositoryRootDirectory)$(RepositoryName).sln</SolutionFile>
Expand Down
123 changes: 87 additions & 36 deletions build/common.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -86,11 +86,11 @@ Function Invoke-BuildStep {
[CmdletBinding()]
[Alias('ibs')]
param(
[Parameter(Mandatory=$True)]
[Parameter(Mandatory = $True)]
[string]$BuildStep,
[Parameter(Mandatory=$True)]
[Parameter(Mandatory = $True)]
[ScriptBlock]$Expression,
[Parameter(Mandatory=$False)]
[Parameter(Mandatory = $False)]
[Alias('args')]
[Object[]]$Arguments,
[Alias('skip')]
Expand Down Expand Up @@ -169,39 +169,88 @@ Function Install-DotnetCLI {
)
$vsMajorVersion = Get-VSMajorVersion
$MSBuildExe = Get-MSBuildExe $vsMajorVersion
$CliBranchForTesting = & $msbuildExe $NuGetClientRoot\build\config.props /v:m /nologo /t:GetCliBranchForTesting
$CliBranchListForTesting = & $msbuildExe $NuGetClientRoot\build\config.props /v:m /nologo /t:GetCliBranchForTesting
$CliBranchList = $CliBranchListForTesting.Split(';');

$cli = @{
Root = $CLIRoot
Version = 'latest'
Channel = $CliBranchForTesting.Trim()
$DotNetInstall = Join-Path $CLIRoot 'dotnet-install.ps1'

#If "-force" is specified, or dotnet.exe under cli folder doesn't exist, create cli folder and download dotnet-install.ps1 into cli folder.
if ($Force -or -not (Test-Path $DotNetExe)) {
Trace-Log "Downloading .NET CLI $CliBranchForTesting"

New-Item -ItemType Directory -Force -Path $CLIRoot | Out-Null

Invoke-WebRequest 'https://raw.githubusercontent.com/dotnet/cli/master/scripts/obtain/dotnet-install.ps1' -OutFile $DotNetInstall
}

ForEach ($CliBranch in $CliBranchList) {
$CliBranch = $CliBranch.trim()
$CliChannelAndVersion = $CliBranch -split "\s+"

$Channel = $CliChannelAndVersion[0].trim()
if ($CliChannelAndVersion.count -eq 1) {
$Version = 'latest'
}
else {
$Version = $CliChannelAndVersion[1].trim()
}

$cli = @{
Root = $CLIRoot
Version = $Version
Channel = $Channel
}

$DotNetExe = Join-Path $cli.Root 'dotnet.exe';
$DotNetExe = Join-Path $cli.Root 'dotnet.exe';

if ([Environment]::Is64BitOperatingSystem) {
$arch = "x64";
}
else {
$arch = "x86";
}
if ([Environment]::Is64BitOperatingSystem) {
$arch = "x64";
}
else {
$arch = "x86";
}

$env:DOTNET_HOME=$cli.Root
$env:DOTNET_INSTALL_DIR=$NuGetClientRoot
$DotNetInstall = Join-Path $cli.Root 'dotnet-install.ps1'
$env:DOTNET_HOME = $cli.Root
$env:DOTNET_INSTALL_DIR = $NuGetClientRoot

if ($Version -eq 'latest') {
#Get the latest specific version number for a certain channel from url like : https://dotnetcli.blob.core.windows.net/dotnet/Sdk/release/3.0.1xx/latest.version"
$httpGetUrl = "https://dotnetcli.blob.core.windows.net/dotnet/Sdk/" + $Channel + "/latest.version"
$versionFile = Invoke-RestMethod -Method Get -Uri $httpGetUrl

$stringReader = New-Object -TypeName System.IO.StringReader -ArgumentList $versionFile
[int]$count = 0
while ( $line = $stringReader.ReadLine() ) {
if ($count -eq 1) {
$specificVersion = $line.trim()
}
$count += 1
}
}
else {
$specificVersion = $Version
}

Trace-Log "The version of SDK should be installed is : $specificVersion"

if ($Force -or -not (Test-Path $DotNetExe)) {
Trace-Log 'Downloading .NET CLI'
$probeDotnetPath = Join-Path (Join-Path $cli.Root sdk) $specificVersion

New-Item -ItemType Directory -Force -Path $cli.Root | Out-Null
Trace-Log "Probing folder : $probeDotnetPath"

Invoke-WebRequest 'https://dot.net/v1/dotnet-install.ps1' -OutFile $DotNetInstall
Trace-Log "$DotNetInstall -Channel $($cli.Channel) -i $($cli.Root) -Version $($cli.Version) -Architecture $arch"
& $DotNetInstall -Channel $cli.Channel -i $cli.Root -Version $cli.Version -Architecture $arch
}
#If "-force" is specified, or folder with specific version doesn't exist, the download command will run"
if ($Force -or -not (Test-Path $probeDotnetPath)) {
& $DotNetInstall -Channel $cli.Channel -i $cli.Root -Version $cli.Version -Architecture $arch -NoPath
}

if (-not (Test-Path $DotNetExe)) {
Error-Log "Unable to find dotnet.exe. The CLI install may have failed." -Fatal
if (-not (Test-Path $DotNetExe)) {
Error-Log "Unable to find dotnet.exe. The CLI install may have failed." -Fatal
}
if (-not(Test-Path $probeDotnetPath)) {
Error-Log "Unable to find specific version of sdk. The CLI install may have failed." -Fatal
}

# Display build info
& $DotNetExe --info
}

# Install the 2.x runtime because our tests target netcoreapp2x
Expand Down Expand Up @@ -235,7 +284,7 @@ otherwise we pick the latest Visual Studio version available on the machine.
#>
Function Get-VSVersion() {
if (-not $VSVersion) {
if(-not $script:FallbackVSVersion){
if (-not $script:FallbackVSVersion) {
Verbose-Log "No fallback VS Version set yet. This means that we are running outside of a developer command prompt scope."
$_ = Get-LatestVisualStudioRoot
}
Expand All @@ -257,15 +306,16 @@ Function Get-MSBuildExe {
[string]$MSBuildVersion
)

if(-not $MSBuildVersion){
if (-not $MSBuildVersion) {
$MSBuildVersion = Get-VSMajorVersion
}

$CommonToolsVar = "Env:VS${MSBuildVersion}0COMNTOOLS"
if (Test-Path $CommonToolsVar) {
$CommonToolsValue = gci $CommonToolsVar | select -expand value -ea Ignore
$MSBuildRoot = Join-Path $CommonToolsValue '..\..\MSBuild' -Resolve
} else {
}
else {
$VisualStudioRoot = Get-LatestVisualStudioRoot
if ($VisualStudioRoot -and (Test-Path $VisualStudioRoot)) {
$MSBuildRoot = Join-Path $VisualStudioRoot 'MSBuild'
Expand All @@ -281,7 +331,8 @@ Function Get-MSBuildExe {
if (Test-Path $MSBuildExe) {
Verbose-Log "Found MSBuild.exe at `"$MSBuildExe`""
$MSBuildExe
} else {
}
else {
Error-Log 'Could not find MSBuild.exe' -Fatal
}
}
Expand Down Expand Up @@ -310,9 +361,9 @@ Function Test-BuildEnvironment {
$script:VSToolsetInstalled = ($BuildToolsets | where vstoolset -ne $null)

$ConfigureObject |
select -expand envvars -ea Ignore |
%{ $_.psobject.properties } |
%{ Set-Item -Path "env:$($_.Name)" -Value $_.Value }
select -expand envvars -ea Ignore |
% { $_.psobject.properties } |
% { Set-Item -Path "env:$($_.Name)" -Value $_.Value }

if ($CI) {
# Explicitly add cli to environment PATH
Expand All @@ -339,7 +390,7 @@ Function Clear-PackageCache {
Function Clear-Artifacts {
[CmdletBinding()]
param()
if( Test-Path $Artifacts) {
if ( Test-Path $Artifacts) {
Trace-Log 'Cleaning the Artifacts folder'
Remove-Item $Artifacts\* -Recurse -Force -Exclude 'configure.json'
}
Expand All @@ -354,7 +405,7 @@ Function Clear-Nupkgs {
}
}

Function Restore-SolutionPackages{
Function Restore-SolutionPackages {
[CmdletBinding()]
param(
)
Expand Down
17 changes: 15 additions & 2 deletions build/common.targets
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
<?xml version="1.0" encoding="utf-8"?>
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="15.0">
<!-- Compiler flags -->
<PropertyGroup Condition=" '$(TargetFramework)' == '$(NETFXTargetFramework)' ">
Expand All @@ -11,6 +11,19 @@
<IsCore>true</IsCore>
</PropertyGroup>

<PropertyGroup Condition=" '$(TargetFramework)' == 'netcoreapp5.0' ">
<DefineConstants>$(DefineConstants);NETCORE5_0</DefineConstants>
</PropertyGroup>

<PropertyGroup>
<SigningNotSupported Condition=" '$(TargetFramework)' == 'netstandard2.0' OR '$(TargetFramework)' == 'netcoreapp2.1'">true</SigningNotSupported>
<SigningNotSupported Condition=" '$(SigningNotSupported)' != 'true'">false</SigningNotSupported>
</PropertyGroup>

<PropertyGroup Condition=" '$(SigningNotSupported)' != 'true' ">
<DefineConstants>$(DefineConstants);IS_SIGNING_SUPPORTED</DefineConstants>
</PropertyGroup>

<!-- Include shared files for netcore projects -->
<ItemGroup Condition=" ('$(IsNetCoreProject)' == 'true' AND '$(SkipShared)' != 'true' AND '$(TestProject)' != 'true') OR '$(IncludeNuGetSharedFiles)' == 'true'">
<Compile Include="$(SharedDirectory)\*.cs" Exclude="bin\**;obj\**;**\*.xproj;packages\**" />
Expand Down Expand Up @@ -333,4 +346,4 @@

<Import Project="$([MSBuild]::GetDirectoryNameOfFileAbove($(MSBuildThisFileDirectory), 'README.md'))\packages\Microsoft.VisualStudioEng.MicroBuild.Core.0.4.1\build\Microsoft.VisualStudioEng.MicroBuild.Core.targets" Condition="Exists('$([MSBuild]::GetDirectoryNameOfFileAbove($(MSBuildThisFileDirectory), &quot;README.md&quot;))\packages\Microsoft.VisualStudioEng.MicroBuild.Core.0.4.1\build\Microsoft.VisualStudioEng.MicroBuild.Core.targets')" />

</Project>
</Project>
16 changes: 14 additions & 2 deletions build/config.props
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,12 +32,21 @@
<VsTargetMajorVersion>$([MSBuild]::Add(11, $(MajorNuGetVersion)))</VsTargetMajorVersion>
<VsTargetBranch>master</VsTargetBranch>
<VsTargetChannel>int.$(VsTargetBranch)</VsTargetChannel>

<!-- This branches are used for creating insertion PRs -->
<VsTargetBranch Condition="'$(IsEscrowMode)' == 'true'">rel/d$(VsTargetMajorVersion).$(MinorNuGetVersion)</VsTargetBranch>
<VsTargetChannel Condition="'$(IsEscrowMode)' == 'true'">int.d$(VsTargetMajorVersion).$(MinorNuGetVersion)</VsTargetChannel>

<!-- .NET Core SDK Insertion Logic -->
<!-- .NET Core SDK Insertion Logic -->
<!-- when LockSDKVersion is true, it will use the specific version in CliVersionForBuilding for building, and specific version in OverrideCliBranchForTesting for testing, -->
<!-- when LockSDKVersion is false, it will ignore the properties and just use the latest version for the channel specified in CliVersionForBuilding for building, CliBranchForTesting for testing -->
<LockSDKVersion>true</LockSDKVersion>
<OverrideCliBranchForTesting Condition="'$(LockSDKVersion)' == 'false'"></OverrideCliBranchForTesting>
<OverrideCliBranchForTesting Condition="'$(LockSDKVersion)' == 'true'">master 5.0.100-alpha1-015516</OverrideCliBranchForTesting>
<CliVersionForBuilding Condition="'$(LockSDKVersion)' == 'false'">master</CliVersionForBuilding>
<CliVersionForBuilding Condition="'$(LockSDKVersion)' == 'true'">"master 5.0.100-alpha1-015516"</CliVersionForBuilding>
<CliBranchForTesting Condition="'$(OverrideCliBranchForTesting)' != ''">$(OverrideCliBranchForTesting)</CliBranchForTesting>
<CliBranchForTesting Condition="'$(OverrideCliBranchForTesting)' == ''">3.1</CliBranchForTesting>
<CliBranchForTesting Condition="'$(OverrideCliBranchForTesting)' == ''">master</CliBranchForTesting>
<CliTargetBranches Condition="'$(OverrideCliTargetBranches)' != ''">$(OverrideCliTargetBranches)</CliTargetBranches>
<CliTargetBranches Condition="'$(OverrideCliTargetBranches)' == ''">master</CliTargetBranches>
<SdkTargetBranches Condition="'$(OverrideCliTargetBranches)' != ''">$(OverrideCliTargetBranches)</SdkTargetBranches>
Expand Down Expand Up @@ -95,4 +104,7 @@
<Target Name="GetCliBranchForTesting">
<Message Text="$(CliBranchForTesting)" Importance="High"/>
</Target>
<Target Name="GetCliVersionForBuilding">
<Message Text="$(CliVersionForBuilding)" Importance="High"/>
</Target>
</Project>
5 changes: 4 additions & 1 deletion build/packages.targets
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,8 @@
<VSFrameworkVersion>16.5.29714.20</VSFrameworkVersion>
<VSServicesVersion>16.153.0</VSServicesVersion>
<VSThreadingVersion>16.5.126</VSThreadingVersion>
<!-- TODO - remove this when temporary patching is no longer necessary. See https://github.com/NuGet/Home/issues/8508 -->
<PatchedSystemPackagesVersion>5.0.0-alpha1.19473.1</PatchedSystemPackagesVersion>
</PropertyGroup>

<!-- Test and package versions -->
Expand Down Expand Up @@ -65,6 +67,8 @@
<PackageReference Update="System.Dynamic.Runtime" Version="$(SystemPackagesVersion)" />
<PackageReference Update="System.Runtime.Serialization.Formatters" Version="$(SystemPackagesVersion)" />
<PackageReference Update="System.Runtime.Serialization.Primitives" Version="$(SystemPackagesVersion)" />
<PackageReference Update="System.Security.Cryptography.Pkcs" Version="$(PatchedSystemPackagesVersion)" />
<PackageReference Update="System.Security.Cryptography.Cng" Version="$(PatchedSystemPackagesVersion)" />
<PackageReference Update="System.Security.Cryptography.ProtectedData" Version="$(SystemPackagesVersion)" />
<PackageReference Update="System.Threading.Tasks.Dataflow" Version="4.9.0" />
<PackageReference Update="System.Threading.Thread" Version="$(SystemPackagesVersion)" />
Expand Down Expand Up @@ -96,7 +100,6 @@
<PackageReference Update="System.Diagnostics.TraceSource" Version="$(SystemPackagesVersion)" />
<PackageReference Update="System.IO.Compression.ZipFile" Version="$(SystemPackagesVersion)" />
<PackageReference Update="System.Runtime.Loader" Version="$(SystemPackagesVersion)" />
<PackageReference Update="System.Security.Cryptography.Pkcs" Version="4.5.2" />
<PackageReference Update="System.Threading.Tasks.Parallel" Version="$(SystemPackagesVersion)" />
<PackageReference Update="Xunit.StaFact" Version="0.2.9" />
<PackageReference Update="xunit" Version="$(XunitVersion)" />
Expand Down
Loading

0 comments on commit e94f122

Please sign in to comment.