Showing preview only (2,337K chars total). Download the full file or copy to clipboard to get everything.
Repository: dotnet/sign
Branch: main
Commit: 2a6e1f414321
Files: 629
Total size: 2.1 MB
Directory structure:
gitextract_xxtpi398/
├── .azuredevops/
│ └── dependabot.yml
├── .config/
│ └── 1espt/
│ ├── PipelineAutobaseliningConfig.yml
│ └── README.md
├── .editorconfig
├── .gitattributes
├── .github/
│ ├── CODEOWNERS
│ ├── ISSUE_TEMPLATE/
│ │ ├── bug_report.md
│ │ └── feature_request.md
│ └── workflows/
│ └── stale.yml
├── .gitignore
├── .vsts-ci.yml
├── .vsts-pr.yml
├── CODE-OF-CONDUCT.md
├── Directory.Build.props
├── Directory.Build.targets
├── Directory.Packages.props
├── LICENSE.txt
├── NuGet.Config
├── README.md
├── SECURITY.md
├── SdkTools.props
├── THIRD-PARTY-NOTICES.txt
├── docs/
│ ├── artifact-signing-integration.md
│ ├── azdo-build-and-sign.yml
│ ├── comparisons.md
│ ├── file-globbing.md
│ ├── gh-build-and-sign.yml
│ └── signing-tool-spec.md
├── eng/
│ ├── PoliCheckExclusions.xml
│ ├── Signing.props
│ ├── Version.Details.xml
│ ├── Versions.props
│ └── common/
│ ├── BuildConfiguration/
│ │ └── build-configuration.json
│ ├── CIBuild.cmd
│ ├── PSScriptAnalyzerSettings.psd1
│ ├── README.md
│ ├── SetupNugetSources.ps1
│ ├── SetupNugetSources.sh
│ ├── build.cmd
│ ├── build.ps1
│ ├── build.sh
│ ├── cibuild.sh
│ ├── core-templates/
│ │ ├── job/
│ │ │ ├── job.yml
│ │ │ ├── onelocbuild.yml
│ │ │ ├── publish-build-assets.yml
│ │ │ ├── source-build.yml
│ │ │ └── source-index-stage1.yml
│ │ ├── jobs/
│ │ │ ├── codeql-build.yml
│ │ │ ├── jobs.yml
│ │ │ └── source-build.yml
│ │ ├── post-build/
│ │ │ ├── common-variables.yml
│ │ │ ├── post-build.yml
│ │ │ └── setup-maestro-vars.yml
│ │ ├── steps/
│ │ │ ├── cleanup-microbuild.yml
│ │ │ ├── enable-internal-runtimes.yml
│ │ │ ├── enable-internal-sources.yml
│ │ │ ├── generate-sbom.yml
│ │ │ ├── get-delegation-sas.yml
│ │ │ ├── get-federated-access-token.yml
│ │ │ ├── install-microbuild.yml
│ │ │ ├── publish-build-artifacts.yml
│ │ │ ├── publish-logs.yml
│ │ │ ├── publish-pipeline-artifacts.yml
│ │ │ ├── retain-build.yml
│ │ │ ├── send-to-helix.yml
│ │ │ ├── source-build.yml
│ │ │ └── source-index-stage1-publish.yml
│ │ └── variables/
│ │ └── pool-providers.yml
│ ├── cross/
│ │ ├── arm/
│ │ │ └── tizen/
│ │ │ └── tizen.patch
│ │ ├── arm64/
│ │ │ └── tizen/
│ │ │ └── tizen.patch
│ │ ├── armel/
│ │ │ └── tizen/
│ │ │ └── tizen.patch
│ │ ├── build-android-rootfs.sh
│ │ ├── build-rootfs.sh
│ │ ├── install-debs.py
│ │ ├── riscv64/
│ │ │ └── tizen/
│ │ │ └── tizen.patch
│ │ ├── tizen-build-rootfs.sh
│ │ ├── tizen-fetch.sh
│ │ └── toolchain.cmake
│ ├── darc-init.ps1
│ ├── darc-init.sh
│ ├── dotnet-install.cmd
│ ├── dotnet-install.ps1
│ ├── dotnet-install.sh
│ ├── dotnet.cmd
│ ├── dotnet.ps1
│ ├── dotnet.sh
│ ├── enable-cross-org-publishing.ps1
│ ├── generate-locproject.ps1
│ ├── helixpublish.proj
│ ├── init-tools-native.cmd
│ ├── init-tools-native.ps1
│ ├── init-tools-native.sh
│ ├── internal/
│ │ ├── Directory.Build.props
│ │ ├── NuGet.config
│ │ └── Tools.csproj
│ ├── internal-feed-operations.ps1
│ ├── internal-feed-operations.sh
│ ├── loc/
│ │ └── P22DotNetHtmlLocalization.lss
│ ├── msbuild.ps1
│ ├── msbuild.sh
│ ├── native/
│ │ ├── CommonLibrary.psm1
│ │ ├── common-library.sh
│ │ ├── init-compiler.sh
│ │ ├── init-distro-rid.sh
│ │ ├── init-os-and-arch.sh
│ │ ├── install-cmake-test.sh
│ │ ├── install-cmake.sh
│ │ ├── install-dependencies.sh
│ │ └── install-tool.ps1
│ ├── pipeline-logging-functions.ps1
│ ├── pipeline-logging-functions.sh
│ ├── post-build/
│ │ ├── check-channel-consistency.ps1
│ │ ├── nuget-validation.ps1
│ │ ├── nuget-verification.ps1
│ │ ├── publish-using-darc.ps1
│ │ ├── redact-logs.ps1
│ │ ├── sourcelink-validation.ps1
│ │ └── symbols-validation.ps1
│ ├── retain-build.ps1
│ ├── sdk-task.ps1
│ ├── sdk-task.sh
│ ├── sdl/
│ │ ├── NuGet.config
│ │ ├── configure-sdl-tool.ps1
│ │ ├── execute-all-sdl-tools.ps1
│ │ ├── extract-artifact-archives.ps1
│ │ ├── extract-artifact-packages.ps1
│ │ ├── init-sdl.ps1
│ │ ├── packages.config
│ │ ├── run-sdl.ps1
│ │ ├── sdl.ps1
│ │ └── trim-assets-version.ps1
│ ├── template-guidance.md
│ ├── templates/
│ │ ├── job/
│ │ │ ├── job.yml
│ │ │ ├── onelocbuild.yml
│ │ │ ├── publish-build-assets.yml
│ │ │ ├── source-build.yml
│ │ │ └── source-index-stage1.yml
│ │ ├── jobs/
│ │ │ ├── codeql-build.yml
│ │ │ ├── jobs.yml
│ │ │ └── source-build.yml
│ │ ├── post-build/
│ │ │ ├── common-variables.yml
│ │ │ ├── post-build.yml
│ │ │ └── setup-maestro-vars.yml
│ │ ├── steps/
│ │ │ ├── enable-internal-runtimes.yml
│ │ │ ├── enable-internal-sources.yml
│ │ │ ├── generate-sbom.yml
│ │ │ ├── get-delegation-sas.yml
│ │ │ ├── get-federated-access-token.yml
│ │ │ ├── publish-build-artifacts.yml
│ │ │ ├── publish-logs.yml
│ │ │ ├── publish-pipeline-artifacts.yml
│ │ │ ├── retain-build.yml
│ │ │ ├── send-to-helix.yml
│ │ │ ├── source-build.yml
│ │ │ ├── source-index-stage1-publish.yml
│ │ │ └── vmr-sync.yml
│ │ ├── variables/
│ │ │ └── pool-providers.yml
│ │ └── vmr-build-pr.yml
│ ├── templates-official/
│ │ ├── job/
│ │ │ ├── job.yml
│ │ │ ├── onelocbuild.yml
│ │ │ ├── publish-build-assets.yml
│ │ │ ├── source-build.yml
│ │ │ └── source-index-stage1.yml
│ │ ├── jobs/
│ │ │ ├── codeql-build.yml
│ │ │ ├── jobs.yml
│ │ │ └── source-build.yml
│ │ ├── post-build/
│ │ │ ├── common-variables.yml
│ │ │ ├── post-build.yml
│ │ │ └── setup-maestro-vars.yml
│ │ ├── steps/
│ │ │ ├── enable-internal-runtimes.yml
│ │ │ ├── enable-internal-sources.yml
│ │ │ ├── generate-sbom.yml
│ │ │ ├── get-delegation-sas.yml
│ │ │ ├── get-federated-access-token.yml
│ │ │ ├── publish-build-artifacts.yml
│ │ │ ├── publish-logs.yml
│ │ │ ├── publish-pipeline-artifacts.yml
│ │ │ ├── retain-build.yml
│ │ │ ├── send-to-helix.yml
│ │ │ ├── source-build.yml
│ │ │ └── source-index-stage1-publish.yml
│ │ └── variables/
│ │ ├── pool-providers.yml
│ │ └── sdl-variables.yml
│ ├── tools.ps1
│ ├── tools.sh
│ ├── vmr-sync.ps1
│ └── vmr-sync.sh
├── es-metadata.yml
├── global.json
├── scripts/
│ ├── UpdateWintrust.ps1
│ └── VerifyNuGetPackage.ps1
├── sign.sln
├── src/
│ ├── Sign.Cli/
│ │ ├── ArtifactSigningCommand.cs
│ │ ├── ArtifactSigningResources.Designer.cs
│ │ ├── ArtifactSigningResources.resx
│ │ ├── AzureCredentialOptions.cs
│ │ ├── AzureCredentialType.cs
│ │ ├── AzureKeyVaultCommand.cs
│ │ ├── AzureKeyVaultResources.Designer.cs
│ │ ├── AzureKeyVaultResources.resx
│ │ ├── CertificateStoreCommand.cs
│ │ ├── CertificateStoreResources.Designer.cs
│ │ ├── CertificateStoreResources.resx
│ │ ├── CodeCommand.cs
│ │ ├── Helpers/
│ │ │ └── HashAlgorithmParser.cs
│ │ ├── Kernel32.cs
│ │ ├── PACKAGE.md
│ │ ├── Program.cs
│ │ ├── Properties/
│ │ │ └── launchSettings.json
│ │ ├── Resources.Designer.cs
│ │ ├── Resources.resx
│ │ ├── Sign.Cli.csproj
│ │ ├── SignCommand.cs
│ │ ├── StandardStreamWriterExtensions.cs
│ │ ├── TemporaryConsoleEncoding.cs
│ │ ├── TrustedSigningCommand.cs
│ │ ├── TrustedSigningResources.Designer.cs
│ │ ├── TrustedSigningResources.resx
│ │ ├── appsettings.json
│ │ └── xlf/
│ │ ├── ArtifactSigningResources.cs.xlf
│ │ ├── ArtifactSigningResources.de.xlf
│ │ ├── ArtifactSigningResources.es.xlf
│ │ ├── ArtifactSigningResources.fr.xlf
│ │ ├── ArtifactSigningResources.it.xlf
│ │ ├── ArtifactSigningResources.ja.xlf
│ │ ├── ArtifactSigningResources.ko.xlf
│ │ ├── ArtifactSigningResources.pl.xlf
│ │ ├── ArtifactSigningResources.pt-BR.xlf
│ │ ├── ArtifactSigningResources.ru.xlf
│ │ ├── ArtifactSigningResources.tr.xlf
│ │ ├── ArtifactSigningResources.zh-Hans.xlf
│ │ ├── ArtifactSigningResources.zh-Hant.xlf
│ │ ├── AzureKeyVaultResources.cs.xlf
│ │ ├── AzureKeyVaultResources.de.xlf
│ │ ├── AzureKeyVaultResources.es.xlf
│ │ ├── AzureKeyVaultResources.fr.xlf
│ │ ├── AzureKeyVaultResources.it.xlf
│ │ ├── AzureKeyVaultResources.ja.xlf
│ │ ├── AzureKeyVaultResources.ko.xlf
│ │ ├── AzureKeyVaultResources.pl.xlf
│ │ ├── AzureKeyVaultResources.pt-BR.xlf
│ │ ├── AzureKeyVaultResources.ru.xlf
│ │ ├── AzureKeyVaultResources.tr.xlf
│ │ ├── AzureKeyVaultResources.zh-Hans.xlf
│ │ ├── AzureKeyVaultResources.zh-Hant.xlf
│ │ ├── CertManagerResources.cs.xlf
│ │ ├── CertManagerResources.de.xlf
│ │ ├── CertManagerResources.es.xlf
│ │ ├── CertManagerResources.fr.xlf
│ │ ├── CertManagerResources.it.xlf
│ │ ├── CertManagerResources.ja.xlf
│ │ ├── CertManagerResources.ko.xlf
│ │ ├── CertManagerResources.pl.xlf
│ │ ├── CertManagerResources.pt-BR.xlf
│ │ ├── CertManagerResources.ru.xlf
│ │ ├── CertManagerResources.tr.xlf
│ │ ├── CertManagerResources.zh-Hans.xlf
│ │ ├── CertManagerResources.zh-Hant.xlf
│ │ ├── CertificateStoreResources.cs.xlf
│ │ ├── CertificateStoreResources.de.xlf
│ │ ├── CertificateStoreResources.es.xlf
│ │ ├── CertificateStoreResources.fr.xlf
│ │ ├── CertificateStoreResources.it.xlf
│ │ ├── CertificateStoreResources.ja.xlf
│ │ ├── CertificateStoreResources.ko.xlf
│ │ ├── CertificateStoreResources.pl.xlf
│ │ ├── CertificateStoreResources.pt-BR.xlf
│ │ ├── CertificateStoreResources.ru.xlf
│ │ ├── CertificateStoreResources.tr.xlf
│ │ ├── CertificateStoreResources.zh-Hans.xlf
│ │ ├── CertificateStoreResources.zh-Hant.xlf
│ │ ├── Resources.cs.xlf
│ │ ├── Resources.de.xlf
│ │ ├── Resources.es.xlf
│ │ ├── Resources.fr.xlf
│ │ ├── Resources.it.xlf
│ │ ├── Resources.ja.xlf
│ │ ├── Resources.ko.xlf
│ │ ├── Resources.pl.xlf
│ │ ├── Resources.pt-BR.xlf
│ │ ├── Resources.ru.xlf
│ │ ├── Resources.tr.xlf
│ │ ├── Resources.zh-Hans.xlf
│ │ ├── Resources.zh-Hant.xlf
│ │ ├── TrustedSigningResources.cs.xlf
│ │ ├── TrustedSigningResources.de.xlf
│ │ ├── TrustedSigningResources.es.xlf
│ │ ├── TrustedSigningResources.fr.xlf
│ │ ├── TrustedSigningResources.it.xlf
│ │ ├── TrustedSigningResources.ja.xlf
│ │ ├── TrustedSigningResources.ko.xlf
│ │ ├── TrustedSigningResources.pl.xlf
│ │ ├── TrustedSigningResources.pt-BR.xlf
│ │ ├── TrustedSigningResources.ru.xlf
│ │ ├── TrustedSigningResources.tr.xlf
│ │ ├── TrustedSigningResources.zh-Hans.xlf
│ │ └── TrustedSigningResources.zh-Hant.xlf
│ ├── Sign.Core/
│ │ ├── AppInitializer.cs
│ │ ├── Certificates/
│ │ │ ├── CertificateVerifier.cs
│ │ │ └── ICertificateVerifier.cs
│ │ ├── Containers/
│ │ │ ├── AppxBundleContainer.cs
│ │ │ ├── AppxContainer.cs
│ │ │ ├── Container.cs
│ │ │ ├── ContainerProvider.cs
│ │ │ ├── IContainer.cs
│ │ │ ├── IContainerProvider.cs
│ │ │ ├── NuGetContainer.cs
│ │ │ └── ZipContainer.cs
│ │ ├── DataFormatSigners/
│ │ │ ├── AggregatingSigner.cs
│ │ │ ├── AppInstallerServiceSigner.cs
│ │ │ ├── AzureSignToolSigner.cs
│ │ │ ├── ClickOnceSigner.cs
│ │ │ ├── DefaultSigner.cs
│ │ │ ├── DistinguishedNameParser.cs
│ │ │ ├── DynamicsBusinessCentralAppFileType.cs
│ │ │ ├── IAggregatingDataFormatSigner.cs
│ │ │ ├── IAzureSignToolDataFormatSigner.cs
│ │ │ ├── IDataFormatSigner.cs
│ │ │ ├── IDefaultDataFormatSigner.cs
│ │ │ ├── IManifestSigner.cs
│ │ │ ├── ISignableFileType.cs
│ │ │ ├── ManifestSigner.cs
│ │ │ ├── NuGetSigner.cs
│ │ │ ├── RSAPKCS1SHA256SignatureDescription.cs
│ │ │ ├── RSAPKCS1SignatureDescription.cs
│ │ │ ├── RetryingSigner.cs
│ │ │ ├── SignOptions.cs
│ │ │ ├── SignableFileTypeByExtension.cs
│ │ │ └── VsixSigner.cs
│ │ ├── ExitCode.cs
│ │ ├── FileList/
│ │ │ ├── FileListReader.cs
│ │ │ ├── FileMatcher.cs
│ │ │ ├── Globber.cs
│ │ │ ├── IFileListReader.cs
│ │ │ ├── IFileMatcher.cs
│ │ │ ├── IMatcherFactory.cs
│ │ │ └── MatcherFactory.cs
│ │ ├── FileSystem/
│ │ │ ├── AppRootDirectoryLocator.cs
│ │ │ ├── DirectoryService.cs
│ │ │ ├── FileInfoComparer.cs
│ │ │ ├── FileMetadataService.cs
│ │ │ ├── IAppRootDirectoryLocator.cs
│ │ │ ├── IDirectoryService.cs
│ │ │ ├── IFileMetadataService.cs
│ │ │ ├── ITemporaryDirectory.cs
│ │ │ └── TemporaryDirectory.cs
│ │ ├── GlobalSuppressions.cs
│ │ ├── ICertificateProvider.cs
│ │ ├── IServiceProviderFactory.cs
│ │ ├── ISignatureAlgorithmProvider.cs
│ │ ├── ISignatureProvider.cs
│ │ ├── ISigner.cs
│ │ ├── Native/
│ │ │ ├── Kernel32.cs
│ │ │ ├── Ntdsapi.cs
│ │ │ └── mansign2.cs
│ │ ├── Resources.Designer.cs
│ │ ├── Resources.resx
│ │ ├── ServiceProvider.cs
│ │ ├── ServiceProviderFactory.cs
│ │ ├── Sign.Core.csproj
│ │ ├── Signer.cs
│ │ ├── SigningException.cs
│ │ ├── Tools/
│ │ │ ├── CliTool.cs
│ │ │ ├── ICliTool.cs
│ │ │ ├── IMageCli.cs
│ │ │ ├── IMakeAppxCli.cs
│ │ │ ├── INuGetSignTool.cs
│ │ │ ├── ITool.cs
│ │ │ ├── IToolConfigurationProvider.cs
│ │ │ ├── IVsixSignTool.cs
│ │ │ ├── MageCli.cs
│ │ │ ├── MakeAppxCli.cs
│ │ │ ├── NuGet/
│ │ │ │ ├── NuGetLogger.cs
│ │ │ │ ├── NuGetPackageSigner.cs
│ │ │ │ └── NuGetSignatureProvider.cs
│ │ │ ├── NuGetSignTool.cs
│ │ │ ├── Tool.cs
│ │ │ ├── ToolConfigurationProvider.cs
│ │ │ ├── VsixSignTool/
│ │ │ │ ├── HashAlgorithmInfo.cs
│ │ │ │ ├── HexHelpers.cs
│ │ │ │ ├── ISignatureBuilderPreset.cs
│ │ │ │ ├── ISigningContext.cs
│ │ │ │ ├── Interop/
│ │ │ │ │ ├── Crypt32.cs
│ │ │ │ │ └── CryptMemorySafeHandle.cs
│ │ │ │ ├── KnownOids.cs
│ │ │ │ ├── OpcContentTypes.cs
│ │ │ │ ├── OpcKnownMimeTypes.cs
│ │ │ │ ├── OpcKnownUris.cs
│ │ │ │ ├── OpcPackage.cs
│ │ │ │ ├── OpcPackageFileMode.cs
│ │ │ │ ├── OpcPackageSignatureBuilder.cs
│ │ │ │ ├── OpcPackageTimestampBuilder.cs
│ │ │ │ ├── OpcPart.cs
│ │ │ │ ├── OpcPartDigest.cs
│ │ │ │ ├── OpcPartDigestProcessor.cs
│ │ │ │ ├── OpcRelationships.cs
│ │ │ │ ├── OpcSignature.cs
│ │ │ │ ├── OpcSignatureManifest.cs
│ │ │ │ ├── SignConfigurationSet.cs
│ │ │ │ ├── SignatureAlgorithmTranslator.cs
│ │ │ │ ├── SigningAlgorithm.cs
│ │ │ │ ├── SigningContext.cs
│ │ │ │ ├── Timestamp/
│ │ │ │ │ ├── TimestampBuilder.cs
│ │ │ │ │ ├── TimestampBuilder.netcoreapp.cs
│ │ │ │ │ ├── TimestampNonce.cs
│ │ │ │ │ └── TimestampResult.cs
│ │ │ │ ├── UriHelpers.cs
│ │ │ │ ├── VSIXSignatureBuilderPreset.cs
│ │ │ │ └── XmlSignatureBuilder.cs
│ │ │ └── VsixSignTool.cs
│ │ └── xlf/
│ │ ├── Resources.cs.xlf
│ │ ├── Resources.de.xlf
│ │ ├── Resources.es.xlf
│ │ ├── Resources.fr.xlf
│ │ ├── Resources.it.xlf
│ │ ├── Resources.ja.xlf
│ │ ├── Resources.ko.xlf
│ │ ├── Resources.pl.xlf
│ │ ├── Resources.pt-BR.xlf
│ │ ├── Resources.ru.xlf
│ │ ├── Resources.tr.xlf
│ │ ├── Resources.zh-Hans.xlf
│ │ └── Resources.zh-Hant.xlf
│ ├── Sign.SignatureProviders.ArtifactSigning/
│ │ ├── ArtifactSigningService.cs
│ │ ├── ArtifactSigningServiceProvider.cs
│ │ ├── RSAArtifactSigning.cs
│ │ ├── Resources.Designer.cs
│ │ ├── Resources.resx
│ │ ├── Sign.SignatureProviders.ArtifactSigning.csproj
│ │ └── xlf/
│ │ ├── Resources.cs.xlf
│ │ ├── Resources.de.xlf
│ │ ├── Resources.es.xlf
│ │ ├── Resources.fr.xlf
│ │ ├── Resources.it.xlf
│ │ ├── Resources.ja.xlf
│ │ ├── Resources.ko.xlf
│ │ ├── Resources.pl.xlf
│ │ ├── Resources.pt-BR.xlf
│ │ ├── Resources.ru.xlf
│ │ ├── Resources.tr.xlf
│ │ ├── Resources.zh-Hans.xlf
│ │ └── Resources.zh-Hant.xlf
│ ├── Sign.SignatureProviders.CertificateStore/
│ │ ├── CertificateStoreService.cs
│ │ ├── CertificateStoreServiceProvider.cs
│ │ ├── Resources.Designer.cs
│ │ ├── Resources.resx
│ │ ├── Sign.SignatureProviders.CertificateStore.csproj
│ │ └── xlf/
│ │ ├── Resources.cs.xlf
│ │ ├── Resources.de.xlf
│ │ ├── Resources.es.xlf
│ │ ├── Resources.fr.xlf
│ │ ├── Resources.it.xlf
│ │ ├── Resources.ja.xlf
│ │ ├── Resources.ko.xlf
│ │ ├── Resources.pl.xlf
│ │ ├── Resources.pt-BR.xlf
│ │ ├── Resources.ru.xlf
│ │ ├── Resources.tr.xlf
│ │ ├── Resources.zh-Hans.xlf
│ │ └── Resources.zh-Hant.xlf
│ └── Sign.SignatureProviders.KeyVault/
│ ├── KeyVaultService.cs
│ ├── KeyVaultServiceProvider.cs
│ ├── RSAKeyVaultWrapper.cs
│ ├── Resources.Designer.cs
│ ├── Resources.resx
│ ├── Sign.SignatureProviders.KeyVault.csproj
│ └── xlf/
│ ├── Resources.cs.xlf
│ ├── Resources.de.xlf
│ ├── Resources.es.xlf
│ ├── Resources.fr.xlf
│ ├── Resources.it.xlf
│ ├── Resources.ja.xlf
│ ├── Resources.ko.xlf
│ ├── Resources.pl.xlf
│ ├── Resources.pt-BR.xlf
│ ├── Resources.ru.xlf
│ ├── Resources.tr.xlf
│ ├── Resources.zh-Hans.xlf
│ └── Resources.zh-Hant.xlf
├── test/
│ ├── Sign.Cli.Test/
│ │ ├── ArtifactSigningCommandTests.cs
│ │ ├── AzureCredentialOptionsTests.cs
│ │ ├── AzureKeyVaultCommandTests.cs
│ │ ├── CertificateStoreCommandTests.cs
│ │ ├── CodeCommandTests.cs
│ │ ├── Options/
│ │ │ ├── ApplicationNameOptionTests.cs
│ │ │ ├── BaseDirectoryOptionTests.cs
│ │ │ ├── DescriptionOptionTests.cs
│ │ │ ├── DescriptionUrlOptionTests.cs
│ │ │ ├── DirectoryInfoOptionTests.cs
│ │ │ ├── FileDigestOptionTests.cs
│ │ │ ├── HashAlgorithmNameOptionTests.cs
│ │ │ ├── Int32OptionTests.cs
│ │ │ ├── MaxConcurrencyOptionTests.cs
│ │ │ ├── OptionTests.cs
│ │ │ ├── OutputOptionTests.cs
│ │ │ ├── PublisherNameOptionTests.cs
│ │ │ ├── TimestampDigestOptionTests.cs
│ │ │ ├── TimestampUrlOptionTests.cs
│ │ │ ├── UriOptionTests.cs
│ │ │ └── VerbosityOptionTests.cs
│ │ ├── Sign.Cli.Test.csproj
│ │ ├── SignCommandTests.Globbing.cs
│ │ ├── SignCommandTests.cs
│ │ ├── TemporaryConsoleEncodingTests.cs
│ │ ├── TestInfrastructure/
│ │ │ ├── SignerSpy.cs
│ │ │ └── TestServiceProviderFactory.cs
│ │ ├── TrustedSigningCommandTests.cs
│ │ └── Usings.cs
│ ├── Sign.Core.Test/
│ │ ├── AssemblyInitializer.cs
│ │ ├── Certificates/
│ │ │ └── CertificateVerifierTests.cs
│ │ ├── Containers/
│ │ │ ├── AppxBundleContainerTests.cs
│ │ │ ├── AppxContainerTests.cs
│ │ │ ├── ContainerProviderTests.cs
│ │ │ ├── NuGetContainerTests.cs
│ │ │ └── ZipContainerTests.cs
│ │ ├── DataFormatSigners/
│ │ │ ├── AggregatingSignerTests.Containers.cs
│ │ │ ├── AggregatingSignerTests.PortableExecutableFiles.cs
│ │ │ ├── AggregatingSignerTests.cs
│ │ │ ├── AppInstallerServiceSignerTests.cs
│ │ │ ├── AzureSignToolSignerTests.cs
│ │ │ ├── ClickOnceSignerTests.cs
│ │ │ ├── DefaultSignerTests.cs
│ │ │ ├── DistinguishedNameParserTests.cs
│ │ │ ├── DynamicsBusinessCentralAppFileTypeTests.cs
│ │ │ ├── NuGetSignerTests.cs
│ │ │ ├── PowerShell/
│ │ │ │ ├── PowerShellFileReader.cs
│ │ │ │ ├── TextPowerShellFileReader.cs
│ │ │ │ └── XmlPowerShellFileReader.cs
│ │ │ ├── RSAPKCS1SHA256SignatureDescriptionTests.cs
│ │ │ ├── SignableFileTypeByExtensionTests.cs
│ │ │ └── VsixSignerTests.cs
│ │ ├── FileList/
│ │ │ ├── FileListReaderTests.cs
│ │ │ ├── FileMatcherTests.cs
│ │ │ └── MatcherFactoryTests.cs
│ │ ├── FileSystem/
│ │ │ ├── AppRootDirectoryLocatorTests.cs
│ │ │ ├── DirectoryServiceTests.cs
│ │ │ ├── FileInfoComparerTests.cs
│ │ │ ├── FileMetadataServiceTests.cs
│ │ │ └── TemporaryDirectoryTests.cs
│ │ ├── Native/
│ │ │ └── SignedCmiManifest2Tests.cs
│ │ ├── ServiceProviderFactoryTests.cs
│ │ ├── ServiceProviderTests.cs
│ │ ├── Sign.Core.Test.csproj
│ │ ├── SignerTests.cs
│ │ ├── TestAssets/
│ │ │ ├── App1_1.0.0.0_x64.msixbundle
│ │ │ ├── EmptyExtension.app
│ │ │ ├── PowerShell/
│ │ │ │ ├── cmdlet-definition.cdxml
│ │ │ │ ├── data.psd1
│ │ │ │ ├── formatting.ps1xml
│ │ │ │ ├── module.psm1
│ │ │ │ └── script.ps1
│ │ │ ├── VSIXSamples/
│ │ │ │ ├── OpenVsixSignToolTest-Signed.vsix
│ │ │ │ └── OpenVsixSignToolTest.vsix
│ │ │ └── VsixPackage.vsix
│ │ ├── TestInfrastructure/
│ │ │ ├── AggregatingSignerSpy.cs
│ │ │ ├── AggregatingSignerTest.cs
│ │ │ ├── AuthenticodeSignatureReader.cs
│ │ │ ├── CertificateStoreServiceStub.cs
│ │ │ ├── ContainerProviderStub.cs
│ │ │ ├── ContainerSpy.cs
│ │ │ ├── DirectoryServiceStub.cs
│ │ │ ├── FileMetadataServiceStub.cs
│ │ │ ├── KeyVaultServiceStub.cs
│ │ │ ├── Server/
│ │ │ │ ├── AiaResponder.cs
│ │ │ │ ├── AlgorithmIdentifier.cs
│ │ │ │ ├── AttributeUtility.cs
│ │ │ │ ├── CertificateAuthority.cs
│ │ │ │ ├── CertificateUtilities.cs
│ │ │ │ ├── CertificatesFixture.cs
│ │ │ │ ├── CommitmentTypeIndication.cs
│ │ │ │ ├── CommitmentTypeQualifier.cs
│ │ │ │ ├── CrlResponder.cs
│ │ │ │ ├── EssCertId.cs
│ │ │ │ ├── EssCertIdV2.cs
│ │ │ │ ├── GeneralName.cs
│ │ │ │ ├── HashAlgorithmNameExtensions.cs
│ │ │ │ ├── HttpResponder.cs
│ │ │ │ ├── IHttpResponder.cs
│ │ │ │ ├── ITestServer.cs
│ │ │ │ ├── IssuerSerial.cs
│ │ │ │ ├── OcspResponder.cs
│ │ │ │ ├── OidExtensions.cs
│ │ │ │ ├── Oids.cs
│ │ │ │ ├── PfxFilesFixture.cs
│ │ │ │ ├── PolicyInformation.cs
│ │ │ │ ├── PolicyQualifierInfo.cs
│ │ │ │ ├── SigningCertificateV2.cs
│ │ │ │ ├── SigningTestsCollection.cs
│ │ │ │ ├── TestServer.cs
│ │ │ │ ├── TestServerFixture.cs
│ │ │ │ ├── TestUtility.cs
│ │ │ │ └── TimestampService.cs
│ │ │ ├── SignerSpy.cs
│ │ │ └── TemporaryEnvironmentPathOverride.cs
│ │ ├── Tools/
│ │ │ ├── ToolConfigurationProviderTests.cs
│ │ │ └── VSIXSignTool/
│ │ │ ├── CertificateSigningContextTests.cs
│ │ │ ├── Crypt32Tests.cs
│ │ │ ├── HexHelperTests.cs
│ │ │ ├── OpcPackageSigningTests.cs
│ │ │ ├── OpcPackageTests.cs
│ │ │ └── UriHelpersTests.cs
│ │ └── Usings.cs
│ ├── Sign.SignatureProviders.ArtifactSigning.Test/
│ │ ├── RSATrustedSigningTests.cs
│ │ ├── Sign.SignatureProviders.ArtifactSigning.Test.csproj
│ │ ├── TrustedSigningServiceProviderTests.cs
│ │ ├── TrustedSigningServiceTests.cs
│ │ └── Usings.cs
│ ├── Sign.SignatureProviders.CertificateStore.Test/
│ │ ├── CertificateStoreServiceProviderTests.cs
│ │ ├── CertificateStoreServiceTests.cs
│ │ ├── Sign.SignatureProviders.CertificateStore.Test.csproj
│ │ └── Usings.cs
│ ├── Sign.SignatureProviders.KeyVault.Test/
│ │ ├── KeyVaultServiceProviderTests.cs
│ │ ├── KeyVaultServiceTests.cs
│ │ ├── RSAKeyVaultWrapperTests.cs
│ │ ├── Sign.SignatureProviders.KeyVault.Test.csproj
│ │ └── Usings.cs
│ └── Sign.TestInfrastructure/
│ ├── Constants.cs
│ ├── EphemeralTrust.cs
│ ├── RequiresElevationTheoryAttribute.cs
│ ├── ResidualTestCertificatesFoundInRootStoreException.cs
│ ├── SelfIssuedCertificateCreator.cs
│ ├── Sign.TestInfrastructure.csproj
│ ├── TemporaryFile.cs
│ ├── TestAssets.cs
│ ├── TestFileCreator.cs
│ ├── TestLogEntry.cs
│ ├── TestLogger.cs
│ └── TrustedCertificateFixture.cs
└── triage-policy.md
================================================
FILE CONTENTS
================================================
================================================
FILE: .azuredevops/dependabot.yml
================================================
version: 2
# Disabling dependabot on Azure DevOps as this is a mirrored repo. Updates should go through github.
enable-campaigned-updates: false
enable-security-updates: false
================================================
FILE: .config/1espt/PipelineAutobaseliningConfig.yml
================================================
## DO NOT MODIFY THIS FILE MANUALLY. This is part of auto-baselining from 1ES Pipeline Templates. Go to [https://aka.ms/1espt-autobaselining] for more details.
pipelines:
1190:
retail:
source:
credscan:
lastModifiedDate: 2024-03-28
eslint:
lastModifiedDate: 2024-03-28
psscriptanalyzer:
lastModifiedDate: 2024-03-28
armory:
lastModifiedDate: 2024-03-28
binary:
credscan:
lastModifiedDate: 2024-03-28
binskim:
lastModifiedDate: 2025-03-19
spotbugs:
lastModifiedDate: 2024-03-28
================================================
FILE: .config/1espt/README.md
================================================
Do not merge changes to PipelineAutobaseliningConfig.yml in the internal Azure DevOps repository, as it would break commit mirroring from the public GitHub repository. Instead, merge the changes into the public GitHub repository.
See https://dev.azure.com/dnceng/internal/_wiki/wikis/DNCEng%20Services%20Wiki/1214/1ES-Pipeline-Template-Migration-FAQ?anchor=should-i-accept-these-automated-prs-into-my-repo-that-is-mirrored-from-github-to-fix-cg/security-issues%3F for guidance.
================================================
FILE: .editorconfig
================================================
root = true
[*]
insert_final_newline = true
indent_style = space
indent_size = 4
trim_trailing_whitespace = true
[*.{csproj,md,props,targets,yml}]
indent_size = 2
[*.cs]
# IDE0063: Use simple 'using' statement
csharp_prefer_simple_using_statement = false
# CA2254: Template should be a static expression
# See https://github.com/dotnet/roslyn-analyzers/issues/5626
dotnet_diagnostic.CA2254.severity = none
# CA2255: The ModuleInitializer attribute should not be used in libraries
dotnet_diagnostic.CA2255.severity = none
# IDE0073: File header
dotnet_diagnostic.IDE0073.severity = warning
file_header_template = Licensed to the .NET Foundation under one or more agreements.\nThe .NET Foundation licenses this file to you under the MIT license.\nSee the LICENSE.txt file in the project root for more information.
================================================
FILE: .gitattributes
================================================
###############################################################################
# Set default behavior to automatically normalize line endings.
###############################################################################
* text=auto
###############################################################################
# Set default behavior for command prompt diff.
#
# This is need for earlier builds of msysgit that does not have it on by
# default for csharp files.
# Note: This is only used by command line
###############################################################################
#*.cs diff=csharp
###############################################################################
# Set the merge driver for project and solution files
#
# Merging from the command prompt will add diff markers to the files if there
# are conflicts (Merging from VS is not affected by the settings below, in VS
# the diff markers are never inserted). Diff markers may cause the following
# file extensions to fail to load in VS. An alternative would be to treat
# these files as binary and thus will always conflict and require user
# intervention with every merge. To do so, just uncomment the entries below
###############################################################################
#*.sln merge=binary
#*.csproj merge=binary
#*.vbproj merge=binary
#*.vcxproj merge=binary
#*.vcproj merge=binary
#*.dbproj merge=binary
#*.fsproj merge=binary
#*.lsproj merge=binary
#*.wixproj merge=binary
#*.modelproj merge=binary
#*.sqlproj merge=binary
#*.wwaproj merge=binary
###############################################################################
# behavior for image files
#
# image files are treated as binary by default.
###############################################################################
#*.jpg binary
#*.png binary
#*.gif binary
###############################################################################
# diff behavior for common document formats
#
# Convert binary document formats to text before diffing them. This feature
# is only available from the command line. Turn it on by uncommenting the
# entries below.
###############################################################################
#*.doc diff=astextplain
#*.DOC diff=astextplain
#*.docx diff=astextplain
#*.DOCX diff=astextplain
#*.dot diff=astextplain
#*.DOT diff=astextplain
#*.pdf diff=astextplain
#*.PDF diff=astextplain
#*.rtf diff=astextplain
#*.RTF diff=astextplain
================================================
FILE: .github/CODEOWNERS
================================================
# These owners will be the default owners for everything in
# the repo. Unless a later match takes precedence,
# review when someone opens a pull request.
# For more on how to customize the CODEOWNERS file - https://help.github.com/en/articles/about-code-owners
* @dotnet/sign-maintainers
================================================
FILE: .github/ISSUE_TEMPLATE/bug_report.md
================================================
---
name: Bug report
about: Create a report to help us improve
title: ''
labels: ''
assignees: ''
---
**Describe the bug**
A clear and concise description of what the bug is.
**Repro steps**
<!--
Point us to a minimalistic repro hosted in a GitHub repo, Gist snippet, or elsewhere to see the isolated behavior.
We may close this issue if we are unable to reproduce the behavior you're reporting.
-->
**Expected behavior**
A clear and concise description of what you expected to happen.
**Actual behavior**
A clear and concise description of what actually happened.
**Additional context**
- Include the output of `sign --version`.
- Include the output of `dotnet --info`.
- Add any other context about the problem here.
================================================
FILE: .github/ISSUE_TEMPLATE/feature_request.md
================================================
---
name: Feature request
about: Suggest an idea for this project
title: ''
labels: ''
assignees: ''
---
**Is your feature request related to a problem? Please describe.**
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
**Describe the solution you'd like**
A clear and concise description of what you want to happen.
**Describe alternatives you've considered**
A clear and concise description of any alternative solutions or features you've considered.
**Additional context**
Include the output of sign --version.
Add any other context about the problem here.
================================================
FILE: .github/workflows/stale.yml
================================================
name: 'Close stale issues'
permissions:
issues: write
on:
schedule:
- cron: '30 1 * * *'
jobs:
stale:
runs-on: ubuntu-latest
steps:
- uses: actions/stale@v9
with:
stale-issue-message: 'This issue is stale because it has been open 10 days with no activity after asking for more info. Comment or this will be closed in 4 days.'
close-issue-message: 'This issue was closed because it has been stalled for 14 days with no activity. This can be reopened if additional information is provided.'
days-before-issue-stale: 10
days-before-issue-close: 4
days-before-pr-stale: -1
days-before-pr-close: -1
any-of-labels: "needs-more-info"
================================================
FILE: .gitignore
================================================
## Ignore Visual Studio temporary files, build results, and
## files generated by popular Visual Studio add-ons.
# Tools directory
.dotnet/
.packages/
.tools/
/[Tt]ools/
# User-specific files
*.suo
*.user
*.userosscache
*.sln.docstates
# User-specific files (MonoDevelop/Xamarin Studio)
*.userprefs
# Build results
[Dd]ebug/
[Dd]ebugPublic/
[Rr]elease/
[Rr]eleases/
[Xx]64/
[Xx]86/
[Bb]uild/
bld/
[Bb]in/
[Oo]bj/
# Visual Studio 2015 cache/options directory
.vs/
.vscode/
.store/
# Uncomment if you have tasks that create the project's static files in wwwroot
#wwwroot/
# MSTest test Results
[Tt]est[Rr]esult*/
[Bb]uild[Ll]og.*
# NUNIT
*.VisualState.xml
TestResult.xml
# Build Results of an ATL Project
[Dd]ebugPS/
[Rr]eleasePS/
dlldata.c
# DNX
project.lock.json
*.lock.json
artifacts/
*_i.c
*_p.c
*_i.h
*.ilk
*.meta
*.obj
*.pch
*.pdb
*.pgc
*.pgd
*.rsp
*.sbr
*.tlb
*.tli
*.tlh
*.tmp
*.tmp_proj
*.log
*.vspscc
*.vssscc
.builds
*.pidb
*.svclog
*.scc
# Chutzpah Test files
_Chutzpah*
# Visual C++ cache files
ipch/
*.aps
*.ncb
*.opendb
*.opensdf
*.sdf
*.cachefile
*.VC.db
# Visual Studio profiler
*.psess
*.vsp
*.vspx
*.sap
# TFS 2012 Local Workspace
$tf/
# Guidance Automation Toolkit
*.gpState
# ReSharper is a .NET coding add-in
_ReSharper*/
*.[Rr]e[Ss]harper
*.DotSettings.user
# JustCode is a .NET coding add-in
.JustCode
# TeamCity is a build add-in
_TeamCity*
# DotCover is a Code Coverage Tool
*.dotCover
# NCrunch
_NCrunch_*
.*crunch*.local.xml
nCrunchTemp_*
# MightyMoose
*.mm.*
AutoTest.Net/
# Web workbench (sass)
.sass-cache/
# Installshield output folder
[Ee]xpress/
# DocProject is a documentation generator add-in
DocProject/buildhelp/
DocProject/Help/*.HxT
DocProject/Help/*.HxC
DocProject/Help/*.hhc
DocProject/Help/*.hhk
DocProject/Help/*.hhp
DocProject/Help/Html2
DocProject/Help/html
# Click-Once directory
publish/
# Publish Web Output
*.[Pp]ublish.xml
*.azurePubxml
# TODO: Un-comment the next line if you do not want to checkin
# your web deploy settings because they may include unencrypted
# passwords
#*.pubxml
*.publishproj
# NuGet Packages
*.nupkg
# The packages folder can be ignored because of Package Restore
**/packages/*
# except build/, which is used as an MSBuild target.
!**/packages/build/
# Uncomment if necessary however generally it will be regenerated when needed
#!**/packages/repositories.config
# NuGet v3's project.json files produces more ignoreable files
*.nuget.props
*.nuget.targets
# Microsoft Azure Build Output
csx/
*.build.csdef
# Microsoft Azure Emulator
ecf/
rcf/
# Microsoft Azure ApplicationInsights config file
ApplicationInsights.config
# Windows Store app package directory
AppPackages/
BundleArtifacts/
# Visual Studio cache files
# files ending in .cache can be ignored
*.[Cc]ache
# but keep track of directories ending in .cache
!*.[Cc]ache/
# Others
ClientBin/
[Ss]tyle[Cc]op.*
~$*
*~
*.dbmdl
*.dbproj.schemaview
*.pfx
*.publishsettings
node_modules/
orleans.codegen.cs
# RIA/Silverlight projects
Generated_Code/
# Backup & report files from converting an old project file
# to a newer Visual Studio version. Backup files are not needed,
# because we have git ;-)
_UpgradeReport_Files/
Backup*/
UpgradeLog*.XML
UpgradeLog*.htm
# SQL Server files
*.mdf
*.ldf
# Business Intelligence projects
*.rdl.data
*.bim.layout
*.bim_*.settings
# Microsoft Fakes
FakesAssemblies/
# GhostDoc plugin setting file
*.GhostDoc.xml
# Node.js Tools for Visual Studio
.ntvs_analysis.dat
# Visual Studio 6 build log
*.plg
# Visual Studio 6 workspace options file
*.opt
# Visual Studio LightSwitch build output
**/*.HTMLClient/GeneratedArtifacts
**/*.DesktopClient/GeneratedArtifacts
**/*.DesktopClient/ModelManifest.xml
**/*.Server/GeneratedArtifacts
**/*.Server/ModelManifest.xml
_Pvt_Extensions
# LightSwitch generated files
GeneratedArtifacts/
ModelManifest.xml
# Paket dependency manager
.paket/paket.exe
# FAKE - F# Make
.fake/
/src/SignClient/Properties/launchSettings.json
/src/SignService/Properties/launchSettings.json
/src/SignService/App_Data/
/src/SignService/tools/SDK/
!**/KeyVaultSignToolWrapper/x86/
!**/KeyVaultSignToolWrapper/x64/
/src/SignService/Properties/PublishProfiles
/src/InstallUtility/Properties/launchSettings.json
/arm/ArmDeploy/azuredeploy.parameters.json
================================================
FILE: .vsts-ci.yml
================================================
# Pipeline: https://dnceng.visualstudio.com/internal/_build?definitionId=1190
variables:
- name: _TeamName
value: DotNetCore
- name: Build.Repository.Clean
value: true
- name: Codeql.Enabled
value: true
- name: Codeql.TSAEnabled
value: true
- group: DotNet-Sign-SDLValidation-Params
- template: /eng/common/templates-official/variables/pool-providers.yml
trigger:
batch: true
branches:
include:
- main
paths:
exclude:
- "*.md"
pr:
autoCancel: false
branches:
include:
- '*'
resources:
repositories:
- repository: 1esPipelines
type: git
name: 1ESPipelineTemplates/1ESPipelineTemplates
ref: refs/tags/release
extends:
template: v1/1ES.Official.PipelineTemplate.yml@1esPipelines
parameters:
settings:
networkIsolationPolicy: Permissive,CFSClean,CFSClean2
sdl:
sourceAnalysisPool:
name: $(DncEngInternalBuildPool)
image: 1es-windows-2022
os: windows
customBuildTags:
- ES365AIMigrationTooling
stages:
- stage: Build_Windows
displayName: Build Windows
jobs:
- ${{ if and(eq(variables['System.TeamProject'], 'internal'), notin(variables['Build.Reason'], 'PullRequest'), eq(variables['Build.SourceBranch'], 'refs/heads/main')) }}:
- template: /eng/common/templates-official/job/onelocbuild.yml@self
parameters:
LclSource: lclFilesfromPackage
LclPackageId: 'LCL-JUNO-PROD-SIGNCLI'
MirrorRepo: sign
- template: /eng/common/templates-official/jobs/jobs.yml@self
parameters:
enableMicrobuild: true
enablePublishBuildArtifacts: true
enablePublishBuildAssets: true
enablePublishUsingPipelines: true
enableTelemetry: true
jobs:
- job: Windows
pool: # See https://helix.dot.net/ for VM names.
name: NetCore1ESPool-Internal
demands: ImageOverride -equals windows.vs2022.amd64
variables:
# Only enable publishing in official builds.
- ${{ if and(eq(variables['System.TeamProject'], 'internal'), notin(variables['Build.Reason'], 'PullRequest')) }}:
# Publish-Build-Assets provides: MaestroAccessToken, BotAccount-dotnet-maestro-bot-PAT
- group: Publish-Build-Assets
- name: _SignType
value: real
- name: _OfficialBuildArgs
value: /p:DotNetPublishUsingPipelines=true
/p:DotNetSignType=$(_SignType)
/p:OfficialBuildId=$(BUILD.BUILDNUMBER)
/p:TeamName=$(_TeamName)
- ${{ else }}:
- name: _SignType
value: test
- name: _OfficialBuildArgs
value: ''
strategy:
matrix:
Release:
_BuildConfig: Release
steps:
- task: CodeQL3000Init@0
displayName: Initialize CodeQL
condition: and(succeeded(), eq(variables['Codeql.Enabled'], 'true'))
- script: eng\common\CIBuild.cmd
-configuration $(_BuildConfig)
-prepareMachine
$(_OfficialBuildArgs)
name: Build
displayName: Build and run tests
condition: succeeded()
- task: CodeQL3000Finalize@0
displayName: Finalize CodeQL
condition: and(succeeded(), eq(variables['Codeql.Enabled'], 'true'))
# Guardian requires npm.
- task: NodeTool@0
inputs:
versionSpec: '18.x'
# Validates compiler/linker settings and other security-related binary characteristics.
# https://github.com/Microsoft/binskim
# YAML reference: https://eng.ms/docs/security-compliance-identity-and-management-scim/security/azure-security/cloudai-security-fundamentals-engineering/security-integration/guardian-wiki/sdl-azdo-extension/binskim-build-task#v4
- task: BinSkim@4
displayName: Run BinSkim
inputs:
InputType: Basic
Function: analyze
TargetPattern: binskimPattern
AnalyzeTargetBinskim: $(Build.SourcesDirectory)\artifacts\bin\Sign.Cli\$(_BuildConfig)\net8.0\publish\*.dll
AnalyzeSymPath: 'SRV*https://symweb'
condition: succeededOrFailed()
- task: PublishTestResults@2
displayName: 'Publish Unit Test Results'
inputs:
testResultsFormat: xUnit
testResultsFiles: '$(Build.SourcesDirectory)/artifacts/TestResults/**/*.xml'
mergeTestResults: true
searchFolder: $(System.DefaultWorkingDirectory)
testRunTitle: sign unit tests - $(Agent.JobName)
condition: succeededOrFailed()
- task: ComponentGovernanceComponentDetection@0
displayName: Component Governance scan
inputs:
ignoreDirectories: '$(Build.SourcesDirectory)/.packages,$(Build.SourcesDirectory)/artifacts/obj/Sign.Cli'
- template: /eng/common/templates-official/post-build/post-build.yml@self
parameters:
publishingInfraVersion: 3
enableSymbolValidation: true
enableSourceLinkValidation: true
validateDependsOn:
- Build_Windows
publishDependsOn:
- Validate
# This is to enable SDL runs part of Post-Build Validation Stage
SDLValidationParameters:
enable: true
params: ' -SourceToolsList @("policheck","credscan")
-TsaInstanceURL $(_TsaInstanceURL)
-TsaProjectName $(_TsaProjectName)
-TsaNotificationEmail $(_TsaNotificationEmail)
-TsaCodebaseAdmin $(_TsaCodebaseAdmin)
-TsaBugAreaPath $(_TsaBugAreaPath)
-TsaIterationPath $(_TsaIterationPath)
-TsaRepositoryName dotnet-sign
-TsaCodebaseName dotnet-sign
-TsaOnboard $True
-TsaPublish $True
-PoliCheckAdditionalRunConfigParams @("UserExclusionPath < $(Build.SourcesDirectory)/eng/PoliCheckExclusions.xml")'
================================================
FILE: .vsts-pr.yml
================================================
# Pipeline: https://dev.azure.com/dnceng-public/public/_build?definitionId=231
variables:
- name: _TeamName
value: DotNetCore
- name: Build.Repository.Clean
value: true
trigger:
batch: true
branches:
include:
- main
paths:
exclude:
- "*.md"
stages:
- stage: Build_Windows
displayName: Build Windows
jobs:
- template: /eng/common/templates/jobs/jobs.yml
parameters:
enableMicrobuild: true
jobs:
- job: Windows
pool: # See https://helix.dot.net/ for VM names.
name: NetCore-Public
demands: ImageOverride -equals windows.vs2022.amd64.open
variables:
- name: _SignType
value: test
strategy:
matrix:
Release:
_BuildConfig: Release
steps:
- script: eng\common\CIBuild.cmd
-configuration $(_BuildConfig)
-prepareMachine
name: Build
displayName: Build and run tests
condition: succeeded()
- task: PublishTestResults@2
displayName: 'Publish test results'
inputs:
testResultsFormat: xUnit
testResultsFiles: '$(Build.SourcesDirectory)/artifacts/TestResults/**/*.xml'
mergeTestResults: true
searchFolder: $(System.DefaultWorkingDirectory)
testRunTitle: sign unit tests - $(Agent.JobName)
condition: succeededOrFailed()
- task: PublishBuildArtifacts@1
displayName: 'Publish log files on failure'
inputs:
PathtoPublish: '$(Build.SourcesDirectory)/artifacts/log/$(_BuildConfig)'
ArtifactName: 'Logs'
publishLocation: 'Container'
condition: failed()
================================================
FILE: CODE-OF-CONDUCT.md
================================================
# Code of Conduct
This project has adopted the code of conduct defined by the Contributor Covenant
to clarify expected behavior in our community.
For more information, see the [.NET Foundation Code of Conduct](https://dotnetfoundation.org/code-of-conduct).
================================================
FILE: Directory.Build.props
================================================
<?xml version="1.0" encoding="utf-8"?>
<Project>
<Import Project="Sdk.props" Sdk="Microsoft.DotNet.Arcade.Sdk" />
<PropertyGroup>
<CheckForOverflowUnderflow>true</CheckForOverflowUnderflow>
<Copyright>$(CopyrightNetFoundation)</Copyright>
<DebugSymbols>true</DebugSymbols>
<DebugType>embedded</DebugType>
<Deterministic>true</Deterministic>
<EnableXlfLocalization>true</EnableXlfLocalization>
<Features>strict</Features>
<ImplicitUsings>enable</ImplicitUsings>
<!--
Tools and packages produced by this repository support infrastructure and are not shipping on NuGet or via any other official channel.
This default is overridden in shipping projects.
-->
<IsShipping>false</IsShipping>
<LangVersion>Latest</LangVersion>
<!-- CS8002: some dependencies are not strong name signed. -->
<NoWarn>CS8002</NoWarn>
<Nullable>enable</Nullable>
<PackageLicenseExpression>MIT</PackageLicenseExpression>
<RuntimeIdentifier>win-x64</RuntimeIdentifier>
<TargetFramework>net8.0</TargetFramework>
<TreatWarningsAsErrors>True</TreatWarningsAsErrors>
<UpdateXlfOnBuild Condition="'$(CI)' != '1'">true</UpdateXlfOnBuild>
</PropertyGroup>
<PropertyGroup>
<UseAppHost>false</UseAppHost>
</PropertyGroup>
<PropertyGroup>
<RepositoryRootDirectory>$(MSBuildThisFileDirectory)</RepositoryRootDirectory>
</PropertyGroup>
<ItemGroup>
<InternalsVisibleTo Include="DynamicProxyGenAssembly2" PublicKey="0024000004800000940000000602000000240000525341310004000001000100c547cac37abd99c8db225ef2f6c8a3602f3b3606cc9891605d02baa56104f4cfc0734aa39b93bf7852f7d9266654753cc297e7d2edfe0bac1cdcf9f717241550e0a7b191195b7667bb4f64bcb8e2121380fd1d9d46ad2d92d2d15605093924cceaf74c4861eff62abf69b9291ed0a340e113be11e6a7d3113e92484cf7045cc7" />
</ItemGroup>
</Project>
================================================
FILE: Directory.Build.targets
================================================
<?xml version="1.0" encoding="utf-8"?>
<Project>
<Import Project="Sdk.targets" Sdk="Microsoft.DotNet.Arcade.Sdk" />
</Project>
================================================
FILE: Directory.Packages.props
================================================
<?xml version="1.0" encoding="utf-8"?>
<Project>
<PropertyGroup>
<ManagePackageVersionsCentrally>true</ManagePackageVersionsCentrally>
<CentralPackageTransitivePinningEnabled>true</CentralPackageTransitivePinningEnabled>
</PropertyGroup>
<ItemGroup>
<PackageVersion Include="Azure.CodeSigning.Sdk" Version="0.1.164" />
<PackageVersion Include="Azure.Core" Version="1.54.0" />
<PackageVersion Include="Azure.Identity" Version="1.21.0" />
<PackageVersion Include="Azure.Security.KeyVault.Certificates" Version="4.8.0" />
<PackageVersion Include="Azure.Security.KeyVault.Keys" Version="4.9.0" />
<PackageVersion Include="AzureSign.Core" Version="7.0.1" />
<PackageVersion Include="coverlet.collector" Version="10.0.0" />
<PackageVersion Include="Microsoft.AspNetCore.Server.Kestrel" Version="2.3.9" />
<PackageVersion Include="Microsoft.Dynamics.BusinessCentral.Sip.Main" Version="24.0.15760" />
<PackageVersion Include="Microsoft.Extensions.Azure" Version="1.14.0" />
<PackageVersion Include="Microsoft.Extensions.Configuration.EnvironmentVariables" Version="10.0.7" />
<PackageVersion Include="Microsoft.Extensions.Configuration.Json" Version="10.0.7" />
<PackageVersion Include="Microsoft.Extensions.FileSystemGlobbing" Version="10.0.7" />
<PackageVersion Include="Microsoft.Extensions.Logging" Version="10.0.7" />
<PackageVersion Include="Microsoft.Extensions.Logging.Console" Version="10.0.7" />
<!-- Only use release versions. Pre-release versions are signed with an untrusted certificate. -->
<PackageVersion Include="Microsoft.Windows.SDK.BuildTools" Version="10.0.28000.1721" />
<!-- We're staying on 4.18.4 until we migrate to another mocking framework.
See https://github.com/dotnet/runtime/issues/90222 and https://github.com/devlooped/moq/issues/1374
for context. -->
<PackageVersion Include="Moq" Version="4.18.4" />
<PackageVersion Include="NuGet.Packaging" Version="7.3.1" />
<PackageVersion Include="NuGet.Protocol" Version="7.3.1" />
<PackageVersion Include="System.CommandLine" Version="2.0.7" />
<PackageVersion Include="System.Security.Cryptography.Pkcs" Version="10.0.7" />
<PackageVersion Include="System.Security.Cryptography.Xml" Version="10.0.7" />
<PackageVersion Include="System.Text.Json" Version="10.0.7" />
</ItemGroup>
</Project>
================================================
FILE: LICENSE.txt
================================================
The MIT License (MIT)
Copyright (c) .NET Foundation and Contributors
All rights reserved.
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
================================================
FILE: NuGet.Config
================================================
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<packageSources>
<clear />
<add key="dotnet-eng" value="https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-eng/nuget/v3/index.json" />
<add key="dotnet-public" value="https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public/nuget/v3/index.json" />
<add key="dotnet-tools" value="https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-tools/nuget/v3/index.json" />
</packageSources>
<packageSourceMapping>
<clear />
<packageSource key="dotnet-eng">
<package pattern="MicroBuild.Core.Sentinel" />
<package pattern="Microsoft.*" />
</packageSource>
<packageSource key="dotnet-public">
<package pattern="Azure.*" />
<package pattern="AzureSign.Core" />
<!-- Used by Arcade -->
<package pattern="binlogtool" />
<package pattern="Castle.Core" />
<package pattern="coverlet.collector" />
<package pattern="MicroBuild.Core" />
<package pattern="Microsoft.*" />
<package pattern="Moq" />
<package pattern="Newtonsoft.Json" />
<package pattern="NuGet.*" />
<!-- Used by Arcade -->
<package pattern="sourcelink" />
<package pattern="System.*" />
<package pattern="vswhere" />
<package pattern="xunit.*" />
</packageSource>
<packageSource key="dotnet-tools">
<package pattern="sn" />
</packageSource>
</packageSourceMapping>
<disabledPackageSources>
<clear />
</disabledPackageSources>
</configuration>
================================================
FILE: README.md
================================================
# Sign CLI
[<img align="right" src="https://xunit.net/images/dotnet-fdn-logo.png" width="100" />](https://www.dotnetfoundation.org/)
This project aims to make it easier to integrate secure code signing into a CI pipeline by using cloud-based hardware security module(HSM)-protected keys. This project is part of the [.NET Foundation](https://www.dotnetfoundation.org/) and operates under their [code of conduct](https://www.dotnetfoundation.org/code-of-conduct). It is licensed under [MIT](https://opensource.org/licenses/MIT) (an OSI approved license).
You can find the latest version of Sign CLI on [NuGet.org](https://www.nuget.org/packages/sign).
## Prerequisites
- An up-to-date x64-based version of Windows currently in [mainstream support](https://learn.microsoft.com/lifecycle/products/)
- [.NET 8 SDK or later](https://dotnet.microsoft.com/download)
- [Microsoft Visual C++ 14 runtime](https://aka.ms/vs/17/release/vc_redist.x64.exe)
## Install
To install Sign CLI in the current directory, open a command prompt and execute:
```
dotnet tool install --tool-path . --prerelease sign
```
To run Sign CLI, execute `sign` from the same directory.
## Design
Given an initial file path or glob pattern, this tool recursively searches directories and containers to find signable files and containers. For each signable artifact, the tool uses an implementation of [`System.Security.Cryptography.RSA`](https://learn.microsoft.com/dotnet/api/system.security.cryptography.rsa?view=net-8.0) that delegates the signing operation to Azure Key Vault. The tool computes a digest (or hash) of the to-be-signed content and submits the digest --- not the original content --- to Azure Key Vault for digest signing. The returned raw signature value is then incorporated in whatever signature format is appropriate for the file type. Signable content is not sent to Azure Key Vault.
While the current version is limited to RSA and Azure Key Vault, it is desirable to support ECDSA and other cloud providers in the future.
## Supported File Types
- `.msi`, `.msp`, `.msm`, `.cab`, `.dll`, `.exe`, `.appx`, `.appxbundle`, `.msix`, `.msixbundle`, `.sys`, `.vxd`, `.ps1`, `.psm1`, and any portable executable (PE) file (via [AzureSignTool](https://github.com/vcsjones/AzureSignTool))
- `.vsix`
- ClickOnce `.application` and `.vsto` (via `Mage`). Notes below.
- `.nupkg`
## ClickOnce
There are a couple of possibilities for signing ClickOnce packages.
Generally you will want to sign an entire package and all its contents i.e. the deployment manifest (`.application` or `.vsto`),
application manifest (`.exe.manifest` or `.dll.manifest`) and the underlying `.exe` and `.dll` files themselves.
To do this, ensure that the entire contents of the package are available (i.e. the whole `publish` folder from your build) and pass
the deployment manifest as the file to sign - the rest of the files will be detected and signed in the proper order automatically.
You can also re-sign just the deployment manifest in case you want to e.g. change the Deployment URL but leave the rest of the contents the
same. To do this, pass the deployment manifest as the file to sign as in the case above, but just don't have the rest of the files
present on-disk alongside it. This tool will detect that they're missing and just update the signature on the deployment manifest.
Note that this is strictly for re-signing an already-signed deployment manifest - you cannot have a signed deployment manifest that
points to an un-signed application manifest. You must also take care to sign all manifests with the same certificate otherwise the application
will not install.
You should also use the `filter` parameter with the file list to sign, something like this:
```
**/ProjectAddIn1.*
**/setup.exe
```
## Best Practices
* Create a [ServicePrincipal with minimum permissions](https://learn.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal). Note that you do not need to assign any subscription-level roles to this identity. Only access to Key Vault is required.
* Follow [Best practices for using Azure Key Vault](https://learn.microsoft.com/azure/key-vault/general/best-practices). The Premium SKU is required for code signing certificates to meet key storage requirements.
* If using Azure role-based access control (RBAC), [configure your signing account to have these roles](https://learn.microsoft.com/azure/key-vault/general/rbac-guide?tabs=azure-portal):
- Key Vault Reader
- Key Vault Crypto User
* If using Azure Key Vault access policies, [configure an access policy](https://learn.microsoft.com/azure/key-vault/general/assign-access-policy?tabs=azure-portal) for your signing account to have minimal permissions:
- Key permissions
- Cryptographic Operations
- Sign
- Key Management Operations
- Get _(Note: this is only for the public key not the private key.)_
- Certificate permissions
- Certificate Management Operations
- Get
* Isolate signing operations in a separate leg of your build pipeline.
* Ensure that this CLI and all input and output files are in a directory under your control.
* Execute this CLI as a standard user. Elevation is not required.
* Use [OIDC authentication from your GitHub Action to Azure](https://learn.microsoft.com/azure/developer/github/connect-from-azure?tabs=azure-portal%2Cwindows#use-the-azure-login-action-with-openid-connect).
## Sample Workflows
* [Azure DevOps Pipelines](./docs/azdo-build-and-sign.yml)
* [GitHub Actions](./docs/gh-build-and-sign.yml)
Code signing is a complex process that may involve multiple signing formats and artifact types. Some artifacts are containers that contain other signable file types. For example, NuGet Packages (`.nupkg`) frequently contain `.dll` files. The signing tool will sign all files inside-out, starting with the most nested files and then the outer files, ensuring everything is signed in the correct order.
Signing `.exe`/`.dll` files, and other Authenticode file types is only possible on Windows at this time. The recommended solution is to build on one agent and sign on another using jobs or stages where the signing steps run on Windows. Running code signing on a separate stage to ensure secrets aren't exposed to the build stage.
### Build Variables
The following information is needed for the signing build:
* `Tenant Id` Azure AD tenant
* `Client Id` / `Application Id` ServicePrincipal identifier
* `Key Vault Url` Url to Key Vault. Must be a Premium Sku for EV code signing certificates and all certificates issued after June 2023
* `Certificate Id` Id of the certificate in Key Vault.
* `Client Secret` for Azure DevOps Pipelines
* `Subscription Id` for GitHub Actions
## Creating a code signing certificate in Azure Key Vault
Code signing certificates must use the `RSA-HSM` key type to ensure the private keys are stored in a FIPS 140-2 compliant manner. While you can import a certificate from a PFX file, if available, the most secure option is to create a new Certificate Signing Request to provide to your certificate authority, and then merge in the public certificate they issue. Detailed steps are available [here](https://learn.microsoft.com/answers/questions/732422/ev-code-signing-with-azure-keyvault-and-azure-pipe).
## Migrating from the legacy code signing service
If you've been using the legacy code signing service, using `SignClient.exe` to upload files for signing, you can use your existing certificate and Key Vault with this new tool. You will need to create a new ServicePrincipal and assign it permissions as described above.
## FAQ
### What signature algorithms are supported?
At this time, only RSA PKCS #1 v1.5 is supported.
ECDSA is not supported. Not only do some signature providers not support ECDSA, [the Microsoft Trusted Root Program does not support ECDSA code signing.](https://learn.microsoft.com/security/trusted-root/program-requirements#b-signature-requirements)
> **Please Note**: Signatures using elliptical curve cryptography (ECC), such as ECDSA, aren't supported in Windows and newer Windows security features. Users utilizing these algorithms and certificates will face various errors and potential security risks. The Microsoft Trusted Root Program recommends that ECC/ECDSA certificates shouldn't be issued to subscribers due to this known incompatibility and risk.
## Useful Links
* [Issue Triage Policy](triage-policy.md)
================================================
FILE: SECURITY.md
================================================
<!-- BEGIN MICROSOFT SECURITY.MD V0.0.7 BLOCK -->
## Security
Microsoft takes the security of our software products and services seriously, which includes all source code repositories managed through our GitHub organizations, which include [Microsoft](https://github.com/Microsoft), [Azure](https://github.com/Azure), [DotNet](https://github.com/dotnet), [AspNet](https://github.com/aspnet), [Xamarin](https://github.com/xamarin), and [our GitHub organizations](https://opensource.microsoft.com/).
Microsoft serves as the primary maintainer of this repository. If you believe you have found a security vulnerability that meets [Microsoft's definition of a security vulnerability](https://aka.ms/opensource/security/definition), please report it to us as described below.
## Reporting Security Issues
**Please do not report security vulnerabilities through public GitHub issues.**
Instead, please report them to the Microsoft Security Response Center (MSRC) at [https://msrc.microsoft.com/create-report](https://aka.ms/opensource/security/create-report).
If you prefer to submit without logging in, send email to [secure@microsoft.com](mailto:secure@microsoft.com). If possible, encrypt your message with our PGP key; please download it from the [Microsoft Security Response Center PGP Key page](https://aka.ms/opensource/security/pgpkey).
You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. Additional information can be found at [microsoft.com/msrc](https://aka.ms/opensource/security/msrc).
Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue:
* Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
* Full paths of source file(s) related to the manifestation of the issue
* The location of the affected source code (tag/branch/commit or direct URL)
* Any special configuration required to reproduce the issue
* Step-by-step instructions to reproduce the issue
* Proof-of-concept or exploit code (if possible)
* Impact of the issue, including how an attacker might exploit the issue
This information will help us triage your report more quickly.
If you are reporting for a bug bounty, more complete reports can contribute to a higher bounty award. Please visit our [Microsoft Bug Bounty Program](https://aka.ms/opensource/security/bounty) page for more details about our active programs.
## Preferred Languages
We prefer all communications to be in English.
## Policy
Microsoft follows the principle of [Coordinated Vulnerability Disclosure](https://aka.ms/opensource/security/cvd).
<!-- END MICROSOFT SECURITY.MD BLOCK -->
================================================
FILE: SdkTools.props
================================================
<?xml version="1.0" encoding="utf-8"?>
<Project>
<ItemGroup>
<PackageReference Include="Microsoft.Windows.SDK.BuildTools" IncludeAssets="build" PrivateAssets="all" />
<PackageReference Include="Microsoft.Dynamics.BusinessCentral.Sip.Main" GeneratePathProperty="true" ExcludeAssets="All" />
</ItemGroup>
<PropertyGroup>
<NetSdkBinDir Condition=" '$(NetSdkBinDir)' == '' ">$(MSBuildProgramFiles32)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools</NetSdkBinDir>
</PropertyGroup>
<ItemGroup>
<SdkFile64 Include="$(WindowsSDKBuildToolsBinVersionedFolder)\x64\appxsip.dll" />
<SdkFile64 Include="$(WindowsSDKBuildToolsBinVersionedFolder)\x64\appxpackaging.dll" />
<SdkFile64 Include="$(WindowsSDKBuildToolsBinVersionedFolder)\x64\opcservices.dll" />
<SdkFile64 Include="$(WindowsSDKBuildToolsBinVersionedFolder)\x64\Microsoft.Windows.Build.Appx.AppxPackaging.dll.manifest" />
<SdkFile64 Include="$(WindowsSDKBuildToolsBinVersionedFolder)\x64\Microsoft.Windows.Build.Appx.AppxSip.dll.manifest" />
<SdkFile64 Include="$(WindowsSDKBuildToolsBinVersionedFolder)\x64\Microsoft.Windows.Build.Appx.OpcServices.dll.manifest" />
<SdkFile64 Include="$(WindowsSDKBuildToolsBinVersionedFolder)\x64\Microsoft.Windows.Build.Signing.mssign32.dll.manifest" />
<SdkFile64 Include="$(WindowsSDKBuildToolsBinVersionedFolder)\x64\Microsoft.Windows.Build.Signing.wintrust.dll.manifest" />
<SdkFile64 Include="$(WindowsSDKBuildToolsBinVersionedFolder)\x64\makeappx.exe" />
<SdkFile64 Include="$(WindowsSDKBuildToolsBinVersionedFolder)\x64\makepri.exe" />
<SdkFile64 Include="$(WindowsSDKBuildToolsBinVersionedFolder)\x64\mssign32.dll" />
<SdkFile64 Include="$(WindowsSDKBuildToolsBinVersionedFolder)\x64\wintrust.dll" />
<SdkFile64 Include="$(WindowsSDKBuildToolsBinVersionedFolder)\x64\wintrust.dll.ini" />
<SdkFile64 Include="$(WindowsSDKBuildToolsBinVersionedFolder)\x64\SignTool.exe.manifest" />
<SdkFile64 Include="$(PkgMicrosoft_Dynamics_BusinessCentral_Sip_Main)\x64\NavSip.dll" />
<SdkFile86 Include="$(NetSdkBinDir)\mage.exe" />
</ItemGroup>
<Target Name="CopySdkFiles" AfterTargets="Build">
<Copy SourceFiles="@(SdkFile64)" DestinationFolder="$(OutputPath)\tools\SDK\x64" SkipUnchangedFiles="true" />
<Copy SourceFiles="@(SdkFile86)" DestinationFolder="$(OutputPath)\tools\SDK\x86" SkipUnchangedFiles="true" />
</Target>
<Target Name="UpdateWintrust" AfterTargets="Build">
<PropertyGroup>
<PowerShellFilePath Condition=" '$(PowerShellFilePath)' == '' ">%WINDIR%\System32\WindowsPowerShell\v1.0\powershell.exe</PowerShellFilePath>
<ScriptFilePath Condition=" '$(ScriptFilePath)' == '' ">$(RepositoryRootDirectory)\scripts\UpdateWintrust.ps1</ScriptFilePath>
</PropertyGroup>
<Exec Command="$(PowerShellFilePath) -NonInteractive -NoProfile -ExecutionPolicy Unrestricted -Command "& { &'$(ScriptFilePath)' '$(OutputPath)tools\SDK\x64\wintrust.dll.ini' } "" LogStandardErrorAsError="true" />
</Target>
<ItemGroup>
<Content Include="@(SdkFile64)" Exclude="$(WindowsSDKBuildToolsBinVersionedFolder)\x64\wintrust.dll.ini">
<Pack>true</Pack>
<PackagePath>tools\$(TargetFramework)\any\tools\SDK\x64</PackagePath>
<Visible>false</Visible>
</Content>
<Content Include="$(OutputPath)\tools\SDK\x64\wintrust.dll.ini">
<Pack>true</Pack>
<PackagePath>tools\$(TargetFramework)\any\tools\SDK\x64</PackagePath>
<Visible>false</Visible>
</Content>
<Content Include="@(SdkFile86)">
<Pack>true</Pack>
<PackagePath>tools\$(TargetFramework)\any\tools\SDK\x86</PackagePath>
<Visible>false</Visible>
</Content>
</ItemGroup>
</Project>
================================================
FILE: THIRD-PARTY-NOTICES.txt
================================================
.NET Core uses third-party libraries or other resources that may be
distributed under licenses different than the .NET Core software.
Attributions and license notices for test cases originally authored by
third parties can be found in the respective test directories.
In the event that we accidentally failed to list a required notice, please
bring it to our attention. Post an issue or email us:
dotnet@microsoft.com
The attached notices are provided for information only.
License notice for .NET Reference Source
-------------------------------
The MIT License (MIT)
Copyright (c) Microsoft Corporation
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
Available at https://github.com/microsoft/referencesource/blob/master/LICENSE.txt
License notice for Azure SDK for .NET
-------------------------------
The MIT License (MIT)
Copyright (c) 2015 Microsoft
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
Available at https://github.com/Azure/azure-sdk-for-net/blob/main/LICENSE.txt
License notice for FiddlerCert
-------------------------------
The MIT License (MIT)
Copyright (c) 2015 Kevin Jones
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
Available at https://github.com/vcsjones/FiddlerCert/blob/main/license.txt
License notice for Wyam
-------------------------------
The MIT License (MIT)
Copyright (c) 2014 Dave Glick
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
Available at https://github.com/Wyamio/Wyam/blob/develop/LICENSE
License notice for OpenOpcSignTool
-------------------------------
MIT License
Copyright (c) 2017 Kevin Jones
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
Available at https://github.com/vcsjones/OpenOpcSignTool/blob/main/LICENSE
License notice for NuGetKeyVaultSignTool
-------------------------------
The MIT License (MIT)
Copyright (c) Claire Novotny
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
Available at https://github.com/novotnyllc/NuGetKeyVaultSignTool/blob/main/LICENSE
================================================
FILE: docs/artifact-signing-integration.md
================================================
# Artifact Signing integration for Sign CLI
This document explains how to use the Sign CLI with a Artifact Signing account to perform code signing using the Artifact Signing provider. See `docs/signing-tool-spec.md` for higher-level background of this tool and the implementation at `src/Sign.SignatureProviders.TrustedSigning` for details.
## Overview
The Sign CLI includes a `artifact-signing` provider that invokes the Artifact Signing service to obtain certificates and perform remote sign operations. The CLI uses the Azure SDK (`Azure.Identity`) for authentication.
Key concepts for this provider:
- Endpoint: the service URL for the Artifact Signing account.
- Account name: the account within the Artifact Signing service.
- Certificate profile: the certificate profile configured in the account that will be used to sign.
For more information, see the Artifact Signing [setup documentation](https://learn.microsoft.com/azure/artifact-signing/quickstart).
## Prerequisites
- An Azure subscription and a Artifact Signing account with at least one active certificate profile.
- An identity (user, service principal, or managed identity) that has the `Artifact Signing Certificate Profile Signer` permission to perform signing.
## How the CLI authenticates
Sign CLI uses Azure.Identity's credential chain by default (DefaultAzureCredential). This means the CLI will try an authentication flow automatically (Azure CLI login, environment variables for a service principal, managed identity, etc.). You may also explicitly choose a credential type with `--azure-credential-type`.
## CLI options for Artifact Signing
The Artifact Signing subcommand is `sign code artifact-signing` and it requires the following options (short forms shown):
- `--artifact-signing-endpoint`, `-ase` : the Artifact Signing service endpoint (URL).
- `--artifact-signing-account`, `-asa` : the account name in the Artifact Signing service.
- `--artifact-signing-certificate-profile`, `-ascp` : the certificate profile name to use for signing.
The Azure authentication options are available on the same command and include `--azure-credential-type` (`-act`) and managed identity options such as `--managed-identity-client-id` (`-mici`). By default, the CLI uses DefaultAzureCredential.
## Examples
Replace placeholders with your values.
Example — sign a file using your current Azure CLI login (DefaultAzureCredential):
```powershell
# Ensure you're signed into Azure CLI
az login
# Sign a file using Artifact Signing
sign code artifact-signing `
-ase https://<your-artifact-signing-endpoint> `
-asa <your-account-name> `
-ascp <your-certificate-profile> `
C:\path\to\artifact.dll
```
Example — service principal (PowerShell session variables; prefer secrets or pipeline variables in CI):
```powershell
$env:AZURE_CLIENT_ID = 'your-client-id'
$env:AZURE_TENANT_ID = 'your-tenant-id'
sign code artifact-signing `
-ase https://<your-artifact-signing-endpoint> `
-asa <your-account-name> `
-ascp <your-certificate-profile> `
C:\path\to\artifact.dll
```
Example — managed identity (useful for Azure-hosted agents):
```powershell
# Use managed identity by selecting the credential type explicitly and, if needed, the client id
sign code artifact-signing `
-ase https://<your-artifact-signing-endpoint> `
-asa <your-account-name> `
-ascp <your-certificate-profile> `
-act managed-identity `
-mici <managed-identity-client-id> `
C:\path\to\artifact.dll
```
Notes:
- If you omit `-act`, the CLI uses DefaultAzureCredential, which already supports Azure CLI, environment variables for service principals, managed identities, and workload identity flows.
- The endpoint URL and exact account/profile names are provided by your Artifact Signing onboarding or Azure portal.
## CI/CD integration tips
- Prefer federated identity (OIDC) or managed identities for CI agents to avoid long-lived secrets. Sign CLI supports workload and managed identity credential flows.
- Store any required values (endpoint, account, certificate profile) as pipeline secrets or protected variables.
## Troubleshooting
- Authentication errors: verify the authentication method (Azure CLI login, environment variables, or managed identity) and that the identity has permission to the Artifact Signing account.
- Permission errors: ensure your principal has the necessary rights on the Artifact Signing account and certificate profile. If unsure, contact your Azure admin or the team that provisioned the Artifact Signing account.
- Endpoint/profile not found: confirm the exact endpoint URL, account name, and certificate profile name from your Artifact Signing account metadata or onboarding docs.
- See the [Artifact Signing FAQ](https://learn.microsoft.com/azure/artifact-signing/faq) for more information.
## Where to look in this repository
- Implementation of the provider: `src/Sign.SignatureProviders.ArtifactSigning` (see `ArtifactSigningService.cs`, `RSAArtifactSigning.cs` and `ArtifactSigningServiceProvider.cs`).
- CLI wiring: `src/Sign.Cli/ArtifactSigningCommand.cs` (shows required flags and how Azure credentials are constructed).
================================================
FILE: docs/azdo-build-and-sign.yml
================================================
trigger:
- main
- rel/*
pr:
- main
- rel/*
stages:
- stage: Build
jobs:
- job: Build
pool:
vmImage: ubuntu-latest
variables:
BuildConfiguration: Release
steps:
# Build steps
- task: UseDotNet@2
displayName: 'Use .NET SDK 6.x'
inputs:
version: 6.x
- task: DotNetCoreCLI@2
inputs:
command: pack
packagesToPack: src/AClassLibrary/AClassLibrary.csproj
configuration: $(BuildConfiguration)
packDirectory: $(Build.ArtifactStagingDirectory)/Packages
verbosityPack: Minimal
displayName: Build Package
# Publish the artifacts to sign and the file list, if any, as artifacts for the signing stage
- publish: $(Build.ArtifactStagingDirectory)/Packages
displayName: Publish Build Artifacts
artifact: BuildPackages
- publish: config
displayName: Publish signing file list
artifact: config
- stage: CodeSign
dependsOn: Build
condition: and(succeeded('Build'), not(eq(variables['build.reason'], 'PullRequest'))) # Only run this stage on pushes to the main branch
jobs:
- job: CodeSign
displayName: Code Signing
pool:
vmImage: windows-latest # Code signing must run on a Windows agent for Authenticode signing (dll/exe)
variables:
- group: Sign Client Credentials # This is a variable group with secrets in it
steps:
# Retreive unsigned artifacts and file list
- download: current
artifact: config
displayName: Download signing file list
- download: current
artifact: BuildPackages
displayName: Download build artifacts
- task: UseDotNet@2
displayName: 'Use .NET SDK 6.x'
inputs:
version: 6.x
# Install the code signing tool
- task: DotNetCoreCLI@2
inputs:
command: custom
custom: tool
arguments: install --tool-path . sign --version 0.9.0-beta.23127.3
displayName: Install SignTool tool
# Run the signing command
- pwsh: |
.\sign code azure-key-vault `
"**/*.nupkg" `
--base-directory "$(Pipeline.Workspace)\BuildPackages" `
--file-list "$(Pipeline.Workspace)\config\filelist.txt" `
--publisher-name "Contoso" `
--description "One Sign CLI demo" `
--description-url "https://github.com/dotnet/sign" `
--azure-key-vault-tenant-id "$(SignTenantId)" `
--azure-key-vault-client-id "$(SignClientId)" `
--azure-key-vault-client-secret '$(SignClientSecret)' `
--azure-key-vault-certificate "$(SignKeyVaultCertificate)" `
--azure-key-vault-url "$(SignKeyVaultUrl)"
displayName: Sign packages
# Publish the signed packages
- publish: $(Pipeline.Workspace)/BuildPackages
displayName: Publish Signed Packages
artifact: SignedPackages
================================================
FILE: docs/comparisons.md
================================================
# Signing Comparisons
## NuGet
The following tables summarize differences between NuGet, dotnet, and Sign CLI's.
### Features
Feature | NuGet CLI | dotnet CLI | Sign CLI
-- | -- | -- | --
Use signing certificate from the file system | ✔️ | ✔️ | ❌
Use signing certificate from a local store | ✔️ | ✔️ | ❌
Use signing certificate from Azure Key Vault | ❌ | ❌ | ✔️
Identify signing certificate by fingerprint | ✔️ | ✔️ | ❌
Identify signing certificate by subject name | ✔️ | ✔️ | ❌
Identify signing certificate by name (user-defined) | ❌ | ❌ | ✔️
Can skip timestamping | ✔️ | ✔️ | ❌
Opt-in required to overwrite already signed package | ✔️ | ✔️ | ❌
Can sign files (e.g.: *.dll) inside package | ❌ | ❌ | ✔️
Can verify signed package | ✔️ | ✔️ | ❌
### Platform support
Platform | NuGet CLI | dotnet CLI | Sign CLI
-- | -- | -- | --
Windows x86 | ✔️ | ✔️ | ❌
Windows x64 | ✔️ | ✔️ | ✔️
Windows ARM64 | ❌ | ✔️ | ❌
Linux | ❌ | ✔️* | ❌
macOS | ❌ | ✔️* | ❌
\* NuGet signs packages not files within a package (e.g.: DLL's). On every platform where signing is supported, it is possible to sign a package that contains signable files which are unsigned. Because Authenticode signing is only available on Windows, signing a NuGet package on Linux or macOS can more easily result in a signed package with unsigned files inside. See https://github.com/NuGet/Home/issues/12362.
### Requirements
Requirement | NuGet CLI | dotnet CLI | Sign CLI
-- | -- | -- | --
.NET Framework | ✔️ (>= 4.7.2) | ❌ | ❌
.NET SDK | ❌ | ✔️ (>= 5 on Windows, >= 7 on Linux, N/A on macOS) | ❌
.NET Runtime | ❌ | ❌ | ✔️ (>= 6)
## References
* [sign command (NuGet CLI)](https://learn.microsoft.com/en-us/nuget/reference/cli-reference/cli-ref-sign)
* [dotnet nuget sign](https://learn.microsoft.com/en-us/dotnet/core/tools/dotnet-nuget-sign)
================================================
FILE: docs/file-globbing.md
================================================
# File List Filtering and Globbing
The `code` signing command supports the `--file-list` or `-fl` option. This option specifies a file that contains paths of files to sign or to exclude from signing.
When using the file list option you must use a path relative to the working directory (or base directory, if used). You can change the base directory using `--base-directory` or `-b`.
Example:
`sign.exe code certificate-store -cf test.pfx -fl F:\Sign\file_sign_list.txt *`
## File List Format
You can provide a list of string patterns (one pattern per line) which describe files to include or exclude, or literal file paths. Filtering uses globbing, and supports advanced features such as brace expansion and negation.
The following is supported:
* Standard globbing: `*`, `?`, `**` wildcards.
* Brace expansion: `{a,b}` expands to both `a` and `b`.
- Nested braces also work: `a{b,c{d,e}f}g` expands to `abg` `acdfg` `acefg`
* Numeric ranges: `{1..3}` expands to `1`, `2`, `3`.
* Negation: Patterns starting with `!` exclude files matching that pattern.
* Escaping: Use `\{`, `\}`, or `\!` to treat these characters literally.
## Pattern Examples
| Pattern | Description | Matches Example(s) |
|------------------------|------------------------------------------|------------------------------|
|`File.appx` | Include `File.appx` | `File.appx` |
|`!Installer.msix` | Exclude `Installer.msix` | excludes `Installer.msix` |
|`*.txt` | All `.txt` files in the current directory | `file.txt`, `notes.txt` |
|`**/*.cs` | All `.cs` files in all subdirectories | `src/Program.cs` |
|`docs/{README,HELP}.md` | `docs/README.md` and `docs/HELP.md` | `docs/README.md`, `docs/HELP.md` |
|`images/*.{png,jpg}` | All `.png` and `.jpg` files in images | `images/a.png`, `images/b.jpg` |
|`file{1..3}.log` | `file1.log`, `file2.log`, `file3.log` | `file2.log` |
|`!bin/**` | Exclude everything under `bin` directory | excludes `bin/Debug/app.exe` |
|`foo/\{bar\}.txt` | Matches the literal file `foo/{bar}.txt` | `foo/{bar}.txt` |
|`!**/obj/**` | Exclude all files in any `obj` directory | excludes `foo/obj/out.log` |
================================================
FILE: docs/gh-build-and-sign.yml
================================================
name: Build and Sign
on:
push:
branches: [ "main" ]
pull_request:
branches: [ "main" ]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
# Build steps
- name: Setup .NET
uses: actions/setup-dotnet@v3
with:
dotnet-version: 6.x
- name: Build Package
run: dotnet pack --configuration Release src/AClassLibrary/AClassLibrary.csproj
# Publish the artifacts to sign and the file list, if any, as artifacts for the signing stage
- name: Upload signing file list
uses: actions/upload-artifact@v3
with:
name: config
path: config
- name: Upload build artifacts
uses: actions/upload-artifact@v3
with:
name: BuildArtifacts
path: src/AClassLibrary/bin/Release/**/*.nupkg
sign:
needs: build
runs-on: windows-latest # Code signing must run on a Windows agent for Authenticode signing (dll/exe)
if: ${{ github.ref == 'refs/heads/main' }} # Only run this job on pushes to the main branch
permissions:
id-token: write # Required for requesting the JWT
steps:
# Download signing configuration and artifacts
- name: Download signing config
uses: actions/download-artifact@v3
with:
name: config
path: config
- name: Download build artifacts
uses: actions/download-artifact@v3
with:
name: BuildArtifacts
path: BuildArtifacts
# .NET is required on the agent for the tool to run
- name: Setup .NET
uses: actions/setup-dotnet@v3
with:
dotnet-version: '9.x'
# Install the code signing tool
- name: Install Sign CLI tool
run: dotnet tool install --tool-path . --prerelease sign
# Login to Azure using a ServicePrincipal configured to authenticate agaist a GitHub Action
- name: 'Az CLI login'
uses: azure/login@v1
with:
allow-no-subscriptions: true
client-id: ${{ secrets.AZURE_CLIENT_ID }} # This does not need to be a secret and is just a placeholder
tenant-id: ${{ secrets.AZURE_TENANT_ID }} # This does not need to be a secret and is just a placeholder
# Run the signing command
- name: Sign artifacts
shell: pwsh
run: >
./sign code azure-key-vault
**/*.nupkg
--base-directory "${{ github.workspace }}/BuildArtifacts"
--file-list "${{ github.workspace }}/config/filelist.txt"
--publisher-name "Contoso"
--description "One Sign CLI demo"
--description-url "https://github.com/dotnet/sign"
--azure-credential-type "azure-cli"
--azure-key-vault-url "${{ secrets.KEY_VAULT_URL }}" # This does not need to be a secret and is just a placeholder
--azure-key-vault-certificate "${{ secrets.KEY_VAULT_CERTIFICATE_ID }}" # This does not need to be a secret and is just a placeholder
# Publish the signed packages
- name: Upload build artifacts
uses: actions/upload-artifact@v3
with:
name: SignedArtifacts
path: BuildArtifacts
================================================
FILE: docs/signing-tool-spec.md
================================================
# Signing CLI tool
## Background
Code signing is a way to provide tamper detection to binary files and provide a way of establishing identity. There are different code signing mechanisms, but the most common on Windows and .NET are based on X.509 certificates.
There are several technology areas within the Windows and .NET ecosystem that support code signing:
- PE files & certain scripts via Authenticode (dll, exe, ps1, sys)
- MSIX via Authenticode (msix, msixbundle) & related manifests
- Visual Studio Extensions (VSIX) via Open Packaging Convention
- ClickOnce & VSTO via Mage (XML Digital Signatures)
- NuGet Packages
Today each of these areas has their own tools (SignTool, VISXSignTool, Mage, NuGet) to create signatures. Each tool has its own set of parameters and are written to assume use of the local certificate store API's by default. Without a shared implementation, a new code signing requirement can require individual updates to each tool. In May 2022, the CA/Browser Forum updated its [baseline requirements for publicly trusted code signing certificates](https://cabforum.org/wp-content/uploads/Baseline-Requirements-for-the-Issuance-and-Management-of-Code-Signing.v3.2.pdf) to require that all new code signing certificates issued after June 2023 use hardware security modules (HSM's) to prevent private key theft. While some HSM's contain CSP/KSP support to expose certificates through Windows' certificate store API's, they frequently contain significant limitations, such as requiring an interactive session to authenticate to the device. This makes signing code in the cloud and on build agents extremely difficult for mainline scenarios.
There are many HSM cloud services, including Azure Key Vault, that meet the updated key storage requirements, however we do not have first-party support for signing code with those services. There are open source community solutions to fill this gap, such as:
* [AzureSignTool](https://github.com/vcsjones/AzureSignTool)
* [NuGetKeyVaultSignTool](https://github.com/novotnyllc/NuGetKeyVaultSignTool)
* [OpenOpcSignTool](https://github.com/vcsjones/OpenOpcSignTool)
The [.NET Foundation Signing Service](https://github.com/dotnet/sign/tree/legacy-service/servicing) builds on these solutions, adds additional supported file formats, and orchestrates signing the various file types in the right order.
While existing community solutions help, they leave the complicated work of signing the files in the right order to each user and support only Azure Key Vault. With the [announcement](https://techcommunity.microsoft.com/t5/security-compliance-and-identity/azure-code-signing-democratizing-trust-for-developers-and/ba-p/3604669) of Azure Code Signing and the move towards HSM's, there's a need to support multiple code signing providers in our signing tools.
## Challenges
There are a few challenges around code signing:
### Local Certificates
Today the code signing tooling in the Windows and .NET SDK uses PFX (public/private certificate key pair files or the local certificate store for obtaining certificates). There risks to this approach:
- PFX files are targets in data breaches; their passwords can be cracked
- Certificates in a local store can be used by any app/malware
- There’s no revocation mechanism for a user's access to the certificate; they always have it
- No auditing of signing operations possible
- EV code signing certificates aren’t easily supported as they require FIPS 140-2 hardware devices with drivers
In May 2022, the CA/Browser Forum updated its baseline requirements to require HSM's so local certificates will no longer be issued for publicly trusted code signing certificates. The only support the current signing tools have for this scenario is via CSP/KSP drivers provided by some HSM vendors, and those do not work well for cloud-based build agents. The current tools would need new investment to support different backends.
### Orchestration
An application/library package typically contains multiple assets that need to be signed. For example, a NuGet package (`.nupkg` file) contains `.dll` files that also must be signed. A ClickOnce or MSIX package also contains `.dll` or `.exe` files that need to be signed. A `.vsix` file can contain `.dll` files and `.nupkg` file that must be signed. These files need to be signed "inside out" to ensure the proper sequence. That is, a `.vsix` containing a `.nupkg` needs to extract the inner `.nupkg` to sign the contained `.dll` files, then sign the `.nupkg` and any other `.dll` files, then repack and sign the `.vsix`. Other types, like ClickOnce and MSIX may contain manifest files that also must be updated during these operations.
To properly sign all assets, multiple signing tools must be used, and each tool has its own command line syntax, options, and default. The process of code signing is error-prone and hard to get right. The signing tool addresses these challenges by unifying the interface into a single set of options.
## Proposal
Create a modern signing tool to eventually replace the existing tools. The tool will handle all of our first party signing formats, orchestrate signing files in the right order, and have extensibility to support multiple raw signature providers. As our customers use a variety of clouds and HSM's, the extensibility will enable us to meet our customers' needs wherever they store their certificates.
While some of this could be done via an MSBuild task, a CLI tool is preferable to MSBuild tasks for a couple reasons:
- **Performance:** During a build, many binary artifacts are created that need to be signed. A multi-targeted NuGet package may contain several `.dll` files. An application will likely contain more than one file that needs to be signed. It's much more efficient to pass them all to a signing tool where parallelism is possible than to sign during the inner-loop.
- **Security:** Code signing is a sensitive operation that requires credentials/secrets. Use of these secrets should be as limited as possible to prevent leakage into the rest of a build pipeline, such as log files or unrelated build tasks. Ideally, a CI pipeline should contain a separate stage for code signing to ensure that credentials are never unintentionally exposed to a build stage.
- **Platform:** Authenticode is currently limited to Windows. Thus, while it's possible to sign a NuGet or VSIX cross-platform, the DLL's inside can't be signed unless running on Windows. With the NuGet packages being developer-only artifacts--they're not shipped with the apps--it's critical that the DLL's inside are also signed. Builds for binaries may run on any platform, but as signing is a discreet step in most CI pipelines, it's reasonable to require a Windows build agent for this task.
### Roadmap
The scope of the preview release will be limited to the existing funtionality currently in the service. The remaining functionality in this spec will be delivered in a later 1.0 release. The .NET Foundation has a dependency on this tool being delivered by [June 30, 2023](https://learn.microsoft.com/en-us/answers/questions/768833/when-is-adal-and-azure-ad-graph-reaching-end-of-li.html).
#### Preview
**Goals**
- Support for Authenticode, VSIX, NuGet (author signature), ClickOnce
- Only run on Windows x64.
- Support a single certificate for all files in the operation.
**Non-Goals**
- Strong Name signing won't be in v1; guidance is to use an snk not based on a cert. If easy, perhaps can revisit.
- Containers, including Notary v2 support.
- Extensibility. v1 will support different signing providers.
- Support Authenticode on platforms other than Windows x64. Future work will be required to support ARM64 and non-Windows hosts. Support for certain file types may be limited due to platform support.
- Offline distribution.
#### v1
**Goals**
- Extensibility mechanism to support different code signing providers with a dynamic lookup so the core client remains agnostic of the backend
- Offline distribution for core plus backend provider
- Three providers: Certificate Store, Azure Key Vault, Azure Code Signing
- Support for additional formats: [.HLKX](https://github.com/dotnet/sign/issues/422), [VBA](https://github.com/dotnet/sign/issues/364)
- Verification of signatures
================================================
FILE: eng/PoliCheckExclusions.xml
================================================
<!-- Original source: https://github.com/dotnet/install-scripts/blob/707d374fc90068daedb5048ce95a1b34d269995e/eng/policheck_exclusions.xml -->
<PoliCheckExclusions>
<!-- All strings must be UPPER CASE -->
<!--Each of these exclusions is a folder name -if \[name]\exists in the file path, it will be skipped -->
<!--<Exclusion Type="FolderPathFull">ABC|XYZ</Exclusion>-->
<!--Each of these exclusions is a folder name -if any folder or file starts with "\[name]", it will be skipped -->
<!--<Exclusion Type="FolderPathStart">ABC|XYZ</Exclusion>-->
<!--Each of these file types will be completely skipped for the entire scan -->
<!--<Exclusion Type="FileType">.ABC|.XYZ</Exclusion>-->
<!--The specified file names will be skipped during the scan regardless which folder they are in -->
<!--<Exclusion Type="FileName">ABC.TXT|XYZ.CS</Exclusion>-->
<Exclusion Type="FolderPathFull">.DOTNET</Exclusion>
</PoliCheckExclusions>
================================================
FILE: eng/Signing.props
================================================
<?xml version="1.0" encoding="utf-8"?>
<Project>
<PropertyGroup>
<UseDotNetCertificate>true</UseDotNetCertificate>
</PropertyGroup>
<ItemGroup>
<ItemsToSign Remove="@(ItemsToSign)" />
<ItemsToSign Include="$(ArtifactsShippingPackagesDir)/*.nupkg" />
</ItemGroup>
<!--
These 3rd-party libraries are already 3rd party signed; however, we must add a second signature with this certificate.
-->
<ItemGroup>
<FileSignInfo Include="AzureSign.Core.dll" CertificateName="3PartySHA2" />
<FileSignInfo Include="Newtonsoft.Json.dll" CertificateName="3PartySHA2" />
<FileSignInfo Include="NuGetKeyVaultSignTool.Core.dll" CertificateName="3PartySHA2" />
<FileSignInfo Include="RSAKeyVaultProvider.dll" CertificateName="3PartySHA2" />
</ItemGroup>
</Project>
================================================
FILE: eng/Version.Details.xml
================================================
<?xml version="1.0" encoding="utf-8"?>
<Dependencies>
<Source Uri="https://github.com/dotnet/dotnet" Mapping="arcade" Sha="8b29a1682219da555ee27e4fdda55dc3884b316f" BarId="277635" />
<ProductDependencies>
</ProductDependencies>
<ToolsetDependencies>
<Dependency Name="Microsoft.DotNet.Arcade.Sdk" Version="10.0.0-beta.26222.2">
<Uri>https://github.com/dotnet/arcade</Uri>
<Sha>58713cb9a664ed67642127fcaf70b8c0c3b55ef2</Sha>
</Dependency>
</ToolsetDependencies>
</Dependencies>
================================================
FILE: eng/Versions.props
================================================
<Project>
<Import Project="Version.Details.props" Condition="Exists('Version.Details.props')" />
<PropertyGroup>
<!-- This repo version -->
<VersionPrefix>0.9.1</VersionPrefix>
<PreReleaseVersionLabel>beta</PreReleaseVersionLabel>
<!-- Don't allow netstandard1.x dependencies in this repository. -->
<FlagNetStandard1XDependencies>true</FlagNetStandard1XDependencies>
</PropertyGroup>
<!-- maintenance-packages -->
<PropertyGroup Condition="'$(DotNetBuildSourceOnly)' == 'true'">
<MicrosoftBclHashCodeVersion>6.0.0</MicrosoftBclHashCodeVersion>
<SystemMemoryVersion>4.6.3</SystemMemoryVersion>
<MicrosoftIORedistVersion>6.1.3</MicrosoftIORedistVersion>
</PropertyGroup>
<PropertyGroup Condition="'$(DotNetBuildSourceOnly)' != 'true'">
<MicrosoftBclHashCodeVersion>1.1.1</MicrosoftBclHashCodeVersion>
<SystemMemoryVersion>4.5.5</SystemMemoryVersion>
<MicrosoftIORedistVersion>6.0.1</MicrosoftIORedistVersion>
</PropertyGroup>
<PropertyGroup>
<!-- arcade -->
<MicrosoftDotNetSwaggerGeneratorMSBuildVersion>9.0.0-beta.24223.1</MicrosoftDotNetSwaggerGeneratorMSBuildVersion>
<!-- corefx -->
<SystemRuntimeInteropServicesRuntimeInformation>4.3.0</SystemRuntimeInteropServicesRuntimeInformation>
<!-- netstandard -->
<NETStandardLibraryVersion>2.0.3</NETStandardLibraryVersion>
<!-- nuget -->
<!-- Important: Don't version higher than what's available in the toolset SDK as
NuGet assemblies aren't redistributed with .NETCoreApp msbuild tasks. -->
<NuGetCommandsVersion>6.13.2</NuGetCommandsVersion>
<NuGetFrameworksVersion>6.13.2</NuGetFrameworksVersion>
<NuGetPackagingVersion>6.13.2</NuGetPackagingVersion>
<NuGetProjectModelVersion>6.13.2</NuGetProjectModelVersion>
<NuGetVersioningVersion>6.13.2</NuGetVersioningVersion>
<!-- runtime -->
<MicrosoftNETCorePlatformsVersion>5.0.0</MicrosoftNETCorePlatformsVersion>
<MicrosoftNETRuntimeEmscripten2023Nodewin_x64>6.0.4</MicrosoftNETRuntimeEmscripten2023Nodewin_x64>
<MicrosoftNETRuntimeEmscripten2023Pythonwin_x64>6.0.4</MicrosoftNETRuntimeEmscripten2023Pythonwin_x64>
<MicrosoftNETRuntimeEmscripten2023Sdkwin_x64>6.0.4</MicrosoftNETRuntimeEmscripten2023Sdkwin_x64>
<MicrosoftNETWorkloadBaselineVersion>9.0.100-baseline.1.23464.1</MicrosoftNETWorkloadBaselineVersion>
<MicrosoftNETWorkloadEmscriptenManifest_60200Version>6.0.4</MicrosoftNETWorkloadEmscriptenManifest_60200Version>
<MicrosoftNETWorkloadEmscriptenManifest_80100Preview6Version>8.0.0-preview.6.23326.2</MicrosoftNETWorkloadEmscriptenManifest_80100Preview6Version>
<MicrosoftNETWorkloadMonoToolChainManifest_60200Version>6.0.3</MicrosoftNETWorkloadMonoToolChainManifest_60200Version>
<MicrosoftNETWorkloadMonoToolChainManifest_60200Version_604>6.0.4</MicrosoftNETWorkloadMonoToolChainManifest_60200Version_604>
<MicrosoftNETWorkloadMonoToolChainManifest_60300Version_6021>6.0.21</MicrosoftNETWorkloadMonoToolChainManifest_60300Version_6021>
<MicrosoftNETWorkloadMonoToolChainManifest_60300Version_6022>6.0.22</MicrosoftNETWorkloadMonoToolChainManifest_60300Version_6022>
<MicrosoftiOSTemplatesVersion>15.2.302-preview.14.122</MicrosoftiOSTemplatesVersion>
<MicrosoftiOSTemplatesVersion160527>16.0.527</MicrosoftiOSTemplatesVersion160527>
<SystemCompositionVersion>9.0.0-preview.6.24327.7</SystemCompositionVersion>
<!-- vstest -->
<MicrosoftNetTestSdkVersion>17.5.0</MicrosoftNetTestSdkVersion>
</PropertyGroup>
</Project>
================================================
FILE: eng/common/BuildConfiguration/build-configuration.json
================================================
{
"RetryCountLimit": 1,
"RetryByAnyError": false
}
================================================
FILE: eng/common/CIBuild.cmd
================================================
@echo off
powershell -ExecutionPolicy ByPass -NoProfile -command "& """%~dp0Build.ps1""" -restore -build -test -sign -pack -publish -ci %*"
================================================
FILE: eng/common/PSScriptAnalyzerSettings.psd1
================================================
@{
IncludeRules=@('PSAvoidUsingCmdletAliases',
'PSAvoidUsingWMICmdlet',
'PSAvoidUsingPositionalParameters',
'PSAvoidUsingInvokeExpression',
'PSUseDeclaredVarsMoreThanAssignments',
'PSUseCmdletCorrectly',
'PSStandardDSCFunctionsInResource',
'PSUseIdenticalMandatoryParametersForDSC',
'PSUseIdenticalParametersForDSC')
}
================================================
FILE: eng/common/README.md
================================================
# Don't touch this folder
uuuuuuuuuuuuuuuuuuuu
u" uuuuuuuuuuuuuuuuuu "u
u" u$$$$$$$$$$$$$$$$$$$$u "u
u" u$$$$$$$$$$$$$$$$$$$$$$$$u "u
u" u$$$$$$$$$$$$$$$$$$$$$$$$$$$$u "u
u" u$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$u "u
u" u$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$u "u
$ $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ $
$ $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ $
$ $$$" ... "$... ...$" ... "$$$ ... "$$$ $
$ $$$u `"$$$$$$$ $$$ $$$$$ $$ $$$ $$$ $
$ $$$$$$uu "$$$$ $$$ $$$$$ $$ """ u$$$ $
$ $$$""$$$ $$$$ $$$u "$$$" u$$ $$$$$$$$ $
$ $$$$....,$$$$$..$$$$$....,$$$$..$$$$$$$$ $
$ $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ $
"u "$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$" u"
"u "$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$" u"
"u "$$$$$$$$$$$$$$$$$$$$$$$$$$$$" u"
"u "$$$$$$$$$$$$$$$$$$$$$$$$" u"
"u "$$$$$$$$$$$$$$$$$$$$" u"
"u """""""""""""""""" u"
""""""""""""""""""""
!!! Changes made in this directory are subject to being overwritten by automation !!!
The files in this directory are shared by all Arcade repos and managed by automation. If you need to make changes to these files, open an issue or submit a pull request to https://github.com/dotnet/arcade first.
================================================
FILE: eng/common/SetupNugetSources.ps1
================================================
# This script adds internal feeds required to build commits that depend on internal package sources. For instance,
# dotnet6-internal would be added automatically if dotnet6 was found in the nuget.config file. Similarly,
# dotnet-eng-internal and dotnet-tools-internal are added if dotnet-eng and dotnet-tools are present.
# In addition, this script also enables disabled internal Maestro (darc-int*) feeds.
#
# Optionally, this script also adds a credential entry for each of the internal feeds if supplied.
#
# See example call for this script below.
#
# - task: PowerShell@2
# displayName: Setup internal Feeds Credentials
# condition: eq(variables['Agent.OS'], 'Windows_NT')
# inputs:
# filePath: $(System.DefaultWorkingDirectory)/eng/common/SetupNugetSources.ps1
# arguments: -ConfigFile $(System.DefaultWorkingDirectory)/NuGet.config -Password $Env:Token
# env:
# Token: $(dn-bot-dnceng-artifact-feeds-rw)
#
# Note that the NuGetAuthenticate task should be called after SetupNugetSources.
# This ensures that:
# - Appropriate creds are set for the added internal feeds (if not supplied to the scrupt)
# - The credential provider is installed.
#
# This logic is also abstracted into enable-internal-sources.yml.
[CmdletBinding()]
param (
[Parameter(Mandatory = $true)][string]$ConfigFile,
$Password
)
$ErrorActionPreference = "Stop"
Set-StrictMode -Version 2.0
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
. $PSScriptRoot\tools.ps1
# Adds or enables the package source with the given name
function AddOrEnablePackageSource($sources, $disabledPackageSources, $SourceName, $SourceEndPoint, $creds, $Username, $pwd) {
if ($disabledPackageSources -eq $null -or -not (EnableInternalPackageSource -DisabledPackageSources $disabledPackageSources -Creds $creds -PackageSourceName $SourceName)) {
AddPackageSource -Sources $sources -SourceName $SourceName -SourceEndPoint $SourceEndPoint -Creds $creds -Username $userName -pwd $Password
}
}
# Add source entry to PackageSources
function AddPackageSource($sources, $SourceName, $SourceEndPoint, $creds, $Username, $pwd) {
$packageSource = $sources.SelectSingleNode("add[@key='$SourceName']")
if ($packageSource -eq $null)
{
Write-Host "Adding package source $SourceName"
$packageSource = $doc.CreateElement("add")
$packageSource.SetAttribute("key", $SourceName)
$packageSource.SetAttribute("value", $SourceEndPoint)
$sources.AppendChild($packageSource) | Out-Null
}
else {
Write-Host "Package source $SourceName already present and enabled."
}
AddCredential -Creds $creds -Source $SourceName -Username $Username -pwd $pwd
}
# Add a credential node for the specified source
function AddCredential($creds, $source, $username, $pwd) {
# If no cred supplied, don't do anything.
if (!$pwd) {
return;
}
Write-Host "Inserting credential for feed: " $source
# Looks for credential configuration for the given SourceName. Create it if none is found.
$sourceElement = $creds.SelectSingleNode($Source)
if ($sourceElement -eq $null)
{
$sourceElement = $doc.CreateElement($Source)
$creds.AppendChild($sourceElement) | Out-Null
}
# Add the <Username> node to the credential if none is found.
$usernameElement = $sourceElement.SelectSingleNode("add[@key='Username']")
if ($usernameElement -eq $null)
{
$usernameElement = $doc.CreateElement("add")
$usernameElement.SetAttribute("key", "Username")
$sourceElement.AppendChild($usernameElement) | Out-Null
}
$usernameElement.SetAttribute("value", $Username)
# Add the <ClearTextPassword> to the credential if none is found.
# Add it as a clear text because there is no support for encrypted ones in non-windows .Net SDKs.
# -> https://github.com/NuGet/Home/issues/5526
$passwordElement = $sourceElement.SelectSingleNode("add[@key='ClearTextPassword']")
if ($passwordElement -eq $null)
{
$passwordElement = $doc.CreateElement("add")
$passwordElement.SetAttribute("key", "ClearTextPassword")
$sourceElement.AppendChild($passwordElement) | Out-Null
}
$passwordElement.SetAttribute("value", $pwd)
}
# Enable all darc-int package sources.
function EnableMaestroInternalPackageSources($DisabledPackageSources, $Creds) {
$maestroInternalSources = $DisabledPackageSources.SelectNodes("add[contains(@key,'darc-int')]")
ForEach ($DisabledPackageSource in $maestroInternalSources) {
EnableInternalPackageSource -DisabledPackageSources $DisabledPackageSources -Creds $Creds -PackageSourceName $DisabledPackageSource.key
}
}
# Enables an internal package source by name, if found. Returns true if the package source was found and enabled, false otherwise.
function EnableInternalPackageSource($DisabledPackageSources, $Creds, $PackageSourceName) {
$DisabledPackageSource = $DisabledPackageSources.SelectSingleNode("add[@key='$PackageSourceName']")
if ($DisabledPackageSource) {
Write-Host "Enabling internal source '$($DisabledPackageSource.key)'."
# Due to https://github.com/NuGet/Home/issues/10291, we must actually remove the disabled entries
$DisabledPackageSources.RemoveChild($DisabledPackageSource)
AddCredential -Creds $creds -Source $DisabledPackageSource.Key -Username $userName -pwd $Password
return $true
}
return $false
}
if (!(Test-Path $ConfigFile -PathType Leaf)) {
Write-PipelineTelemetryError -Category 'Build' -Message "Eng/common/SetupNugetSources.ps1 returned a non-zero exit code. Couldn't find the NuGet config file: $ConfigFile"
ExitWithExitCode 1
}
# Load NuGet.config
$doc = New-Object System.Xml.XmlDocument
$filename = (Get-Item $ConfigFile).FullName
$doc.Load($filename)
# Get reference to <PackageSources> - fail if none exist
$sources = $doc.DocumentElement.SelectSingleNode("packageSources")
if ($sources -eq $null) {
Write-PipelineTelemetryError -Category 'Build' -Message "Eng/common/SetupNugetSources.ps1 returned a non-zero exit code. NuGet config file must contain a packageSources section: $ConfigFile"
ExitWithExitCode 1
}
$creds = $null
$feedSuffix = "v3/index.json"
if ($Password) {
$feedSuffix = "v2"
# Looks for a <PackageSourceCredentials> node. Create it if none is found.
$creds = $doc.DocumentElement.SelectSingleNode("packageSourceCredentials")
if ($creds -eq $null) {
$creds = $doc.CreateElement("packageSourceCredentials")
$doc.DocumentElement.AppendChild($creds) | Out-Null
}
}
$userName = "dn-bot"
# Check for disabledPackageSources; we'll enable any darc-int ones we find there
$disabledSources = $doc.DocumentElement.SelectSingleNode("disabledPackageSources")
if ($disabledSources -ne $null) {
Write-Host "Checking for any darc-int disabled package sources in the disabledPackageSources node"
EnableMaestroInternalPackageSources -DisabledPackageSources $disabledSources -Creds $creds
}
$dotnetVersions = @('5','6','7','8','9','10')
foreach ($dotnetVersion in $dotnetVersions) {
$feedPrefix = "dotnet" + $dotnetVersion;
$dotnetSource = $sources.SelectSingleNode("add[@key='$feedPrefix']")
if ($dotnetSource -ne $null) {
AddOrEnablePackageSource -Sources $sources -DisabledPackageSources $disabledSources -SourceName "$feedPrefix-internal" -SourceEndPoint "https://pkgs.dev.azure.com/dnceng/internal/_packaging/$feedPrefix-internal/nuget/$feedSuffix" -Creds $creds -Username $userName -pwd $Password
AddOrEnablePackageSource -Sources $sources -DisabledPackageSources $disabledSources -SourceName "$feedPrefix-internal-transport" -SourceEndPoint "https://pkgs.dev.azure.com/dnceng/internal/_packaging/$feedPrefix-internal-transport/nuget/$feedSuffix" -Creds $creds -Username $userName -pwd $Password
}
}
# Check for dotnet-eng and add dotnet-eng-internal if present
$dotnetEngSource = $sources.SelectSingleNode("add[@key='dotnet-eng']")
if ($dotnetEngSource -ne $null) {
AddOrEnablePackageSource -Sources $sources -DisabledPackageSources $disabledSources -SourceName "dotnet-eng-internal" -SourceEndPoint "https://pkgs.dev.azure.com/dnceng/internal/_packaging/dotnet-eng-internal/nuget/$feedSuffix" -Creds $creds -Username $userName -pwd $Password
}
# Check for dotnet-tools and add dotnet-tools-internal if present
$dotnetToolsSource = $sources.SelectSingleNode("add[@key='dotnet-tools']")
if ($dotnetToolsSource -ne $null) {
AddOrEnablePackageSource -Sources $sources -DisabledPackageSources $disabledSources -SourceName "dotnet-tools-internal" -SourceEndPoint "https://pkgs.dev.azure.com/dnceng/internal/_packaging/dotnet-tools-internal/nuget/$feedSuffix" -Creds $creds -Username $userName -pwd $Password
}
$doc.Save($filename)
================================================
FILE: eng/common/SetupNugetSources.sh
================================================
#!/usr/bin/env bash
# This script adds internal feeds required to build commits that depend on internal package sources. For instance,
# dotnet6-internal would be added automatically if dotnet6 was found in the nuget.config file. Similarly,
# dotnet-eng-internal and dotnet-tools-internal are added if dotnet-eng and dotnet-tools are present.
# In addition, this script also enables disabled internal Maestro (darc-int*) feeds.
#
# Optionally, this script also adds a credential entry for each of the internal feeds if supplied.
#
# See example call for this script below.
#
# - task: Bash@3
# displayName: Setup Internal Feeds
# inputs:
# filePath: $(System.DefaultWorkingDirectory)/eng/common/SetupNugetSources.sh
# arguments: $(System.DefaultWorkingDirectory)/NuGet.config
# condition: ne(variables['Agent.OS'], 'Windows_NT')
# - task: NuGetAuthenticate@1
#
# Note that the NuGetAuthenticate task should be called after SetupNugetSources.
# This ensures that:
# - Appropriate creds are set for the added internal feeds (if not supplied to the scrupt)
# - The credential provider is installed.
#
# This logic is also abstracted into enable-internal-sources.yml.
ConfigFile=$1
CredToken=$2
NL='\n'
TB=' '
source="${BASH_SOURCE[0]}"
# resolve $source until the file is no longer a symlink
while [[ -h "$source" ]]; do
scriptroot="$( cd -P "$( dirname "$source" )" && pwd )"
source="$(readlink "$source")"
# if $source was a relative symlink, we need to resolve it relative to the path where the
# symlink file was located
[[ $source != /* ]] && source="$scriptroot/$source"
done
scriptroot="$( cd -P "$( dirname "$source" )" && pwd )"
. "$scriptroot/tools.sh"
if [ ! -f "$ConfigFile" ]; then
Write-PipelineTelemetryError -Category 'Build' "Error: Eng/common/SetupNugetSources.sh returned a non-zero exit code. Couldn't find the NuGet config file: $ConfigFile"
ExitWithExitCode 1
fi
if [[ `uname -s` == "Darwin" ]]; then
NL=$'\\\n'
TB=''
fi
# Enables an internal package source by name, if found. Returns 0 if found and enabled, 1 if not found.
EnableInternalPackageSource() {
local PackageSourceName="$1"
# Check if disabledPackageSources section exists
grep -i "<disabledPackageSources>" "$ConfigFile" > /dev/null
if [ "$?" != "0" ]; then
return 1 # No disabled sources section
fi
# Check if this source name is disabled
grep -i "<add key=\"$PackageSourceName\" value=\"true\"" "$ConfigFile" > /dev/null
if [ "$?" == "0" ]; then
echo "Enabling internal source '$PackageSourceName'."
# Remove the disabled entry (including any surrounding comments or whitespace on the same line)
sed -i.bak "/<add key=\"$PackageSourceName\" value=\"true\" \/>/d" "$ConfigFile"
# Add the source name to PackageSources for credential handling
PackageSources+=("$PackageSourceName")
return 0 # Found and enabled
fi
return 1 # Not found in disabled sources
}
# Add source entry to PackageSources
AddPackageSource() {
local SourceName="$1"
local SourceEndPoint="$2"
# Check if source already exists
grep -i "<add key=\"$SourceName\"" "$ConfigFile" > /dev/null
if [ "$?" == "0" ]; then
echo "Package source $SourceName already present and enabled."
PackageSources+=("$SourceName")
return
fi
echo "Adding package source $SourceName"
PackageSourcesNodeFooter="</packageSources>"
PackageSourceTemplate="${TB}<add key=\"$SourceName\" value=\"$SourceEndPoint\" />"
sed -i.bak "s|$PackageSourcesNodeFooter|$PackageSourceTemplate${NL}$PackageSourcesNodeFooter|" "$ConfigFile"
PackageSources+=("$SourceName")
}
# Adds or enables the package source with the given name
AddOrEnablePackageSource() {
local SourceName="$1"
local SourceEndPoint="$2"
# Try to enable if disabled, if not found then add new source
EnableInternalPackageSource "$SourceName"
if [ "$?" != "0" ]; then
AddPackageSource "$SourceName" "$SourceEndPoint"
fi
}
# Enable all darc-int package sources
EnableMaestroInternalPackageSources() {
# Check if disabledPackageSources section exists
grep -i "<disabledPackageSources>" "$ConfigFile" > /dev/null
if [ "$?" != "0" ]; then
return # No disabled sources section
fi
# Find all darc-int disabled sources
local DisabledDarcIntSources=()
DisabledDarcIntSources+=$(grep -oh '"darc-int-[^"]*" value="true"' "$ConfigFile" | tr -d '"')
for DisabledSourceName in ${DisabledDarcIntSources[@]} ; do
if [[ $DisabledSourceName == darc-int* ]]; then
EnableInternalPackageSource "$DisabledSourceName"
fi
done
}
# Ensure there is a <packageSources>...</packageSources> section.
grep -i "<packageSources>" $ConfigFile
if [ "$?" != "0" ]; then
Write-PipelineTelemetryError -Category 'Build' "Error: Eng/common/SetupNugetSources.sh returned a non-zero exit code. NuGet config file must contain a packageSources section: $ConfigFile"
ExitWithExitCode 1
fi
PackageSources=()
# Set feed suffix based on whether credentials are provided
FeedSuffix="v3/index.json"
if [ -n "$CredToken" ]; then
FeedSuffix="v2"
# Ensure there is a <packageSourceCredentials>...</packageSourceCredentials> section.
grep -i "<packageSourceCredentials>" $ConfigFile
if [ "$?" != "0" ]; then
echo "Adding <packageSourceCredentials>...</packageSourceCredentials> section."
PackageSourcesNodeFooter="</packageSources>"
PackageSourceCredentialsTemplate="${TB}<packageSourceCredentials>${NL}${TB}</packageSourceCredentials>"
sed -i.bak "s|$PackageSourcesNodeFooter|$PackageSourcesNodeFooter${NL}$PackageSourceCredentialsTemplate|" $ConfigFile
fi
fi
# Check for disabledPackageSources; we'll enable any darc-int ones we find there
grep -i "<disabledPackageSources>" $ConfigFile > /dev/null
if [ "$?" == "0" ]; then
echo "Checking for any darc-int disabled package sources in the disabledPackageSources node"
EnableMaestroInternalPackageSources
fi
DotNetVersions=('5' '6' '7' '8' '9' '10')
for DotNetVersion in ${DotNetVersions[@]} ; do
FeedPrefix="dotnet${DotNetVersion}";
grep -i "<add key=\"$FeedPrefix\"" $ConfigFile > /dev/null
if [ "$?" == "0" ]; then
AddOrEnablePackageSource "$FeedPrefix-internal" "https://pkgs.dev.azure.com/dnceng/internal/_packaging/$FeedPrefix-internal/nuget/$FeedSuffix"
AddOrEnablePackageSource "$FeedPrefix-internal-transport" "https://pkgs.dev.azure.com/dnceng/internal/_packaging/$FeedPrefix-internal-transport/nuget/$FeedSuffix"
fi
done
# Check for dotnet-eng and add dotnet-eng-internal if present
grep -i "<add key=\"dotnet-eng\"" $ConfigFile > /dev/null
if [ "$?" == "0" ]; then
AddOrEnablePackageSource "dotnet-eng-internal" "https://pkgs.dev.azure.com/dnceng/internal/_packaging/dotnet-eng-internal/nuget/$FeedSuffix"
fi
# Check for dotnet-tools and add dotnet-tools-internal if present
grep -i "<add key=\"dotnet-tools\"" $ConfigFile > /dev/null
if [ "$?" == "0" ]; then
AddOrEnablePackageSource "dotnet-tools-internal" "https://pkgs.dev.azure.com/dnceng/internal/_packaging/dotnet-tools-internal/nuget/$FeedSuffix"
fi
# I want things split line by line
PrevIFS=$IFS
IFS=$'\n'
PackageSources+="$IFS"
PackageSources+=$(grep -oh '"darc-int-[^"]*"' $ConfigFile | tr -d '"')
IFS=$PrevIFS
if [ "$CredToken" ]; then
for FeedName in ${PackageSources[@]} ; do
# Check if there is no existing credential for this FeedName
grep -i "<$FeedName>" $ConfigFile
if [ "$?" != "0" ]; then
echo " Inserting credential for feed: $FeedName"
PackageSourceCredentialsNodeFooter="</packageSourceCredentials>"
NewCredential="${TB}${TB}<$FeedName>${NL}${TB}<add key=\"Username\" value=\"dn-bot\" />${NL}${TB}${TB}<add key=\"ClearTextPassword\" value=\"$CredToken\" />${NL}${TB}${TB}</$FeedName>"
sed -i.bak "s|$PackageSourceCredentialsNodeFooter|$NewCredential${NL}$PackageSourceCredentialsNodeFooter|" $ConfigFile
fi
done
fi
================================================
FILE: eng/common/build.cmd
================================================
@echo off
powershell -ExecutionPolicy ByPass -NoProfile -command "& """%~dp0build.ps1""" %*"
exit /b %ErrorLevel%
================================================
FILE: eng/common/build.ps1
================================================
[CmdletBinding(PositionalBinding=$false)]
Param(
[string][Alias('c')]$configuration = "Debug",
[string]$platform = $null,
[string] $projects,
[string][Alias('v')]$verbosity = "minimal",
[string] $msbuildEngine = $null,
[bool] $warnAsError = $true,
[bool] $nodeReuse = $true,
[switch] $buildCheck = $false,
[switch][Alias('r')]$restore,
[switch] $deployDeps,
[switch][Alias('b')]$build,
[switch] $rebuild,
[switch] $deploy,
[switch][Alias('t')]$test,
[switch] $integrationTest,
[switch] $performanceTest,
[switch] $sign,
[switch] $pack,
[switch] $publish,
[switch] $clean,
[switch][Alias('pb')]$productBuild,
[switch]$fromVMR,
[switch][Alias('bl')]$binaryLog,
[switch][Alias('nobl')]$excludeCIBinarylog,
[switch] $ci,
[switch] $prepareMachine,
[string] $runtimeSourceFeed = '',
[string] $runtimeSourceFeedKey = '',
[switch] $excludePrereleaseVS,
[switch] $nativeToolsOnMachine,
[switch] $help,
[Parameter(ValueFromRemainingArguments=$true)][String[]]$properties
)
# Unset 'Platform' environment variable to avoid unwanted collision in InstallDotNetCore.targets file
# some computer has this env var defined (e.g. Some HP)
if($env:Platform) {
$env:Platform=""
}
function Print-Usage() {
Write-Host "Common settings:"
Write-Host " -configuration <value> Build configuration: 'Debug' or 'Release' (short: -c)"
Write-Host " -platform <value> Platform configuration: 'x86', 'x64' or any valid Platform value to pass to msbuild"
Write-Host " -verbosity <value> Msbuild verbosity: q[uiet], m[inimal], n[ormal], d[etailed], and diag[nostic] (short: -v)"
Write-Host " -binaryLog Output binary log (short: -bl)"
Write-Host " -help Print help and exit"
Write-Host ""
Write-Host "Actions:"
Write-Host " -restore Restore dependencies (short: -r)"
Write-Host " -build Build solution (short: -b)"
Write-Host " -rebuild Rebuild solution"
Write-Host " -deploy Deploy built VSIXes"
Write-Host " -deployDeps Deploy dependencies (e.g. VSIXes for integration tests)"
Write-Host " -test Run all unit tests in the solution (short: -t)"
Write-Host " -integrationTest Run all integration tests in the solution"
Write-Host " -performanceTest Run all performance tests in the solution"
Write-Host " -pack Package build outputs into NuGet packages and Willow components"
Write-Host " -sign Sign build outputs"
Write-Host " -publish Publish artifacts (e.g. symbols)"
Write-Host " -clean Clean the solution"
Write-Host " -productBuild Build the solution in the way it will be built in the full .NET product (VMR) build (short: -pb)"
Write-Host ""
Write-Host "Advanced settings:"
Write-Host " -projects <value> Semi-colon delimited list of sln/proj's to build. Globbing is supported (*.sln)"
Write-Host " -ci Set when running on CI server"
Write-Host " -excludeCIBinarylog Don't output binary log (short: -nobl)"
Write-Host " -prepareMachine Prepare machine for CI run, clean up processes after build"
Write-Host " -warnAsError <value> Sets warnaserror msbuild parameter ('true' or 'false')"
Write-Host " -msbuildEngine <value> Msbuild engine to use to run build ('dotnet', 'vs', or unspecified)."
Write-Host " -excludePrereleaseVS Set to exclude build engines in prerelease versions of Visual Studio"
Write-Host " -nativeToolsOnMachine Sets the native tools on machine environment variable (indicating that the script should use native tools on machine)"
Write-Host " -nodeReuse <value> Sets nodereuse msbuild parameter ('true' or 'false')"
Write-Host " -buildCheck Sets /check msbuild parameter"
Write-Host " -fromVMR Set when building from within the VMR"
Write-Host ""
Write-Host "Command line arguments not listed above are passed thru to msbuild."
Write-Host "The above arguments can be shortened as much as to be unambiguous (e.g. -co for configuration, -t for test, etc.)."
}
. $PSScriptRoot\tools.ps1
function InitializeCustomToolset {
if (-not $restore) {
return
}
$script = Join-Path $EngRoot 'restore-toolset.ps1'
if (Test-Path $script) {
. $script
}
}
function Build {
$toolsetBuildProj = InitializeToolset
InitializeCustomToolset
$bl = if ($binaryLog) { '/bl:' + (Join-Path $LogDir 'Build.binlog') } else { '' }
$platformArg = if ($platform) { "/p:Platform=$platform" } else { '' }
$check = if ($buildCheck) { '/check' } else { '' }
if ($projects) {
# Re-assign properties to a new variable because PowerShell doesn't let us append properties directly for unclear reasons.
# Explicitly set the type as string[] because otherwise PowerShell would make this char[] if $properties is empty.
[string[]] $msbuildArgs = $properties
# Resolve relative project paths into full paths
$projects = ($projects.Split(';').ForEach({Resolve-Path $_}) -join ';')
$msbuildArgs += "/p:Projects=$projects"
$properties = $msbuildArgs
}
MSBuild $toolsetBuildProj `
$bl `
$platformArg `
$check `
/p:Configuration=$configuration `
/p:RepoRoot=$RepoRoot `
/p:Restore=$restore `
/p:DeployDeps=$deployDeps `
/p:Build=$build `
/p:Rebuild=$rebuild `
/p:Deploy=$deploy `
/p:Test=$test `
/p:Pack=$pack `
/p:DotNetBuild=$productBuild `
/p:DotNetBuildFromVMR=$fromVMR `
/p:IntegrationTest=$integrationTest `
/p:PerformanceTest=$performanceTest `
/p:Sign=$sign `
/p:Publish=$publish `
/p:RestoreStaticGraphEnableBinaryLogger=$binaryLog `
@properties
}
try {
if ($clean) {
if (Test-Path $ArtifactsDir) {
Remove-Item -Recurse -Force $ArtifactsDir
Write-Host 'Artifacts directory deleted.'
}
exit 0
}
if ($help -or (($null -ne $properties) -and ($properties.Contains('/help') -or $properties.Contains('/?')))) {
Print-Usage
exit 0
}
if ($ci) {
if (-not $excludeCIBinarylog) {
$binaryLog = $true
}
$nodeReuse = $false
}
if ($nativeToolsOnMachine) {
$env:NativeToolsOnMachine = $true
}
if ($restore) {
InitializeNativeTools
}
Build
}
catch {
Write-Host $_.ScriptStackTrace
Write-PipelineTelemetryError -Category 'InitializeToolset' -Message $_
ExitWithExitCode 1
}
ExitWithExitCode 0
================================================
FILE: eng/common/build.sh
================================================
#!/usr/bin/env bash
# Stop script if unbound variable found (use ${var:-} if intentional)
set -u
# Stop script if command returns non-zero exit code.
# Prevents hidden errors caused by missing error code propagation.
set -e
usage()
{
echo "Common settings:"
echo " --configuration <value> Build configuration: 'Debug' or 'Release' (short: -c)"
echo " --verbosity <value> Msbuild verbosity: q[uiet], m[inimal], n[ormal], d[etailed], and diag[nostic] (short: -v)"
echo " --binaryLog Create MSBuild binary log (short: -bl)"
echo " --help Print help and exit (short: -h)"
echo ""
echo "Actions:"
echo " --restore Restore dependencies (short: -r)"
echo " --build Build solution (short: -b)"
echo " --sourceBuild Source-build the solution (short: -sb)"
echo " Will additionally trigger the following actions: --restore, --build, --pack"
echo " If --configuration is not set explicitly, will also set it to 'Release'"
echo " --productBuild Build the solution in the way it will be built in the full .NET product (VMR) build (short: -pb)"
echo " Will additionally trigger the following actions: --restore, --build, --pack"
echo " If --configuration is not set explicitly, will also set it to 'Release'"
echo " --rebuild Rebuild solution"
echo " --test Run all unit tests in the solution (short: -t)"
echo " --integrationTest Run all integration tests in the solution"
echo " --performanceTest Run all performance tests in the solution"
echo " --pack Package build outputs into NuGet packages and Willow components"
echo " --sign Sign build outputs"
echo " --publish Publish artifacts (e.g. symbols)"
echo " --clean Clean the solution"
echo ""
echo "Advanced settings:"
echo " --projects <value> Project or solution file(s) to build"
echo " --ci Set when running on CI server"
echo " --excludeCIBinarylog Don't output binary log (short: -nobl)"
echo " --prepareMachine Prepare machine for CI run, clean up processes after build"
echo " --nodeReuse <value> Sets nodereuse msbuild parameter ('true' or 'false')"
echo " --warnAsError <value> Sets warnaserror msbuild parameter ('true' or 'false')"
echo " --buildCheck <value> Sets /check msbuild parameter"
echo " --fromVMR Set when building from within the VMR"
echo ""
echo "Command line arguments not listed above are passed thru to msbuild."
echo "Arguments can also be passed in with a single hyphen."
}
source="${BASH_SOURCE[0]}"
# resolve $source until the file is no longer a symlink
while [[ -h "$source" ]]; do
scriptroot="$( cd -P "$( dirname "$source" )" && pwd )"
source="$(readlink "$source")"
# if $source was a relative symlink, we need to resolve it relative to the path where the
# symlink file was located
[[ $source != /* ]] && source="$scriptroot/$source"
done
scriptroot="$( cd -P "$( dirname "$source" )" && pwd )"
restore=false
build=false
source_build=false
product_build=false
from_vmr=false
rebuild=false
test=false
integration_test=false
performance_test=false
pack=false
publish=false
sign=false
public=false
ci=false
clean=false
warn_as_error=true
node_reuse=true
build_check=false
binary_log=false
exclude_ci_binary_log=false
pipelines_log=false
projects=''
configuration=''
prepare_machine=false
verbosity='minimal'
runtime_source_feed=''
runtime_source_feed_key=''
properties=()
while [[ $# > 0 ]]; do
opt="$(echo "${1/#--/-}" | tr "[:upper:]" "[:lower:]")"
case "$opt" in
-help|-h)
usage
exit 0
;;
-clean)
clean=true
;;
-configuration|-c)
configuration=$2
shift
;;
-verbosity|-v)
verbosity=$2
shift
;;
-binarylog|-bl)
binary_log=true
;;
-excludecibinarylog|-nobl)
exclude_ci_binary_log=true
;;
-pipelineslog|-pl)
pipelines_log=true
;;
-restore|-r)
restore=true
;;
-build|-b)
build=true
;;
-rebuild)
rebuild=true
;;
-pack)
pack=true
;;
-sourcebuild|-source-build|-sb)
build=true
source_build=true
product_build=true
restore=true
pack=true
;;
-productbuild|-product-build|-pb)
build=true
product_build=true
restore=true
pack=true
;;
-fromvmr|-from-vmr)
from_vmr=true
;;
-test|-t)
test=true
;;
-integrationtest)
integration_test=true
;;
-performancetest)
performance_test=true
;;
-sign)
sign=true
;;
-publish)
publish=true
;;
-preparemachine)
prepare_machine=true
;;
-projects)
projects=$2
shift
;;
-ci)
ci=true
;;
-warnaserror)
warn_as_error=$2
shift
;;
-nodereuse)
node_reuse=$2
shift
;;
-buildcheck)
build_check=true
;;
-runtimesourcefeed)
runtime_source_feed=$2
shift
;;
-runtimesourcefeedkey)
runtime_source_feed_key=$2
shift
;;
*)
properties+=("$1")
;;
esac
shift
done
if [[ -z "$configuration" ]]; then
if [[ "$source_build" = true ]]; then configuration="Release"; else configuration="Debug"; fi
fi
if [[ "$ci" == true ]]; then
pipelines_log=true
node_reuse=false
if [[ "$exclude_ci_binary_log" == false ]]; then
binary_log=true
fi
fi
. "$scriptroot/tools.sh"
function InitializeCustomToolset {
local script="$eng_root/restore-toolset.sh"
if [[ -a "$script" ]]; then
. "$script"
fi
}
function Build {
InitializeToolset
InitializeCustomToolset
if [[ ! -z "$projects" ]]; then
properties+=("/p:Projects=$projects")
fi
local bl=""
if [[ "$binary_log" == true ]]; then
bl="/bl:\"$log_dir/Build.binlog\""
fi
local check=""
if [[ "$build_check" == true ]]; then
check="/check"
fi
MSBuild $_InitializeToolset \
$bl \
$check \
/p:Configuration=$configuration \
/p:RepoRoot="$repo_root" \
/p:Restore=$restore \
/p:Build=$build \
/p:DotNetBuild=$product_build \
/p:DotNetBuildSourceOnly=$source_build \
/p:DotNetBuildFromVMR=$from_vmr \
/p:Rebuild=$rebuild \
/p:Test=$test \
/p:Pack=$pack \
/p:IntegrationTest=$integration_test \
/p:PerformanceTest=$performance_test \
/p:Sign=$sign \
/p:Publish=$publish \
/p:RestoreStaticGraphEnableBinaryLogger=$binary_log \
${properties[@]+"${properties[@]}"}
ExitWithExitCode 0
}
if [[ "$clean" == true ]]; then
if [ -d "$artifacts_dir" ]; then
rm -rf $artifacts_dir
echo "Artifacts directory deleted."
fi
exit 0
fi
if [[ "$restore" == true ]]; then
InitializeNativeTools
fi
Build
================================================
FILE: eng/common/cibuild.sh
================================================
#!/usr/bin/env bash
source="${BASH_SOURCE[0]}"
# resolve $SOURCE until the file is no longer a symlink
while [[ -h $source ]]; do
scriptroot="$( cd -P "$( dirname "$source" )" && pwd )"
source="$(readlink "$source")"
# if $source was a relative symlink, we need to resolve it relative to the path where
# the symlink file was located
[[ $source != /* ]] && source="$scriptroot/$source"
done
scriptroot="$( cd -P "$( dirname "$source" )" && pwd )"
. "$scriptroot/build.sh" --restore --build --test --pack --publish --ci $@
================================================
FILE: eng/common/core-templates/job/job.yml
================================================
parameters:
# Job schema parameters - https://docs.microsoft.com/en-us/azure/devops/pipelines/yaml-schema?view=vsts&tabs=schema#job
cancelTimeoutInMinutes: ''
condition: ''
container: ''
continueOnError: false
dependsOn: ''
displayName: ''
pool: ''
steps: []
strategy: ''
timeoutInMinutes: ''
variables: []
workspace: ''
templateContext: {}
# Job base template specific parameters
# See schema documentation - https://github.com/dotnet/arcade/blob/master/Documentation/AzureDevOps/TemplateSchema.md
# publishing defaults
artifacts: ''
enableMicrobuild: false
enableMicrobuildForMacAndLinux: false
microbuildUseESRP: true
enablePublishBuildArtifacts: false
enablePublishBuildAssets: false
enablePublishTestResults: false
enablePublishing: false
enableBuildRetry: false
mergeTestResults: false
testRunTitle: ''
testResultsFormat: ''
name: ''
preSteps: []
artifactPublishSteps: []
runAsPublic: false
# 1es specific parameters
is1ESPipeline: ''
jobs:
- job: ${{ parameters.name }}
${{ if ne(parameters.cancelTimeoutInMinutes, '') }}:
cancelTimeoutInMinutes: ${{ parameters.cancelTimeoutInMinutes }}
${{ if ne(parameters.condition, '') }}:
condition: ${{ parameters.condition }}
${{ if ne(parameters.container, '') }}:
container: ${{ parameters.container }}
${{ if ne(parameters.continueOnError, '') }}:
continueOnError: ${{ parameters.continueOnError }}
${{ if ne(parameters.dependsOn, '') }}:
dependsOn: ${{ parameters.dependsOn }}
${{ if ne(parameters.displayName, '') }}:
displayName: ${{ parameters.displayName }}
${{ if ne(parameters.pool, '') }}:
pool: ${{ parameters.pool }}
${{ if ne(parameters.strategy, '') }}:
strategy: ${{ parameters.strategy }}
${{ if ne(parameters.timeoutInMinutes, '') }}:
timeoutInMinutes: ${{ parameters.timeoutInMinutes }}
${{ if ne(parameters.templateContext, '') }}:
templateContext: ${{ parameters.templateContext }}
variables:
- ${{ if ne(parameters.enableTelemetry, 'false') }}:
- name: DOTNET_CLI_TELEMETRY_PROFILE
value: '$(Build.Repository.Uri)'
# Retry signature validation up to three times, waiting 2 seconds between attempts.
# See https://learn.microsoft.com/en-us/nuget/reference/errors-and-warnings/nu3028#retry-untrusted-root-failures
- name: NUGET_EXPERIMENTAL_CHAIN_BUILD_RETRY_POLICY
value: 3,2000
- ${{ each variable in parameters.variables }}:
# handle name-value variable syntax
# example:
# - name: [key]
# value: [value]
- ${{ if ne(variable.name, '') }}:
- name: ${{ variable.name }}
value: ${{ variable.value }}
# handle variable groups
- ${{ if ne(variable.group, '') }}:
- group: ${{ variable.group }}
# handle template variable syntax
# example:
# - template: path/to/template.yml
# parameters:
# [key]: [value]
- ${{ if ne(variable.template, '') }}:
- template: ${{ variable.template }}
${{ if ne(variable.parameters, '') }}:
parameters: ${{ variable.parameters }}
# handle key-value variable syntax.
# example:
# - [key]: [value]
- ${{ if and(eq(variable.name, ''), eq(variable.group, ''), eq(variable.template, '')) }}:
- ${{ each pair in variable }}:
- name: ${{ pair.key }}
value: ${{ pair.value }}
# DotNet-HelixApi-Access provides 'HelixApiAccessToken' for internal builds
- ${{ if and(eq(parameters.enableTelemetry, 'true'), eq(parameters.runAsPublic, 'false'), ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}:
- group: DotNet-HelixApi-Access
${{ if ne(parameters.workspace, '') }}:
workspace: ${{ parameters.workspace }}
steps:
- ${{ if eq(parameters.is1ESPipeline, '') }}:
- 'Illegal entry point, is1ESPipeline is not defined. Repository yaml should not directly reference templates in core-templates folder.': error
- ${{ if ne(parameters.preSteps, '') }}:
- ${{ each preStep in parameters.preSteps }}:
- ${{ preStep }}
- ${{ if and(eq(parameters.runAsPublic, 'false'), ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}:
- template: /eng/common/core-templates/steps/install-microbuild.yml
parameters:
enableMicrobuild: ${{ parameters.enableMicrobuild }}
enableMicrobuildForMacAndLinux: ${{ parameters.enableMicrobuildForMacAndLinux }}
microbuildUseESRP: ${{ parameters.microbuildUseESRP }}
continueOnError: ${{ parameters.continueOnError }}
- ${{ if and(eq(parameters.runAsPublic, 'false'), eq(variables['System.TeamProject'], 'internal')) }}:
- task: NuGetAuthenticate@1
- ${{ if and(ne(parameters.artifacts.download, 'false'), ne(parameters.artifacts.download, '')) }}:
- task: DownloadPipelineArtifact@2
inputs:
buildType: current
artifactName: ${{ coalesce(parameters.artifacts.download.name, 'Artifacts_$(Agent.OS)_$(_BuildConfig)') }}
targetPath: ${{ coalesce(parameters.artifacts.download.path, 'artifacts') }}
itemPattern: ${{ coalesce(parameters.artifacts.download.pattern, '**') }}
- ${{ each step in parameters.steps }}:
- ${{ step }}
- ${{ if and(eq(parameters.runAsPublic, 'false'), ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}:
- template: /eng/common/core-templates/steps/cleanup-microbuild.yml
parameters:
enableMicrobuild: ${{ parameters.enableMicrobuild }}
enableMicrobuildForMacAndLinux: ${{ parameters.enableMicrobuildForMacAndLinux }}
continueOnError: ${{ parameters.continueOnError }}
# Publish test results
- ${{ if or(and(eq(parameters.enablePublishTestResults, 'true'), eq(parameters.testResultsFormat, '')), eq(parameters.testResultsFormat, 'xunit')) }}:
- task: PublishTestResults@2
displayName: Publish XUnit Test Results
inputs:
testResultsFormat: 'xUnit'
testResultsFiles: '*.xml'
searchFolder: '$(System.DefaultWorkingDirectory)/artifacts/TestResults/$(_BuildConfig)'
testRunTitle: ${{ coalesce(parameters.testRunTitle, parameters.name, '$(System.JobName)') }}-xunit
mergeTestResults: ${{ parameters.mergeTestResults }}
continueOnError: true
condition: always()
- ${{ if or(and(eq(parameters.enablePublishTestResults, 'true'), eq(parameters.testResultsFormat, '')), eq(parameters.testResultsFormat, 'vstest')) }}:
- task: PublishTestResults@2
displayName: Publish TRX Test Results
inputs:
testResultsFormat: 'VSTest'
testResultsFiles: '*.trx'
searchFolder: '$(System.DefaultWorkingDirectory)/artifacts/TestResults/$(_BuildConfig)'
testRunTitle: ${{ coalesce(parameters.testRunTitle, parameters.name, '$(System.JobName)') }}-trx
mergeTestResults: ${{ parameters.mergeTestResults }}
continueOnError: true
condition: always()
# gather artifacts
- ${{ if ne(parameters.artifacts.publish, '') }}:
- ${{ if and(ne(parameters.artifacts.publish.artifacts, 'false'), ne(parameters.artifacts.publish.artifacts, '')) }}:
- task: CopyFiles@2
displayName: Gather binaries for publish to artifacts
inputs:
SourceFolder: 'artifacts/bin'
Contents: '**'
TargetFolder: '$(Build.ArtifactStagingDirectory)/artifacts/bin'
- task: CopyFiles@2
displayName: Gather packages for publish to artifacts
inputs:
SourceFolder: 'artifacts/packages'
Contents: '**'
TargetFolder: '$(Build.ArtifactStagingDirectory)/artifacts/packages'
- ${{ if and(ne(parameters.artifacts.publish.logs, 'false'), ne(parameters.artifacts.publish.logs, '')) }}:
- task: CopyFiles@2
displayName: Gather logs for publish to artifacts
inputs:
SourceFolder: 'artifacts/log'
Contents: '**'
TargetFolder: '$(Build.ArtifactStagingDirectory)/artifacts/log'
continueOnError: true
condition: always()
- ${{ if eq(parameters.enablePublishBuildArtifacts, 'true') }}:
- task: CopyFiles@2
displayName: Gather logs for publish to artifacts
inputs:
SourceFolder: 'artifacts/log/$(_BuildConfig)'
Contents: '**'
TargetFolder: '$(Build.ArtifactStagingDirectory)/artifacts/log/$(_BuildConfig)'
continueOnError: true
condition: always()
- ${{ if eq(parameters.enableBuildRetry, 'true') }}:
- task: CopyFiles@2
displayName: Gather buildconfiguration for build retry
inputs:
SourceFolder: '$(System.DefaultWorkingDirectory)/eng/common/BuildConfiguration'
Contents: '**'
TargetFolder: '$(Build.ArtifactStagingDirectory)/eng/common/BuildConfiguration'
continueOnError: true
condition: always()
- ${{ each step in parameters.artifactPublishSteps }}:
- ${{ step }}
================================================
FILE: eng/common/core-templates/job/onelocbuild.yml
================================================
parameters:
# Optional: dependencies of the job
dependsOn: ''
# Optional: A defined YAML pool - https://docs.microsoft.com/en-us/azure/devops/pipelines/yaml-schema?view=vsts&tabs=schema#pool
pool: ''
CeapexPat: $(dn-bot-ceapex-package-r) # PAT for the loc AzDO instance https://dev.azure.com/ceapex
GithubPat: $(BotAccount-dotnet-bot-repo-PAT)
SourcesDirectory: $(System.DefaultWorkingDirectory)
CreatePr: true
AutoCompletePr: false
ReusePr: true
UseLfLineEndings: true
UseCheckedInLocProjectJson: false
SkipLocProjectJsonGeneration: false
LanguageSet: VS_Main_Languages
LclSource: lclFilesInRepo
LclPackageId: ''
RepoType: gitHub
GitHubOrg: dotnet
MirrorRepo: ''
MirrorBranch: main
condition: ''
JobNameSuffix: ''
is1ESPipeline: ''
jobs:
- job: OneLocBuild${{ parameters.JobNameSuffix }}
dependsOn: ${{ parameters.dependsOn }}
displayName: OneLocBuild${{ parameters.JobNameSuffix }}
variables:
- group: OneLocBuildVariables # Contains the CeapexPat and GithubPat
- name: _GenerateLocProjectArguments
value: -SourcesDirectory ${{ parameters.SourcesDirectory }}
-LanguageSet "${{ parameters.LanguageSet }}"
-CreateNeutralXlfs
- ${{ if eq(parameters.UseCheckedInLocProjectJson, 'true') }}:
- name: _GenerateLocProjectArguments
value: ${{ variables._GenerateLocProjectArguments }} -UseCheckedInLocProjectJson
- template: /eng/common/core-templates/variables/pool-providers.yml
parameters:
is1ESPipeline: ${{ parameters.is1ESPipeline }}
${{ if ne(parameters.pool, '') }}:
pool: ${{ parameters.pool }}
${{ if eq(parameters.pool, '') }}:
pool:
# We don't use the collection uri here because it might vary (.visualstudio.com vs. dev.azure.com)
${{ if eq(variables['System.TeamProject'], 'DevDiv') }}:
name: AzurePipelines-EO
image: 1ESPT-Windows2025
demands: Cmd
os: windows
# If it's not devdiv, it's dnceng
${{ if ne(variables['System.TeamProject'], 'DevDiv') }}:
name: $(DncEngInternalBuildPool)
image: windows.vs2026.amd64
os: windows
steps:
- ${{ if eq(parameters.is1ESPipeline, '') }}:
- 'Illegal entry point, is1ESPipeline is not defined. Repository yaml should not directly reference templates in core-templates folder.': error
- ${{ if ne(parameters.SkipLocProjectJsonGeneration, 'true') }}:
- task: Powershell@2
inputs:
filePath: $(System.DefaultWorkingDirectory)/eng/common/generate-locproject.ps1
arguments: $(_GenerateLocProjectArguments)
displayName: Generate LocProject.json
condition: ${{ parameters.condition }}
- task: OneLocBuild@2
displayName: OneLocBuild
env:
SYSTEM_ACCESSTOKEN: $(System.AccessToken)
inputs:
locProj: eng/Localize/LocProject.json
outDir: $(Build.ArtifactStagingDirectory)
lclSource: ${{ parameters.LclSource }}
lclPackageId: ${{ parameters.LclPackageId }}
isCreatePrSelected: ${{ parameters.CreatePr }}
isAutoCompletePrSelected: ${{ parameters.AutoCompletePr }}
${{ if eq(parameters.CreatePr, true) }}:
isUseLfLineEndingsSelected: ${{ parameters.UseLfLineEndings }}
isShouldReusePrSelected: ${{ parameters.ReusePr }}
packageSourceAuth: patAuth
patVariable: ${{ parameters.CeapexPat }}
${{ if eq(parameters.RepoType, 'gitHub') }}:
repoType: ${{ parameters.RepoType }}
gitHubPatVariable: "${{ parameters.GithubPat }}"
${{ if ne(parameters.MirrorRepo, '') }}:
isMirrorRepoSelected: true
gitHubOrganization: ${{ parameters.GitHubOrg }}
mirrorRepo: ${{ parameters.MirrorRepo }}
mirrorBranch: ${{ parameters.MirrorBranch }}
condition: ${{ parameters.condition }}
# Copy the locProject.json to the root of the Loc directory, then publish a pipeline artifact
- task: CopyFiles@2
displayName: Copy LocProject.json
inputs:
SourceFolder: '$(System.DefaultWorkingDirectory)/eng/Localize/'
Contents: 'LocProject.json'
TargetFolder: '$(Build.ArtifactStagingDirectory)/loc'
condition: ${{ parameters.condition }}
- template: /eng/common/core-templates/steps/publish-pipeline-artifacts.yml
parameters:
is1ESPipeline: ${{ parameters.is1ESPipeline }}
args:
targetPath: '$(Build.ArtifactStagingDirectory)/loc'
artifactName: 'Loc'
displayName: 'Publish Localization Files'
condition: ${{ parameters.condition }}
================================================
FILE: eng/common/core-templates/job/publish-build-assets.yml
================================================
parameters:
configuration: 'Debug'
# Optional: condition for the job to run
condition: ''
# Optional: 'true' if future jobs should run even if this job fails
continueOnError: false
# Optional: dependencies of the job
dependsOn: ''
# Optional: Include PublishBuildArtifacts task
enablePublishBuildArtifacts: false
# Optional: A defined YAML pool - https://docs.microsoft.com/en-us/azure/devops/pipelines/yaml-schema?view=vsts&tabs=schema#pool
pool: {}
# Optional: should run as a public build even in the internal project
# if 'true', the build won't run any of the internal only steps, even if it is running in non-public projects.
runAsPublic: false
# Optional: whether the build's artifacts will be published using release pipelines or direct feed publishing
publishAssetsImmediately: false
artifactsPublishingAdditionalParameters: ''
signingValidationAdditionalParameters: ''
is1ESPipeline: ''
# Optional: 🌤️ or not the build has assets it wants to publish to BAR
isAssetlessBuild: false
# Optional, publishing version
publishingVersion: 3
# Optional: A minimatch pattern for the asset manifests to publish to BAR
assetManifestsPattern: '*/manifests/**/*.xml'
repositoryAlias: self
officialBuildId: ''
jobs:
- job: Asset_Registry_Publish
dependsOn: ${{ parameters.dependsOn }}
timeoutInMinutes: 150
${{ if eq(parameters.publishAssetsImmediately, 'true') }}:
displayName: Publish Assets
${{ else }}:
displayName: Publish to Build Asset Registry
variables:
- template: /eng/common/core-templates/variables/pool-providers.yml
parameters:
is1ESPipeline: ${{ parameters.is1ESPipeline }}
- ${{ if and(eq(parameters.runAsPublic, 'false'), ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}:
- group: Publish-Build-Assets
- group: AzureDevOps-Artifact-Feeds-Pats
- name: runCodesignValidationInjection
value: false
# unconditional - needed for logs publishing (redactor tool version)
- template: /eng/common/core-templates/post-build/common-variables.yml
- name: OfficialBuildId
${{ if ne(parameters.officialBuildId, '') }}:
value: ${{ parameters.officialBuildId }}
${{ else }}:
value: $(Build.BuildNumber)
pool:
# We don't use the collection uri here because it might vary (.visualstudio.com vs. dev.azure.com)
${{ if eq(variables['System.TeamProject'], 'DevDiv') }}:
name: AzurePipelines-EO
image: 1ESPT-Windows2025
demands: Cmd
os: windows
# If it's not devdiv, it's dnceng
${{ if ne(variables['System.TeamProject'], 'DevDiv') }}:
name: NetCore1ESPool-Publishing-Internal
image: windows.vs2026.amd64
os: windows
steps:
- ${{ if eq(parameters.is1ESPipeline, '') }}:
- 'Illegal entry point, is1ESPipeline is not defined. Repository yaml should not directly reference templates in core-templates folder.': error
- ${{ if and(eq(parameters.runAsPublic, 'false'), ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}:
- checkout: ${{ parameters.repositoryAlias }}
fetchDepth: 3
clean: true
- ${{ if eq(parameters.isAssetlessBuild, 'false') }}:
- ${{ if eq(parameters.publishingVersion, 3) }}:
- task: DownloadPipelineArtifact@2
displayName: Download Asset Manifests
inputs:
artifactName: AssetManifests
targetPath: '$(Build.StagingDirectory)/AssetManifests'
condition: ${{ parameters.condition }}
continueOnError: ${{ parameters.continueOnError }}
- ${{ if eq(parameters.publishingVersion, 4) }}:
- task: DownloadPipelineArtifact@2
displayName: Download V4 asset manifests
inputs:
itemPattern: '*/manifests/**/*.xml'
targetPath: '$(Build.StagingDirectory)/AllAssetManifests'
condition: ${{ parameters.condition }}
continueOnError: ${{ parameters.continueOnError }}
- task: CopyFiles@2
displayName: Copy V4 asset manifests to AssetManifests
inputs:
SourceFolder: '$(Build.StagingDirectory)/AllAssetManifests'
Contents: ${{ parameters.assetManifestsPattern }}
TargetFolder: '$(Build.StagingDirectory)/AssetManifests'
flattenFolders: true
condition: ${{ parameters.condition }}
continueOnError: ${{ parameters.continueOnError }}
- task: NuGetAuthenticate@1
# Populate internal runtime variables.
- template: /eng/common/templates/steps/enable-internal-sources.yml
${{ if eq(variables['System.TeamProject'], 'DevDiv') }}:
parameters:
legacyCredential: $(dn-bot-dnceng-artifact-feeds-rw)
- template: /eng/common/templates/steps/enable-internal-runtimes.yml
- task: AzureCLI@2
displayName: Publish Build Assets
inputs:
azureSubscription: "Darc: Maestro Production"
scriptType: ps
scriptLocation: scriptPath
scriptPath: $(System.DefaultWorkingDirectory)/eng/common/sdk-task.ps1
arguments: -task PublishBuildAssets -restore -msbuildEngine dotnet
/p:ManifestsPath='$(Build.StagingDirectory)/AssetManifests'
/p:IsAssetlessBuild=${{ parameters.isAssetlessBuild }}
/p:MaestroApiEndpoint=https://maestro.dot.net
/p:OfficialBuildId=$(OfficialBuildId)
-runtimeSourceFeed https://ci.dot.net/internal
-runtimeSourceFeedKey '$(dotnetbuilds-internal-container-read-token-base64)'
condition: ${{ parameters.condition }}
continueOnError: ${{ parameters.continueOnError }}
- task: powershell@2
displayName: Create ReleaseConfigs Artifact
inputs:
targetType: inline
script: |
New-Item -Path "$(Build.StagingDirectory)/ReleaseConfigs" -ItemType Directory -Force
$filePath = "$(Build.StagingDirectory)/ReleaseConfigs/ReleaseConfigs.txt"
Add-Content -Path $filePath -Value $(BARBuildId)
Add-Content -Path $filePath -Value "$(DefaultChannels)"
Add-Content -Path $filePath -Value $(IsStableBuild)
$symbolExclusionfile = "$(System.DefaultWorkingDirectory)/eng/SymbolPublishingExclusionsFile.txt"
if (Test-Path -Path $symbolExclusionfile)
{
Write-Host "SymbolExclusionFile exists"
Copy-Item -Path $symbolExclusionfile -Destination "$(Build.StagingDirectory)/ReleaseConfigs"
}
- ${{ if eq(parameters.publishingVersion, 4) }}:
- template: /eng/common/core-templates/steps/publish-pipeline-artifacts.yml
parameters:
is1ESPipeline: ${{ parameters.is1ESPipeline }}
args:
targetPath: '$(Build.ArtifactStagingDirectory)/MergedManifest.xml'
artifactName: AssetManifests
displayName: 'Publish Merged Manifest'
retryCountOnTaskFailure: 10 # for any files being locked
isProduction: false # just metadata for publishing
- template: /eng/common/core-templates/steps/publish-pipeline-artifacts.yml
parameters:
is1ESPipeline: ${{ parameters.is1ESPipeline }}
args:
displayName: Publish ReleaseConfigs Artifact
targetPath: '$(Build.StagingDirectory)/ReleaseConfigs'
artifactName: ReleaseConfigs
retryCountOnTaskFailure: 10 # for any files being locked
isProduction: false # just metadata for publishing
- ${{ if or(eq(parameters.publishAssetsImmediately, 'true'), eq(parameters.isAssetlessBuild, 'true')) }}:
- template: /eng/common/core-templates/post-build/setup-maestro-vars.yml
parameters:
BARBuildId: ${{ parameters.BARBuildId }}
PromoteToChannelIds: ${{ parameters.PromoteToChannelIds }}
is1ESPipeline: ${{ parameters.is1ESPipeline }}
# Darc is targeting 8.0, so make sure it's installed
- task: UseDotNet@2
inputs:
version: 8.0.x
- task: AzureCLI@2
displayName: Publish Using Darc
inputs:
azureSubscription: "Darc: Maestro Production"
scriptType: ps
scriptLocation: scriptPath
scriptPath: $(System.DefaultWorkingDirectory)/eng/common/post-build/publish-using-darc.ps1
arguments: >
-BuildId $(BARBuildId)
-PublishingInfraVersion 3
-AzdoToken '$(System.AccessToken)'
-WaitPublishingFinish true
-ArtifactsPublishingAdditionalParameters '${{ parameters.artifactsPublishingAdditionalParameters }}'
-SymbolPublishingAdditionalParameters '${{ parameters.symbolPublishingAdditionalParameters }}'
-SkipAssetsPublishing '${{ parameters.isAssetlessBuild }}'
-runtimeSourceFeed https://ci.dot.net/internal
-runtimeSourceFeedKey '$(dotnetbuilds-internal-container-read-token-base64)'
- ${{ if eq(parameters.enablePublishBuildArtifacts, 'true') }}:
- template: /eng/common/core-templates/steps/publish-logs.yml
parameters:
is1ESPipeline: ${{ parameters.is1ESPipeline }}
StageLabel: 'BuildAssetRegistry'
JobLabel: 'Publish_Artifacts_Logs'
================================================
FILE: eng/common/core-templates/job/source-build.yml
================================================
parameters:
# This template adds arcade-powered source-build to CI. The template produces a server job with a
# default ID 'Source_Build_Complete' to put in a dependency list if necessary.
# Specifies the prefix for source-build jobs added to pipeline. Use this if disambiguation needed.
jobNamePrefix: 'Source_Build'
# Defines the platform on which to run the job. By default, a linux-x64 machine, suitable for
# managed-only repositories. This is an object with these properties:
#
# name: ''
# The name of the job. This is included in the job ID.
# targetRID: ''
# The name of the target RID to use, instead of the one auto-detected by Arcade.
# portableBuild: false
# Enables non-portable mode. This means a more specific RID (e.g. fedora.32-x64 rather than
# linux-x64), and compiling against distro-provided packages rather than portable ones. The
# default is portable mode.
# skipPublishValidation: false
# Disables publishing validation. By default, a check is performed to ensure no packages are
# published by source-build.
# container: ''
# A container to use. Runs in docker.
# pool: {}
# A pool to use. Runs directly on an agent.
# buildScript: ''
# Specifies the build script to invoke to perform the build in the repo. The default
# './build.sh' should work for typical Arcade repositories, but this is customizable for
# difficult situations.
# buildArguments: ''
# Specifies additional build arguments to pass to the build script.
# jobProperties: {}
# A list of job properties to inject at the top level, for potential extensibility beyond
# container and pool.
platform: {}
is1ESPipeline: ''
# If set to true and running on a non-public project,
# Internal nuget and blob storage locations will be enabled.
# This is not enabled by default because many repositories do not need internal sources
# and do not need to have the required service connections approved in the pipeline.
enableInternalSources: false
jobs:
- job: ${{ parameters.jobNamePrefix }}_${{ parameters.platform.name }}
displayName: Source-Build (${{ parameters.platform.name }})
${{ each property in parameters.platform.jobProperties }}:
${{ property.key }}: ${{ property.value }}
${{ if ne(parameters.platform.container, '') }}:
container: ${{ parameters.platform.container }}
${{ if eq(parameters.platform.pool, '') }}:
# The default VM host AzDO pool. This should be capable of running Docker containers: almost all
# source-build builds run in Docker, including the default managed platform.
# /eng/common/core-templates/variables/pool-providers.yml can't be used here (some customers declare variables already), so duplicate its logic
${{ if eq(parameters.is1ESPipeline, 'true') }}:
pool:
${{ if eq(variables['System.TeamProject'], 'public') }}:
name: $[replace(replace(eq(contains(coalesce(variables['System.PullRequest.TargetBranch'], variables['Build.SourceBranch'], 'refs/heads/main'), 'release'), 'true'), True, 'NetCore-Svc-Public' ), False, 'NetCore-Public')]
demands: ImageOverride -equals build.azurelinux.3.amd64.open
${{ if eq(variables['System.TeamProject'], 'internal') }}:
name: $[replace(replace(eq(contains(coalesce(variables['System.PullRequest.TargetBranch'], variables['Build.SourceBranch'], 'refs/heads/main'), 'release'), 'true'), True, 'NetCore1ESPool-Svc-Internal'), False, 'NetCore1ESPool-Internal')]
image: build.azurelinux.3.amd64
os: linux
${{ else }}:
pool:
${{ if eq(variables['System.TeamProject'], 'public') }}:
name: $[replace(replace(eq(contains(coalesce(variables['System.PullRequest.TargetBranch'], variables['Build.SourceBranch'], 'refs/heads/main'), 'release'), 'true'), True, 'NetCore-Svc-Public' ), False, 'NetCore-Public')]
demands: ImageOverride -equals build.azurelinux.3.amd64.open
${{ if eq(variables['System.TeamProject'], 'internal') }}:
name: $[replace(replace(eq(contains(coalesce(variables['System.PullRequest.TargetBranch'], variables['Build.SourceBranch'], 'refs/heads/main'), 'release'), 'true'), True, 'NetCore1ESPool-Svc-Internal'), False, 'NetCore1ESPool-Internal')]
demands: ImageOverride -equals build.azurelinux.3.amd64
${{ if ne(parameters.platform.pool, '') }}:
pool: ${{ parameters.platform.pool }}
workspace:
clean: all
steps:
- ${{ if eq(parameters.is1ESPipeline, '') }}:
- 'Illegal entry point, is1ESPipeline is not defined. Repository yaml should not directly reference templates in core-templates folder.': error
- ${{ if eq(parameters.enableInternalSources, true) }}:
- template: /eng/common/core-templates/steps/enable-internal-sources.yml
parameters:
is1ESPipeline: ${{ parameters.is1ESPipeline }}
- template: /eng/common/core-templates/steps/enable-internal-runtimes.yml
parameters:
is1ESPipeline: ${{ parameters.is1ESPipeline }}
- template: /eng/common/core-templates/steps/source-build.yml
parameters:
is1ESPipeline: ${{ parameters.is1ESPipeline }}
platform: ${{ parameters.platform }}
================================================
FILE: eng/common/core-templates/job/source-index-stage1.yml
================================================
parameters:
runAsPublic: false
sourceIndexBuildCommand: powershell -NoLogo -NoProfile -ExecutionPolicy Bypass -Command "eng/common/build.ps1 -restore -build -binarylog -ci"
preSteps: []
binlogPath: artifacts/log/Debug/Build.binlog
condition: eq(variables['Build.SourceBranch'], 'refs/heads/main')
dependsOn: ''
pool: ''
is1ESPipeline: ''
jobs:
- job: SourceIndexStage1
dependsOn: ${{ parameters.dependsOn }}
condition: ${{ parameters.condition }}
variables:
- name: BinlogPath
value: ${{ parameters.binlogPath }}
- template: /eng/common/core-templates/variables/pool-providers.yml
parameters:
is1ESPipeline: ${{ parameters.is1ESPipeline }}
${{ if ne(parameters.pool, '') }}:
pool: ${{ parameters.pool }}
${{ if eq(parameters.pool, '') }}:
pool:
${{ if eq(variables['System.TeamProject'], 'public') }}:
name: $(DncEngPublicBuildPool)
image: windows.vs2026preview.scout.amd64.open
${{ if eq(variables['System.TeamProject'], 'internal') }}:
name: $(DncEngInternalBuildPool)
image: windows.vs2026preview.scout.amd64
steps:
- ${{ if eq(parameters.is1ESPipeline, '') }}:
- 'Illegal entry point, is1ESPipeline is not defined. Repository yaml should not directly reference templates in core-templates folder.': error
- ${{ each preStep in parameters.preSteps }}:
- ${{ preStep }}
- script: ${{ parameters.sourceIndexBuildCommand }}
displayName: Build Repository
- template: /eng/common/core-templates/steps/source-index-stage1-publish.yml
parameters:
binLogPath: ${{ parameters.binLogPath }}
================================================
FILE: eng/common/core-templates/jobs/codeql-build.yml
================================================
parameters:
# See schema documentation in /Documentation/AzureDevOps/TemplateSchema.md
continueOnError: false
# Required: A collection of jobs to run - https://docs.microsoft.com/en-us/azure/devops/pipelines/yaml-schema?view=vsts&tabs=schema#job
jobs: []
# Optional: if specified, restore and use this version of Guardian instead of the default.
overrideGuardianVersion: ''
is1ESPipeline: ''
jobs:
- template: /eng/common/core-templates/jobs/jobs.yml
parameters:
is1ESPipeline: ${{ parameters.is1ESPipeline }}
enableMicrobuild: false
enablePublishBuildArtifacts: false
enablePublishTestResults: false
enablePublishBuildAssets: false
enableTelemetry: true
variables:
- group: Publish-Build-Assets
# The Guardian version specified in 'eng/common/sdl/packages.config'. This value must be kept in
# sync with the packages.config file.
- name: DefaultGuardianVersion
value: 0.109.0
- name: GuardianPackagesConfigFile
value: $(System.DefaultWorkingDirectory)\eng\common\sdl\packages.config
- name: GuardianVersion
value: ${{ coalesce(parameters.overrideGuardianVersion, '$(DefaultGuardianVersion)') }}
jobs: ${{ parameters.jobs }}
================================================
FILE: eng/common/core-templates/jobs/jobs.yml
================================================
parameters:
# See schema documentation in /Documentation/AzureDevOps/TemplateSchema.md
continueOnError: false
# Optional: Include PublishBuildArtifacts task
enablePublishBuildArtifacts: false
# Optional: Enable running the source-build jobs to build repo from source
enableSourceBuild: false
# Optional: Parameters for source-build template.
# See /eng/common/core-templates/jobs/source-build.yml for options
sourceBuildParameters: []
graphFileGeneration:
# Optional: Enable generating the graph files at the end of the build
enabled: false
# Optional: Include toolset dependencies in the generated graph files
includeToolset: false
# Required: A collection of jobs to run - https://docs.microsoft.com/en-us/azure/devops/pipelines/yaml-schema?view=vsts&tabs=schema#job
jobs: []
# Optional: Override automatically derived dependsOn value for "publish build assets" job
publishBuildAssetsDependsOn: ''
# Optional: Publish the assets as soon as the publish to BAR stage is complete, rather doing so in a separate stage.
publishAssetsImmediately: false
# Optional: 🌤️ or not the build has assets it wants to publish to BAR
isAssetlessBuild: false
# Optional: If using publishAssetsImmediately and additional parameters are needed, can be used to send along additional parameters (normally sent to post-build.yml)
artifactsPublishingAdditionalParameters: ''
signingValidationAdditionalParameters: ''
# Optional: should run as a public build even in the internal project
# if 'true', the build won't run any of the internal only steps, even if it is running in non-public projects.
runAsPublic: false
enableSourceIndex: false
sourceIndexParams: {}
artifacts: {}
is1ESPipeline: ''
# Publishing version w/default.
publishingVersion: 3
repositoryAlias: self
officialBuildId: ''
# Internal resources (telemetry, microbuild) can only be accessed from non-public projects,
# and some (Microbuild) should only be applied to non-PR cases for internal builds.
jobs:
- ${{ each job in parameters.jobs }}:
- ${{ if eq(parameters.is1ESPipeline, 'true') }}:
- template: /eng/common/templates-official/job/job.yml
parameters:
# pass along parameters
${{ each parameter in parameters }}:
${{ if ne(parameter.key, 'jobs') }}:
${{ parameter.key }}: ${{ parameter.value }}
# pass along job properties
${{ each property in job }}:
${{ if ne(property.key, 'job') }}:
${{ property.key }}: ${{ property.value }}
name: ${{ job.job }}
- ${{ else }}:
- template: /eng/common/templates/job/job.yml
parameters:
# pass along parameters
${{ each parameter in parameters }}:
${{ if ne(parameter.key, 'jobs') }}:
${{ parameter.key }}: ${{ parameter.value }}
# pass along job properties
${{ each property in job }}:
${{ if ne(property.key, 'job') }}:
${{ property.key }}: ${{ property.value }}
name: ${{ job.job }}
- ${{ if eq(parameters.enableSourceBuild, true) }}:
- template: /eng/common/core-templates/jobs/source-build.yml
parameters:
is1ESPipeline: ${{ parameters.is1ESPipeline }}
${{ each parameter in parameters.sourceBuildParameters }}:
${{ parameter.key }}: ${{ parameter.value }}
- ${{ if eq(parameters.enableSourceIndex, 'true') }}:
- template: ../job/source-index-stage1.yml
parameters:
is1ESPipeline: ${{ parameters.is1ESPipeline }}
runAsPublic: ${{ parameters.runAsPublic }}
${{ each parameter in parameters.sourceIndexParams }}:
${{ parameter.key }}: ${{ parameter.value }}
- ${{ if and(eq(parameters.runAsPublic, 'false'), ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}:
- ${{ if or(eq(parameters.enablePublishBuildAssets, true), eq(parameters.artifacts.publish.manifests, 'true'), ne(parameters.artifacts.publish.manifests, ''), eq(parameters.isAssetlessBuild, true)) }}:
- template: ../job/publish-build-assets.yml
parameters:
is1ESPipeline: ${{ parameters.is1ESPipeline }}
continueOnError: ${{ parameters.continueOnError }}
publishingVersion: ${{ parameters.publishingVersion }}
dependsOn:
- ${{ if ne(parameters.publishBuildAssetsDependsOn, '') }}:
- ${{ each job in parameters.publishBuildAssetsDependsOn }}:
- ${{ job.job }}
- ${{ if eq(parameters.publishBuildAssetsDependsOn, '') }}:
- ${{ each job in parameters.jobs }}:
- ${{ job.job }}
runAsPublic: ${{ parameters.runAsPublic }}
publishAssetsImmediately: ${{ or(parameters.publishAssetsImmediately, parameters.isAssetlessBuild) }}
isAssetlessBuild: ${{ parameters.isAssetlessBuild }}
enablePublishBuildArtifacts: ${{ parameters.enablePublishBuildArtifacts }}
artifactsPublishingAdditionalParameters: ${{ parameters.artifactsPublishingAdditionalParameters }}
signingValidationAdditionalParameters: ${{ parameters.signingValidationAdditionalParameters }}
repositoryAlias: ${{ parameters.repositoryAlias }}
officialBuildId: ${{ parameters.officialBuildId }}
================================================
FILE: eng/common/core-templates/jobs/source-build.yml
================================================
parameters:
# This template adds arcade-powered source-build to CI. A job is created for each platform, as
# well as an optional server job that completes when all platform jobs complete.
# See /eng/common/core-templates/job/source-build.yml
jobNamePrefix: 'Source_Build'
# This is the default platform provided by Arcade, intended for use by a managed-only repo.
defaultManagedPlatform:
name: 'Managed'
container: 'mcr.microsoft.com/dotnet-buildtools/prereqs:centos-stream-10-amd64'
# Defines the platforms on which to run build jobs. One job is created for each platform, and the
# object in this array is sent to the job template as 'platform'. If no platforms are specified,
# one job runs on 'defaultManagedPlatform'.
platforms: []
is1ESPipeline: ''
# If set to true and running on a non-public project,
# Internal nuget and blob storage locations will be enabled.
# This is not enabled by default because many repositories do not need internal sources
# and do not need to have the required service connections approved in the pipeline.
enableInternalSources: false
jobs:
- ${{ each platform in parameters.platforms }}:
- template: /eng/common/core-templates/job/source-build.yml
parameters:
is1ESPipeline: ${{ parameters.is1ESPipeline }}
jobNamePrefix: ${{ parameters.jobNamePrefix }}
platform: ${{ platform }}
enableInternalSources: ${{ parameters.enableInternalSources }}
- ${{ if eq(length(parameters.platforms), 0) }}:
- template: /eng/common/core-templates/job/source-build.yml
parameters:
is1ESPipeline: ${{ parameters.is1ESPipeline }}
jobNamePrefix: ${{ parameters.jobNamePrefix }}
platform: ${{ parameters.defaultManagedPlatform }}
enableInternalSources: ${{ parameters.enableInternalSources }}
================================================
FILE: eng/common/core-templates/post-build/common-variables.yml
================================================
variables:
- group: Publish-Build-Assets
# Whether the build is internal or not
- name: IsInternalBuild
value: ${{ and(ne(variables['System.TeamProject'], 'public'), contains(variables['Build.SourceBranch'], 'internal')) }}
# Default Maestro++ API Endpoint and API Version
- name: MaestroApiEndPoint
value: "https://maestro.dot.net"
- name: MaestroApiVersion
value: "2020-02-20"
- name: SourceLinkCLIVersion
value: 3.0.0
- name: SymbolToolVersion
value: 1.0.1
- name: BinlogToolVersion
value: 1.0.11
- name: runCodesignValidationInjection
value: false
================================================
FILE: eng/common/core-templates/post-build/post-build.yml
================================================
parameters:
# Which publishing infra should be used. THIS SHOULD MATCH THE VERSION ON THE BUILD MANIFEST.
# Publishing V1 is no longer supported
# Publishing V2 is no longer supported
# Publishing V3 is the default
- name: publishingInfraVersion
displayName: Which version of publishing should be used to promote the build definition?
type: number
default: 3
values:
- 3
- 4
- name: BARBuildId
displayName: BAR Build Id
type: number
default: 0
- name: PromoteToChannelIds
displayName: Channel to promote BARBuildId to
type: string
default: ''
- name: enableSourceLinkValidation
displayName: Enable SourceLink validation
type: boolean
default: false
- name: enableSigningValidation
displayName: Enable signing validation
type: boolean
default: true
- name: enableSymbolValidation
displayName: Enable symbol validation
type: boolean
default: false
- name: enableNugetValidation
displayName: Enable NuGet validation
type: boolean
default: true
- name: publishInstallersAndChecksums
displayName: Publish installers and checksums
type: boolean
default: true
- name: requireDefaultChannels
displayName: Fail the build if there are no default channel(s) registrations for the current build
type: boolean
default: false
- name: SDLValidationParameters
type: object
default:
enable: false
publishGdn: false
continueOnError: false
params: ''
artifactNames: ''
downloadArtifacts: true
- name: isAssetlessBuild
type: boolean
displayName: Is Assetless Build
default: false
# These parameters let the user customize the call to sdk-task.ps1 for publishing
# symbols & general artifacts as well as for signing validation
- name: symbolPublishingAdditionalParameters
displayName: Symbol publishing additional parameters
type: string
default: ''
- name: artifactsPublishingAdditionalParameters
displayName: Artifact publishing additional parameters
type: string
default: ''
- name: signingValidationAdditionalParameters
displayName: Signing validation additional parameters
type: string
default: ''
# Which stages should finish execution before post-build stages start
- name: validateDependsOn
type: object
default:
- build
- name: publishDependsOn
type: object
default:
- Validate
# Optional: Call asset publishing rather than running in a separate stage
- name: publishAssetsImmediately
type: boolean
default: false
- name: is1ESPipeline
type: boolean
default: false
stages:
- ${{ if or(eq( parameters.enableNugetValidation, 'true'), eq(parameters.enableSigningValidation, 'true'), eq(parameters.enableSourceLinkValidation, 'true'), eq(parameters.SDLValidationParameters.enable, 'true')) }}:
- stage: Validate
dependsOn: ${{ parameters.validateDependsOn }}
displayName: Validate Build Assets
variables:
- template: /eng/common/core-templates/post-build/common-variables.yml
- template: /eng/common/core-templates/variables/pool-providers.yml
parameters:
is1ESPipeline: ${{ parameters.is1ESPipeline }}
jobs:
- job:
displayName: NuGet Validation
condition: and(succeededOrFailed(), eq( ${{ parameters.enableNugetValidation }}, 'true'))
pool:
# We don't use the collection uri here because it might vary (.visualstudio.com vs. dev.azure.com)
${{ if eq(variables['System.TeamProject'], 'DevDiv') }}:
name: AzurePipelines-EO
image: 1ESPT-Windows2025
demands: Cmd
os: windows
# If it's not devdiv, it's dnceng
${{ else }}:
${{ if eq(parameters.is1ESPipeline, true) }}:
name: $(DncEngInternalBuildPool)
image: windows.vs2026preview.scout.amd64
os: windows
${{ else }}:
name: $(DncEngInternalBuildPool)
demands: ImageOverride -equals windows.vs2026preview.scout.amd64
steps:
- template: /eng/common/core-templates/post-build/setup-maestro-vars.yml
parameters:
BARBuildId: ${{ parameters.BARBuildId }}
PromoteToChannelIds: ${{ parameters.PromoteToChannelIds }}
is1ESPipeline: ${{ parameters.is1ESPipeline }}
- ${{ if ne(parameters.publishingInfraVersion, 4) }}:
- task: DownloadBuildArtifacts@0
displayName: Download Package Artifacts
inputs:
buildType: specific
buildVersionToDownload: specific
project: $(AzDOProjectName)
pipeline: $(AzDOPipelineId)
buildId: $(AzDOBuildId)
artifactName: PackageArtifacts
checkDownloadedFiles: true
- ${{ if eq(parameters.publishingInfraVersion, 4) }}:
- task: DownloadPipelineArtifact@2
displayName: Download Pipeline Artifacts (V4)
inputs:
itemPattern: '*/packages/**/*.nupkg'
targetPath: '$(Build.ArtifactStagingDirectory)/PipelineArtifactsDownload'
- task: CopyFiles@2
displayName: Flatten packages to PackageArtifacts
inputs:
SourceFolder: '$(Build.ArtifactStagingDirectory)/PipelineArtifactsDownload'
Contents: '**/*.nupkg'
TargetFolder: '$(Build.ArtifactStagingDirectory)/PackageArtifacts'
flattenFolders: true
- task: PowerShell@2
displayName: Validate
inputs:
filePath: $(System.DefaultWorkingDirectory)/eng/common/post-build/nuget-validation.ps1
arguments: -PackagesPath $(Build.ArtifactStagingDirectory)/PackageArtifacts/
- job:
displayName: Signing Validation
condition: and( eq( ${{ parameters.enableSigningValidation }}, 'true'), ne( variables['PostBuildSign'], 'true'))
pool:
# We don't use the collection uri here because it might vary (.visualstudio.com vs. dev.azure.com)
${{ if eq(variables['System.TeamProject'], 'DevDiv') }}:
name: AzurePipelines-EO
image: 1ESPT-Windows2025
demands: Cmd
os: windows
# If it's not devdiv, it's dnceng
${{ else }}:
${{ if eq(parameters.is1ESPipeline, true) }}:
name: $(DncEngInternalBuildPool)
image: windows.vs2026.amd64
os: windows
${{ else }}:
name: $(DncEngInternalBuildPool)
demands: ImageOverride -equals windows.vs2026preview.scout.amd64
steps:
- template: /eng/common/core-templates/post-build/setup-maestro-vars.yml
parameters:
BARBuildId: ${{ parameters.BARBuildId }}
PromoteToChannelIds: ${{ parameters.PromoteToChannelIds }}
is1ESPipeline: ${{ parameters.is1ESPipeline }}
- ${{ if ne(parameters.publishingInfraVersion, 4) }}:
- task: DownloadBuildArtifacts@0
displayName: Download Package Artifacts
inputs:
buildType: specific
buildVersionToDownload: specific
project: $(AzDOProjectName)
pipeline: $(AzDOPipelineId)
buildId: $(AzDOBuildId)
artifactName: PackageArtifacts
checkDownloadedFiles: true
- ${{ if eq(parameters.publishingInfraVersion, 4) }}:
- task: DownloadPipelineArtifact@2
displayName: Download Pipeline Artifacts (V4)
inputs:
itemPattern: '*/packages/**/*.nupkg'
targetPath: '$(Build.ArtifactStagingDirectory)/PipelineArtifactsDownload'
- task: CopyFiles@2
displayName: Flatten packages to PackageArtifacts
inputs:
SourceFolder: '$(Build.ArtifactStagingDirectory)/PipelineArtifactsDownload'
Contents: '**/*.nupkg'
TargetFolder: '$(Build.ArtifactStagingDirectory)/PackageArtifacts'
flattenFolders: true
# This is necessary whenever we want to publish/restore to an AzDO private feed
# Since sdk-task.ps1 tries to restore packages we need to do this authentication here
# otherwise it'll complain about accessing a private feed.
- task: NuGetAuthenticate@1
displayName: 'Authenticate to AzDO Feeds'
# Signing validation will optionally work with the buildmanifest file which is downloaded from
# Azure DevOps above.
- task: PowerShell@2
displayName: Validate
inputs:
filePath: eng\common\sdk-task.ps1
arguments: -task SigningValidation -restore -msbuildEngine vs
/p:PackageBasePath='$(Build.ArtifactStagingDirectory)/PackageArtifacts'
/p:SignCheckExclusionsFile='$(System.DefaultWorkingDirectory)/eng/SignCheckExclusionsFile.txt'
${{ parameters.signingValidationAdditionalParameters }}
- template: /eng/common/core-templates/steps/publish-logs.yml
parameters:
is1ESPipeline: ${{ parameters.is1ESPipeline }}
StageLabel: 'Validation'
JobLabel: 'Signing'
BinlogToolVersion: $(BinlogToolVersion)
- job:
displayName: SourceLink Validation
condition: eq( ${{ parameters.enableSourceLinkValidation }}, 'true')
pool:
# We don't use the collection uri here because it might vary (.visualstudio.com vs. dev.azure.com)
${{ if eq(variables['System.TeamProject'], 'DevDiv') }}:
name: AzurePipelines-EO
image: 1ESPT-Windows2025
demands: Cmd
os: windows
# If it's not devdiv, it's dnceng
${{ else }}:
${{ if eq(parameters.is1ESPipeline, true) }}:
name: $(DncEngInternalBuildPool)
image: windows.vs2026.amd64
os: windows
${{ else }}:
name: $(DncEngInternalBuildPool)
demands: ImageOverride -equals windows.vs2026preview.scout.amd64
steps:
- template: /eng/common/core-templates/post-build/setup-maestro-vars.yml
parameters:
BARBuildId: ${{ parameters.BARBuildId }}
PromoteToChannelIds: ${{ parameters.PromoteToChannelIds }}
is1ESPipeline: ${{ parameters.is1ESPipeline }}
- ${{ if ne(parameters.publishingInfraVersion, 4) }}:
- task: DownloadBuildArtifacts@0
displayName: Download Blob Artifacts
inputs:
buildType: specific
buildVersionToDownload: specific
project: $(AzDOProjectName)
pipeline: $(AzDOPipelineId)
buildId: $(AzDOBuildId)
artifactName: BlobArtifacts
checkDownloadedFiles: true
- ${{ if eq(parameters.publishingInfraVersion, 4) }}:
- task: DownloadPipelineArtifact@2
displayName: Download Pipeline Artifacts (V4)
inputs:
itemPattern: '*/assets/**'
targetPath: '$(Build.ArtifactStagingDirectory)/PipelineArtifactsDownload'
- task: CopyFiles@2
displayName: Flatten assets to BlobArtifacts
inputs:
SourceFolder: '$(Build.ArtifactStagingDirectory)/PipelineArtifactsDownload'
Contents: '**/*'
TargetFolder: '$(Build.ArtifactStagingDirectory)/BlobArtifacts'
flattenFolders: true
- task: PowerShell@2
displayName: Validate
inputs:
filePath: $(System.DefaultWorkingDirectory)/eng/common/post-build/sourcelink-validation.ps1
arguments: -InputPath $(Build.ArtifactStagingDirectory)/BlobArtifacts/
-ExtractPath $(Agent.BuildDirectory)/Extract/
-GHRepoName $(Build.Repository.Name)
-GHCommit $(Build.SourceVersion)
-SourcelinkCliVersion $(SourceLinkCLIVersion)
continueOnError: true
- ${{ if ne(parameters.publishAssetsImmediately, 'true') }}:
- stage: publish_using_darc
${{ if or(eq(parameters.enableNugetValidation, 'true'), eq(parameters.enableSigningValidation, 'true'), eq(parameters.enableSourceLinkValidation, 'true'), eq(parameters.SDLValidationParameters.enable, 'true')) }}:
dependsOn: ${{ parameters.publishDependsOn }}
${{ else }}:
dependsOn: ${{ parameters.validateDependsOn }}
displayName: Publish using Darc
variables:
- template: /eng/common/core-templates/post-build/common-variables.yml
- template: /eng/common/core-templates/variables/pool-providers.yml
parameters:
is1ESPipeline: ${{ parameters.is1ESPipeline }}
jobs:
- job:
displayName: Publish Using Darc
timeoutInMinutes: 120
pool:
# We don't use the collection uri here because it might vary (.visualstudio.com vs. dev.azure.com)
${{ if eq(variables['System.TeamProject'], 'DevDiv') }}:
name: AzurePipelines-EO
image: 1ESPT-Windows2025
demands: Cmd
os: windows
# If it's not devdiv, it's dnceng
${{ else }}:
${{ if eq(parameters.is1ESPipeline, true) }}:
name: NetCore1ESPool-Publishing-Internal
image: windows.vs2026.amd64
os: windows
${{ else }}:
name: NetCore1ESPool-Publishing-Internal
demands: ImageOverride -equals windows.vs2026.amd64
steps:
- template: /eng/common/core-templates/post-build/setup-maestro-vars.yml
parameters:
BARBuildId: ${{ parameters.BARBuildId }}
PromoteToChannelIds: ${{ parameters.PromoteToChannelIds }}
is1ESPipeline: ${{ parameters.is1ESPipeline }}
- task: NuGetAuthenticate@1
# Populate internal runtime variables.
- template: /eng/common/templates/steps/enable-internal-sources.yml
parameters:
legacyCredential: $(dn-bot-dnceng-artifact-feeds-rw)
- template: /eng/common/templates/steps/enable-internal-runtimes.yml
# Darc is targeting 8.0, so make sure it's installed
- task: UseDotNet@2
inputs:
version: 8.0.x
- task: AzureCLI@2
displayName: Publish Using Darc
inputs:
azureSubscription: "Darc: Maestro Production"
scriptType: ps
scriptLocation: scriptPath
scriptPath: $(System.DefaultWorkingDirectory)/eng/common/post-build/publish-using-darc.ps1
arguments: >
-BuildId $(BARBuildId)
-PublishingInfraVersion 3
-AzdoToken '$(System.AccessToken)'
-WaitPublishingFinish true
-RequireDefaultChannels ${{ parameters.requireDefaultChannels }}
-ArtifactsPublishingAdditionalParameters '${{ parameters.artifactsPublishingAdditionalParameters }}'
-SymbolPublishingAdditionalParameters '${{ parameters.symbolPublishingAdditionalParameters }}'
-SkipAssetsPublishing '${{ parameters.isAssetlessBuild }}'
-runtimeSourceFeed https://ci.dot.net/internal
-runtimeSourceFeedKey '$(dotnetbuilds-internal-container-read-token-base64)'
================================================
FILE: eng/common/core-templates/post-build/setup-maestro-vars.yml
================================================
parameters:
BARBuildId: ''
PromoteToChannelIds: ''
is1ESPipeline: ''
steps:
- ${{ if eq(parameters.is1ESPipeline, '') }}:
- 'Illegal entry point, is1ESPipeline is not defined. Repository yaml should not directly reference templates in core-templates folder.': error
- ${{ if eq(coalesce(parameters.PromoteToChannelIds, 0), 0) }}:
- task: DownloadPipelineArtifact@2
displayName: Download Release Configs
inputs:
artifactName: ReleaseConfigs
targetPath: '$(Build.StagingDirectory)/ReleaseConfigs'
- task: AzureCLI@2
name: setReleaseVars
displayName: Set Release Configs Vars
inputs:
azureSubscription: "Darc: Maestro Production"
scriptType: pscore
scriptLocation: inlineScript
inlineScript: |
try {
if (!$Env:PromoteToMaestroChannels -or $Env:PromoteToMaestroChannels.Trim() -eq '') {
$Content = Get-Content $(Build.StagingDirectory)/ReleaseConfigs/ReleaseConfigs.txt
$BarId = $Content | Select -Index 0
$Channels = $Content | Select -Index 1
$IsStableBuild = $Content | Select -Index 2
$AzureDevOpsProject = $Env:System_TeamProject
$AzureDevOpsBuildDefinitionId = $Env:System_DefinitionId
$AzureDevOpsBuildId = $Env:Build_BuildId
}
else {
. $(System.DefaultWorkingDirectory)\eng\common\tools.ps1
$darc = Get-Darc
$buildInfo = & $darc get-build `
--id ${{ parameters.BARBuildId }} `
--extended `
--output-format json `
--ci `
| convertFrom-Json
$BarId = ${{ parameters.BARBuildId }}
$Channels = $Env:PromoteToMaestroChannels -split ","
$Channels = $Channels -join "]["
$Channels = "[$Channels]"
$IsStableBuild = $buildInfo.stable
$AzureDevOpsProject = $buildInfo.azureDevOpsProject
$AzureDevOpsBuildDefinitionId = $buildInfo.azureDevOpsBuildDefinitionId
$AzureDevOpsBuildId = $buildInfo.azureDevOpsBuildId
}
Write-Host "##vso[task.setvariable variable=BARBuildId]$BarId"
Write-Host "##vso[task.setvariable variable=TargetChannels]$Channels"
Write-Host "##vso[task.setvariable variable=IsStableBuild]$IsStableBuild"
Write-Host "##vso[task.setvariable variable=AzDOProjectName]$AzureDevOpsProject"
Write-Host "##vso[task.setvariable variable=AzDOPipelineId]$AzureDevOpsBuildDefinitionId"
Write-Host "##vso[task.setvariable variable=AzDOBuildId]$AzureDevOpsBuildId"
}
catch {
Write-Host $_
Write-Host $_.Exception
Write-Host $_.ScriptStackTrace
exit 1
}
env:
PromoteToMaestroChannels: ${{ parameters.PromoteToChannelIds }}
================================================
FILE: eng/common/core-templates/steps/cleanup-microbuild.yml
================================================
parameters:
# Enable cleanup tasks for MicroBuild
enableMicrobuild: false
# Enable cleanup tasks for MicroBuild on Mac and Linux
# Will be ignored if 'enableMicrobuild' is false or 'Agent.Os' is 'Windows_NT'
enableMicrobuildForMacAndLinux: false
continueOnError: false
steps:
- ${{ if eq(parameters.enableMicrobuild, 'true') }}:
- task: MicroBuildCleanup@1
displayName: Execute Microbuild cleanup tasks
condition: and(
always(),
or(
and(
eq(variables['Agent.Os'], 'Windows_NT'),
in(variables['_SignType'], 'real', 'test')
),
and(
${{ eq(parameters.enableMicrobuildForMacAndLinux, true) }},
ne(variables['Agent.Os'], 'Windows_NT'),
eq(variables['_SignType'], 'real')
)
))
continueOnError: ${{ parameters.continueOnError }}
env:
TeamName: $(_TeamName)
================================================
FILE: eng/common/core-templates/steps/enable-internal-runtimes.yml
================================================
# Obtains internal runtime download credentials and populates the 'dotnetbuilds-internal-container-read-token-base64'
# variable with the base64-encoded SAS token, by default
parameters:
- name: federatedServiceConnection
type: string
default: 'dotnetbuilds-internal-read'
- name: outputVariableName
type: string
default: 'dotnetbuilds-internal-container-read-token-base64'
- name: expiryInHours
type: number
default: 1
- name: base64Encode
type: boolean
default: true
- name: is1ESPipeline
type: boolean
default: false
steps:
- ${{ if ne(variables['System.TeamProject'], 'public') }}:
- template: /eng/common/core-templates/steps/get-delegation-sas.yml
parameters:
federatedServiceConnection: ${{ parameters.federatedServiceConnection }}
outputVariableName: ${{ parameters.outputVariableName }}
expiryInHours: ${{ parameters.expiryInHours }}
base64Encode: ${{ parameters.base64Encode }}
storageAccount: dotnetbuilds
container: internal
permissions: rl
is1ESPipeline: ${{ parameters.is1ESPipeline }}
================================================
FILE: eng/common/core-templates/steps/enable-internal-sources.yml
================================================
parameters:
# This is the Azure federated service connection that we log into to get an access token.
- name: nugetFederatedServiceConnection
type: string
default: 'dnceng-artifacts-feeds-read'
- name: is1ESPipeline
type: boolean
default: false
# Legacy parameters to allow for PAT usage
- name: legacyCredential
type: string
default: ''
steps:
- ${{ if ne(variables['System.TeamProject'], 'public') }}:
- ${{ if ne(parameters.legacyCredential, '') }}:
- task: PowerShell@2
displayName: Setup Internal Feeds
inputs:
filePath: $(System.DefaultWorkingDirectory)/eng/common/SetupNugetSources.ps1
arguments: -ConfigFile $(System.DefaultWorkingDirectory)/NuGet.config -Password $Env:Token
env:
Token: ${{ parameters.legacyCredential }}
# If running on dnceng (internal project), just use the default behavior for NuGetAuthenticate.
# If running on DevDiv, NuGetAuthenticate is not really an option. It's scoped to a single feed, and we have many feeds that
# may be added. Instead, we'll use the traditional approach (add cred to nuget.config), but use an account token.
- ${{ else }}:
- ${{ if eq(variables['System.TeamProject'], 'internal') }}:
- task: PowerShell@2
displayName: Setup Internal Feeds
inputs:
filePath: $(System.DefaultWorkingDirectory)/eng/common/SetupNugetSources.ps1
arguments: -ConfigFile $(System.DefaultWorkingDirectory)/NuGet.config
- ${{ else }}:
- template: /eng/common/templates/steps/get-federated-access-token.yml
parameters:
federatedServiceConnection: ${{ parameters.nugetFederatedServiceConnection }}
outputVariableName: 'dnceng-artifacts-feeds-read-access-token'
- task: PowerShell@2
displayName: Setup Internal Feeds
inputs:
filePath: $(System.DefaultWorkingDirectory)/eng/common/SetupNugetSources.ps1
arguments: -ConfigFile $(System.DefaultWorkingDirectory)/NuGet.config -Password $(dnceng-artifacts-feeds-read-access-token)
# This is required in certain scenarios to install the ADO credential provider.
# It installed by default in some msbuild invocations (e.g. VS msbuild), but needs to be installed for others
# (e.g. dotnet msbuild).
- task: NuGetAuthenticate@1
================================================
FILE: eng/common/core-templates/steps/generate-sbom.yml
================================================
parameters:
PackageVersion: unused
BuildDropPath: unused
PackageName: unused
ManifestDirPath: unused
IgnoreDirectories: unused
sbomContinueOnError: unused
is1ESPipeline: unused
publishArtifacts: unused
steps:
- script: |
echo "##vso[task.logissue type=warning]Including generate-sbom.yml is deprecated, SBOM generation is handled 1ES PT now. Remove this include."
displayName: Issue generate-sbom.yml deprecation warning
================================================
FILE: eng/common/core-templates/steps/get-delegation-sas.yml
================================================
parameters:
- name: federatedServiceConnection
type: string
- name: outputVariableName
type: string
- name: expiryInHours
type: number
default: 1
- name: base64Encode
type: boolean
default: false
- name: storageAccount
type: string
- name: container
type: string
- name: permissions
type: string
default: 'rl'
- name: is1ESPipeline
type: boolean
default: false
steps:
- task: AzureCLI@2
displayName: 'Generate delegation SAS Token for ${{ parameters.storageAccount }}/${{ parameters.container }}'
inputs:
azureSubscription: ${{ parameters.federatedServiceConnection }}
scriptType: 'pscore'
scriptLocation: 'inlineScript'
inlineScript: |
# Calculate the expiration of the SAS token and convert to UTC
$expiry = (Get-Date).AddHours(${{ parameters.expiryInHours }}).ToUniversalTime().ToString("yyyy-MM-ddTHH:mm:ssZ")
$sas = az storage container generate-sas --account-name ${{ parameters.storageAccount }} --name ${{ parameters.container }} --permissions ${{ parameters.permissions }} --expiry $expiry --auth-mode login --as-user -o tsv
if ($LASTEXITCODE -ne 0) {
Write-Error "Failed to generate SAS token."
exit 1
}
if ('${{ parameters.base64Encode }}' -eq 'true') {
$sas = [Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($sas))
}
Write-Host "Setting '${{ parameters.outputVariableName }}' with the access token value"
Write-Host "##vso[task.setvariable variable=${{ parameters.outputVariableName }};issecret=true]$sas"
================================================
FILE: eng/common/core-templates/steps/get-federated-access-token.yml
================================================
parameters:
- name: federatedServiceConnection
type: string
- name: outputVariableName
type: string
- name: is1ESPipeline
type: boolean
- name: stepName
type: string
default: 'getFederatedAccessToken'
- name: condition
type: string
default: ''
# Resource to get a token for. Common values include:
# - '499b84ac-1321-427f-aa17-267ca6975798' for Azure DevOps
# - 'https://storage.azure.com/' for storage
# Defaults to Azure DevOps
- name: resource
type: string
default: '499b84ac-1321-427f-aa17-267ca6975798'
- name: isStepOutputVariable
type: boolean
default: false
steps:
- task: AzureCLI@2
displayName: 'Getting federated access token for feeds'
name: ${{ parameters.stepName }}
${{ if ne(parameters.condition, '') }}:
condition: ${{ parameters.condition }}
inputs:
azureSubscription: ${{ parameters.federatedServiceConnection }}
scriptType: 'pscore'
scriptLocation: 'inlineScript'
inlineScript: |
$accessToken = az account get-access-token --query accessToken --resource ${{ parameters.resource }} --output tsv
if ($LASTEXITCODE -ne 0) {
Write-Error "Failed to get access token for resource '${{ parameters.resource }}'"
exit 1
}
Write-Host "Setting '${{ parameters.outputVariableName }}' with the access token value"
Write-Host "##vso[task.setvariable variable=${{ parameters.outputVariableName }};issecret=true;isOutput=${{ parameters.isStepOutputVariable }}]$accessToken"
================================================
FILE: eng/common/core-templates/steps/install-microbuild.yml
================================================
parameters:
# Enable install tasks for MicroBuild
enableMicrobuild: false
# Enable install tasks for MicroBuild on Mac and Linux
# Will be ignored if 'enableMicrobuild' is false or 'Agent.Os' is 'Windows_NT'
enableMicrobuildForMacAndLinux: false
# Determines whether the ESRP service connection information should be passed to the signing plugin.
# This overlaps with _SignType to some degree. We only need the service connection for real signing.
# It's important that the service connection not be passed to the MicroBuildSigningPlugin task in this place.
# Doing so will cause the service connection to be authorized for the pipeline, which isn't allowed and won't work for non-prod.
# Unfortunately, _SignType can't be used to exclude the use of the service connection in non-real sign scenarios. The
# variable is not available in template expression. _SignType has a very large proliferation across .NET, so replacing it is tough.
microbuildUseESRP: true
# Microbuild installation directory
microBuildOutputFolder: $(Agent.TempDirectory)/MicroBuild
continueOnError: false
steps:
- ${{ if eq(parameters.enableMicrobuild, 'true') }}:
- ${{ if eq(parameters.enableMicrobuildForMacAndLinux, 'true') }}:
# Needed to download the MicroBuild plugin nupkgs on Mac and Linux when nuget.exe is unavailable
- task: UseDotNet@2
displayName: Install .NET 8.0 SDK for MicroBuild Plugin
inputs:
packageType: sdk
version: 8.0.x
installationPath: ${{ parameters.microBuildOutputFolder }}/.dotnet-microbuild
condition: and(succeeded(), ne(variables['Agent.Os'], 'Windows_NT'))
- script: |
set -euo pipefail
# UseDotNet@2 prepends the dotnet executable path to the PATH variable, so we can call dotnet directly
version=$(dotnet --version)
cat << 'EOF' > ${{ parameters.microBuildOutputFolder }}/global.json
{
"sdk": {
"version": "$version",
"paths": [
"${{ parameters.microBuildOutputFolder }}/.dotnet-microbuild"
],
"errorMessage": "The .NET SDK version $version is required to install the MicroBuild signing plugin."
}
}
EOF
displayName: 'Add global.json to MicroBuild Installation path'
workingDirectory: ${{ parameters.microBuildOutputFolder }}
condition: and(succeeded(), ne(variables['Agent.Os'], 'Windows_NT'))
- script: |
REM Check if ESRP is disabled while SignType is real
if /I "${{ parameters.microbuildUseESRP }}"=="false" if /I "$(_SignType)"=="real" (
echo Error: ESRP must be enabled when SignType is real.
exit /b 1
)
displayName: 'Validate ESRP usage (Windows)'
condition: and(succeeded(), eq(variables['Agent.Os'], 'Windows_NT'))
- script: |
# Check if ESRP is disabled while SignType is real
if [ "${{ parameters.microbuildUseESRP }}" = "false" ] && [ "$(_SignType)" = "real" ]; then
echo "Error: ESRP must be enabled when SignType is real."
exit 1
fi
displayName: 'Validate ESRP usage (Non-Windows)'
condition: and(succeeded(), ne(variables['Agent.Os'], 'Windows_NT'))
# Two different MB install steps. This is due to not being able to use the agent OS during
# YAML expansion, and Windows vs. Linux/Mac uses different service connections. However,
# we can avoid including the MB install step if not enabled at all. This avoids a bunch of
# extra pipeline authorizations, since most pipelines do not sign on non-Windows.
- task: MicroBuildSigningPlugin@4
displayName: Install MicroBuild plugin (Windows)
inputs:
signType: $(_SignType)
zipSources: false
feedSource: https://dnceng.pkgs.visualstudio.com/_packaging/MicroBuildToolset/nuget/v3/index.json
${{ if eq(parameters.microbuildUseESRP, true) }}:
ConnectedServiceName: 'MicroBuild Signing Task (DevDiv)'
${{ if eq(variables['System.TeamProject'], 'DevDiv') }}:
ConnectedPMEServiceName: 6cc74545-d7b9-4050-9dfa-ebefcc8961ea
${{ else }}:
ConnectedPMEServiceName: 248d384a-b39b-46e3-8ad5-c2c210d5e7ca
env:
TeamName: $(_TeamName)
MicroBuildOutputFolderOverride: ${{ parameters.microBuildOutputFolder }}
SYSTEM_ACCESSTOKEN: $(System.AccessToken)
continueOnError: ${{ parameters.continueOnError }}
condition: and(succeeded(), eq(variables['Agent.Os'], 'Windows_NT'), in(variables['_SignType'], 'real', 'test'))
- ${{ if eq(parameters.enableMicrobuildForMacAndLinux, true) }}:
- task: MicroBuildSigningPlugin@4
displayName: Install MicroBuild plugin (non-Windows)
inputs:
signType: $(_SignType)
zipSources: false
feedSource: https://dnceng.pkgs.visualstudio.com/_packaging/MicroBuildToolset/nuget/v3/index.json
workingDirectory: ${{ parameters.microBuildOutputFolder }}
${{ if eq(parameters.microbuildUseESRP, true) }}:
ConnectedServiceName: 'MicroBuild Signing Task (DevDiv)'
${{ if eq(variables['System.TeamProject'], 'DevDiv') }}:
ConnectedPMEServiceName: beb8cb23-b303-4c95-ab26-9e44bc958d39
${{ else }}:
ConnectedPMEServiceName: c24de2a5-cc7a-493d-95e4-8e5ff5cad2bc
env:
TeamName: $(_TeamName)
MicroBuildOutputFolderOverride: ${{ parameters.microBuildOutputFolder }}
SYSTEM_ACCESSTOKEN: $(System.AccessToken)
continueOnError: ${{ parameters.continueOnError }}
condition: and(succeeded(), ne(variables['Agent.Os'], 'Windows_NT'), eq(variables['_SignType'], 'real'))
================================================
FILE: eng/common/core-templates/steps/publish-build-artifacts.yml
================================================
parameters:
- name: is1ESPipeline
type: boolean
default: false
- name: args
type: object
default: {}
steps:
- ${{ if ne(parameters.is1ESPipeline, true) }}:
- template: /eng/common/templates/steps/publish-build-artifacts.yml
parameters:
is1ESPipeline: ${{ parameters.is1ESPipeline }}
${{ each parameter in parameters.args }}:
${{ parameter.key }}: ${{ parameter.value }}
- ${{ else }}:
- template: /eng/common/templates-official/steps/publish-build-artifacts.yml
parameters:
is1ESPipeline: ${{ parameters.is1ESPipeline }}
${{ each parameter in parameters.args }}:
${{ parameter.key }}: ${{ parameter.value }}
================================================
FILE: eng/common/core-templates/steps/publish-logs.yml
================================================
parameters:
StageLabel: ''
JobLabel: ''
CustomSensitiveDataList: ''
# A default - in case value from eng/common/core-templates/post-build/common-variables.yml is not passed
BinlogToolVersion: '1.0.11'
is1ESPipeline: false
steps:
- task: Powershell@2
displayName: Prepare Binlogs to Upload
inputs:
targetType: inline
script: |
New-Item -ItemType Directory $(System.DefaultWorkingDirectory)/PostBuildLogs/${{parameters.StageLabel}}/${{parameters.JobLabel}}/
Move-Item -Path $(System.DefaultWorkingDirectory)/artifacts/log/Debug/* $(System.DefaultWorkingDirectory)/PostBuildLogs/${{parameters.StageLabel}}/${{parameters.JobLabel}}/
continueOnError: true
condition: always()
- task: PowerShell@2
displayName: Redact Logs
inputs:
filePath: $(System.DefaultWorkingDirectory)/eng/common/post-build/redact-logs.ps1
# For now this needs to have explicit list of all sensitive data. Taken from eng/publishing/v3/publish.yml
# Sensitive data can as well be added to $(System.DefaultWorkingDirectory)/eng/BinlogSecretsRedactionFile.txt'
# If the file exists - sensitive data for redaction will be sourced from it
# (single entry per line, lines starting with '# ' are considered comments and skipped)
arguments: -InputPath '$(System.DefaultWorkingDirectory)/PostBuildLogs'
-BinlogToolVersion '${{parameters.BinlogToolVersion}}'
-TokensFilePath '$(System.DefaultWorkingDirectory)/eng/BinlogSecretsRedactionFile.txt'
-runtimeSourceFeed https://ci.dot.net/internal
-runtimeSourceFeedKey '$(dotnetbuilds-internal-container-read-token-base64)'
'$(publishing-dnceng-devdiv-code-r-build-re)'
'$(dn-bot-all-orgs-artifact-feeds-rw)'
'$(akams-client-id)'
'$(microsoft-symbol-server-pat)'
'$(symweb-symbol-server-pat)'
'$(dnceng-symbol-server-pat)'
'$(dn-bot-all-orgs-build-rw-code-rw)'
'$(System.AccessToken)'
${{parameters.CustomSensitiveDataList}}
continueOnError: true
condition: always()
- task: CopyFiles@2
displayName: Gather post build logs
inputs:
SourceFolder: '$(System.DefaultWorkingDirectory)/PostBuildLogs'
Contents: '**'
TargetFolder: '$(Build.ArtifactStagingDirectory)/PostBuildLogs'
condition: always()
- template: /eng/common/core-templates/steps/publish-pipeline-artifacts.yml
parameters:
is1ESPipeline: ${{ parameters.is1ESPipeline }}
args:
displayName: Publish Logs
targetPath: '$(Build.ArtifactStagingDirectory)/PostBuildLogs'
artifactName: PostBuildLogs_${{ parameters.StageLabel }}_${{ parameters.JobLabel }}_Attempt$(System.JobAttempt)
continueOnError: true
condition: always()
retryCountOnTaskFailure: 10 # for any files being locked
isProduction: false # logs are non-production artifacts
================================================
FILE: eng/common/core-templates/steps/publish-pipeline-artifacts.yml
================================================
parameters:
- name: is1ESPipeline
type: boolean
default: false
- name: args
type: object
default: {}
steps:
- ${{ if ne(parameters.is1ESPipeline, true) }}:
- template: /eng/common/templates/steps/publish-pipeline-artifacts.yml
parameters:
${{ each parameter in parameters }}:
${{ parameter.key }}: ${{ parameter.value }}
- ${{ else }}:
- template: /eng/common/templates-official/steps/publish-pipeline-artifacts.yml
parameters:
${{ each parameter in parameters }}:
${{ parameter.key }}: ${{ parameter.value }}
================================================
FILE: eng/common/core-templates/steps/retain-build.yml
================================================
parameters:
# Optional azure devops PAT with build execute permissions for the build's organization,
# only needed if the build that should be retained ran on a different organization than
# the pipeline where this template is executing from
Token: ''
# Optional BuildId to retain, defaults to the current running build
BuildId: ''
# Azure devops Organization URI for the build in the https://dev.azure.com/<organization> format.
# Defaults to the organization the current pipeline is running on
AzdoOrgUri: '$(System.CollectionUri)'
# Azure devops project for the build. Defaults to the project the current pipeline is running on
AzdoProject: '$(System.TeamProject)'
steps:
- task: powershell@2
inputs:
targetType: 'filePath'
filePath: eng/common/retain-build.ps1
pwsh: true
arguments: >
-AzdoOrgUri: ${{parameters.AzdoOrgUri}}
-AzdoProject ${{parameters.AzdoProject}}
-Token ${{coalesce(parameters.Token, '$env:SYSTEM_ACCESSTOKEN') }}
-BuildId ${{coalesce(parameters.BuildId, '$env:BUILD_ID')}}
displayName: Enable permanent build retention
env:
SYSTEM_ACCESSTOKEN: $(System.AccessToken)
BUILD_ID: $(Build.BuildId)
================================================
FILE: eng/common/core-templates/steps/send-to-helix.yml
================================================
# Please remember to update the documentation if you make changes to these parameters!
parameters:
HelixSource: 'pr/default' # required -- sources must start with pr/, official/, prodcon/, or agent/
HelixType: 'tests/default/' # required -- Helix telemetry which identifies what type of data this is; should include "test" for clarity and must end in '/'
HelixBuild: $(Build.BuildNumber) # required -- the build number Helix will use to identify this -- automatically set to the AzDO build number
HelixTargetQueues: '' # required -- semicolon-delimited list of Helix queues to test on; see https://helix.dot.net/ for a list of queues
HelixAccessToken: '' # required -- access token to make Helix API requests; should be provided by the appropriate variable group
HelixProjectPath: 'eng/common/helixpublish.proj' # optional -- path to the project file to build relative to BUILD_SOURCESDIRECTORY
HelixProjectArguments: '' # optional -- arguments passed to the build command
HelixConfiguration: '' # optional -- additional property attached to a job
HelixPreCommands: '' # optional -- commands to run before Helix work item execution
HelixPostCommands: '' # optional -- commands to run after Helix work item execution
WorkItemDirectory: '' # optional -- a payload directory to zip up and send to Helix; requires WorkItemCommand; incompatible with XUnitProjects
WorkItemCommand: '' # optional -- a command to execute on the payload; requires WorkItemDirectory; incompatible with XUnitProjects
WorkItemTimeout: '' # optional -- a timeout in TimeSpan.Parse-ready value (e.g. 00:02:00) for the work item command; requires WorkItemDirectory; incompatible with XUnitProjects
CorrelationPayloadDirectory: '' # optional -- a directory to zip up and send to Helix as a correlation payload
XUnitProjects: '' # optional -- semicolon-delimited list of XUnitProjects to parse and send to Helix; requires XUnitRuntimeTargetFramework, XUnitPublishTargetFramework, XUnitRunnerVersion, and IncludeDotNetCli=true
XUnitWorkItemTimeout: '' # optional -- the workitem timeout in seconds for all workitems created from the xUnit projects specified by XUnitProjects
XUnitPublishTargetFramework: '' # optional -- framework to use to publish your xUnit projects
XUnitRuntimeTargetFramework: '' # optional -- framework to use for the xUnit console runner
XUnitRunnerVersion: '' # optional -- version of the xUnit nuget package you wish to use on Helix; required for XUnitProjects
IncludeDotNetCli: false # optional -- true will download a version of th
gitextract_xxtpi398/ ├── .azuredevops/ │ └── dependabot.yml ├── .config/ │ └── 1espt/ │ ├── PipelineAutobaseliningConfig.yml │ └── README.md ├── .editorconfig ├── .gitattributes ├── .github/ │ ├── CODEOWNERS │ ├── ISSUE_TEMPLATE/ │ │ ├── bug_report.md │ │ └── feature_request.md │ └── workflows/ │ └── stale.yml ├── .gitignore ├── .vsts-ci.yml ├── .vsts-pr.yml ├── CODE-OF-CONDUCT.md ├── Directory.Build.props ├── Directory.Build.targets ├── Directory.Packages.props ├── LICENSE.txt ├── NuGet.Config ├── README.md ├── SECURITY.md ├── SdkTools.props ├── THIRD-PARTY-NOTICES.txt ├── docs/ │ ├── artifact-signing-integration.md │ ├── azdo-build-and-sign.yml │ ├── comparisons.md │ ├── file-globbing.md │ ├── gh-build-and-sign.yml │ └── signing-tool-spec.md ├── eng/ │ ├── PoliCheckExclusions.xml │ ├── Signing.props │ ├── Version.Details.xml │ ├── Versions.props │ └── common/ │ ├── BuildConfiguration/ │ │ └── build-configuration.json │ ├── CIBuild.cmd │ ├── PSScriptAnalyzerSettings.psd1 │ ├── README.md │ ├── SetupNugetSources.ps1 │ ├── SetupNugetSources.sh │ ├── build.cmd │ ├── build.ps1 │ ├── build.sh │ ├── cibuild.sh │ ├── core-templates/ │ │ ├── job/ │ │ │ ├── job.yml │ │ │ ├── onelocbuild.yml │ │ │ ├── publish-build-assets.yml │ │ │ ├── source-build.yml │ │ │ └── source-index-stage1.yml │ │ ├── jobs/ │ │ │ ├── codeql-build.yml │ │ │ ├── jobs.yml │ │ │ └── source-build.yml │ │ ├── post-build/ │ │ │ ├── common-variables.yml │ │ │ ├── post-build.yml │ │ │ └── setup-maestro-vars.yml │ │ ├── steps/ │ │ │ ├── cleanup-microbuild.yml │ │ │ ├── enable-internal-runtimes.yml │ │ │ ├── enable-internal-sources.yml │ │ │ ├── generate-sbom.yml │ │ │ ├── get-delegation-sas.yml │ │ │ ├── get-federated-access-token.yml │ │ │ ├── install-microbuild.yml │ │ │ ├── publish-build-artifacts.yml │ │ │ ├── publish-logs.yml │ │ │ ├── publish-pipeline-artifacts.yml │ │ │ ├── retain-build.yml │ │ │ ├── send-to-helix.yml │ │ │ ├── source-build.yml │ │ │ └── source-index-stage1-publish.yml │ │ └── variables/ │ │ └── pool-providers.yml │ ├── cross/ │ │ ├── arm/ │ │ │ └── tizen/ │ │ │ └── tizen.patch │ │ ├── arm64/ │ │ │ └── tizen/ │ │ │ └── tizen.patch │ │ ├── armel/ │ │ │ └── tizen/ │ │ │ └── tizen.patch │ │ ├── build-android-rootfs.sh │ │ ├── build-rootfs.sh │ │ ├── install-debs.py │ │ ├── riscv64/ │ │ │ └── tizen/ │ │ │ └── tizen.patch │ │ ├── tizen-build-rootfs.sh │ │ ├── tizen-fetch.sh │ │ └── toolchain.cmake │ ├── darc-init.ps1 │ ├── darc-init.sh │ ├── dotnet-install.cmd │ ├── dotnet-install.ps1 │ ├── dotnet-install.sh │ ├── dotnet.cmd │ ├── dotnet.ps1 │ ├── dotnet.sh │ ├── enable-cross-org-publishing.ps1 │ ├── generate-locproject.ps1 │ ├── helixpublish.proj │ ├── init-tools-native.cmd │ ├── init-tools-native.ps1 │ ├── init-tools-native.sh │ ├── internal/ │ │ ├── Directory.Build.props │ │ ├── NuGet.config │ │ └── Tools.csproj │ ├── internal-feed-operations.ps1 │ ├── internal-feed-operations.sh │ ├── loc/ │ │ └── P22DotNetHtmlLocalization.lss │ ├── msbuild.ps1 │ ├── msbuild.sh │ ├── native/ │ │ ├── CommonLibrary.psm1 │ │ ├── common-library.sh │ │ ├── init-compiler.sh │ │ ├── init-distro-rid.sh │ │ ├── init-os-and-arch.sh │ │ ├── install-cmake-test.sh │ │ ├── install-cmake.sh │ │ ├── install-dependencies.sh │ │ └── install-tool.ps1 │ ├── pipeline-logging-functions.ps1 │ ├── pipeline-logging-functions.sh │ ├── post-build/ │ │ ├── check-channel-consistency.ps1 │ │ ├── nuget-validation.ps1 │ │ ├── nuget-verification.ps1 │ │ ├── publish-using-darc.ps1 │ │ ├── redact-logs.ps1 │ │ ├── sourcelink-validation.ps1 │ │ └── symbols-validation.ps1 │ ├── retain-build.ps1 │ ├── sdk-task.ps1 │ ├── sdk-task.sh │ ├── sdl/ │ │ ├── NuGet.config │ │ ├── configure-sdl-tool.ps1 │ │ ├── execute-all-sdl-tools.ps1 │ │ ├── extract-artifact-archives.ps1 │ │ ├── extract-artifact-packages.ps1 │ │ ├── init-sdl.ps1 │ │ ├── packages.config │ │ ├── run-sdl.ps1 │ │ ├── sdl.ps1 │ │ └── trim-assets-version.ps1 │ ├── template-guidance.md │ ├── templates/ │ │ ├── job/ │ │ │ ├── job.yml │ │ │ ├── onelocbuild.yml │ │ │ ├── publish-build-assets.yml │ │ │ ├── source-build.yml │ │ │ └── source-index-stage1.yml │ │ ├── jobs/ │ │ │ ├── codeql-build.yml │ │ │ ├── jobs.yml │ │ │ └── source-build.yml │ │ ├── post-build/ │ │ │ ├── common-variables.yml │ │ │ ├── post-build.yml │ │ │ └── setup-maestro-vars.yml │ │ ├── steps/ │ │ │ ├── enable-internal-runtimes.yml │ │ │ ├── enable-internal-sources.yml │ │ │ ├── generate-sbom.yml │ │ │ ├── get-delegation-sas.yml │ │ │ ├── get-federated-access-token.yml │ │ │ ├── publish-build-artifacts.yml │ │ │ ├── publish-logs.yml │ │ │ ├── publish-pipeline-artifacts.yml │ │ │ ├── retain-build.yml │ │ │ ├── send-to-helix.yml │ │ │ ├── source-build.yml │ │ │ ├── source-index-stage1-publish.yml │ │ │ └── vmr-sync.yml │ │ ├── variables/ │ │ │ └── pool-providers.yml │ │ └── vmr-build-pr.yml │ ├── templates-official/ │ │ ├── job/ │ │ │ ├── job.yml │ │ │ ├── onelocbuild.yml │ │ │ ├── publish-build-assets.yml │ │ │ ├── source-build.yml │ │ │ └── source-index-stage1.yml │ │ ├── jobs/ │ │ │ ├── codeql-build.yml │ │ │ ├── jobs.yml │ │ │ └── source-build.yml │ │ ├── post-build/ │ │ │ ├── common-variables.yml │ │ │ ├── post-build.yml │ │ │ └── setup-maestro-vars.yml │ │ ├── steps/ │ │ │ ├── enable-internal-runtimes.yml │ │ │ ├── enable-internal-sources.yml │ │ │ ├── generate-sbom.yml │ │ │ ├── get-delegation-sas.yml │ │ │ ├── get-federated-access-token.yml │ │ │ ├── publish-build-artifacts.yml │ │ │ ├── publish-logs.yml │ │ │ ├── publish-pipeline-artifacts.yml │ │ │ ├── retain-build.yml │ │ │ ├── send-to-helix.yml │ │ │ ├── source-build.yml │ │ │ └── source-index-stage1-publish.yml │ │ └── variables/ │ │ ├── pool-providers.yml │ │ └── sdl-variables.yml │ ├── tools.ps1 │ ├── tools.sh │ ├── vmr-sync.ps1 │ └── vmr-sync.sh ├── es-metadata.yml ├── global.json ├── scripts/ │ ├── UpdateWintrust.ps1 │ └── VerifyNuGetPackage.ps1 ├── sign.sln ├── src/ │ ├── Sign.Cli/ │ │ ├── ArtifactSigningCommand.cs │ │ ├── ArtifactSigningResources.Designer.cs │ │ ├── ArtifactSigningResources.resx │ │ ├── AzureCredentialOptions.cs │ │ ├── AzureCredentialType.cs │ │ ├── AzureKeyVaultCommand.cs │ │ ├── AzureKeyVaultResources.Designer.cs │ │ ├── AzureKeyVaultResources.resx │ │ ├── CertificateStoreCommand.cs │ │ ├── CertificateStoreResources.Designer.cs │ │ ├── CertificateStoreResources.resx │ │ ├── CodeCommand.cs │ │ ├── Helpers/ │ │ │ └── HashAlgorithmParser.cs │ │ ├── Kernel32.cs │ │ ├── PACKAGE.md │ │ ├── Program.cs │ │ ├── Properties/ │ │ │ └── launchSettings.json │ │ ├── Resources.Designer.cs │ │ ├── Resources.resx │ │ ├── Sign.Cli.csproj │ │ ├── SignCommand.cs │ │ ├── StandardStreamWriterExtensions.cs │ │ ├── TemporaryConsoleEncoding.cs │ │ ├── TrustedSigningCommand.cs │ │ ├── TrustedSigningResources.Designer.cs │ │ ├── TrustedSigningResources.resx │ │ ├── appsettings.json │ │ └── xlf/ │ │ ├── ArtifactSigningResources.cs.xlf │ │ ├── ArtifactSigningResources.de.xlf │ │ ├── ArtifactSigningResources.es.xlf │ │ ├── ArtifactSigningResources.fr.xlf │ │ ├── ArtifactSigningResources.it.xlf │ │ ├── ArtifactSigningResources.ja.xlf │ │ ├── ArtifactSigningResources.ko.xlf │ │ ├── ArtifactSigningResources.pl.xlf │ │ ├── ArtifactSigningResources.pt-BR.xlf │ │ ├── ArtifactSigningResources.ru.xlf │ │ ├── ArtifactSigningResources.tr.xlf │ │ ├── ArtifactSigningResources.zh-Hans.xlf │ │ ├── ArtifactSigningResources.zh-Hant.xlf │ │ ├── AzureKeyVaultResources.cs.xlf │ │ ├── AzureKeyVaultResources.de.xlf │ │ ├── AzureKeyVaultResources.es.xlf │ │ ├── AzureKeyVaultResources.fr.xlf │ │ ├── AzureKeyVaultResources.it.xlf │ │ ├── AzureKeyVaultResources.ja.xlf │ │ ├── AzureKeyVaultResources.ko.xlf │ │ ├── AzureKeyVaultResources.pl.xlf │ │ ├── AzureKeyVaultResources.pt-BR.xlf │ │ ├── AzureKeyVaultResources.ru.xlf │ │ ├── AzureKeyVaultResources.tr.xlf │ │ ├── AzureKeyVaultResources.zh-Hans.xlf │ │ ├── AzureKeyVaultResources.zh-Hant.xlf │ │ ├── CertManagerResources.cs.xlf │ │ ├── CertManagerResources.de.xlf │ │ ├── CertManagerResources.es.xlf │ │ ├── CertManagerResources.fr.xlf │ │ ├── CertManagerResources.it.xlf │ │ ├── CertManagerResources.ja.xlf │ │ ├── CertManagerResources.ko.xlf │ │ ├── CertManagerResources.pl.xlf │ │ ├── CertManagerResources.pt-BR.xlf │ │ ├── CertManagerResources.ru.xlf │ │ ├── CertManagerResources.tr.xlf │ │ ├── CertManagerResources.zh-Hans.xlf │ │ ├── CertManagerResources.zh-Hant.xlf │ │ ├── CertificateStoreResources.cs.xlf │ │ ├── CertificateStoreResources.de.xlf │ │ ├── CertificateStoreResources.es.xlf │ │ ├── CertificateStoreResources.fr.xlf │ │ ├── CertificateStoreResources.it.xlf │ │ ├── CertificateStoreResources.ja.xlf │ │ ├── CertificateStoreResources.ko.xlf │ │ ├── CertificateStoreResources.pl.xlf │ │ ├── CertificateStoreResources.pt-BR.xlf │ │ ├── CertificateStoreResources.ru.xlf │ │ ├── CertificateStoreResources.tr.xlf │ │ ├── CertificateStoreResources.zh-Hans.xlf │ │ ├── CertificateStoreResources.zh-Hant.xlf │ │ ├── Resources.cs.xlf │ │ ├── Resources.de.xlf │ │ ├── Resources.es.xlf │ │ ├── Resources.fr.xlf │ │ ├── Resources.it.xlf │ │ ├── Resources.ja.xlf │ │ ├── Resources.ko.xlf │ │ ├── Resources.pl.xlf │ │ ├── Resources.pt-BR.xlf │ │ ├── Resources.ru.xlf │ │ ├── Resources.tr.xlf │ │ ├── Resources.zh-Hans.xlf │ │ ├── Resources.zh-Hant.xlf │ │ ├── TrustedSigningResources.cs.xlf │ │ ├── TrustedSigningResources.de.xlf │ │ ├── TrustedSigningResources.es.xlf │ │ ├── TrustedSigningResources.fr.xlf │ │ ├── TrustedSigningResources.it.xlf │ │ ├── TrustedSigningResources.ja.xlf │ │ ├── TrustedSigningResources.ko.xlf │ │ ├── TrustedSigningResources.pl.xlf │ │ ├── TrustedSigningResources.pt-BR.xlf │ │ ├── TrustedSigningResources.ru.xlf │ │ ├── TrustedSigningResources.tr.xlf │ │ ├── TrustedSigningResources.zh-Hans.xlf │ │ └── TrustedSigningResources.zh-Hant.xlf │ ├── Sign.Core/ │ │ ├── AppInitializer.cs │ │ ├── Certificates/ │ │ │ ├── CertificateVerifier.cs │ │ │ └── ICertificateVerifier.cs │ │ ├── Containers/ │ │ │ ├── AppxBundleContainer.cs │ │ │ ├── AppxContainer.cs │ │ │ ├── Container.cs │ │ │ ├── ContainerProvider.cs │ │ │ ├── IContainer.cs │ │ │ ├── IContainerProvider.cs │ │ │ ├── NuGetContainer.cs │ │ │ └── ZipContainer.cs │ │ ├── DataFormatSigners/ │ │ │ ├── AggregatingSigner.cs │ │ │ ├── AppInstallerServiceSigner.cs │ │ │ ├── AzureSignToolSigner.cs │ │ │ ├── ClickOnceSigner.cs │ │ │ ├── DefaultSigner.cs │ │ │ ├── DistinguishedNameParser.cs │ │ │ ├── DynamicsBusinessCentralAppFileType.cs │ │ │ ├── IAggregatingDataFormatSigner.cs │ │ │ ├── IAzureSignToolDataFormatSigner.cs │ │ │ ├── IDataFormatSigner.cs │ │ │ ├── IDefaultDataFormatSigner.cs │ │ │ ├── IManifestSigner.cs │ │ │ ├── ISignableFileType.cs │ │ │ ├── ManifestSigner.cs │ │ │ ├── NuGetSigner.cs │ │ │ ├── RSAPKCS1SHA256SignatureDescription.cs │ │ │ ├── RSAPKCS1SignatureDescription.cs │ │ │ ├── RetryingSigner.cs │ │ │ ├── SignOptions.cs │ │ │ ├── SignableFileTypeByExtension.cs │ │ │ └── VsixSigner.cs │ │ ├── ExitCode.cs │ │ ├── FileList/ │ │ │ ├── FileListReader.cs │ │ │ ├── FileMatcher.cs │ │ │ ├── Globber.cs │ │ │ ├── IFileListReader.cs │ │ │ ├── IFileMatcher.cs │ │ │ ├── IMatcherFactory.cs │ │ │ └── MatcherFactory.cs │ │ ├── FileSystem/ │ │ │ ├── AppRootDirectoryLocator.cs │ │ │ ├── DirectoryService.cs │ │ │ ├── FileInfoComparer.cs │ │ │ ├── FileMetadataService.cs │ │ │ ├── IAppRootDirectoryLocator.cs │ │ │ ├── IDirectoryService.cs │ │ │ ├── IFileMetadataService.cs │ │ │ ├── ITemporaryDirectory.cs │ │ │ └── TemporaryDirectory.cs │ │ ├── GlobalSuppressions.cs │ │ ├── ICertificateProvider.cs │ │ ├── IServiceProviderFactory.cs │ │ ├── ISignatureAlgorithmProvider.cs │ │ ├── ISignatureProvider.cs │ │ ├── ISigner.cs │ │ ├── Native/ │ │ │ ├── Kernel32.cs │ │ │ ├── Ntdsapi.cs │ │ │ └── mansign2.cs │ │ ├── Resources.Designer.cs │ │ ├── Resources.resx │ │ ├── ServiceProvider.cs │ │ ├── ServiceProviderFactory.cs │ │ ├── Sign.Core.csproj │ │ ├── Signer.cs │ │ ├── SigningException.cs │ │ ├── Tools/ │ │ │ ├── CliTool.cs │ │ │ ├── ICliTool.cs │ │ │ ├── IMageCli.cs │ │ │ ├── IMakeAppxCli.cs │ │ │ ├── INuGetSignTool.cs │ │ │ ├── ITool.cs │ │ │ ├── IToolConfigurationProvider.cs │ │ │ ├── IVsixSignTool.cs │ │ │ ├── MageCli.cs │ │ │ ├── MakeAppxCli.cs │ │ │ ├── NuGet/ │ │ │ │ ├── NuGetLogger.cs │ │ │ │ ├── NuGetPackageSigner.cs │ │ │ │ └── NuGetSignatureProvider.cs │ │ │ ├── NuGetSignTool.cs │ │ │ ├── Tool.cs │ │ │ ├── ToolConfigurationProvider.cs │ │ │ ├── VsixSignTool/ │ │ │ │ ├── HashAlgorithmInfo.cs │ │ │ │ ├── HexHelpers.cs │ │ │ │ ├── ISignatureBuilderPreset.cs │ │ │ │ ├── ISigningContext.cs │ │ │ │ ├── Interop/ │ │ │ │ │ ├── Crypt32.cs │ │ │ │ │ └── CryptMemorySafeHandle.cs │ │ │ │ ├── KnownOids.cs │ │ │ │ ├── OpcContentTypes.cs │ │ │ │ ├── OpcKnownMimeTypes.cs │ │ │ │ ├── OpcKnownUris.cs │ │ │ │ ├── OpcPackage.cs │ │ │ │ ├── OpcPackageFileMode.cs │ │ │ │ ├── OpcPackageSignatureBuilder.cs │ │ │ │ ├── OpcPackageTimestampBuilder.cs │ │ │ │ ├── OpcPart.cs │ │ │ │ ├── OpcPartDigest.cs │ │ │ │ ├── OpcPartDigestProcessor.cs │ │ │ │ ├── OpcRelationships.cs │ │ │ │ ├── OpcSignature.cs │ │ │ │ ├── OpcSignatureManifest.cs │ │ │ │ ├── SignConfigurationSet.cs │ │ │ │ ├── SignatureAlgorithmTranslator.cs │ │ │ │ ├── SigningAlgorithm.cs │ │ │ │ ├── SigningContext.cs │ │ │ │ ├── Timestamp/ │ │ │ │ │ ├── TimestampBuilder.cs │ │ │ │ │ ├── TimestampBuilder.netcoreapp.cs │ │ │ │ │ ├── TimestampNonce.cs │ │ │ │ │ └── TimestampResult.cs │ │ │ │ ├── UriHelpers.cs │ │ │ │ ├── VSIXSignatureBuilderPreset.cs │ │ │ │ └── XmlSignatureBuilder.cs │ │ │ └── VsixSignTool.cs │ │ └── xlf/ │ │ ├── Resources.cs.xlf │ │ ├── Resources.de.xlf │ │ ├── Resources.es.xlf │ │ ├── Resources.fr.xlf │ │ ├── Resources.it.xlf │ │ ├── Resources.ja.xlf │ │ ├── Resources.ko.xlf │ │ ├── Resources.pl.xlf │ │ ├── Resources.pt-BR.xlf │ │ ├── Resources.ru.xlf │ │ ├── Resources.tr.xlf │ │ ├── Resources.zh-Hans.xlf │ │ └── Resources.zh-Hant.xlf │ ├── Sign.SignatureProviders.ArtifactSigning/ │ │ ├── ArtifactSigningService.cs │ │ ├── ArtifactSigningServiceProvider.cs │ │ ├── RSAArtifactSigning.cs │ │ ├── Resources.Designer.cs │ │ ├── Resources.resx │ │ ├── Sign.SignatureProviders.ArtifactSigning.csproj │ │ └── xlf/ │ │ ├── Resources.cs.xlf │ │ ├── Resources.de.xlf │ │ ├── Resources.es.xlf │ │ ├── Resources.fr.xlf │ │ ├── Resources.it.xlf │ │ ├── Resources.ja.xlf │ │ ├── Resources.ko.xlf │ │ ├── Resources.pl.xlf │ │ ├── Resources.pt-BR.xlf │ │ ├── Resources.ru.xlf │ │ ├── Resources.tr.xlf │ │ ├── Resources.zh-Hans.xlf │ │ └── Resources.zh-Hant.xlf │ ├── Sign.SignatureProviders.CertificateStore/ │ │ ├── CertificateStoreService.cs │ │ ├── CertificateStoreServiceProvider.cs │ │ ├── Resources.Designer.cs │ │ ├── Resources.resx │ │ ├── Sign.SignatureProviders.CertificateStore.csproj │ │ └── xlf/ │ │ ├── Resources.cs.xlf │ │ ├── Resources.de.xlf │ │ ├── Resources.es.xlf │ │ ├── Resources.fr.xlf │ │ ├── Resources.it.xlf │ │ ├── Resources.ja.xlf │ │ ├── Resources.ko.xlf │ │ ├── Resources.pl.xlf │ │ ├── Resources.pt-BR.xlf │ │ ├── Resources.ru.xlf │ │ ├── Resources.tr.xlf │ │ ├── Resources.zh-Hans.xlf │ │ └── Resources.zh-Hant.xlf │ └── Sign.SignatureProviders.KeyVault/ │ ├── KeyVaultService.cs │ ├── KeyVaultServiceProvider.cs │ ├── RSAKeyVaultWrapper.cs │ ├── Resources.Designer.cs │ ├── Resources.resx │ ├── Sign.SignatureProviders.KeyVault.csproj │ └── xlf/ │ ├── Resources.cs.xlf │ ├── Resources.de.xlf │ ├── Resources.es.xlf │ ├── Resources.fr.xlf │ ├── Resources.it.xlf │ ├── Resources.ja.xlf │ ├── Resources.ko.xlf │ ├── Resources.pl.xlf │ ├── Resources.pt-BR.xlf │ ├── Resources.ru.xlf │ ├── Resources.tr.xlf │ ├── Resources.zh-Hans.xlf │ └── Resources.zh-Hant.xlf ├── test/ │ ├── Sign.Cli.Test/ │ │ ├── ArtifactSigningCommandTests.cs │ │ ├── AzureCredentialOptionsTests.cs │ │ ├── AzureKeyVaultCommandTests.cs │ │ ├── CertificateStoreCommandTests.cs │ │ ├── CodeCommandTests.cs │ │ ├── Options/ │ │ │ ├── ApplicationNameOptionTests.cs │ │ │ ├── BaseDirectoryOptionTests.cs │ │ │ ├── DescriptionOptionTests.cs │ │ │ ├── DescriptionUrlOptionTests.cs │ │ │ ├── DirectoryInfoOptionTests.cs │ │ │ ├── FileDigestOptionTests.cs │ │ │ ├── HashAlgorithmNameOptionTests.cs │ │ │ ├── Int32OptionTests.cs │ │ │ ├── MaxConcurrencyOptionTests.cs │ │ │ ├── OptionTests.cs │ │ │ ├── OutputOptionTests.cs │ │ │ ├── PublisherNameOptionTests.cs │ │ │ ├── TimestampDigestOptionTests.cs │ │ │ ├── TimestampUrlOptionTests.cs │ │ │ ├── UriOptionTests.cs │ │ │ └── VerbosityOptionTests.cs │ │ ├── Sign.Cli.Test.csproj │ │ ├── SignCommandTests.Globbing.cs │ │ ├── SignCommandTests.cs │ │ ├── TemporaryConsoleEncodingTests.cs │ │ ├── TestInfrastructure/ │ │ │ ├── SignerSpy.cs │ │ │ └── TestServiceProviderFactory.cs │ │ ├── TrustedSigningCommandTests.cs │ │ └── Usings.cs │ ├── Sign.Core.Test/ │ │ ├── AssemblyInitializer.cs │ │ ├── Certificates/ │ │ │ └── CertificateVerifierTests.cs │ │ ├── Containers/ │ │ │ ├── AppxBundleContainerTests.cs │ │ │ ├── AppxContainerTests.cs │ │ │ ├── ContainerProviderTests.cs │ │ │ ├── NuGetContainerTests.cs │ │ │ └── ZipContainerTests.cs │ │ ├── DataFormatSigners/ │ │ │ ├── AggregatingSignerTests.Containers.cs │ │ │ ├── AggregatingSignerTests.PortableExecutableFiles.cs │ │ │ ├── AggregatingSignerTests.cs │ │ │ ├── AppInstallerServiceSignerTests.cs │ │ │ ├── AzureSignToolSignerTests.cs │ │ │ ├── ClickOnceSignerTests.cs │ │ │ ├── DefaultSignerTests.cs │ │ │ ├── DistinguishedNameParserTests.cs │ │ │ ├── DynamicsBusinessCentralAppFileTypeTests.cs │ │ │ ├── NuGetSignerTests.cs │ │ │ ├── PowerShell/ │ │ │ │ ├── PowerShellFileReader.cs │ │ │ │ ├── TextPowerShellFileReader.cs │ │ │ │ └── XmlPowerShellFileReader.cs │ │ │ ├── RSAPKCS1SHA256SignatureDescriptionTests.cs │ │ │ ├── SignableFileTypeByExtensionTests.cs │ │ │ └── VsixSignerTests.cs │ │ ├── FileList/ │ │ │ ├── FileListReaderTests.cs │ │ │ ├── FileMatcherTests.cs │ │ │ └── MatcherFactoryTests.cs │ │ ├── FileSystem/ │ │ │ ├── AppRootDirectoryLocatorTests.cs │ │ │ ├── DirectoryServiceTests.cs │ │ │ ├── FileInfoComparerTests.cs │ │ │ ├── FileMetadataServiceTests.cs │ │ │ └── TemporaryDirectoryTests.cs │ │ ├── Native/ │ │ │ └── SignedCmiManifest2Tests.cs │ │ ├── ServiceProviderFactoryTests.cs │ │ ├── ServiceProviderTests.cs │ │ ├── Sign.Core.Test.csproj │ │ ├── SignerTests.cs │ │ ├── TestAssets/ │ │ │ ├── App1_1.0.0.0_x64.msixbundle │ │ │ ├── EmptyExtension.app │ │ │ ├── PowerShell/ │ │ │ │ ├── cmdlet-definition.cdxml │ │ │ │ ├── data.psd1 │ │ │ │ ├── formatting.ps1xml │ │ │ │ ├── module.psm1 │ │ │ │ └── script.ps1 │ │ │ ├── VSIXSamples/ │ │ │ │ ├── OpenVsixSignToolTest-Signed.vsix │ │ │ │ └── OpenVsixSignToolTest.vsix │ │ │ └── VsixPackage.vsix │ │ ├── TestInfrastructure/ │ │ │ ├── AggregatingSignerSpy.cs │ │ │ ├── AggregatingSignerTest.cs │ │ │ ├── AuthenticodeSignatureReader.cs │ │ │ ├── CertificateStoreServiceStub.cs │ │ │ ├── ContainerProviderStub.cs │ │ │ ├── ContainerSpy.cs │ │ │ ├── DirectoryServiceStub.cs │ │ │ ├── FileMetadataServiceStub.cs │ │ │ ├── KeyVaultServiceStub.cs │ │ │ ├── Server/ │ │ │ │ ├── AiaResponder.cs │ │ │ │ ├── AlgorithmIdentifier.cs │ │ │ │ ├── AttributeUtility.cs │ │ │ │ ├── CertificateAuthority.cs │ │ │ │ ├── CertificateUtilities.cs │ │ │ │ ├── CertificatesFixture.cs │ │ │ │ ├── CommitmentTypeIndication.cs │ │ │ │ ├── CommitmentTypeQualifier.cs │ │ │ │ ├── CrlResponder.cs │ │ │ │ ├── EssCertId.cs │ │ │ │ ├── EssCertIdV2.cs │ │ │ │ ├── GeneralName.cs │ │ │ │ ├── HashAlgorithmNameExtensions.cs │ │ │ │ ├── HttpResponder.cs │ │ │ │ ├── IHttpResponder.cs │ │ │ │ ├── ITestServer.cs │ │ │ │ ├── IssuerSerial.cs │ │ │ │ ├── OcspResponder.cs │ │ │ │ ├── OidExtensions.cs │ │ │ │ ├── Oids.cs │ │ │ │ ├── PfxFilesFixture.cs │ │ │ │ ├── PolicyInformation.cs │ │ │ │ ├── PolicyQualifierInfo.cs │ │ │ │ ├── SigningCertificateV2.cs │ │ │ │ ├── SigningTestsCollection.cs │ │ │ │ ├── TestServer.cs │ │ │ │ ├── TestServerFixture.cs │ │ │ │ ├── TestUtility.cs │ │ │ │ └── TimestampService.cs │ │ │ ├── SignerSpy.cs │ │ │ └── TemporaryEnvironmentPathOverride.cs │ │ ├── Tools/ │ │ │ ├── ToolConfigurationProviderTests.cs │ │ │ └── VSIXSignTool/ │ │ │ ├── CertificateSigningContextTests.cs │ │ │ ├── Crypt32Tests.cs │ │ │ ├── HexHelperTests.cs │ │ │ ├── OpcPackageSigningTests.cs │ │ │ ├── OpcPackageTests.cs │ │ │ └── UriHelpersTests.cs │ │ └── Usings.cs │ ├── Sign.SignatureProviders.ArtifactSigning.Test/ │ │ ├── RSATrustedSigningTests.cs │ │ ├── Sign.SignatureProviders.ArtifactSigning.Test.csproj │ │ ├── TrustedSigningServiceProviderTests.cs │ │ ├── TrustedSigningServiceTests.cs │ │ └── Usings.cs │ ├── Sign.SignatureProviders.CertificateStore.Test/ │ │ ├── CertificateStoreServiceProviderTests.cs │ │ ├── CertificateStoreServiceTests.cs │ │ ├── Sign.SignatureProviders.CertificateStore.Test.csproj │ │ └── Usings.cs │ ├── Sign.SignatureProviders.KeyVault.Test/ │ │ ├── KeyVaultServiceProviderTests.cs │ │ ├── KeyVaultServiceTests.cs │ │ ├── RSAKeyVaultWrapperTests.cs │ │ ├── Sign.SignatureProviders.KeyVault.Test.csproj │ │ └── Usings.cs │ └── Sign.TestInfrastructure/ │ ├── Constants.cs │ ├── EphemeralTrust.cs │ ├── RequiresElevationTheoryAttribute.cs │ ├── ResidualTestCertificatesFoundInRootStoreException.cs │ ├── SelfIssuedCertificateCreator.cs │ ├── Sign.TestInfrastructure.csproj │ ├── TemporaryFile.cs │ ├── TestAssets.cs │ ├── TestFileCreator.cs │ ├── TestLogEntry.cs │ ├── TestLogger.cs │ └── TrustedCertificateFixture.cs └── triage-policy.md
SYMBOL INDEX (1468 symbols across 268 files)
FILE: eng/common/cross/install-debs.py
function download_file (line 19) | async def download_file(session, url, dest_path, max_retries=3, retry_de...
function download_deb_files_parallel (line 42) | async def download_deb_files_parallel(mirror, packages, tmp_dir):
function download_package_index_parallel (line 58) | async def download_package_index_parallel(mirror, arch, suites):
function fetch_and_decompress (line 80) | async def fetch_and_decompress(session, url):
function parse_debian_version (line 95) | def parse_debian_version(version):
function compare_upstream_version (line 103) | def compare_upstream_version(v1, v2):
function compare_debian_versions (line 121) | def compare_debian_versions(version1, version2):
function resolve_dependencies (line 135) | def resolve_dependencies(packages, aliases, desired_packages):
function parse_package_index (line 160) | def parse_package_index(content):
function install_packages (line 196) | def install_packages(mirror, packages_info, aliases, tmp_dir, extract_di...
function extract_deb_file (line 230) | def extract_deb_file(deb_file, tmp_dir, extract_dir, ar_tool):
function finalize_setup (line 273) | def finalize_setup(rootfsdir):
FILE: src/Sign.Cli/ArtifactSigningCommand.cs
class ArtifactSigningCommand (line 17) | internal sealed class ArtifactSigningCommand : Command
method ArtifactSigningCommand (line 26) | internal ArtifactSigningCommand(CodeCommand codeCommand, IServiceProvi...
FILE: src/Sign.Cli/ArtifactSigningResources.Designer.cs
class ArtifactSigningResources (line 22) | [global::System.CodeDom.Compiler.GeneratedCodeAttribute("System.Resource...
method ArtifactSigningResources (line 31) | [global::System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("Mic...
FILE: src/Sign.Cli/AzureCredentialOptions.cs
class AzureCredentialOptions (line 11) | internal sealed class AzureCredentialOptions
method AzureCredentialOptions (line 21) | internal AzureCredentialOptions()
method AddOptionsToCommand (line 63) | internal void AddOptionsToCommand(Command command)
method CreateDefaultAzureCredentialOptions (line 74) | internal DefaultAzureCredentialOptions CreateDefaultAzureCredentialOpt...
method CreateTokenCredential (line 93) | internal TokenCredential? CreateTokenCredential(ParseResult parseResult)
FILE: src/Sign.Cli/AzureCredentialType.cs
class AzureCredentialType (line 7) | internal static class AzureCredentialType
FILE: src/Sign.Cli/AzureKeyVaultCommand.cs
class AzureKeyVaultCommand (line 18) | internal sealed class AzureKeyVaultCommand : Command
method AzureKeyVaultCommand (line 26) | internal AzureKeyVaultCommand(CodeCommand codeCommand, IServiceProvide...
method ParseUrl (line 125) | private static Uri? ParseUrl(ArgumentResult result)
FILE: src/Sign.Cli/AzureKeyVaultResources.Designer.cs
class AzureKeyVaultResources (line 22) | [global::System.CodeDom.Compiler.GeneratedCodeAttribute("System.Resource...
method AzureKeyVaultResources (line 31) | [global::System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("Mic...
FILE: src/Sign.Cli/CertificateStoreCommand.cs
class CertificateStoreCommand (line 14) | internal sealed class CertificateStoreCommand : Command
method CertificateStoreCommand (line 26) | internal CertificateStoreCommand(CodeCommand codeCommand, IServiceProv...
method ParseCertificateFingerprint (line 150) | private static string? ParseCertificateFingerprint(ArgumentResult result)
method FormatMessage (line 181) | private static string FormatMessage(string format, Argument argument)
method TryDeduceHashAlgorithm (line 186) | private static bool TryDeduceHashAlgorithm(
FILE: src/Sign.Cli/CertificateStoreResources.Designer.cs
class CertificateStoreResources (line 22) | [global::System.CodeDom.Compiler.GeneratedCodeAttribute("System.Resource...
method CertificateStoreResources (line 31) | [global::System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("Mic...
FILE: src/Sign.Cli/CodeCommand.cs
class CodeCommand (line 18) | internal sealed class CodeCommand : Command
method CodeCommand (line 34) | internal CodeCommand()
method HandleAsync (line 133) | internal async Task<int> HandleAsync(ParseResult parseResult, IService...
method ExpandFilePath (line 267) | private static string ExpandFilePath(DirectoryInfo baseDirectory, stri...
method ParseBaseDirectoryOption (line 277) | private static DirectoryInfo ParseBaseDirectoryOption(ArgumentResult r...
method ParseMaxConcurrencyOption (line 299) | private static int ParseMaxConcurrencyOption(ArgumentResult result)
method ParseHttpsUrl (line 313) | internal static Uri? ParseHttpsUrl(ArgumentResult result)
method ParseUrl (line 327) | internal static Uri? ParseUrl(ArgumentResult result)
method FormatMessage (line 342) | private static string FormatMessage(string format, Argument argument)
FILE: src/Sign.Cli/Helpers/HashAlgorithmParser.cs
class HashAlgorithmParser (line 11) | internal static class HashAlgorithmParser
method ParseHashAlgorithmName (line 13) | public static HashAlgorithmName ParseHashAlgorithmName(ArgumentResult ...
FILE: src/Sign.Cli/Kernel32.cs
class Kernel32 (line 11) | static class Kernel32
method SetDllDirectoryW (line 13) | [DllImport("kernel32.dll", SetLastError = true, PreserveSig = true)]
method LoadLibraryW (line 18) | [DllImport("kernel32.dll", SetLastError = true, PreserveSig = true)]
method CreateActCtxW (line 22) | [DllImport("kernel32.dll", SetLastError = true, PreserveSig = true)]
method ActivateActCtx (line 25) | [DllImport("kernel32.dll", SetLastError = true, PreserveSig = true)]
method DeactivateActCtx (line 29) | [DllImport("kernel32.dll", SetLastError = true, PreserveSig = true)]
method ReleaseActCtx (line 33) | [DllImport("kernel32.dll", PreserveSig = true)]
type ACTCTX (line 36) | [StructLayout(LayoutKind.Sequential, Pack = 4, CharSet = CharSet.Unico...
type ActivationContextFlags (line 50) | [Flags]
class ActivationContext (line 57) | public sealed class ActivationContext : IDisposable
method ActivationContext (line 63) | public ActivationContext(string assemblyName)
method Dispose (line 85) | public void Dispose()
FILE: src/Sign.Cli/Program.cs
class Program (line 9) | internal static class Program
method Main (line 11) | internal static async Task<int> Main(string[] args)
method WriteWarning (line 49) | private static void WriteWarning(string warning)
method CreateCommand (line 56) | internal static SignCommand CreateCommand(IServiceProviderFactory? ser...
FILE: src/Sign.Cli/Resources.Designer.cs
class Resources (line 22) | [global::System.CodeDom.Compiler.GeneratedCodeAttribute("System.Resource...
method Resources (line 31) | [global::System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("Mic...
FILE: src/Sign.Cli/SignCommand.cs
class SignCommand (line 10) | internal sealed class SignCommand : RootCommand
method SignCommand (line 12) | internal SignCommand(IServiceProviderFactory? serviceProviderFactory =...
FILE: src/Sign.Cli/StandardStreamWriterExtensions.cs
class StandardStreamWriterExtensions (line 9) | internal static class StandardStreamWriterExtensions
method WriteFormattedLine (line 11) | internal static void WriteFormattedLine(this TextWriter writer, string...
FILE: src/Sign.Cli/TemporaryConsoleEncoding.cs
class TemporaryConsoleEncoding (line 9) | internal sealed class TemporaryConsoleEncoding : IDisposable
method TemporaryConsoleEncoding (line 14) | internal TemporaryConsoleEncoding()
method Dispose (line 23) | public void Dispose()
FILE: src/Sign.Cli/TrustedSigningCommand.cs
class TrustedSigningCommand (line 17) | internal sealed class TrustedSigningCommand : Command
method TrustedSigningCommand (line 26) | internal TrustedSigningCommand(CodeCommand codeCommand, IServiceProvid...
FILE: src/Sign.Cli/TrustedSigningResources.Designer.cs
class TrustedSigningResources (line 22) | [global::System.CodeDom.Compiler.GeneratedCodeAttribute("System.Resource...
method TrustedSigningResources (line 31) | [global::System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("Mic...
FILE: src/Sign.Core/AppInitializer.cs
class AppInitializer (line 7) | internal static class AppInitializer
method Initialize (line 9) | internal static void Initialize()
method AddEnvironmentPath (line 34) | private static void AddEnvironmentPath(string path)
FILE: src/Sign.Core/Certificates/CertificateVerifier.cs
class CertificateVerifier (line 10) | internal sealed class CertificateVerifier : ICertificateVerifier
method CertificateVerifier (line 15) | public CertificateVerifier(ILogger<ICertificateVerifier> logger)
method Verify (line 22) | public void Verify(X509Certificate2 certificate)
FILE: src/Sign.Core/Certificates/ICertificateVerifier.cs
type ICertificateVerifier (line 9) | internal interface ICertificateVerifier
method Verify (line 11) | void Verify(X509Certificate2 certificate);
FILE: src/Sign.Core/Containers/AppxBundleContainer.cs
class AppxBundleContainer (line 10) | internal sealed class AppxBundleContainer : Container
method AppxBundleContainer (line 18) | public AppxBundleContainer(
method OpenAsync (line 37) | public override async ValueTask OpenAsync()
method SaveAsync (line 53) | public override async ValueTask SaveAsync()
method GetBundleVersion (line 76) | private string? GetBundleVersion()
FILE: src/Sign.Core/Containers/AppxContainer.cs
class AppxContainer (line 13) | internal sealed class AppxContainer : Container
method AppxContainer (line 21) | public AppxContainer(
method OpenAsync (line 43) | public override async ValueTask OpenAsync()
method SaveAsync (line 64) | public override async ValueTask SaveAsync()
method UpdateManifestPublisherAsync (line 87) | private async Task UpdateManifestPublisherAsync()
FILE: src/Sign.Core/Containers/Container.cs
class Container (line 10) | internal abstract class Container : IContainer
method Container (line 16) | protected Container(IFileMatcher fileMatcher)
method Dispose (line 23) | public virtual void Dispose()
method GetFiles (line 28) | public IEnumerable<FileInfo> GetFiles()
method GetFiles (line 38) | public IEnumerable<FileInfo> GetFiles(Matcher matcher)
method OpenAsync (line 52) | public abstract ValueTask OpenAsync();
method SaveAsync (line 53) | public abstract ValueTask SaveAsync();
FILE: src/Sign.Core/Containers/ContainerProvider.cs
class ContainerProvider (line 9) | internal sealed class ContainerProvider : IContainerProvider
method ContainerProvider (line 22) | public ContainerProvider(
method IsAppxBundleContainer (line 73) | public bool IsAppxBundleContainer(FileInfo file)
method IsAppxContainer (line 80) | public bool IsAppxContainer(FileInfo file)
method IsNuGetContainer (line 87) | public bool IsNuGetContainer(FileInfo file)
method IsZipContainer (line 94) | public bool IsZipContainer(FileInfo file)
method GetContainer (line 101) | public IContainer? GetContainer(FileInfo file)
FILE: src/Sign.Core/Containers/IContainer.cs
type IContainer (line 9) | internal interface IContainer : IDisposable
method GetFiles (line 11) | IEnumerable<FileInfo> GetFiles();
method GetFiles (line 12) | IEnumerable<FileInfo> GetFiles(Matcher matcher);
method OpenAsync (line 14) | ValueTask OpenAsync();
method SaveAsync (line 15) | ValueTask SaveAsync();
FILE: src/Sign.Core/Containers/IContainerProvider.cs
type IContainerProvider (line 7) | internal interface IContainerProvider
method IsAppxBundleContainer (line 9) | bool IsAppxBundleContainer(FileInfo file);
method IsAppxContainer (line 10) | bool IsAppxContainer(FileInfo file);
method IsNuGetContainer (line 11) | bool IsNuGetContainer(FileInfo file);
method IsZipContainer (line 12) | bool IsZipContainer(FileInfo file);
method GetContainer (line 13) | IContainer? GetContainer(FileInfo file);
FILE: src/Sign.Core/Containers/NuGetContainer.cs
class NuGetContainer (line 10) | internal sealed class NuGetContainer : ZipContainer
method NuGetContainer (line 12) | internal NuGetContainer(
method SaveAsync (line 21) | public override ValueTask SaveAsync()
FILE: src/Sign.Core/Containers/ZipContainer.cs
class ZipContainer (line 10) | internal class ZipContainer : Container
method ZipContainer (line 16) | internal ZipContainer(
method OpenAsync (line 32) | public override ValueTask OpenAsync()
method SaveAsync (line 51) | public override ValueTask SaveAsync()
FILE: src/Sign.Core/DataFormatSigners/AggregatingSigner.cs
class AggregatingSigner (line 9) | internal sealed class AggregatingSigner : IAggregatingDataFormatSigner
method AggregatingSigner (line 18) | public AggregatingSigner(
method CanSign (line 38) | public bool CanSign(FileInfo file)
method SignAsync (line 60) | public async Task SignAsync(IEnumerable<FileInfo> files, SignOptions o...
method SignContainerContentsAsync (line 95) | private async Task SignContainerContentsAsync(IEnumerable<FileInfo> fi...
method CopySigningDependencies (line 216) | public void CopySigningDependencies(FileInfo file, DirectoryInfo desti...
method GetFiles (line 228) | private static IEnumerable<FileInfo> GetFiles(IContainer container, Si...
FILE: src/Sign.Core/DataFormatSigners/AppInstallerServiceSigner.cs
class AppInstallerServiceSigner (line 14) | internal sealed class AppInstallerServiceSigner : IDataFormatSigner
method AppInstallerServiceSigner (line 29) | public AppInstallerServiceSigner(
method CanSign (line 40) | public bool CanSign(FileInfo file)
method SignAsync (line 47) | public async Task SignAsync(IEnumerable<FileInfo> files, SignOptions o...
method TryGetMainElement (line 80) | internal static bool TryGetMainElement(XDocument appInstallerManifest,...
FILE: src/Sign.Core/DataFormatSigners/AzureSignToolSigner.cs
class AzureSignToolSigner (line 14) | internal class AzureSignToolSigner : IAzureSignToolDataFormatSigner
method AzureSignToolSigner (line 33) | public AzureSignToolSigner(
method CanSign (line 87) | public bool CanSign(FileInfo file)
method SignAsync (line 102) | public async Task SignAsync(IEnumerable<FileInfo> files, SignOptions o...
method SignAsync (line 169) | private async Task<bool> SignAsync(
method RunSignTool (line 201) | private bool RunSignTool(AuthenticodeKeyVaultSigner signer, FileInfo f...
method SignFileCore (line 239) | internal virtual int SignFileCore(
method RunOnStaThread (line 256) | private static T RunOnStaThread<T>(Func<T> func)
FILE: src/Sign.Core/DataFormatSigners/ClickOnceSigner.cs
method ClickOnceSigner (line 25) | public ClickOnceSigner(
method CanSign (line 52) | public bool CanSign(FileInfo file)
FILE: src/Sign.Core/DataFormatSigners/DefaultSigner.cs
class DefaultSigner (line 9) | internal sealed class DefaultSigner : IDefaultDataFormatSigner
method DefaultSigner (line 14) | public DefaultSigner(IServiceProvider serviceProvider)
method CanSign (line 31) | public bool CanSign(FileInfo file)
method SignAsync (line 36) | public Task SignAsync(IEnumerable<FileInfo> files, SignOptions options)
class DoNothingDefaultDataFormatSigner (line 41) | private sealed class DoNothingDefaultDataFormatSigner : IDataFormatSigner
method CanSign (line 43) | public bool CanSign(FileInfo file)
method SignAsync (line 48) | public Task SignAsync(IEnumerable<FileInfo> files, SignOptions options)
FILE: src/Sign.Core/DataFormatSigners/DistinguishedNameParser.cs
class DistinguishedNameParser (line 29) | internal static class DistinguishedNameParser
method Parse (line 31) | internal static Dictionary<string, List<string>> Parse(string distingi...
FILE: src/Sign.Core/DataFormatSigners/DynamicsBusinessCentralAppFileType.cs
class DynamicsBusinessCentralAppFileType (line 7) | internal sealed class DynamicsBusinessCentralAppFileType : ISignableFile...
method DynamicsBusinessCentralAppFileType (line 13) | internal DynamicsBusinessCentralAppFileType()
method IsMatch (line 18) | public bool IsMatch(FileInfo file)
FILE: src/Sign.Core/DataFormatSigners/IAggregatingDataFormatSigner.cs
type IAggregatingDataFormatSigner (line 7) | internal interface IAggregatingDataFormatSigner : IDataFormatSigner
FILE: src/Sign.Core/DataFormatSigners/IAzureSignToolDataFormatSigner.cs
type IAzureSignToolDataFormatSigner (line 7) | internal interface IAzureSignToolDataFormatSigner : IDataFormatSigner
FILE: src/Sign.Core/DataFormatSigners/IDataFormatSigner.cs
type IDataFormatSigner (line 7) | internal interface IDataFormatSigner
method CanSign (line 9) | bool CanSign(FileInfo file);
method SignAsync (line 10) | Task SignAsync(IEnumerable<FileInfo> files, SignOptions options);
method CopySigningDependencies (line 15) | void CopySigningDependencies(FileInfo file, DirectoryInfo destination,...
FILE: src/Sign.Core/DataFormatSigners/IDefaultDataFormatSigner.cs
type IDefaultDataFormatSigner (line 7) | internal interface IDefaultDataFormatSigner
FILE: src/Sign.Core/DataFormatSigners/IManifestSigner.cs
type IManifestSigner (line 10) | internal interface IManifestSigner
method Sign (line 12) | void Sign(FileInfo file, X509Certificate2 certificate, RSA rsaPrivateK...
FILE: src/Sign.Core/DataFormatSigners/ISignableFileType.cs
type ISignableFileType (line 7) | internal interface ISignableFileType
method IsMatch (line 9) | bool IsMatch(FileInfo file);
FILE: src/Sign.Core/DataFormatSigners/ManifestSigner.cs
class ManifestSigner (line 13) | internal sealed class ManifestSigner : IManifestSigner
method Sign (line 15) | public void Sign(FileInfo file, X509Certificate2 certificate, RSA rsaP...
FILE: src/Sign.Core/DataFormatSigners/NuGetSigner.cs
class NuGetSigner (line 12) | internal sealed class NuGetSigner : RetryingSigner, IDataFormatSigner
method NuGetSigner (line 19) | public NuGetSigner(
method CanSign (line 35) | public bool CanSign(FileInfo file)
method SignAsync (line 43) | public async Task SignAsync(IEnumerable<FileInfo> files, SignOptions o...
method SignCoreAsync (line 76) | protected override Task<bool> SignCoreAsync(string? args, FileInfo fil...
FILE: src/Sign.Core/DataFormatSigners/RSAPKCS1SHA256SignatureDescription.cs
class RSAPKCS1SHA256SignatureDescription (line 12) | public sealed class RSAPKCS1SHA256SignatureDescription : RSAPKCS1Signatu...
method RSAPKCS1SHA256SignatureDescription (line 14) | public RSAPKCS1SHA256SignatureDescription()
method CreateDigest (line 19) | public sealed override HashAlgorithm CreateDigest()
FILE: src/Sign.Core/DataFormatSigners/RSAPKCS1SignatureDescription.cs
class RSAPKCS1SignatureDescription (line 9) | public abstract class RSAPKCS1SignatureDescription : SignatureDescription
method RSAPKCS1SignatureDescription (line 11) | public RSAPKCS1SignatureDescription(string hashAlgorithmName)
method CreateDeformatter (line 19) | public sealed override AsymmetricSignatureDeformatter CreateDeformatte...
method CreateFormatter (line 27) | public sealed override AsymmetricSignatureFormatter CreateFormatter(As...
method CreateDigest (line 35) | public abstract override HashAlgorithm CreateDigest();
FILE: src/Sign.Core/DataFormatSigners/RetryingSigner.cs
class RetryingSigner (line 11) | internal abstract class RetryingSigner
method RetryingSigner (line 18) | protected RetryingSigner(ILogger logger)
method SignCoreAsync (line 25) | protected abstract Task<bool> SignCoreAsync(string? args, FileInfo fil...
method SignAsync (line 28) | protected async Task<bool> SignAsync(string? args, FileInfo file, RSA ...
FILE: src/Sign.Core/DataFormatSigners/SignOptions.cs
class SignOptions (line 10) | internal sealed class SignOptions
method SignOptions (line 23) | internal SignOptions(
method SignOptions (line 47) | internal SignOptions(HashAlgorithmName fileHashAlgorithm, Uri timestam...
FILE: src/Sign.Core/DataFormatSigners/SignableFileTypeByExtension.cs
class SignableFileTypeByExtension (line 7) | internal sealed class SignableFileTypeByExtension : ISignableFileType
method SignableFileTypeByExtension (line 11) | internal SignableFileTypeByExtension(params string[] fileExtensions)
method IsMatch (line 23) | public bool IsMatch(FileInfo file)
FILE: src/Sign.Core/DataFormatSigners/VsixSigner.cs
class VsixSigner (line 12) | internal sealed class VsixSigner : RetryingSigner, IDataFormatSigner
method VsixSigner (line 19) | public VsixSigner(
method CanSign (line 35) | public bool CanSign(FileInfo file)
method SignAsync (line 42) | public async Task SignAsync(IEnumerable<FileInfo> files, SignOptions o...
method SignCoreAsync (line 77) | protected override async Task<bool> SignCoreAsync(string? args, FileIn...
FILE: src/Sign.Core/ExitCode.cs
class ExitCode (line 7) | internal static class ExitCode
FILE: src/Sign.Core/FileList/FileListReader.cs
class FileListReader (line 9) | internal sealed class FileListReader : IFileListReader
method FileListReader (line 14) | public FileListReader(IMatcherFactory matcherFactory)
method Read (line 21) | public void Read(StreamReader reader, out Matcher matcher, out Matcher...
FILE: src/Sign.Core/FileList/FileMatcher.cs
class FileMatcher (line 10) | internal sealed class FileMatcher : IFileMatcher
method FileMatcher (line 14) | public FileMatcher()
method EnumerateMatches (line 26) | public IEnumerable<FileInfo> EnumerateMatches(DirectoryInfoBase direct...
FILE: src/Sign.Core/FileList/Globber.cs
class Globber (line 36) | internal sealed class Globber
method CreateMatcher (line 41) | internal static Matcher CreateMatcher(IMatcherFactory matcherFactory, ...
method ExpandBraces (line 81) | private static IEnumerable<string> ExpandBraces(string pattern)
FILE: src/Sign.Core/FileList/IFileListReader.cs
type IFileListReader (line 9) | internal interface IFileListReader
method Read (line 11) | void Read(StreamReader reader, out Matcher matcher, out Matcher antiMa...
FILE: src/Sign.Core/FileList/IFileMatcher.cs
type IFileMatcher (line 10) | internal interface IFileMatcher
method EnumerateMatches (line 12) | IEnumerable<FileInfo> EnumerateMatches(DirectoryInfoBase directory, Ma...
FILE: src/Sign.Core/FileList/IMatcherFactory.cs
type IMatcherFactory (line 9) | internal interface IMatcherFactory
method Create (line 11) | Matcher Create();
FILE: src/Sign.Core/FileList/MatcherFactory.cs
class MatcherFactory (line 9) | internal sealed class MatcherFactory : IMatcherFactory
method Create (line 13) | public Matcher Create()
FILE: src/Sign.Core/FileSystem/AppRootDirectoryLocator.cs
class AppRootDirectoryLocator (line 7) | internal sealed class AppRootDirectoryLocator : IAppRootDirectoryLocator
method AppRootDirectoryLocator (line 14) | public AppRootDirectoryLocator()
method GetAppRootDirectory (line 18) | private static DirectoryInfo GetAppRootDirectory()
FILE: src/Sign.Core/FileSystem/DirectoryService.cs
class DirectoryService (line 10) | internal sealed class DirectoryService : IDirectoryService
method DirectoryService (line 16) | public DirectoryService(ILogger<IDirectoryService> logger)
method CreateTemporaryDirectory (line 23) | public DirectoryInfo CreateTemporaryDirectory()
method Delete (line 36) | public void Delete(DirectoryInfo directory)
method Dispose (line 79) | public void Dispose()
FILE: src/Sign.Core/FileSystem/FileInfoComparer.cs
class FileInfoComparer (line 9) | internal sealed class FileInfoComparer : IEqualityComparer<FileInfo>
method Equals (line 13) | public bool Equals(FileInfo? x, FileInfo? y)
method GetHashCode (line 28) | public int GetHashCode([DisallowNull] FileInfo obj)
FILE: src/Sign.Core/FileSystem/FileMetadataService.cs
class FileMetadataService (line 7) | internal sealed class FileMetadataService : IFileMetadataService
method IsPortableExecutable (line 9) | public bool IsPortableExecutable(FileInfo file)
FILE: src/Sign.Core/FileSystem/IAppRootDirectoryLocator.cs
type IAppRootDirectoryLocator (line 7) | internal interface IAppRootDirectoryLocator
FILE: src/Sign.Core/FileSystem/IDirectoryService.cs
type IDirectoryService (line 7) | internal interface IDirectoryService : IDisposable
method CreateTemporaryDirectory (line 9) | DirectoryInfo CreateTemporaryDirectory();
method Delete (line 10) | void Delete(DirectoryInfo directory);
FILE: src/Sign.Core/FileSystem/IFileMetadataService.cs
type IFileMetadataService (line 7) | internal interface IFileMetadataService
method IsPortableExecutable (line 9) | bool IsPortableExecutable(FileInfo file);
FILE: src/Sign.Core/FileSystem/ITemporaryDirectory.cs
type ITemporaryDirectory (line 7) | internal interface ITemporaryDirectory : IDisposable
FILE: src/Sign.Core/FileSystem/TemporaryDirectory.cs
class TemporaryDirectory (line 7) | internal sealed class TemporaryDirectory : ITemporaryDirectory
method TemporaryDirectory (line 13) | internal TemporaryDirectory(IDirectoryService directoryService)
method Dispose (line 22) | public void Dispose()
FILE: src/Sign.Core/ICertificateProvider.cs
type ICertificateProvider (line 12) | internal interface ICertificateProvider
method GetCertificateAsync (line 18) | Task<X509Certificate2> GetCertificateAsync(CancellationToken cancellat...
FILE: src/Sign.Core/IServiceProviderFactory.cs
type IServiceProviderFactory (line 10) | internal interface IServiceProviderFactory
method Create (line 12) | IServiceProvider Create(
method AddServices (line 17) | void AddServices(Action<IServiceCollection> addServices);
FILE: src/Sign.Core/ISignatureAlgorithmProvider.cs
type ISignatureAlgorithmProvider (line 9) | internal interface ISignatureAlgorithmProvider
method GetRsaAsync (line 11) | Task<RSA> GetRsaAsync(CancellationToken cancellationToken = default);
FILE: src/Sign.Core/ISignatureProvider.cs
type ISignatureProvider (line 7) | internal interface ISignatureProvider
method GetSignatureAlgorithmProvider (line 9) | ISignatureAlgorithmProvider GetSignatureAlgorithmProvider(IServiceProv...
method GetCertificateProvider (line 10) | ICertificateProvider GetCertificateProvider(IServiceProvider servicePr...
FILE: src/Sign.Core/ISigner.cs
type ISigner (line 9) | internal interface ISigner
method SignAsync (line 11) | Task<int> SignAsync(
FILE: src/Sign.Core/Native/Kernel32.cs
class Kernel32 (line 11) | internal static partial class Kernel32
method SetDllDirectoryW (line 13) | [DllImport("kernel32.dll", SetLastError = true, PreserveSig = true)]
method LoadLibraryW (line 18) | [DllImport("kernel32.dll", SetLastError = true)]
method CreateActCtxW (line 22) | [DllImport("kernel32.dll", SetLastError = true, PreserveSig = true)]
method ActivateActCtx (line 25) | [DllImport("kernel32.dll", SetLastError = true, PreserveSig = true)]
method DeactivateActCtx (line 29) | [DllImport("kernel32.dll", SetLastError = true, PreserveSig = true)]
method ReleaseActCtx (line 33) | [DllImport("kernel32.dll", PreserveSig = true)]
type ACTCTX (line 36) | [StructLayout(LayoutKind.Sequential, Pack = 4, CharSet = CharSet.Unico...
type ActivationContextFlags (line 50) | [Flags]
class ActivationContext (line 57) | public class ActivationContext : IDisposable
method ActivationContext (line 63) | public ActivationContext(FileInfo manifestFile)
method Dispose (line 87) | public void Dispose()
FILE: src/Sign.Core/Native/Ntdsapi.cs
class Ntdsapi (line 9) | internal static class Ntdsapi
method DsGetRdnW (line 11) | [method: DllImport("ntdsapi.dll", EntryPoint = "DsGetRdnW", ExactSpell...
FILE: src/Sign.Core/Native/mansign2.cs
class Win32 (line 21) | internal static class Win32
type CRYPT_DATA_BLOB (line 92) | [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
type AXL_SIGNER_INFO (line 99) | [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
type AXL_TIMESTAMPER_INFO (line 111) | [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
method GetProcessHeap (line 124) | [DllImport(KERNEL32, CharSet = CharSet.Auto, SetLastError = true)]
method HeapFree (line 128) | [DllImport(KERNEL32, CharSet = CharSet.Auto, SetLastError = true)]
method CertTimestampAuthenticodeLicense (line 136) | [DllImport(MSCORWKS, CharSet = CharSet.Auto, SetLastError = true)]
method CertVerifyAuthenticodeLicense (line 143) | [DllImport(MSCORWKS, CharSet = CharSet.Auto, SetLastError = true)]
method CertFreeAuthenticodeSignerInfo (line 151) | [DllImport(MSCORWKS, CharSet = CharSet.Auto, SetLastError = true)]
method CertFreeAuthenticodeTimestamperInfo (line 156) | [DllImport(MSCORWKS, CharSet = CharSet.Auto, SetLastError = true)]
method _AxlGetIssuerPublicKeyHash (line 161) | [DllImport(MSCORWKS, CharSet = CharSet.Auto, SetLastError = true)]
method _AxlRSAKeyValueToPublicKeyToken (line 167) | [DllImport(MSCORWKS, CharSet = CharSet.Auto, SetLastError = true)]
method _AxlPublicKeyBlobToPublicKeyToken (line 174) | [DllImport(MSCORWKS, CharSet = CharSet.Auto, SetLastError = true)]
type CRYPT_TIMESTAMP_CONTEXT (line 185) | [StructLayout(LayoutKind.Sequential)]
type CRYPTOAPI_BLOB (line 193) | [StructLayout(LayoutKind.Sequential)]
type CRYPT_TIMESTAMP_PARA (line 200) | [StructLayout(LayoutKind.Sequential)]
method CryptRetrieveTimeStamp (line 210) | [DefaultDllImportSearchPaths(DllImportSearchPath.System32)]
method CertFreeCertificateContext (line 226) | [DefaultDllImportSearchPaths(DllImportSearchPath.System32)]
method CertCloseStore (line 230) | [DefaultDllImportSearchPaths(DllImportSearchPath.System32)]
method CryptMemFree (line 234) | [DefaultDllImportSearchPaths(DllImportSearchPath.System32)]
class ManifestSignedXml2 (line 239) | internal class ManifestSignedXml2 : SignedXml
method ManifestSignedXml2 (line 245) | internal ManifestSignedXml2()
method ManifestSignedXml2 (line 250) | internal ManifestSignedXml2(XmlElement elem)
method ManifestSignedXml2 (line 255) | internal ManifestSignedXml2(XmlDocument document)
method ManifestSignedXml2 (line 261) | internal ManifestSignedXml2(XmlDocument document, bool verify)
method init (line 268) | private void init()
method GetIdElement (line 284) | public override XmlElement GetIdElement(XmlDocument document, string i...
method SignedCmiManifest2 (line 312) | private SignedCmiManifest2() { }
method SignedCmiManifest2 (line 314) | internal SignedCmiManifest2(XmlDocument manifestDom)
method Sign (line 319) | internal void Sign(CmiManifestSigner2 signer)
method Sign (line 324) | internal void Sign(CmiManifestSigner2 signer, string timeStampUrl, bool ...
method ExtractPrincipalFromManifest (line 379) | private XmlElement ExtractPrincipalFromManifest()
method InsertPublisherIdentity (line 395) | private static void InsertPublisherIdentity(XmlDocument manifestDom, X50...
method RemoveExistingSignature (line 441) | private static void RemoveExistingSignature(XmlDocument manifestDom)
method GetFixedRSACryptoServiceProvider (line 460) | internal static RSACryptoServiceProvider GetFixedRSACryptoServiceProvide...
method ReplacePublicKeyToken (line 483) | private static void ReplacePublicKeyToken(XmlDocument manifestDom, Asymm...
type CmiManifestSignerFlag (line 959) | [Flags]
type CmiManifestVerifyFlags (line 966) | [Flags]
class CmiManifestSigner2 (line 979) | internal class CmiManifestSigner2
method CmiManifestSigner2 (line 990) | private CmiManifestSigner2() { }
method CmiManifestSigner2 (line 992) | internal CmiManifestSigner2(AsymmetricAlgorithm strongNameKey) :
method CmiManifestSigner2 (line 996) | internal CmiManifestSigner2(AsymmetricAlgorithm strongNameKey, X509Cer...
class CmiStrongNameSignerInfo (line 1117) | internal class CmiStrongNameSignerInfo
method CmiStrongNameSignerInfo (line 1123) | internal CmiStrongNameSignerInfo() { }
method CmiStrongNameSignerInfo (line 1125) | internal CmiStrongNameSignerInfo(int errorCode, string publicKeyToken)
class CmiAuthenticodeSignerInfo (line 1171) | [SupportedOSPlatform("windows")]
method CmiAuthenticodeSignerInfo (line 1182) | internal CmiAuthenticodeSignerInfo() { }
method CmiAuthenticodeSignerInfo (line 1184) | internal CmiAuthenticodeSignerInfo(int errorCode)
method CmiAuthenticodeSignerInfo (line 1189) | internal CmiAuthenticodeSignerInfo(Win32.AXL_SIGNER_INFO signerInfo,
class CmiAuthenticodeTimestamperInfo (line 1298) | [SupportedOSPlatform("windows")]
method CmiAuthenticodeTimestamperInfo (line 1306) | private CmiAuthenticodeTimestamperInfo() { }
method CmiAuthenticodeTimestamperInfo (line 1308) | internal CmiAuthenticodeTimestamperInfo(Win32.AXL_TIMESTAMPER_INFO tim...
FILE: src/Sign.Core/Resources.Designer.cs
class Resources (line 22) | [global::System.CodeDom.Compiler.GeneratedCodeAttribute("System.Resource...
method Resources (line 31) | [global::System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("Mic...
FILE: src/Sign.Core/ServiceProvider.cs
class ServiceProvider (line 12) | internal sealed class ServiceProvider : IServiceProvider
method ServiceProvider (line 17) | public ServiceProvider(IServiceProvider serviceProvider)
method GetService (line 24) | public object? GetService(Type serviceType)
method CreateDefault (line 29) | internal static ServiceProvider CreateDefault(
FILE: src/Sign.Core/ServiceProviderFactory.cs
class ServiceProviderFactory (line 10) | internal sealed class ServiceProviderFactory : IServiceProviderFactory
method Create (line 14) | public IServiceProvider Create(
method AddServices (line 28) | public void AddServices(Action<IServiceCollection> addServices)
FILE: src/Sign.Core/Signer.cs
class Signer (line 15) | internal sealed class Signer : ISigner
method Signer (line 21) | public Signer(IServiceProvider serviceProvider, ILogger<ISigner> logger)
method SignAsync (line 30) | public async Task<int> SignAsync(
method ExpandFilePath (line 186) | private static string ExpandFilePath(DirectoryInfo baseDirectory, stri...
FILE: src/Sign.Core/SigningException.cs
class SigningException (line 7) | internal sealed class SigningException : Exception
method SigningException (line 9) | public SigningException()
method SigningException (line 13) | public SigningException(string message)
method SigningException (line 18) | public SigningException(string message, Exception inner)
FILE: src/Sign.Core/Tools/CliTool.cs
class CliTool (line 11) | internal abstract class CliTool : Tool, ICliTool
method CliTool (line 15) | internal CliTool(
method RunAsync (line 25) | public async Task<int> RunAsync(string? args)
FILE: src/Sign.Core/Tools/ICliTool.cs
type ICliTool (line 7) | internal interface ICliTool : ITool
method RunAsync (line 9) | Task<int> RunAsync(string? args);
FILE: src/Sign.Core/Tools/IMageCli.cs
type IMageCli (line 7) | internal interface IMageCli : ICliTool
FILE: src/Sign.Core/Tools/IMakeAppxCli.cs
type IMakeAppxCli (line 7) | internal interface IMakeAppxCli : ICliTool
FILE: src/Sign.Core/Tools/INuGetSignTool.cs
type INuGetSignTool (line 10) | internal interface INuGetSignTool : ITool
method SignAsync (line 12) | Task<bool> SignAsync(FileInfo file, RSA rsaPrivateKey, X509Certificate...
FILE: src/Sign.Core/Tools/ITool.cs
type ITool (line 7) | internal interface ITool
FILE: src/Sign.Core/Tools/IToolConfigurationProvider.cs
type IToolConfigurationProvider (line 7) | internal interface IToolConfigurationProvider
FILE: src/Sign.Core/Tools/IVsixSignTool.cs
type IVsixSignTool (line 7) | internal interface IVsixSignTool : ITool
method SignAsync (line 9) | Task<bool> SignAsync(FileInfo file, SignConfigurationSet configuration...
FILE: src/Sign.Core/Tools/MageCli.cs
class MageCli (line 9) | internal sealed class MageCli : CliTool, IMageCli
method MageCli (line 12) | public MageCli(
FILE: src/Sign.Core/Tools/MakeAppxCli.cs
class MakeAppxCli (line 9) | internal sealed class MakeAppxCli : CliTool, IMakeAppxCli
method MakeAppxCli (line 12) | public MakeAppxCli(
FILE: src/Sign.Core/Tools/NuGet/NuGetLogger.cs
class NuGetLogger (line 11) | internal sealed class NuGetLogger : NuGet.Common.ILogger
method NuGetLogger (line 16) | internal NuGetLogger(Microsoft.Extensions.Logging.ILogger logger, stri...
method Log (line 25) | public void Log(LogLevel level, string data)
method Log (line 30) | public void Log(ILogMessage message)
method LogAsync (line 35) | public Task LogAsync(LogLevel level, string data)
method LogAsync (line 42) | public Task LogAsync(ILogMessage message)
method LogDebug (line 49) | public void LogDebug(string data)
method LogError (line 54) | public void LogError(string data)
method LogInformation (line 59) | public void LogInformation(string data)
method LogInformationSummary (line 64) | public void LogInformationSummary(string data)
method LogMinimal (line 69) | public void LogMinimal(string data)
method LogVerbose (line 74) | public void LogVerbose(string data)
method LogWarning (line 79) | public void LogWarning(string data)
method ConvertLevel (line 84) | private static Microsoft.Extensions.Logging.LogLevel ConvertLevel(LogL...
FILE: src/Sign.Core/Tools/NuGet/NuGetPackageSigner.cs
class NuGetPackageSigner (line 14) | internal sealed class NuGetPackageSigner
method NuGetPackageSigner (line 18) | public NuGetPackageSigner(ILogger logger)
method SignAsync (line 25) | public async Task<bool> SignAsync(
method CopyPackage (line 124) | private static string CopyPackage(string sourceFilePath)
method OverwritePackage (line 133) | private static void OverwritePackage(string sourceFilePath, string des...
FILE: src/Sign.Core/Tools/NuGet/NuGetSignatureProvider.cs
class NuGetSignatureProvider (line 15) | internal sealed class NuGetSignatureProvider : NuGet.Packaging.Signing.I...
method NuGetSignatureProvider (line 24) | public NuGetSignatureProvider(RSA rsa, ITimestampProvider timestampPro...
method CreatePrimarySignatureAsync (line 33) | public Task<PrimarySignature> CreatePrimarySignatureAsync(
method CreateRepositoryCountersignatureAsync (line 47) | public Task<PrimarySignature> CreateRepositoryCountersignatureAsync(
method CreateAuthorSignatureAsync (line 56) | private async Task<PrimarySignature> CreateAuthorSignatureAsync(
method CreatePrimarySignature (line 77) | private PrimarySignature CreatePrimarySignature(AuthorSignPackageReque...
method CreateCmsSigner (line 124) | private CmsSigner CreateCmsSigner(SignPackageRequest request, IReadOnl...
method TimestampPrimarySignatureAsync (line 170) | private Task<PrimarySignature> TimestampPrimarySignatureAsync(
FILE: src/Sign.Core/Tools/NuGetSignTool.cs
class NuGetSignTool (line 11) | internal sealed class NuGetSignTool : Tool, INuGetSignTool
method NuGetSignTool (line 14) | public NuGetSignTool(ILogger<INuGetSignTool> logger)
method SignAsync (line 19) | public async Task<bool> SignAsync(FileInfo packageFile, RSA rsa, X509C...
method FromCryptographyName (line 56) | private static NuGet.Common.HashAlgorithmName FromCryptographyName(Has...
FILE: src/Sign.Core/Tools/Tool.cs
class Tool (line 9) | internal abstract class Tool
method Tool (line 13) | internal Tool(ILogger<ITool> logger)
FILE: src/Sign.Core/Tools/ToolConfigurationProvider.cs
class ToolConfigurationProvider (line 7) | internal sealed class ToolConfigurationProvider : IToolConfigurationProv...
method ToolConfigurationProvider (line 16) | public ToolConfigurationProvider(IAppRootDirectoryLocator appRootDirec...
FILE: src/Sign.Core/Tools/VsixSignTool.cs
class VsixSignTool (line 10) | internal sealed class VsixSignTool : Tool, IVsixSignTool
method VsixSignTool (line 13) | public VsixSignTool(ILogger<IVsixSignTool> logger)
method SignAsync (line 18) | public async Task<bool> SignAsync(FileInfo file, SignConfigurationSet ...
FILE: src/Sign.Core/Tools/VsixSignTool/HashAlgorithmInfo.cs
class HashAlgorithmInfo (line 9) | internal sealed class HashAlgorithmInfo
method Create (line 19) | public HashAlgorithm Create() => Factory();
method HashAlgorithmInfo (line 21) | public HashAlgorithmInfo(HashAlgorithmName name)
FILE: src/Sign.Core/Tools/VsixSignTool/HexHelpers.cs
class HexHelpers (line 7) | internal static class HexHelpers
method IsHex (line 17) | internal static bool IsHex(ReadOnlySpan<char> text)
method TryHexEncode (line 37) | public static bool TryHexEncode(ReadOnlySpan<byte> data, Span<char> bu...
FILE: src/Sign.Core/Tools/VsixSignTool/ISignatureBuilderPreset.cs
type ISignatureBuilderPreset (line 10) | internal interface ISignatureBuilderPreset
method GetPartsForSigning (line 17) | IEnumerable<OpcPart> GetPartsForSigning(OpcPackage package);
FILE: src/Sign.Core/Tools/VsixSignTool/ISigningContext.cs
type ISigningContext (line 14) | internal interface ISigningContext
method SignDigest (line 47) | byte[] SignDigest(byte[] digest);
method VerifyDigest (line 55) | bool VerifyDigest(byte[] digest, byte[] signature);
FILE: src/Sign.Core/Tools/VsixSignTool/Interop/Crypt32.cs
class Crypt32 (line 9) | internal static class Crypt32
method CryptMemFree (line 11) | [method: DllImport("crypt32.dll", CallingConvention = CallingConventio...
method CryptRetrieveTimeStamp (line 16) | [method: DllImport("crypt32.dll", CallingConvention = CallingConventio...
type CryptRetrieveTimeStampRetrievalFlags (line 32) | internal enum CryptRetrieveTimeStampRetrievalFlags : uint
type CRYPT_TIMESTAMP_PARA (line 40) | [type: StructLayout(LayoutKind.Sequential)]
type CRYPTOAPI_BLOB (line 50) | [type: StructLayout(LayoutKind.Sequential)]
type CRYPT_TIMESTAMP_CONTEXT (line 57) | [type: StructLayout(LayoutKind.Sequential)]
FILE: src/Sign.Core/Tools/VsixSignTool/Interop/CryptMemorySafeHandle.cs
class CryptMemorySafeHandle (line 7) | internal sealed class CryptMemorySafeHandle : Microsoft.Win32.SafeHandle...
method CryptMemorySafeHandle (line 9) | public CryptMemorySafeHandle(bool ownsHandle) : base(ownsHandle)
method CryptMemorySafeHandle (line 13) | public CryptMemorySafeHandle() : this(true)
method ReleaseHandle (line 17) | protected override bool ReleaseHandle()
FILE: src/Sign.Core/Tools/VsixSignTool/KnownOids.cs
class KnownOids (line 7) | internal static class KnownOids
class HashAlgorithms (line 9) | public static class HashAlgorithms
FILE: src/Sign.Core/Tools/VsixSignTool/OpcContentTypes.cs
type OpcContentTypeMode (line 14) | internal enum OpcContentTypeMode
class OpcContentType (line 30) | [DebuggerDisplay("Extension = {Extension}; PartName = {PartName}; Conten...
method OpcContentType (line 59) | public OpcContentType(string extension, string contentType, OpcContent...
method OpcContentType (line 71) | public OpcContentType(string? extension, string contentType, string? p...
class OpcContentTypes (line 83) | internal class OpcContentTypes : IList<OpcContentType>
method OpcContentTypes (line 88) | internal OpcContentTypes(XDocument document, bool isReadOnly)
method ToXml (line 120) | public XDocument ToXml()
method OpcContentTypes (line 152) | internal OpcContentTypes(bool isReadOnly)
method ProcessElement (line 157) | private void ProcessElement(OpcContentTypeMode mode, XElement element)
method Add (line 201) | public void Add(OpcContentType item)
method Clear (line 211) | public void Clear()
method Contains (line 220) | public bool Contains(OpcContentType item) => _contentTypes.Contains(it...
method CopyTo (line 223) | public void CopyTo(OpcContentType[] array, int arrayIndex) => _content...
method GetEnumerator (line 226) | public IEnumerator<OpcContentType> GetEnumerator() => _contentTypes.Ge...
method IndexOf (line 229) | public int IndexOf(OpcContentType item) => _contentTypes.IndexOf(item);
method Insert (line 232) | public void Insert(int index, OpcContentType item)
method Remove (line 240) | public bool Remove(OpcContentType item)
method RemoveAt (line 247) | public void RemoveAt(int index)
method GetEnumerator (line 254) | IEnumerator IEnumerable.GetEnumerator() => GetEnumerator();
method AssertNotReadOnly (line 258) | private void AssertNotReadOnly()
FILE: src/Sign.Core/Tools/VsixSignTool/OpcKnownMimeTypes.cs
class OpcKnownMimeTypes (line 7) | internal static class OpcKnownMimeTypes
FILE: src/Sign.Core/Tools/VsixSignTool/OpcKnownUris.cs
class OpcKnownUris (line 7) | internal static class OpcKnownUris
class SignatureAlgorithms (line 16) | public static class SignatureAlgorithms
class HashAlgorithms (line 23) | public static class HashAlgorithms
FILE: src/Sign.Core/Tools/VsixSignTool/OpcPackage.cs
class OpcPackage (line 13) | internal class OpcPackage : IDisposable
method Open (line 33) | public static OpcPackage Open(string path, OpcPackageFileMode mode = O...
method OpcPackage (line 41) | private OpcPackage(ZipArchive archive, OpcPackageFileMode mode)
method Dispose (line 67) | public void Dispose()
method GetParts (line 81) | public IEnumerable<OpcPart> GetParts()
method GetPart (line 105) | public OpcPart? GetPart(Uri? partUri)
method CreatePart (line 131) | public OpcPart CreatePart(Uri partUri, string mimeType)
method HasPart (line 158) | public bool HasPart(Uri partUri)
method RemovePart (line 170) | public void RemovePart(OpcPart part)
method Flush (line 205) | public void Flush()
method SaveRelationships (line 235) | private void SaveRelationships(OpcRelationships relationships)
method CreateSignatureBuilder (line 257) | public OpcPackageSignatureBuilder CreateSignatureBuilder() => new OpcP...
method GetSignatures (line 263) | public IEnumerable<OpcSignature> GetSignatures()
method ConstructContentTypes (line 293) | private OpcContentTypes ConstructContentTypes()
method ConstructRelationships (line 311) | private OpcRelationships ConstructRelationships()
method GetZipModeFromOpcPackageMode (line 332) | private static ZipArchiveMode GetZipModeFromOpcPackageMode(OpcPackageF...
FILE: src/Sign.Core/Tools/VsixSignTool/OpcPackageFileMode.cs
type OpcPackageFileMode (line 10) | internal enum OpcPackageFileMode
FILE: src/Sign.Core/Tools/VsixSignTool/OpcPackageSignatureBuilder.cs
class OpcPackageSignatureBuilder (line 12) | internal sealed class OpcPackageSignatureBuilder
method OpcPackageSignatureBuilder (line 17) | internal OpcPackageSignatureBuilder(OpcPackage package)
method EnqueuePart (line 27) | public void EnqueuePart(OpcPart part) => _enqueuedParts.Add(part);
method DequeuePart (line 34) | public bool DequeuePart(OpcPart part) => _enqueuedParts.Remove(part);
method EnqueueNamedPreset (line 40) | public void EnqueueNamedPreset<TPreset>() where TPreset : ISignatureBu...
method Sign (line 50) | public OpcSignature Sign(SignConfigurationSet configuration)
method PublishSignature (line 68) | private static void PublishSignature(XmlDocument document, OpcPart sig...
method SignCore (line 82) | private (HashSet<OpcPart> partsToSign, OpcPart signaturePart) SignCore...
FILE: src/Sign.Core/Tools/VsixSignTool/OpcPackageTimestampBuilder.cs
class OpcPackageTimestampBuilder (line 15) | internal sealed class OpcPackageTimestampBuilder
method OpcPackageTimestampBuilder (line 19) | internal OpcPackageTimestampBuilder(OpcPart part)
method SignAsync (line 37) | public async Task<TimestampResult> SignAsync(Uri timestampServer, Hash...
method GetSignatureToTimestamp (line 61) | private static (XDocument document, byte[] signature) GetSignatureToTi...
method ApplyTimestamp (line 73) | private static void ApplyTimestamp(XDocument originalSignatureDocument...
FILE: src/Sign.Core/Tools/VsixSignTool/OpcPart.cs
class OpcPart (line 13) | internal sealed class OpcPart : IEquatable<OpcPart>
method OpcPart (line 19) | internal OpcPart(OpcPackage package, string path, ZipArchiveEntry entr...
method GetRelationshipFilePath (line 67) | private string GetRelationshipFilePath()
method ConstructRelationships (line 79) | private OpcRelationships ConstructRelationships()
method Open (line 103) | public Stream Open() => Entry.Open();
method Equals (line 106) | public bool Equals(OpcPart? other) => other != null && Uri.Equals(othe...
method Equals (line 109) | public override bool Equals(object? obj) => obj is OpcPart part && Equ...
method GetHashCode (line 112) | public override int GetHashCode() => Uri.GetHashCode();
FILE: src/Sign.Core/Tools/VsixSignTool/OpcPartDigest.cs
class OpcPartDigest (line 7) | internal class OpcPartDigest
method OpcPartDigest (line 13) | public OpcPartDigest(Uri referenceUri, Uri digestAlgorithmIdentifer, b...
FILE: src/Sign.Core/Tools/VsixSignTool/OpcPartDigestProcessor.cs
class OpcPartDigestProcessor (line 9) | internal static class OpcPartDigestProcessor
method Digest (line 11) | public static (byte[] digest, Uri identifier) Digest(OpcPart part, Has...
FILE: src/Sign.Core/Tools/VsixSignTool/OpcRelationships.cs
class OpcRelationship (line 14) | internal sealed class OpcRelationship : IEquatable<OpcRelationship>
method OpcRelationship (line 37) | public OpcRelationship(Uri target, string id, Uri type)
method OpcRelationship (line 50) | public OpcRelationship(Uri target, Uri type)
method Equals (line 62) | public bool Equals(OpcRelationship? other) => other != null && Target ...
method Equals (line 69) | public override bool Equals(object? obj) => obj is OpcRelationship rel...
method GetHashCode (line 72) | public override int GetHashCode() => Target.GetHashCode() ^ Type.GetHa...
class OpcRelationships (line 79) | internal sealed class OpcRelationships : IList<OpcRelationship>
method OpcRelationships (line 85) | internal OpcRelationships(Uri documentUri, XDocument? document, bool i...
method OpcRelationships (line 112) | internal OpcRelationships(Uri documentUri, bool isReadOnly)
method ToXml (line 123) | public XDocument ToXml()
method IndexOf (line 180) | public int IndexOf(OpcRelationship item) => _relationships.IndexOf(item);
method Insert (line 187) | public void Insert(int index, OpcRelationship item)
method RemoveAt (line 199) | public void RemoveAt(int index)
method Add (line 210) | public void Add(OpcRelationship item)
method Clear (line 221) | public void Clear()
method Contains (line 234) | public bool Contains(OpcRelationship item) => _relationships.Contains(...
method CopyTo (line 237) | public void CopyTo(OpcRelationship[] array, int arrayIndex) => _relati...
method Remove (line 244) | public bool Remove(OpcRelationship item)
method GetEnumerator (line 252) | public IEnumerator<OpcRelationship> GetEnumerator() => _relationships....
method GetEnumerator (line 254) | IEnumerator IEnumerable.GetEnumerator() => GetEnumerator();
method AssertNotReadOnly (line 256) | private void AssertNotReadOnly()
method AssignRelationshipId (line 264) | private void AssignRelationshipId(OpcRelationship relationship)
FILE: src/Sign.Core/Tools/VsixSignTool/OpcSignature.cs
class OpcSignature (line 13) | internal sealed class OpcSignature
method OpcSignature (line 18) | internal OpcSignature(OpcPart signaturePart)
method CreateTimestampBuilder (line 33) | public OpcPackageTimestampBuilder CreateTimestampBuilder()
method Remove (line 47) | public void Remove()
FILE: src/Sign.Core/Tools/VsixSignTool/OpcSignatureManifest.cs
class OpcSignatureManifest (line 7) | internal class OpcSignatureManifest
method OpcSignatureManifest (line 11) | private OpcSignatureManifest(List<OpcPartDigest> digests)
method Build (line 16) | public static OpcSignatureManifest Build(ISigningContext context, Hash...
FILE: src/Sign.Core/Tools/VsixSignTool/SignConfigurationSet.cs
class SignConfigurationSet (line 13) | internal sealed class SignConfigurationSet
method SignConfigurationSet (line 22) | public SignConfigurationSet(HashAlgorithmName fileDigestAlgorithm, Has...
FILE: src/Sign.Core/Tools/VsixSignTool/SignatureAlgorithmTranslator.cs
class SignatureAlgorithmTranslator (line 9) | internal static class SignatureAlgorithmTranslator
method SignatureAlgorithmToXmlDSigUri (line 11) | public static Uri SignatureAlgorithmToXmlDSigUri(SigningAlgorithm sign...
FILE: src/Sign.Core/Tools/VsixSignTool/SigningAlgorithm.cs
type SigningAlgorithm (line 10) | internal enum SigningAlgorithm
FILE: src/Sign.Core/Tools/VsixSignTool/SigningContext.cs
class SigningContext (line 13) | internal sealed class SigningContext : ISigningContext
method SigningContext (line 20) | public SigningContext(SignConfigurationSet configuration)
method SignDigest (line 68) | public byte[] SignDigest(byte[] digest)
method VerifyDigest (line 88) | public bool VerifyDigest(byte[] digest, byte[] signature)
FILE: src/Sign.Core/Tools/VsixSignTool/Timestamp/TimestampBuilder.cs
class TimestampBuilder (line 9) | internal static partial class TimestampBuilder
method RequestTimestamp (line 11) | public static Task<(TimestampResult, byte[]?)> RequestTimestamp(Uri ti...
FILE: src/Sign.Core/Tools/VsixSignTool/Timestamp/TimestampBuilder.netcoreapp.cs
class TimestampBuilder (line 11) | static partial class TimestampBuilder
method SubmitTimestampRequest (line 13) | private static async Task<(TimestampResult, byte[]?)> SubmitTimestampR...
FILE: src/Sign.Core/Tools/VsixSignTool/Timestamp/TimestampNonce.cs
type TimestampNonce (line 9) | internal readonly struct TimestampNonce
method TimestampNonce (line 13) | public TimestampNonce(ReadOnlyMemory<byte> nonce)
method Generate (line 18) | public static TimestampNonce Generate(int nonceSize = 32)
FILE: src/Sign.Core/Tools/VsixSignTool/Timestamp/TimestampResult.cs
type TimestampResult (line 10) | internal enum TimestampResult
FILE: src/Sign.Core/Tools/VsixSignTool/UriHelpers.cs
class UriHelpers (line 10) | internal static class UriHelpers
method ToPackagePath (line 21) | public static string ToPackagePath(this Uri partUri)
method ToQualifiedPath (line 35) | public static string ToQualifiedPath(this Uri partUri)
method ToQualifiedUri (line 50) | public static Uri ToQualifiedUri(this Uri partUri)
FILE: src/Sign.Core/Tools/VsixSignTool/VSIXSignatureBuilderPreset.cs
class VSIXSignatureBuilderPreset (line 10) | internal sealed class VSIXSignatureBuilderPreset : ISignatureBuilderPreset
method GetPartsForSigning (line 12) | IEnumerable<OpcPart> ISignatureBuilderPreset.GetPartsForSigning(OpcPac...
FILE: src/Sign.Core/Tools/VsixSignTool/XmlSignatureBuilder.cs
class XmlSignatureBuilder (line 12) | internal class XmlSignatureBuilder
method XmlSignatureBuilder (line 23) | internal XmlSignatureBuilder(ISigningContext signingContext)
method CreateDSigElement (line 32) | private XmlElement CreateDSigElement(string name) => _document.CreateE...
method Build (line 34) | public XmlDocument Build()
method BuildSignatureValue (line 79) | private XmlElement BuildSignatureValue(byte[] signerInfoElementHash)
method CanonicalizeElement (line 87) | private Stream CanonicalizeElement(XmlElement element, out string cano...
method BuildSignedInfoElement (line 115) | private (Stream, XmlElement) BuildSignedInfoElement(params (XmlElement...
method BuildKeyInfoElement (line 172) | private XmlElement BuildKeyInfoElement()
method SetFileManifest (line 185) | public void SetFileManifest(OpcSignatureManifest manifest)
FILE: src/Sign.SignatureProviders.ArtifactSigning/ArtifactSigningService.cs
class ArtifactSigningService (line 15) | internal sealed class ArtifactSigningService : ISignatureAlgorithmProvid...
method ArtifactSigningService (line 24) | public ArtifactSigningService(
method Dispose (line 41) | public void Dispose()
method GetCertificateAsync (line 48) | public async Task<X509Certificate2> GetCertificateAsync(CancellationTo...
method GetRsaAsync (line 92) | public async Task<RSA> GetRsaAsync(CancellationToken cancellationToken)
FILE: src/Sign.SignatureProviders.ArtifactSigning/ArtifactSigningServiceProvider.cs
class ArtifactSigningServiceProvider (line 10) | internal sealed class ArtifactSigningServiceProvider : ISignatureProvider
method GetSignatureAlgorithmProvider (line 12) | public ISignatureAlgorithmProvider GetSignatureAlgorithmProvider(IServ...
method GetCertificateProvider (line 19) | public ICertificateProvider GetCertificateProvider(IServiceProvider se...
FILE: src/Sign.SignatureProviders.ArtifactSigning/RSAArtifactSigning.cs
class RSAArtifactSigning (line 12) | internal sealed class RSAArtifactSigning : RSA
method RSAArtifactSigning (line 19) | public RSAArtifactSigning(
method Dispose (line 36) | protected override void Dispose(bool disposing)
method ExportParameters (line 46) | public override RSAParameters ExportParameters(bool includePrivatePara...
method ImportParameters (line 56) | public override void ImportParameters(RSAParameters parameters)
method SignHash (line 59) | public override byte[] SignHash(byte[] hash, HashAlgorithmName hashAlg...
method VerifyHash (line 68) | public override bool VerifyHash(byte[] hash, byte[] signature, HashAlg...
method GetSignatureAlgorithm (line 71) | private static SignatureAlgorithm GetSignatureAlgorithm(byte[] digest,...
FILE: src/Sign.SignatureProviders.ArtifactSigning/Resources.Designer.cs
class Resources (line 22) | [global::System.CodeDom.Compiler.GeneratedCodeAttribute("System.Resource...
method Resources (line 31) | [global::System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("Mic...
FILE: src/Sign.SignatureProviders.CertificateStore/CertificateStoreService.cs
class CertificateStoreService (line 19) | internal sealed class CertificateStoreService : ISignatureAlgorithmProvi...
method CertificateStoreService (line 32) | internal CertificateStoreService(
method GetRsaAsync (line 65) | [SupportedOSPlatform("windows")] // CspParameters is Windows-only but ...
method GetCertificateAsync (line 111) | public async Task<X509Certificate2> GetCertificateAsync(CancellationTo...
method GetStoreCertificateAsync (line 114) | private Task<X509Certificate2> GetStoreCertificateAsync()
method TryFindCertificate (line 157) | private bool TryFindCertificate(StoreLocation storeLocation, string ex...
FILE: src/Sign.SignatureProviders.CertificateStore/CertificateStoreServiceProvider.cs
class CertificateStoreServiceProvider (line 13) | internal class CertificateStoreServiceProvider : ISignatureProvider
method CertificateStoreServiceProvider (line 39) | internal CertificateStoreServiceProvider(
method GetSignatureAlgorithmProvider (line 68) | public ISignatureAlgorithmProvider GetSignatureAlgorithmProvider(IServ...
method GetCertificateProvider (line 75) | public ICertificateProvider GetCertificateProvider(IServiceProvider se...
method GetService (line 82) | private CertificateStoreService GetService(IServiceProvider servicePro...
FILE: src/Sign.SignatureProviders.CertificateStore/Resources.Designer.cs
class Resources (line 22) | [global::System.CodeDom.Compiler.GeneratedCodeAttribute("System.Resource...
method Resources (line 31) | [global::System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("Mic...
FILE: src/Sign.SignatureProviders.KeyVault/KeyVaultService.cs
class KeyVaultService (line 16) | internal sealed class KeyVaultService : ISignatureAlgorithmProvider, ICe...
method KeyVaultService (line 25) | internal KeyVaultService(
method Dispose (line 42) | public void Dispose()
method GetCertificateAsync (line 49) | public async Task<X509Certificate2> GetCertificateAsync(CancellationTo...
method GetRsaAsync (line 84) | public async Task<RSA> GetRsaAsync(CancellationToken cancellationToken)
FILE: src/Sign.SignatureProviders.KeyVault/KeyVaultServiceProvider.cs
class KeyVaultServiceProvider (line 10) | internal sealed class KeyVaultServiceProvider : ISignatureProvider
method GetSignatureAlgorithmProvider (line 12) | public ISignatureAlgorithmProvider GetSignatureAlgorithmProvider(IServ...
method GetCertificateProvider (line 19) | public ICertificateProvider GetCertificateProvider(IServiceProvider se...
FILE: src/Sign.SignatureProviders.KeyVault/RSAKeyVaultWrapper.cs
class RSAKeyVaultWrapper (line 10) | internal sealed class RSAKeyVaultWrapper : RSA
method RSAKeyVaultWrapper (line 15) | public RSAKeyVaultWrapper(RSAKeyVault rsaKeyVault, RSA rsaPublicKey)
method Dispose (line 24) | protected override void Dispose(bool disposing)
method ExportParameters (line 36) | public override RSAParameters ExportParameters(bool includePrivatePara...
method ImportParameters (line 46) | public override void ImportParameters(RSAParameters parameters)
method SignHash (line 49) | public override byte[] SignHash(byte[] hash, HashAlgorithmName hashAlg...
method VerifyHash (line 52) | public override bool VerifyHash(byte[] hash, byte[] signature, HashAlg...
FILE: src/Sign.SignatureProviders.KeyVault/Resources.Designer.cs
class Resources (line 22) | [global::System.CodeDom.Compiler.GeneratedCodeAttribute("System.Resource...
method Resources (line 31) | [global::System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("Mic...
FILE: test/Sign.Cli.Test/ArtifactSigningCommandTests.cs
class ArtifactSigningCommandTests (line 11) | public class ArtifactSigningCommandTests
method Constructor_WhenCodeCommandIsNull_Throws (line 15) | [Fact]
method Constructor_WhenServiceProviderFactoryIsNull_Throws (line 24) | [Fact]
method EndpointOption_Always_HasArityOfExactlyOne (line 33) | [Fact]
method EndpointOption_Always_IsRequired (line 39) | [Fact]
method AccountOption_Always_HasArityOfExactlyOne (line 45) | [Fact]
method AccountOption_Always_IsRequired (line 51) | [Fact]
method CertificateProfileOption_Always_HasArityOfExactlyOne (line 57) | [Fact]
method CertificateProfileOption_Always_IsRequired (line 63) | [Fact]
class ParserTests (line 69) | public class ParserTests
method ParserTests (line 74) | public ParserTests()
method Command_WhenRequiredArgumentOrOptionsAreMissing_HasError (line 83) | [Theory]
method Command_WhenRequiredArgumentsArePresent_HasNoError (line 104) | [Theory]
method Command_WhenEndpointUrlIsInvalid_HasError (line 114) | [Theory]
method Command_WhenEndpointUrlIsValidHttps_ParsesCorrectly (line 129) | [Theory]
FILE: test/Sign.Cli.Test/AzureCredentialOptionsTests.cs
class AzureCredentialOptionsTests (line 13) | public class AzureCredentialOptionsTests
method AzureCredentialOptionsTests (line 19) | public AzureCredentialOptionsTests()
method CredentialTypeOption_Always_HasArityOfExactlyOne (line 29) | [Fact]
method CredentialTypeOption_Always_IsNotRequired (line 35) | [Fact]
method CredentialTypeOption_Always_HasCorrectCompletions (line 41) | [Fact]
method ManagedIdentityClientIdOption_Always_HasArityOfExactlyOne (line 62) | [Fact]
method ManagedIdentityClientIdOption_Always_IsNotRequired (line 68) | [Fact]
method ManagedIdentityResourceIdOption_Always_HasArityOfExactlyOne (line 74) | [Fact]
method ManagedIdentityResourceIdOption_Always_IsNotRequired (line 80) | [Fact]
method ObsoleteManagedIdentityOption_Always_HasArityOfZeroOrOne (line 86) | [Fact]
method ObsoleteManagedIdentityOption_Always_IsNotRequired (line 92) | [Fact]
method ObsoleteManagedIdentityOption_Always_IsHidden (line 98) | [Fact]
method ObsoleteTenantIdOption_Always_HasArityOfExactlyOne (line 104) | [Fact]
method ObsoleteTenantIdOption_Always_IsNotRequired (line 110) | [Fact]
method ObsoleteTenantIdOption_Always_IsHidden (line 116) | [Fact]
method ObsoleteClientIdOption_Always_HasArityOfExactlyOne (line 122) | [Fact]
method ObsoleteClientIdOption_Always_IsNotRequired (line 128) | [Fact]
method ObsoleteClientIdOption_Always_IsHidden (line 134) | [Fact]
method ObsoleteClientSecretOption_Always_HasArityOfExactlyOne (line 140) | [Fact]
method ObsoleteClientSecretOption_Always_IsNotRequired (line 146) | [Fact]
method ObsoleteClientSecretOption_Always_IsHidden (line 152) | [Fact]
method AddOptionsToCommand_Always_AddsAllOptionsToCommand (line 158) | [Fact]
method CreateDefaultAzureCredentialOptions_WhenManagedIdentityClientIdIsSpecified_ManagedIdentityClientIdIsSet (line 174) | [Fact]
method CreateDefaultAzureCredentialOptions_WhenManagedIdentityResourceIdIsSpecified_ManagedIdentityResourceIdIsSet (line 184) | [Fact]
method CreateDefaultAzureCredentialOptions_WhenNoOptionsAreSpecified_ExcludeOptionsHaveTheCorrectDefaultValues (line 194) | [Fact]
method CreateTokenCredential_WhenClientSecretOptionsAreSet_ReturnsClientSecretCredential (line 211) | [Fact]
method CreateTokenCredential_WhenCredentialTypeIsAzureCli_ReturnsAzureCliCredential (line 221) | [Fact]
method CreateTokenCredential_WhenCredentialTypeIsAzurePowerShell_ReturnsAzurePowerShellCredential (line 231) | [Fact]
method CreateTokenCredential_WhenCredentialTypeIsManagedIdentity_ReturnsManagedIdentityCredential (line 241) | [Fact]
method CreateTokenCredential_WhenCredentialTypeIsWorkloadIdentity_ReturnsWorkloadIdentityCredential (line 251) | [Fact]
method CreateTokenCredential_WhenCredentialTypeIsNotSet_ReturnsDefaultAzureCredential (line 261) | [Fact]
FILE: test/Sign.Cli.Test/AzureKeyVaultCommandTests.cs
class AzureKeyVaultCommandTests (line 11) | public class AzureKeyVaultCommandTests
method Constructor_WhenCodeCommandIsNull_Throws (line 15) | [Fact]
method Constructor_WhenServiceProviderFactoryIsNull_Throws (line 24) | [Fact]
method CertificateOption_Always_HasArityOfExactlyOne (line 33) | [Fact]
method CertificateOption_Always_IsRequired (line 39) | [Fact]
method UrlOption_Always_HasArityOfExactlyOne (line 45) | [Fact]
method UrlOption_Always_IsRequired (line 51) | [Fact]
class ParserTests (line 57) | public class ParserTests
method ParserTests (line 62) | public ParserTests()
method Command_WhenRequiredArgumentOrOptionsAreMissing_HasError (line 71) | [Theory]
method Command_WhenRequiredArgumentsArePresent_HasNoError (line 92) | [Theory]
method Command_WhenUrlIsInvalid_HasError (line 102) | [Theory]
method Command_WhenUrlIsValidHttps_ParsesCorrectly (line 117) | [Theory]
FILE: test/Sign.Cli.Test/CertificateStoreCommandTests.cs
class CertificateStoreCommandTests (line 11) | public class CertificateStoreCommandTests
method Constructor_WhenCodeCommandIsNull_Throws (line 20) | [Fact]
method Constructor_WhenServiceProviderFactoryIsNull_Throws (line 29) | [Fact]
method CertificateFingerprintOption_Always_IsRequired (line 38) | [Fact]
method CertificateFingerprintOption_Always_HasArityOfExactlyOne (line 44) | [Fact]
method CertificateFileOption_Always_HasArityOfExactlyOne (line 50) | [Fact]
method CertificatePasswordOption_Always_HasArityOfExactlyOne (line 56) | [Fact]
method CryptoServiceProviderOption_Always_HasArityOfExactlyOne (line 62) | [Fact]
method PrivateKeyContainerOption_Always_HasArityOfExactlyOne (line 68) | [Fact]
class ParserTests (line 74) | public class ParserTests
method ParserTests (line 79) | public ParserTests()
method Command_WhenRequiredArgumentOrOptionsAreMissing_HasError (line 88) | [Theory]
method Command_WhenCertificateFingerprintAlgorithmCannotBeDeduced_HasError (line 105) | [Theory]
method Command_WhenRequiredArgumentsArePresent_HasNoError (line 118) | [Theory]
FILE: test/Sign.Cli.Test/CodeCommandTests.cs
class CodeCommandTests (line 9) | public class CodeCommandTests
method BaseDirectoryOption_Always_HasArityOfExactlyOne (line 13) | [Fact]
method BaseDirectoryOption_Always_IsNotRequired (line 19) | [Fact]
method DescriptionOption_Always_HasArityOfExactlyOne (line 25) | [Fact]
method DescriptionOption_Always_IsNotRequired (line 31) | [Fact]
method DescriptionUrlOption_Always_HasArityOfExactlyOne (line 37) | [Fact]
method DescriptionUrlOption_Always_IsNotRequired (line 43) | [Fact]
method FileDigestOption_Always_HasArityOfExactlyOne (line 49) | [Fact]
method FileDigestOption_Always_IsNotRequired (line 55) | [Fact]
method FileListOption_Always_HasArityOfExactlyOne (line 61) | [Fact]
method FileListOption_Always_IsNotRequired (line 67) | [Fact]
method MaxConcurrencyOption_Always_HasArityOfExactlyOne (line 73) | [Fact]
method MaxConcurrencyOption_Always_IsNotRequired (line 79) | [Fact]
method OutputOption_Always_HasArityOfExactlyOne (line 85) | [Fact]
method OutputOption_Always_IsNotRequired (line 91) | [Fact]
method PublisherNameOption_Always_HasArityOfExactlyOne (line 97) | [Fact]
method PublisherNameOption_Always_IsNotRequired (line 103) | [Fact]
method TimestampDigestOption_Always_HasArityOfExactlyOne (line 109) | [Fact]
method TimestampDigestOption_Always_IsNotRequired (line 115) | [Fact]
method TimestampUrlOption_Always_HasArityOfExactlyOne (line 121) | [Fact]
method TimestampUrlOption_Always_IsNotRequired (line 127) | [Fact]
method VerbosityOption_Always_HasArityOfExactlyOne (line 133) | [Fact]
method VerbosityOption_Always_IsNotRequired (line 139) | [Fact]
FILE: test/Sign.Cli.Test/Options/ApplicationNameOptionTests.cs
class ApplicationNameOptionTests (line 7) | public class ApplicationNameOptionTests : OptionTests<string?>
method ApplicationNameOptionTests (line 11) | public ApplicationNameOptionTests()
FILE: test/Sign.Cli.Test/Options/BaseDirectoryOptionTests.cs
class BaseDirectoryOptionTests (line 10) | public class BaseDirectoryOptionTests : DirectoryInfoOptionTests
method BaseDirectoryOptionTests (line 12) | public BaseDirectoryOptionTests()
method Option_WhenOptionIsMissing_HasDefaultValue (line 17) | [Fact]
method Option_WhenValueIsNotRooted_HasError (line 26) | [Theory]
method Option_WhenValueIsRooted_ParsesValue (line 36) | [Fact]
FILE: test/Sign.Cli.Test/Options/DescriptionOptionTests.cs
class DescriptionOptionTests (line 7) | public class DescriptionOptionTests : OptionTests<string>
method DescriptionOptionTests (line 11) | public DescriptionOptionTests()
FILE: test/Sign.Cli.Test/Options/DescriptionUrlOptionTests.cs
class DescriptionUrlOptionTests (line 7) | public class DescriptionUrlOptionTests : UriOptionTests
method DescriptionUrlOptionTests (line 9) | public DescriptionUrlOptionTests()
FILE: test/Sign.Cli.Test/Options/DirectoryInfoOptionTests.cs
class DirectoryInfoOptionTests (line 9) | public abstract class DirectoryInfoOptionTests : OptionTests<DirectoryInfo>
method DirectoryInfoOptionTests (line 13) | protected DirectoryInfoOptionTests(Option<DirectoryInfo> option, strin...
method VerifyEqual (line 18) | protected override void VerifyEqual(DirectoryInfo? expectedValue, Dire...
FILE: test/Sign.Cli.Test/Options/FileDigestOptionTests.cs
class FileDigestOptionTests (line 7) | public class FileDigestOptionTests : HashAlgorithmNameOptionTests
method FileDigestOptionTests (line 9) | public FileDigestOptionTests()
FILE: test/Sign.Cli.Test/Options/HashAlgorithmNameOptionTests.cs
class HashAlgorithmNameOptionTests (line 10) | public abstract class HashAlgorithmNameOptionTests : OptionTests<HashAlg...
method HashAlgorithmNameOptionTests (line 14) | protected HashAlgorithmNameOptionTests(Option<HashAlgorithmName> optio...
method Option_WhenValueIsSha256_ParsesValue (line 19) | [Theory]
method Option_WhenValueIsSha384_ParsesValue (line 27) | [Theory]
method Option_WhenValueIsSha512_ParsesValue (line 35) | [Theory]
method Verbosity_WhenValueIsInvalid_HasError (line 43) | [Theory]
method Option_WhenOptionIsMissing_HasDefaultValue (line 54) | [Fact]
FILE: test/Sign.Cli.Test/Options/Int32OptionTests.cs
class Int32OptionTests (line 9) | public abstract class Int32OptionTests : OptionTests<int>
method Int32OptionTests (line 13) | protected Int32OptionTests(Option<int> option, string shortOption, str...
FILE: test/Sign.Cli.Test/Options/MaxConcurrencyOptionTests.cs
class MaxConcurrencyOptionTests (line 9) | public class MaxConcurrencyOptionTests : Int32OptionTests
method MaxConcurrencyOptionTests (line 11) | public MaxConcurrencyOptionTests()
method Option_WhenValueFailsToParse_HasError (line 16) | [Fact]
method Option_WhenOptionIsMissing_HasDefaultValue (line 24) | [Fact]
method Option_WhenValueIsLessThanOne_HasError (line 33) | [Theory]
FILE: test/Sign.Cli.Test/Options/OptionTests.cs
class OptionTests (line 11) | public abstract class OptionTests<T>
method OptionTests (line 19) | protected OptionTests(Option<T> option, string shortOption, string lon...
method Option_WhenOptionIsMissing_HasParseErrorsOnlyIfRequired (line 27) | [Fact]
method Option_WithOnlyValue_HasParseErrors (line 33) | [Fact]
method Option_WithShortOptionAndMissingValue_HasParseErrors (line 51) | [Fact]
method Option_WithLongOptionAndMissingValue_HasParseErrors (line 57) | [Fact]
method Option_WithShortOptionThenValue_ParsesValueOnlyIfShortOptionHasSingleCharacterAlias (line 63) | [Fact]
method Option_WithShortOptionSpaceThenValue_ParsesValue (line 81) | [Fact]
method Option_WithLongOptionSpaceThenValue_ParsesValue (line 87) | [Fact]
method Verify (line 93) | protected void Verify(string commandLine)
method Verify (line 98) | protected void Verify(string commandLine, T? expectedValue)
method VerifyEqual (line 109) | protected virtual void VerifyEqual(T? expectedValue, T? actualValue)
method VerifyHasErrors (line 114) | protected void VerifyHasErrors(string commandLine, params string[] exp...
method VerifyIsRequired (line 126) | private void VerifyIsRequired()
method Parse (line 144) | protected ParseResult Parse(string commandLine = "")
method GetFormattedResourceString (line 151) | protected static string GetFormattedResourceString(string resourceStri...
method GetRequiredArgumentMissingMessage (line 156) | private static string GetRequiredArgumentMissingMessage(string argumen...
method GetOptionRequiredMessage (line 164) | protected static string GetOptionRequiredMessage(string optionName)
method GetUnrecognizedCommandOrArgumentMessage (line 172) | protected static string GetUnrecognizedCommandOrArgumentMessage(string...
FILE: test/Sign.Cli.Test/Options/OutputOptionTests.cs
class OutputOptionTests (line 7) | public class OutputOptionTests : OptionTests<string?>
method OutputOptionTests (line 11) | public OutputOptionTests()
FILE: test/Sign.Cli.Test/Options/PublisherNameOptionTests.cs
class PublisherNameOptionTests (line 7) | public class PublisherNameOptionTests : OptionTests<string?>
method PublisherNameOptionTests (line 11) | public PublisherNameOptionTests()
FILE: test/Sign.Cli.Test/Options/TimestampDigestOptionTests.cs
class TimestampDigestOptionTests (line 7) | public class TimestampDigestOptionTests : HashAlgorithmNameOptionTests
method TimestampDigestOptionTests (line 9) | public TimestampDigestOptionTests()
FILE: test/Sign.Cli.Test/Options/TimestampUrlOptionTests.cs
class TimestampUrlOptionTests (line 9) | public class TimestampUrlOptionTests : UriOptionTests
method TimestampUrlOptionTests (line 11) | public TimestampUrlOptionTests()
method Option_WhenOptionIsMissing_HasDefaultValue (line 16) | [Fact]
FILE: test/Sign.Cli.Test/Options/UriOptionTests.cs
class UriOptionTests (line 9) | public abstract class UriOptionTests : OptionTests<Uri?>
method UriOptionTests (line 13) | protected UriOptionTests(Option<Uri?> option, string shortOption, stri...
method Option_WhenValueFailsToParse_HasError (line 18) | [Fact]
method Option_WithShortOptionAndValidUrl_ParsesValue (line 38) | [Theory]
method Option_WithShortOptionAndInvalidUrl_HasErrors (line 48) | [Theory]
method VerifyEqual (line 60) | protected override void VerifyEqual(Uri? expectedValue, Uri? actualValue)
FILE: test/Sign.Cli.Test/Options/VerbosityOptionTests.cs
class VerbosityOptionTests (line 9) | public class VerbosityOptionTests : OptionTests<LogLevel>
method VerbosityOptionTests (line 13) | public VerbosityOptionTests()
method Verbosity_WhenValueIsValid_ParsesValue (line 18) | [Theory]
method Verbosity_WhenValueCasingDoesNotMatchEnumMemberCasing_ParsesValue (line 31) | [Fact]
FILE: test/Sign.Cli.Test/SignCommandTests.Globbing.cs
class SignCommandTests (line 12) | public partial class SignCommandTests
class GlobbingTests (line 14) | public sealed class GlobbingTests : IDisposable
method GlobbingTests (line 21) | public GlobbingTests()
method Dispose (line 53) | public void Dispose()
method Command_WhenFileIsGlobPattern_SignsOnlyMatches (line 61) | [Fact]
method Command_WhenFileIsGlobPatternWithSubdirectory_SignsOnlyMatches (line 78) | [Fact]
method Command_WhenFileIsGlobPatternWithBracedExpansion_SignsOnlyMatches (line 93) | [Fact]
method AssertIsExpectedInputFile (line 114) | private static void AssertIsExpectedInputFile(FileInfo inputFile, Te...
method CreateFileSystemInfos (line 122) | private static void CreateFileSystemInfos(TemporaryDirectory directo...
method CreateSubdirectory (line 141) | private static void CreateSubdirectory(string fullPath)
method CreateFile (line 150) | private static void CreateFile(string fullPath)
method EnsureParentDirectoriesExist (line 159) | private static void EnsureParentDirectoriesExist(DirectoryInfo direc...
FILE: test/Sign.Cli.Test/SignCommandTests.cs
class SignCommandTests (line 10) | public partial class SignCommandTests
method SignCommandTests (line 23) | public SignCommandTests()
method Help_Always_IsEnabled (line 45) | [Fact]
method Command_WhenArgumentAndOptionsAreMissing_HasError (line 61) | [Theory]
method Command_WhenRequiredArgumentIsMissing_HasError (line 70) | [Fact]
method Command_WhenAllOptionsAndArgumentAreValid_HasNoError (line 80) | [Fact]
FILE: test/Sign.Cli.Test/TemporaryConsoleEncodingTests.cs
class TemporaryConsoleEncodingTests (line 9) | public class TemporaryConsoleEncodingTests : IDisposable
method TemporaryConsoleEncodingTests (line 14) | public TemporaryConsoleEncodingTests()
method Dispose (line 23) | public void Dispose()
method Constructor_Always_SetsUtf8Encoding (line 31) | [Fact]
method Dispose_Always_RevertsEncoding (line 44) | [Fact]
FILE: test/Sign.Cli.Test/TestInfrastructure/SignerSpy.cs
class SignerSpy (line 10) | internal sealed class SignerSpy : ISigner
method SignerSpy (line 27) | internal SignerSpy()
method SignAsync (line 32) | public Task<int> SignAsync(
FILE: test/Sign.Cli.Test/TestInfrastructure/TestServiceProviderFactory.cs
class TestServiceProviderFactory (line 11) | internal sealed class TestServiceProviderFactory : IServiceProviderFactory
method TestServiceProviderFactory (line 15) | internal TestServiceProviderFactory(IServiceProvider serviceProvider)
method Create (line 20) | public IServiceProvider Create(
method AddServices (line 28) | public void AddServices(Action<IServiceCollection> addServices)
FILE: test/Sign.Cli.Test/TrustedSigningCommandTests.cs
class TrustedSigningCommandTests (line 11) | public class TrustedSigningCommandTests
method Constructor_WhenCodeCommandIsNull_Throws (line 15) | [Fact]
method Constructor_WhenServiceProviderFactoryIsNull_Throws (line 24) | [Fact]
method EndpointOption_Always_HasArityOfExactlyOne (line 33) | [Fact]
method EndpointOption_Always_IsRequired (line 39) | [Fact]
method AccountOption_Always_HasArityOfExactlyOne (line 45) | [Fact]
method AccountOption_Always_IsRequired (line 51) | [Fact]
method CertificateProfileOption_Always_HasArityOfExactlyOne (line 57) | [Fact]
method CertificateProfileOption_Always_IsRequired (line 63) | [Fact]
method Command_Description_IndicatesObsolete (line 69) | [Fact]
class ParserTests (line 75) | public class ParserTests
method ParserTests (line 80) | public ParserTests()
method Command_WhenRequiredArgumentOrOptionsAreMissing_HasError (line 89) | [Theory]
method Command_WhenRequiredArgumentsArePresent_HasNoError (line 110) | [Theory]
method Command_WhenEndpointUrlIsInvalid_HasError (line 120) | [Theory]
method Command_WhenEndpointUrlIsValidHttps_ParsesCorrectly (line 135) | [Theory]
FILE: test/Sign.Core.Test/AssemblyInitializer.cs
class AssemblyInitializer (line 10) | public sealed class AssemblyInitializer
method Initialize (line 12) | [ModuleInitializer]
FILE: test/Sign.Core.Test/Certificates/CertificateVerifierTests.cs
class CertificateVerifierTests (line 12) | public class CertificateVerifierTests
method Constructor_WhenLoggerIsNull_Throws (line 14) | [Fact]
method Verify_WhenCertificateIsNull_Throws (line 23) | [Fact]
method Verify_WhenCertificateIsNotYetTimeValid_Throws (line 34) | [Fact]
method Verify_WhenCertificateIsExpired_Throws (line 51) | [Fact]
method Verify_WhenCertificateIsTimeValid_DoesNotLogWarning (line 68) | [Fact]
class Logger (line 85) | private sealed class Logger : ILogger<ICertificateVerifier>
method Logger (line 91) | internal Logger(string? expectedMessage = null)
method BeginScope (line 96) | public IDisposable? BeginScope<TState>(TState state) where TState : ...
method IsEnabled (line 101) | public bool IsEnabled(LogLevel logLevel)
method Log (line 106) | public void Log<TState>(LogLevel logLevel, EventId eventId, TState s...
class NoOpDisposable (line 117) | private sealed class NoOpDisposable : IDisposable
method Dispose (line 119) | public void Dispose()
FILE: test/Sign.Core.Test/Containers/AppxBundleContainerTests.cs
class AppxBundleContainerTests (line 10) | public class AppxBundleContainerTests
method Constructor_WhenAppxIsNull_Throws (line 12) | [Fact]
method Constructor_WhenDirectoryServiceIsNull_Throws (line 26) | [Fact]
method Constructor_WhenFileMatcherIsNull_Throws (line 40) | [Fact]
method Constructor_WhenMakeAppxCliIsNull_Throws (line 54) | [Fact]
method Constructor_WhenLoggerIsNull_Throws (line 68) | [Fact]
FILE: test/Sign.Core.Test/Containers/AppxContainerTests.cs
class AppxContainerTests (line 10) | public class AppxContainerTests
method Constructor_WhenAppxIsNull_Throws (line 12) | [Fact]
method Constructor_WhenCertificateProviderIsNull_Throws (line 27) | [Fact]
method Constructor_WhenDirectoryServiceIsNull_Throws (line 42) | [Fact]
method Constructor_WhenFileMatcherIsNull_Throws (line 57) | [Fact]
method Constructor_WhenMakeAppxCliIsNull_Throws (line 72) | [Fact]
method Constructor_WhenLoggerIsNull_Throws (line 87) | [Fact]
FILE: test/Sign.Core.Test/Containers/ContainerProviderTests.cs
class ContainerProviderTests (line 10) | public class ContainerProviderTests
method ContainerProviderTests (line 14) | public ContainerProviderTests()
method Constructor_WhenCertificateProviderIsNull_Throws (line 24) | [Fact]
method Constructor_WhenDirectoryServiceIsNull_Throws (line 38) | [Fact]
method Constructor_WhenFileMatcherIsNull_Throws (line 52) | [Fact]
method Constructor_WhenMakeAppxCliIsNull_Throws (line 66) | [Fact]
method Constructor_WhenLoggerIsNull_Throws (line 80) | [Fact]
method IsAppxBundleContainer_WhenFileIsNull_Throws (line 94) | [Fact]
method IsAppxBundleContainer_WhenFileExtensionDoesNotMatch_ReturnsFalse (line 103) | [Theory]
method IsAppxBundleContainer_WhenFileExtensionMatches_ReturnsTrue (line 114) | [Theory]
method IsAppxContainer_WhenFileIsNull_Throws (line 127) | [Fact]
method IsAppxContainer_WhenFileExtensionDoesNotMatch_ReturnsFalse (line 136) | [Theory]
method IsAppxContainer_WhenFileExtensionMatches_ReturnsTrue (line 147) | [Theory]
method IsNuGetContainer_WhenFileIsNull_Throws (line 160) | [Fact]
method IsNuGetContainer_WhenFileExtensionDoesNotMatch_ReturnsFalse (line 169) | [Theory]
method IsNuGetContainer_WhenFileExtensionMatches_ReturnsTrue (line 178) | [Theory]
method IsZipContainer_WhenFileIsNull_Throws (line 189) | [Fact]
method IsZipContainer_WhenFileExtensionDoesNotMatch_ReturnsFalse (line 198) | [Theory]
method IsZipContainer_WhenFileExtensionMatches_ReturnsTrue (line 209) | [Theory]
method GetContainer_WhenFileIsNull_Throws (line 223) | [Fact]
method GetContainer_WhenFileExtensionDoesNotMatch_ReturnsFalse (line 232) | [Fact]
method GetContainer_WhenFileExtensionMatchesZip_ReturnsContainer (line 240) | [Fact]
method GetContainer_WhenFileExtensionMatchesAppx_ReturnsContainer (line 249) | [Fact]
method GetContainer_WhenFileExtensionMatchesAppxBundle_ReturnsContainer (line 258) | [Fact]
FILE: test/Sign.Core.Test/Containers/NuGetContainerTests.cs
class NuGetContainerTests (line 13) | public class NuGetContainerTests
method Constructor_WhenZipFileIsNull_Throws (line 15) | [Fact]
method Constructor_WhenDirectoryServiceIsNull_Throws (line 28) | [Fact]
method Constructor_WhenFileMatcherIsNull_Throws (line 41) | [Fact]
method Constructor_WhenLoggerIsNull_Throws (line 54) | [Fact]
method Dispose_WhenOpened_RemovesTemporaryDirectory (line 67) | [Fact]
method OpenAsync_WhenNupkgFileIsNonEmpty_ExtractsNupkgToDirectory (line 92) | [Fact]
method SaveAsync_WhenNupkgFileIsNonEmpty_CompressesNupkgFromDirectory (line 112) | [Fact]
method SaveAsync_WhenNupkgFileHasSignatureFile_RemovesSignatureFile (line 137) | [Fact]
method CreateZipFile (line 158) | private static FileInfo CreateZipFile(params string[] entryNames)
FILE: test/Sign.Core.Test/Containers/ZipContainerTests.cs
class ZipContainerTests (line 12) | public class ZipContainerTests
method Constructor_WhenZipFileIsNull_Throws (line 14) | [Fact]
method Constructor_WhenDirectoryServiceIsNull_Throws (line 27) | [Fact]
method Constructor_WhenFileMatcherIsNull_Throws (line 40) | [Fact]
method Constructor_WhenLoggerIsNull_Throws (line 53) | [Fact]
method Dispose_WhenOpened_RemovesTemporaryDirectory (line 66) | [Fact]
method OpenAsync_WhenZipFileIsNonEmpty_ExtractsZipToDirectory (line 91) | [Fact]
method SaveAsync_WhenZipFileIsNonEmpty_CompressesZipFromDirectory (line 111) | [Fact]
method CreateZipFile (line 136) | private static FileInfo CreateZipFile(params string[] entryNames)
FILE: test/Sign.Core.Test/DataFormatSigners/AggregatingSignerTests.Containers.cs
class AggregatingSignerTests (line 11) | public partial class AggregatingSignerTests
method SignAsync_WhenFileIsEmptyAppxBundleContainer_SignsNothing (line 17) | [Fact]
method SignAsync_WhenFileIsAppxBundleContainer_SignsNestedAppxAndMsixFiles (line 37) | [Fact]
method SignAsync_WhenRecurseContainersIsFalse_SignsOnlyAppxItself (line 63) | [Fact]
method SignAsync_WhenFileIsAppxBundleContainerAndGlobAndAntiGlobPatternsAreUsed_SignsOnlyMatchingFiles (line 98) | [Fact]
method SignAsync_WhenFileIsEmptyAppxContainer_SignsNothing (line 149) | [Fact]
method SignAsync_WhenFileIsAppxContainer_SignsPortableExecutableFiles (line 169) | [Fact]
method SignAsync_WhenFileIsAppxContainerWithNestedContentAndContainers_SignsContentInsideOut (line 195) | [Fact]
method SignAsync_WhenFileIsAppxContainerAndGlobAndAntiGlobPatternsAreUsed_SignsOnlyMatchingFiles (line 239) | [Fact]
method SignAsync_WhenFileIsEmptyZipContainer_SignsNothing (line 296) | [Fact]
method SignAsync_WhenFileIsZipContainer_SignsPortableExecutableFiles (line 314) | [Fact]
method SignAsync_WhenFileIsZipContainerWithNestedContentAndContainers_SignsContentInsideOut (line 339) | [Fact]
method SignAsync_WhenFileIsZipContainerAndGlobAndAntiGlobPatternsAreUsed_SignsOnlyMatchingFiles (line 382) | [Fact]
method ReadFileList (line 438) | private static void ReadFileList(string contents, out Matcher matcher,...
FILE: test/Sign.Core.Test/DataFormatSigners/AggregatingSignerTests.PortableExecutableFiles.cs
class AggregatingSignerTests (line 7) | public partial class AggregatingSignerTests
method SignAsync_WhenFilesAreLoosePortableExecutableFiles_SignsAllFiles (line 9) | [Fact]
FILE: test/Sign.Core.Test/DataFormatSigners/AggregatingSignerTests.cs
class AggregatingSignerTests (line 11) | public partial class AggregatingSignerTests
method Constructor_WhenSignersIsNull_Throws (line 15) | [Fact]
method Constructor_WhenDefaultSignerIsNull_Throws (line 29) | [Fact]
method Constructor_WhenContainerProviderIsNull_Throws (line 43) | [Fact]
method Constructor_WhenFileMetadataServiceIsNull_Throws (line 57) | [Fact]
method Constructor_WhenMatcherFactoryIsNull_Throws (line 71) | [Fact]
method CanSign_WhenFileIsNull_Throws (line 85) | [Fact]
method CanSign_WhenSignerReturnsTrue_ReturnsTrue (line 96) | [Fact]
method CanSign_WhenSignerReturnsFalse_ReturnsFalse (line 113) | [Fact]
method CanSign_WhenExtensionIsSpecialCase_ReturnsTrue (line 130) | [Theory]
method SignAsync_WhenFilesIsNull_Throws (line 142) | [Fact]
method SignAsync_WhenOptionsIsNull_Throws (line 153) | [Fact]
method SignAsync_WhenFilesIsEmpty_Returns (line 164) | [Fact]
method CreateSigner (line 172) | private static AggregatingSigner CreateSigner(IDataFormatSigner? signe...
FILE: test/Sign.Core.Test/DataFormatSigners/AppInstallerServiceSignerTests.cs
class AppInstallerServiceSignerTests (line 12) | public class AppInstallerServiceSignerTests
method AppInstallerServiceSignerTests (line 16) | public AppInstallerServiceSignerTests()
method Constructor_WhenCertificateProviderIsNull_Throws (line 23) | [Fact]
method Constructor_WhenLoggerIsNull_Throws (line 34) | [Fact]
method CanSign_WhenFileIsNull_Throws (line 45) | [Fact]
method CanSign_WhenFileExtensionMatches_ReturnsTrue (line 54) | [Theory]
method CanSign_WhenFileExtensionDoesNotMatch_ReturnsFalse (line 64) | [Theory]
method TryGetMainElement_WhenNamespaceAndElementAreKnown_ReturnsElement (line 75) | [Theory]
method TryGetMainElement_WhenNamespaceAndElementAreUnknown_ReturnsNull (line 101) | [Theory]
method CreateAppInstallerManifest (line 116) | private static void CreateAppInstallerManifest(
FILE: test/Sign.Core.Test/DataFormatSigners/AzureSignToolSignerTests.cs
class AzureSignToolSignerTests (line 16) | [Collection(SigningTestsCollection.Name)]
method AzureSignToolSignerTests (line 23) | public AzureSignToolSignerTests(TrustedCertificateFixture certificateF...
method Dispose (line 36) | public void Dispose()
method CanSign_WhenFileIsNull_Throws (line 41) | [Fact]
method CanSign_WhenFileExtensionMatches_ReturnsTrue (line 50) | [Theory]
method CanSign_WithNonDynamicsBusinessCentralAppFile_ReturnsFalse (line 87) | [Fact]
method CanSign_WithDynamicsBusinessCentralAppFile_ReturnsTrue (line 100) | [Fact]
method CanSign_WhenFileExtensionDoesNotMatch_ReturnsFalse (line 113) | [Theory]
method SignAsync_WhenFileIsSupported_Signs (line 124) | [RequiresElevationTheory]
method SignAsync_WithStaRequiredFile_SignsOnStaThread (line 193) | [Theory]
method SignAsync_WithMixedFiles_SignsStaFilesOnStaAndNonStaInParallel (line 239) | [Fact]
method SignAsync_WithNonStaFile_SignsOnMtaThread (line 308) | [Fact]
class TestableAzureSignToolSigner (line 352) | internal class TestableAzureSignToolSigner : AzureSignToolSigner
method TestableAzureSignToolSigner (line 356) | public TestableAzureSignToolSigner(
method SignFileCore (line 365) | internal override int SignFileCore(
FILE: test/Sign.Core.Test/DataFormatSigners/ClickOnceSignerTests.cs
class ClickOnceSignerTests (line 13) | public sealed class ClickOnceSignerTests : IDisposable
method ClickOnceSignerTests (line 18) | public ClickOnceSignerTests()
method Dispose (line 31) | public void Dispose()
method Constructor_WhenSignatureAlgorithmProviderIsNull_Throws (line 36) | [Fact]
method Constructor_WhenCertificateProviderIsNull_Throws (line 52) | [Fact]
method Constructor_WhenServiceProviderIsNull_Throws (line 68) | [Fact]
method Constructor_WhenMageCliIsNull_Throws (line 84) | [Fact]
method Constructor_WhenManifestSignerIsNull_Throws (line 100) | [Fact]
method Constructor_WhenLoggerIsNull_Throws (line 116) | [Fact]
method Constructor_WhenFileMatcherIsNull_Throws (line 132) | [Fact]
method CanSign_WhenFileIsNull_Throws (line 148) | [Fact]
method CanSign_WhenFileExtensionMatches_ReturnsTrue (line 157) | [Theory]
method CanSign_WhenFileExtensionDoesNotMatch_ReturnsFalse (line 168) | [Theory]
method SignAsync_WhenFilesIsNull_Throws (line 179) | [Fact]
method SignAsync_WhenOptionsIsNull_Throws (line 190) | [Fact]
method SignAsync_WhenSigningFails_Throws (line 201) | [Fact]
method SignAsync_WhenFilesIsClickOnceFile_Signs (line 282) | [Theory]
method SignAsync_WhenFilesIsClickOnceFileWithoutContent_Signs (line 436) | [Fact]
method CopySigningDependencies_CopiesCorrectFiles (line 540) | [Fact]
method AddFile (line 636) | private static FileInfo AddFile(
FILE: test/Sign.Core.Test/DataFormatSigners/DefaultSignerTests.cs
class DefaultSignerTests (line 11) | public class DefaultSignerTests
method Constructor_WhenServiceProviderIsNull_Throws (line 15) | [Fact]
method Signer_WhenAzureSignToolSignerIsUnavailable_IsFallback (line 24) | [Fact]
method Signer_WhenAzureSignToolSignerIsAvailable_IsFallback (line 33) | [Fact]
method CanSign_WhenAzureSignToolSignerIsUnavailable_ReturnsFalse (line 41) | [Fact]
method CanSign_WhenAzureSignToolSignerIsAvailable_ReturnsTrue (line 49) | [Fact]
method CanSign_WhenIAzureSignToolSignerIsAvailable_ReturnsTrue (line 57) | [Theory]
method SignAsync_WhenFilesIsNull_Throws (line 84) | [Fact]
method SignAsync_WhenOptionsIsNull_Throws (line 95) | [Fact]
method SignAsync_WhenIAzureSignToolSignerIsAvailable_InvokesInnerProvider (line 106) | [Fact]
method CreateWithoutAzureSignTool (line 131) | private static DefaultSigner CreateWithoutAzureSignTool()
method CreateWithAzureSignTool (line 139) | private static DefaultSigner CreateWithAzureSignTool()
FILE: test/Sign.Core.Test/DataFormatSigners/DistinguishedNameParserTests.cs
class DistinguishedNameParserTests (line 7) | public class DistinguishedNameParserTests
method Parse_WhenSubjectIsValid_ReturnsRelativeDistinguishedNames (line 9) | [Fact]
FILE: test/Sign.Core.Test/DataFormatSigners/DynamicsBusinessCentralAppFileTypeTests.cs
class DynamicsBusinessCentralAppFileTypeTests (line 10) | public sealed class DynamicsBusinessCentralAppFileTypeTests : IDisposable
method DynamicsBusinessCentralAppFileTypeTests (line 16) | public DynamicsBusinessCentralAppFileTypeTests()
method Dispose (line 23) | public void Dispose()
method IsMatch_WhenExtensionDoesNotMatch_ReturnsFalse (line 29) | [Fact]
method IsMatch_WhenContentIsEmpty_ReturnsFalse (line 37) | [Fact]
method IsMatch_WhenContentDoesNotMatch_ReturnsFalse (line 47) | [Fact]
method IsMatch_WhenExtensionAndContentMatch_ReturnsTrue (line 57) | [Theory]
FILE: test/Sign.Core.Test/DataFormatSigners/NuGetSignerTests.cs
class NuGetSignerTests (line 13) | public class NuGetSignerTests
method NuGetSignerTests (line 17) | public NuGetSignerTests()
method Constructor_WhenSignatureAlgorithmProviderIsNull_Throws (line 26) | [Fact]
method Constructor_WhenCertificateProviderIsNull_Throws (line 39) | [Fact]
method Constructor_WhenNuGetSignToolIsNull_Throws (line 52) | [Fact]
method Constructor_WhenLoggerIsNull_Throws (line 65) | [Fact]
method CanSign_WhenFileIsNull_Throws (line 78) | [Fact]
method CanSign_WhenFileExtensionMatches_ReturnsTrue (line 87) | [Theory]
method CanSign_WhenFileExtensionDoesNotMatch_ReturnsFalse (line 98) | [Fact]
method SignAsync_WhenSigningFails_Throws (line 106) | [Fact]
FILE: test/Sign.Core.Test/DataFormatSigners/PowerShell/PowerShellFileReader.cs
class PowerShellFileReader (line 11) | internal abstract class PowerShellFileReader
method PowerShellFileReader (line 18) | protected PowerShellFileReader(FileInfo file)
method Read (line 25) | internal static PowerShellFileReader Read(FileInfo file)
method TryGetSignature (line 37) | internal bool TryGetSignature([NotNullWhen(true)] out SignedCms? signe...
method TryExtractSignatureBlock (line 62) | private bool TryExtractSignatureBlock([NotNullWhen(true)] out string? ...
FILE: test/Sign.Core.Test/DataFormatSigners/PowerShell/TextPowerShellFileReader.cs
class TextPowerShellFileReader (line 7) | internal sealed class TextPowerShellFileReader : PowerShellFileReader
method TextPowerShellFileReader (line 12) | internal TextPowerShellFileReader(FileInfo file) : base(file)
FILE: test/Sign.Core.Test/DataFormatSigners/PowerShell/XmlPowerShellFileReader.cs
class XmlPowerShellFileReader (line 7) | internal sealed class XmlPowerShellFileReader : PowerShellFileReader
method XmlPowerShellFileReader (line 12) | internal XmlPowerShellFileReader(FileInfo file) : base(file)
FILE: test/Sign.Core.Test/DataFormatSigners/RSAPKCS1SHA256SignatureDescriptionTests.cs
class RSAPKCS1SHA256SignatureDescriptionTests (line 9) | public class RSAPKCS1SHA256SignatureDescriptionTests
method Constructor_Always_InitializesProperties (line 11) | [Fact]
method CreateDigest_Always_ReturnsSha256 (line 22) | [Fact]
FILE: test/Sign.Core.Test/DataFormatSigners/SignableFileTypeByExtensionTests.cs
class SignableFileTypeByExtensionTests (line 7) | public class SignableFileTypeByExtensionTests
method Constructor_WhenFileExtensionsIsNull_Throws (line 9) | [Fact]
method Constructor_WhenFileExtensionsIsEmpty_Throws (line 17) | [Fact]
method IsMatch_WhenFileIsNull_Throws (line 25) | [Fact]
method IsMatch_WhenFileDoesNotMatch_ReturnsFalse (line 35) | [Fact]
method IsMatch_WhenFileMatches_ReturnsTrue (line 44) | [Theory]
FILE: test/Sign.Core.Test/DataFormatSigners/VsixSignerTests.cs
class VsixSignerTests (line 13) | public class VsixSignerTests
method VsixSignerTests (line 17) | public VsixSignerTests()
method Constructor_WhenSignatureAlgorithmProviderIsNull_Throws (line 26) | [Fact]
method Constructor_WhenCertificateProviderIsNull_Throws (line 39) | [Fact]
method Constructor_WhenNuGetSignToolIsNull_Throws (line 52) | [Fact]
method Constructor_WhenLoggerIsNull_Throws (line 65) | [Fact]
method CanSign_WhenFileIsNull_Throws (line 78) | [Fact]
method CanSign_WhenFileExtensionMatches_ReturnsTrue (line 87) | [Theory]
method CanSign_WhenFileExtensionDoesNotMatch_ReturnsFalse (line 97) | [Theory]
method SignAsync_WhenSigningFails_Throws (line 108) | [Fact]
FILE: test/Sign.Core.Test/FileList/FileListReaderTests.cs
class FileListReaderTests (line 9) | public class FileListReaderTests
method FileListReaderTests (line 13) | public FileListReaderTests()
method Read_WhenReaderIsNull_Throws (line 18) | [Fact]
method Read_WhenFileListIsEmpty_ReturnsMatcher (line 27) | [Fact]
method Read_WhenFileListContainsParentDirectoryGlobs_RemovesParentDirectoryInPattern (line 45) | [Theory]
method Read_WhenFileListContainsParentDirectoryAntiGlobs_RemovesParentDirectoryInPattern (line 67) | [Theory]
method Read_WhenFileListContainsIncludes_ReturnsMatcher (line 89) | [Fact]
method Read_WhenFileListContainsBothIncludeAndExclude_ReturnsMatcher (line 109) | [Fact]
method CreateFileList (line 130) | private static StreamReader CreateFileList(params string[] lines)
class MatcherSpy (line 147) | private sealed class MatcherSpy : Matcher
method AddExclude (line 162) | public override Matcher AddExclude(string pattern)
method AddInclude (line 169) | public override Matcher AddInclude(string pattern)
class MatcherSpyFactory (line 177) | private sealed class MatcherSpyFactory : IMatcherFactory
method Create (line 179) | public Matcher Create()
FILE: test/Sign.Core.Test/FileList/FileMatcherTests.cs
class FileMatcherTests (line 10) | public class FileMatcherTests
method FileMatcherTests (line 21) | public FileMatcherTests()
method EnumerateMatches_WhenDirectoryIsNull_Throws (line 44) | [Fact]
method EnumerateMatches_WhenMatcherIsNull_Throws (line 53) | [Fact]
method EnumerateMatches_WhenMatcherHasInclusion_IncludesFiles (line 62) | [Fact]
method EnumerateMatches_WhenMatcherHasOnlyExclusion_ReturnsEmptyResults (line 73) | [Fact]
method EnumerateMatches_WhenMatcherHasBothInclusionAndExclusion_IncludesAndExcludesFiles (line 84) | [Fact]
method EnumerateMatches_WhenFilesDifferOnlyInCasing_AppliesMatchCaseSensitively (line 98) | [Fact]
FILE: test/Sign.Core.Test/FileList/MatcherFactoryTests.cs
class MatcherFactoryTests (line 9) | public class MatcherFactoryTests
method StringComparison_Always_IsCaseInsensitive (line 13) | [Fact]
method Create_Always_CreatesCaseInsensitiveMatcher (line 19) | [Theory]
FILE: test/Sign.Core.Test/FileSystem/AppRootDirectoryLocatorTests.cs
class AppRootDirectoryLocatorTests (line 7) | public class AppRootDirectoryLocatorTests
method Directory_Always_ReturnsDirectoryOfSignCoreDll (line 9) | [Fact]
FILE: test/Sign.Core.Test/FileSystem/DirectoryServiceTests.cs
class DirectoryServiceTests (line 10) | public class DirectoryServiceTests
method DirectoryServiceTests (line 14) | public DirectoryServiceTests()
method Constructor_WhenLoggerIsNull_Throws (line 19) | [Fact]
method CreateTemporaryDirectory_Always_CreatesDirectory (line 28) | [Fact]
method Delete_WhenDirectoryIsNull_Throws (line 43) | [Fact]
method Delete_Always_DeletesDirectory (line 55) | [Fact]
method Dispose_Always_DeletesDirectory (line 71) | [Fact]
FILE: test/Sign.Core.Test/FileSystem/FileInfoComparerTests.cs
class FileInfoComparerTests (line 9) | public class FileInfoComparerTests
method Instance_Always_ReturnsSameInstance (line 13) | [Fact]
method Equals_WhenArgumentsAreSameInstance_ReturnsTrue (line 22) | [Fact]
method Equals_WhenArgumentsAreDifferentInstancesWithSameFullName_ReturnsTrue (line 31) | [Fact]
method Equals_WhenArgumentsAreDifferentInstancesWithSameFullNameButDifferentCasing_ReturnsFalse (line 42) | [Fact]
method Equals_WhenArgumentsAreDifferentInstancesWithDifferentFullName_ReturnsFalse (line 54) | [Fact]
method Equals_WhenOnlyOneArgumentIsNull_ReturnsFalse (line 64) | [Fact]
method Equals_WhenBothArgumentsAreNull_ReturnsTrue (line 74) | [Fact]
method GetHashCode_Always_ReturnsFullNameHashCode (line 80) | [Fact]
FILE: test/Sign.Core.Test/FileSystem/FileMetadataServiceTests.cs
class FileMetadataServiceTests (line 9) | public class FileMetadataServiceTests
method IsPortableExecutable_WhenFileIsNull_Throws (line 13) | [Fact]
method IsPortableExecutable_WhenFileIsNotMatch_ReturnsFalse (line 22) | [Fact]
method IsPortableExecutable_WhenFileIsMatch_ReturnsTrue (line 31) | [Fact]
method CreateFakeNonPortableExecutableFile (line 40) | private TemporaryFile CreateFakeNonPortableExecutableFile()
method CreateFakePortableExecutableFile (line 53) | private TemporaryFile CreateFakePortableExecutableFile()
FILE: test/Sign.Core.Test/FileSystem/TemporaryDirectoryTests.cs
class TemporaryDirectoryTests (line 7) | public class TemporaryDirectoryTests
method Constructor_WhenDirectoryIsNull_Throws (line 9) | [Fact]
method Constructor_Always_CreatesDirectory (line 18) | [Fact]
method Directory_Always_ReturnsRootDirectory (line 32) | [Fact]
method Dispose_Always_DeletesDirectory (line 42) | [Fact]
class DirectoryServiceSpy (line 57) | private sealed class DirectoryServiceSpy : IDirectoryService
method DirectoryServiceSpy (line 64) | internal DirectoryServiceSpy()
method CreateTemporaryDirectory (line 71) | public DirectoryInfo CreateTemporaryDirectory()
method Delete (line 78) | public void Delete(DirectoryInfo directory)
method Dispose (line 85) | public void Dispose()
FILE: test/Sign.Core.Test/Native/SignedCmiManifest2Tests.cs
class SignedCmiManifest2Tests (line 15) | [Collection(SigningTestsCollection.Name)]
method SignedCmiManifest2Tests (line 20) | public SignedCmiManifest2Tests(CertificatesFixture certificatesFixture)
method Sign_Never_GeneratesSha1MessageImprint (line 27) | [Fact]
method CreateTemporaryEnvironmentPathOverride (line 68) | private static TemporaryEnvironmentPathOverride CreateTemporaryEnviron...
method GetTimestampBytes (line 76) | private static byte[] GetTimestampBytes(XmlDocument manifest)
FILE: test/Sign.Core.Test/ServiceProviderFactoryTests.cs
class ServiceProviderFactoryTests (line 10) | public class ServiceProviderFactoryTests
method AddService_ServicesIsNull_Throws (line 12) | [Fact]
method AddServices_WhenServicesAreNotAlreadyPresent_AddsServices (line 23) | [Fact]
method AddServices_WhenSameServiceIsNotAlreadyPresent_AddsService (line 32) | [Fact]
method AddServices_WhenSameServiceIsAlreadyPresent_AddsService (line 42) | [Fact]
method Create_WhenNoServicesAdded_ReturnsDefault (line 51) | [Fact]
type ITestService (line 60) | public interface ITestService
class TestService (line 64) | public class TestService : ITestService
type ITestService2 (line 68) | public interface ITestService2
class TestService2 (line 72) | public class TestService2 : ITestService2
FILE: test/Sign.Core.Test/ServiceProviderTests.cs
class ServiceProviderTests (line 11) | public class ServiceProviderTests
method Constructor_WhenServiceProviderIsNull_Throws (line 13) | [Fact]
method CreateDefault_Always_RegistersRequiredServices (line 22) | [Fact]
method CreateDefault_Always_ConfiguresLoggingVerbosity (line 64) | [Theory]
class TestLoggerProvider (line 98) | private sealed class TestLoggerProvider : ILoggerProvider
method CreateLogger (line 104) | public ILogger CreateLogger(string categoryName)
method Dispose (line 113) | public void Dispose()
class LoggerSpy (line 118) | private sealed class LoggerSpy : ILogger
method LoggerSpy (line 126) | internal LoggerSpy(string categoryName)
method Log (line 131) | public void Log<TState>(LogLevel logLevel, EventId eventId, TState s...
method IsEnabled (line 141) | public bool IsEnabled(LogLevel logLevel)
method BeginScope (line 146) | public IDisposable? BeginScope<TState>(TState state) where TState : ...
FILE: test/Sign.Core.Test/SignerTests.cs
class SignerTests (line 22) | [Collection(SigningTestsCollection.Name)]
method SignerTests (line 30) | public SignerTests(CertificatesFixture certificatesFixture)
method Dispose (line 40) | public void Dispose()
method Constructor_WhenServiceProviderIsNull_Throws (line 47) | [Fact]
method Constructor_WhenLoggerIsNull_Throws (line 56) | [Fact]
method SignAsync_WhenFileIsPortableExecutable_Signs (line 65) | [Fact]
method SignAsync_WhenFileIsPowerShellScript_Signs (line 80) | [Fact]
method SignAsync_WhenFileIsVsix_Signs (line 96) | [Fact]
method SignAsync_WhenFileIsMsixBundle_Signs (line 107) | [Fact]
method SignAsync_WhenFileIsApp_Signs (line 118) | [Fact]
method SignAsync_WhenSigningSingleFile_WithOutputDirectoryName_Signs_ToOutputDirectory (line 129) | [Fact]
method SignAsync_WhenSigningMultipleFiles_WithOutputDirectoryName_Signs_ToOutputDirectory (line 158) | [Fact]
method SignAsync_WhenSigningMultipleFiles_WithoutOutputDirectoryName_Signs_Inplace (line 189) | [Fact]
method SignAsync (line 219) | private async Task SignAsync(TemporaryDirectory temporaryDirectory, Fi...
method SignAsync (line 224) | private async Task SignAsync(TemporaryDirectory temporaryDirectory, IR...
method VerifyAuthenticodeSignedFileAsync (line 253) | private async Task VerifyAuthenticodeSignedFileAsync(FileInfo outputFile)
method VerifyMsixBundleFileAsync (line 260) | private async Task VerifyMsixBundleFileAsync(FileInfo outputFile, Temp...
method VerifyVsixAsync (line 296) | private async Task VerifyVsixAsync(FileInfo outputFile, TemporaryDirec...
method ExtractEntry (line 317) | private static FileInfo ExtractEntry(TemporaryDirectory temporaryDirec...
method VerifyAppSignatureAsync (line 329) | private async Task VerifyAppSignatureAsync(FileInfo unsignedAppFile, F...
method TryExtractSignatureBlockAsync (line 345) | private static async Task<bool> TryExtractSignatureBlockAsync(
method VerifyAppxSignatureAsync (line 375) | private async Task VerifyAppxSignatureAsync(ZipArchive msix)
method VerifyXmlDsigAsync (line 386) | private async Task VerifyXmlDsigAsync(FileInfo extractedFile)
method GetSignedCms (line 417) | private static SignedCms GetSignedCms(ZipArchiveEntry entry)
method GetSignedCms (line 434) | private static SignedCms GetSignedCms(FileInfo file)
method GetSignedCmsFromBase64 (line 444) | private static SignedCms GetSignedCmsFromBase64(string base64)
method GetSignedCmsFromPowerShellScript (line 454) | private static SignedCms GetSignedCmsFromPowerShellScript(FileInfo file)
method TryGetSignatureEntry (line 484) | private static bool TryGetSignatureEntry(ZipArchive zipArchive, [NotNu...
method VerifySignedCmsAsync (line 501) | private async Task VerifySignedCmsAsync(SignedCms signedCms)
method VerifyTimestampSignedCms (line 517) | private void VerifyTimestampSignedCms(SignedCms timestampSignedCms)
method TryGetTimestampSignedCms (line 526) | private static bool TryGetTimestampSignedCms(SignerInfo signerInfo, [N...
method Create (line 552) | private ServiceProvider Create()
FILE: test/Sign.Core.Test/TestInfrastructure/AggregatingSignerSpy.cs
class AggregatingSignerSpy (line 7) | internal sealed class AggregatingSignerSpy : IAggregatingDataFormatSigner
method CanSign (line 11) | public bool CanSign(FileInfo file)
method SignAsync (line 16) | public Task SignAsync(IEnumerable<FileInfo> files, SignOptions options)
FILE: test/Sign.Core.Test/TestInfrastructure/AggregatingSignerTest.cs
class AggregatingSignerTest (line 11) | internal sealed class AggregatingSignerTest
method AggregatingSignerTest (line 80) | internal AggregatingSignerTest(params string[] paths)
FILE: test/Sign.Core.Test/TestInfrastructure/AuthenticodeSignatureReader.cs
class AuthenticodeSignatureReader (line 12) | internal static class AuthenticodeSignatureReader
method TryGetSignedCms (line 22) | internal static bool TryGetSignedCms(FileInfo file, [NotNullWhen(true)...
method GetSignedCmsBlob (line 40) | private static byte[] GetSignedCmsBlob(FileInfo file)
method CertCloseStore (line 102) | [DllImport(Crypt32Dll, CharSet = CharSet.Auto, SetLastError = true)]
method CryptMsgClose (line 107) | [DllImport(Crypt32Dll, CharSet = CharSet.Auto, SetLastError = true)]
method CryptQueryObject (line 111) | [DllImport(Crypt32Dll, CharSet = CharSet.Auto, SetLastError = true)]
method CryptMsgGetParam (line 125) | [DllImport(Crypt32Dll, CharSet = CharSet.Auto, SetLastError = true)]
method CryptMsgGetParam (line 133) | [DllImport(Crypt32Dll, CharSet = CharSet.Auto, SetLastError = true)]
FILE: test/Sign.Core.Test/TestInfrastructure/CertificateStoreServiceStub.cs
class CertificateStoreServiceStub (line 10) | internal sealed class CertificateStoreServiceStub : ISignatureAlgorithmP...
method Dispose (line 15) | public void Dispose()
method GetCertificateAsync (line 23) | public Task<X509Certificate2> GetCertificateAsync(CancellationToken ca...
method GetRsaAsync (line 28) | public Task<RSA> GetRsaAsync(CancellationToken cancellationToken)
method Initialize (line 36) | public void Initialize(string certificateFingerprint, string? cryptoSe...
method IsInitialized (line 47) | public bool IsInitialized()
FILE: test/Sign.Core.Test/TestInfrastructure/ContainerProviderStub.cs
class ContainerProviderStub (line 10) | internal sealed class ContainerProviderStub : IContainerProvider
method ContainerProviderStub (line 16) | internal ContainerProviderStub()
method IsAppxBundleContainer (line 26) | public bool IsAppxBundleContainer(FileInfo file)
method IsAppxContainer (line 31) | public bool IsAppxContainer(FileInfo file)
method IsNuGetContainer (line 36) | public bool IsNuGetContainer(FileInfo file)
method IsZipContainer (line 41) | public bool IsZipContainer(FileInfo file)
method GetContainer (line 46) | public IContainer? GetContainer(FileInfo file)
FILE: test/Sign.Core.Test/TestInfrastructure/ContainerSpy.cs
class ContainerSpy (line 9) | internal sealed class ContainerSpy : IContainer
method ContainerSpy (line 21) | internal ContainerSpy(FileInfo file)
method Dispose (line 26) | public void Dispose()
method GetFiles (line 31) | public IEnumerable<FileInfo> GetFiles()
method GetFiles (line 38) | public IEnumerable<FileInfo> GetFiles(Matcher matcher)
method OpenAsync (line 48) | public ValueTask OpenAsync()
method SaveAsync (line 55) | public ValueTask SaveAsync()
FILE: test/Sign.Core.Test/TestInfrastructure/DirectoryServiceStub.cs
class DirectoryServiceStub (line 7) | internal sealed class DirectoryServiceStub : IDirectoryService
method DirectoryServiceStub (line 13) | internal DirectoryServiceStub()
method CreateTemporaryDirectory (line 18) | public DirectoryInfo CreateTemporaryDirectory()
method Delete (line 29) | public void Delete(DirectoryInfo directory)
method Dispose (line 39) | public void Dispose()
FILE: test/Sign.Core.Test/TestInfrastructure/FileMetadataServiceStub.cs
class FileMetadataServiceStub (line 7) | internal sealed class FileMetadataServiceStub : IFileMetadataService
method IsPortableExecutable (line 11) | public bool IsPortableExecutable(FileInfo file)
FILE: test/Sign.Core.Test/TestInfrastructure/KeyVaultServiceStub.cs
class KeyVaultServiceStub (line 10) | internal sealed class KeyVaultServiceStub : ISignatureAlgorithmProvider,...
method KeyVaultServiceStub (line 15) | internal KeyVaultServiceStub()
method Dispose (line 26) | public void Dispose()
method GetCertificateAsync (line 34) | public Task<X509Certificate2> GetCertificateAsync(CancellationToken ca...
method GetRsaAsync (line 39) | public Task<RSA> GetRsaAsync(CancellationToken cancellationToken = def...
FILE: test/Sign.Core.Test/TestInfrastructure/Server/AiaResponder.cs
class AiaResponder (line 10) | internal sealed class AiaResponder : HttpResponder
method AiaResponder (line 17) | internal AiaResponder(
method RespondAsync (line 34) | public override async Task RespondAsync(HttpContext context)
FILE: test/Sign.Core.Test/TestInfrastructure/Server/AlgorithmIdentifier.cs
class AlgorithmIdentifier (line 18) | internal sealed class AlgorithmIdentifier
method AlgorithmIdentifier (line 23) | internal AlgorithmIdentifier(Oid algorithm)
method Decode (line 30) | internal static AlgorithmIdentifier Decode(AsnReader reader)
method Encode (line 49) | internal ReadOnlyMemory<byte> Encode()
FILE: test/Sign.Core.Test/TestInfrastructure/Server/AttributeUtility.cs
class AttributeUtility (line 10) | internal static class AttributeUtility
method CreateSigningCertificateV2Attribute (line 17) | internal static CryptographicAttributeObject CreateSigningCertificateV...
FILE: test/Sign.Core.Test/TestInfrastructure/Server/CertificateAuthority.cs
type PkiOptions (line 19) | [Flags]
class CertificateAuthority (line 41) | internal sealed class CertificateAuthority : IDisposable
method CertificateAuthority (line 119) | internal CertificateAuthority(
method Dispose (line 133) | public void Dispose()
method CloneIssuerCert (line 142) | internal X509Certificate2 CloneIssuerCert()
method Revoke (line 147) | internal void Revoke(X509Certificate2 certificate, DateTimeOffset revo...
method CreateSubordinateCA (line 165) | internal X509Certificate2 CreateSubordinateCA(
method CreateEndEntity (line 184) | internal X509Certificate2 CreateEndEntity(
method CreateOcspSigner (line 198) | internal X509Certificate2 CreateOcspSigner(string subject, RSA publicKey)
method Create (line 208) | internal X509Certificate2 Create(CertificateRequest request, DateTimeO...
method RebuildRootWithRevocation (line 220) | internal void RebuildRootWithRevocation()
method RebuildRootWithRevocation (line 235) | private void RebuildRootWithRevocation(X509Extension? cdpExtension, X5...
method CreateCertificate (line 280) | private X509Certificate2 CreateCertificate(
method CreateCertificate (line 298) | private X509Certificate2 CreateCertificate(
method GetCertData (line 357) | internal byte[] GetCertData()
method GetCrl (line 362) | internal byte[] GetCrl()
method DesignateOcspResponder (line 514) | internal void DesignateOcspResponder(X509Certificate2 responder)
method BuildOcspResponse (line 519) | internal byte[] BuildOcspResponse(
method CheckRevocation (line 689) | private CertStatus CheckRevocation(ReadOnlyMemory<byte> certId, ref Da...
method CreateAiaExtension (line 766) | private static X509Extension CreateAiaExtension(string? certLocation, ...
method CreateCdpExtension (line 805) | private static X509Extension CreateCdpExtension(string cdp)
method CreateAkidExtension (line 836) | private X509Extension CreateAkidExtension()
type OcspResponseStatus (line 886) | private enum OcspResponseStatus
type CertStatus (line 891) | private enum CertStatus
method BuildPrivatePki (line 898) | internal static void BuildPrivatePki(
method BuildPrivatePki (line 1019) | internal static void BuildPrivatePki(
method BuildSubject (line 1049) | private static string BuildSubject(
method IsSupportedHashAlgorithm (line 1063) | private static bool IsSupportedHashAlgorithm(Oid oid)
method CreateHashAlgorithm (line 1070) | private static HashAlgorithm CreateHashAlgorithm(Oid oid)
method GenerateSerialNumber (line 1090) | private static byte[] GenerateSerialNumber()
FILE: test/Sign.Core.Test/TestInfrastructure/Server/CertificateUtilities.cs
class CertificateUtilities (line 10) | internal static class CertificateUtilities
method CreateKeyPair (line 12) | internal static RSA CreateKeyPair(int strength = 2048)
method GetCertificateWithPrivateKey (line 17) | internal static X509Certificate2 GetCertificateWithPrivateKey(X509Cert...
method Hash (line 32) | internal static ReadOnlyMemory<byte> Hash(this X509Certificate2 certif...
method Create (line 52) | private static HashAlgorithm Create(HashAlgorithmName hashAlgorithmName)
FILE: test/Sign.Core.Test/TestInfrastructure/Server/CertificatesFixture.cs
class CertificatesFixture (line 9) | [CollectionDefinition(Name, DisableParallelization = true)]
method CertificatesFixture (line 26) | public CertificatesFixture()
method Dispose (line 53) | public void Dispose()
FILE: test/Sign.Core.Test/TestInfrastructure/Server/CommitmentTypeIndication.cs
class CommitmentTypeIndication (line 20) | internal sealed class CommitmentTypeIndication
method CommitmentTypeIndication (line 25) | internal CommitmentTypeIndication(
method Decode (line 35) | internal static CommitmentTypeIndication Decode(ReadOnlyMemory<byte> b...
method Decode (line 42) | internal static CommitmentTypeIndication Decode(AsnReader reader)
method Encode (line 76) | internal ReadOnlyMemory<byte> Encode()
FILE: test/Sign.Core.Test/TestInfrastructure/Server/CommitmentTypeQualifier.cs
class CommitmentTypeQualifier (line 19) | internal sealed class CommitmentTypeQualifier
method CommitmentTypeQualifier (line 24) | internal CommitmentTypeQualifier(
method Decode (line 34) | internal static CommitmentTypeQualifier Decode(AsnReader reader)
method Encode (line 52) | internal ReadOnlyMemory<byte> Encode()
FILE: test/Sign.Core.Test/TestInfrastructure/Server/CrlResponder.cs
class CrlResponder (line 10) | internal sealed class CrlResponder : HttpResponder
method CrlResponder (line 17) | internal CrlResponder(
method RespondAsync (line 34) | public override async Task RespondAsync(HttpContext context)
FILE: test/Sign.Core.Test/TestInfrastructure/Server/EssCertId.cs
class EssCertId (line 24) | internal sealed class EssCertId
method EssCertId (line 29) | private EssCertId(ReadOnlyMemory<byte> hash, IssuerSerial? issuerSerial)
method Decode (line 35) | internal static EssCertId Decode(AsnReader reader)
FILE: test/Sign.Core.Test/TestInfrastructure/Server/EssCertIdV2.cs
class EssCertIdV2 (line 28) | internal sealed class EssCertIdV2
method EssCertIdV2 (line 36) | internal EssCertIdV2(
method Create (line 46) | internal static EssCertIdV2 Create(X509Certificate2 certificate, HashA...
method Decode (line 57) | internal static EssCertIdV2 Decode(AsnReader reader)
method Encode (line 87) | internal ReadOnlyMemory<byte> Encode()
FILE: test/Sign.Core.Test/TestInfrastructure/Server/GeneralName.cs
class GeneralName (line 51) | internal sealed class GeneralName
method GeneralName (line 59) | internal GeneralName(X500DistinguishedName directoryName)
method Decode (line 66) | internal static GeneralName Decode(AsnReader reader)
method Encode (line 87) | internal ReadOnlyMemory<byte> Encode()
FILE: test/Sign.Core.Test/TestInfrastructure/Server/HashAlgorithmNameExtensions.cs
class HashAlgorithmNameExtensions (line 9) | internal static class HashAlgorithmNameExtensions
method ToOid (line 11) | internal static Oid ToOid(this HashAlgorithmName hashAlgorithmName)
FILE: test/Sign.Core.Test/TestInfrastructure/Server/HttpResponder.cs
class HttpResponder (line 9) | internal abstract class HttpResponder : IHttpResponder
method RespondAsync (line 13) | public abstract Task RespondAsync(HttpContext context);
method IsGet (line 15) | protected static bool IsGet(HttpRequest request)
method IsPost (line 20) | protected static bool IsPost(HttpRequest request)
method ReadRequestBody (line 25) | protected static byte[] ReadRequestBody(HttpRequest request)
method WriteResponseBody (line 38) | protected static void WriteResponseBody(HttpResponse response, ReadOnl...
FILE: test/Sign.Core.Test/TestInfrastructure/Server/IHttpResponder.cs
type IHttpResponder (line 9) | internal interface IHttpResponder
method RespondAsync (line 13) | Task RespondAsync(HttpContext context);
FILE: test/Sign.Core.Test/TestInfrastructure/Server/ITestServer.cs
type ITestServer (line 7) | internal interface ITestServer : IDisposable
method RegisterResponder (line 11) | IDisposable RegisterResponder(IHttpResponder responder);
FILE: test/Sign.Core.Test/TestInfrastructure/Server/IssuerSerial.cs
class IssuerSerial (line 26) | internal sealed class IssuerSerial
method IssuerSerial (line 31) | internal IssuerSerial(IReadOnlyList<GeneralName> generalNames, ReadOnl...
method Create (line 39) | internal static IssuerSerial Create(X509Certificate2 certificate)
method Decode (line 52) | internal static IssuerSerial Decode(AsnReader reader)
method Encode (line 65) | internal ReadOnlyMemory<byte> Encode()
method ReadGeneralNames (line 89) | private static IReadOnlyList<GeneralName> ReadGeneralNames(AsnReader r...
FILE: test/Sign.Core.Test/TestInfrastructure/Server/OcspResponder.cs
class OcspResponder (line 13) | internal sealed class OcspResponder : HttpResponder
method OcspResponder (line 20) | internal OcspResponder(
method RespondAsync (line 37) | public override async Task RespondAsync(HttpContext context)
method DecodeOcspRequest (line 112) | private static void DecodeOcspRequest(
FILE: test/Sign.Core.Test/TestInfrastructure/Server/OidExtensions.cs
class OidExtensions (line 9) | internal static class OidExtensions
method IsEqualTo (line 11) | internal static bool IsEqualTo(this Oid oid, Oid other)
FILE: test/Sign.Core.Test/TestInfrastructure/Server/Oids.cs
class Oids (line 9) | internal static class Oids
class DottedDecimalValues (line 26) | private static class DottedDecimalValues
FILE: test/Sign.Core.Test/TestInfrastructure/Server/PfxFilesFixture.cs
class PfxFilesFixture (line 13) | public sealed class PfxFilesFixture : IDisposable
method PfxFilesFixture (line 19) | public PfxFilesFixture()
method GetPfx (line 26) | internal X509Certificate2 GetPfx(int keySizeInBits, HashAlgorithmName ...
method Dispose (line 35) | public void Dispose()
method CreateSelfIssuedCertificate (line 41) | private FileInfo CreateSelfIssuedCertificate(int keySizeInBits, HashAl...
FILE: test/Sign.Core.Test/TestInfrastructure/Server/PolicyInformation.cs
class PolicyInformation (line 20) | internal sealed class PolicyInformation
method PolicyInformation (line 25) | internal PolicyInformation(Oid policyIdentifier, IReadOnlyList<PolicyQ...
method Decode (line 33) | internal static PolicyInformation Decode(AsnReader reader)
method Encode (line 52) | internal ReadOnlyMemory<byte> Encode()
method ReadPolicyQualifiers (line 77) | private static IReadOnlyList<PolicyQualifierInfo> ReadPolicyQualifiers...
FILE: test/Sign.Core.Test/TestInfrastructure/Server/PolicyQualifierInfo.cs
class PolicyQualifierInfo (line 25) | internal sealed class PolicyQualifierInfo
method PolicyQualifierInfo (line 30) | internal PolicyQualifierInfo(Oid policyQualifierId, ReadOnlyMemory<byt...
method Decode (line 38) | internal static PolicyQualifierInfo Decode(AsnReader reader)
method Encode (line 56) | internal ReadOnlyMemory<byte> Encode()
FILE: test/Sign.Core.Test/TestInfrastructure/Server/SigningCertificateV2.cs
class SigningCertificateV2 (line 19) | internal sealed class SigningCertificateV2
method SigningCertificateV2 (line 24) | private SigningCertificateV2(
method Create (line 32) | internal static SigningCertificateV2 Create(X509Certificate2 certifica...
method Decode (line 41) | internal static SigningCertificateV2 Decode(ReadOnlyMemory<byte> bytes)
method Decode (line 48) | internal static SigningCertificateV2 Decode(AsnReader reader)
method Encode (line 65) | internal ReadOnlyMemory<byte> Encode()
method ReadCertificates (line 94) | private static IReadOnlyList<EssCertIdV2> ReadCertificates(AsnReader r...
method ReadPolicies (line 111) | private static IReadOnlyList<PolicyInformation> ReadPolicies(AsnReader...
FILE: test/Sign.Core.Test/TestInfrastructure/Server/SigningTestsCollection.cs
class SigningTestsCollection (line 9) | [CollectionDefinition(Name, DisableParallelization = true)]
FILE: test/Sign.Core.Test/TestInfrastructure/Server/TestServer.cs
class TestServer (line 14) | internal sealed class TestServer : ITestServer, IStartup, IDisposable
method TestServer (line 24) | private TestServer()
method Dispose (line 29) | public void Dispose()
method Configure (line 41) | public void Configure(IApplicationBuilder app)
method ConfigureServices (line 83) | public IServiceProvider ConfigureServices(IServiceCollection services)
method RegisterResponder (line 90) | public IDisposable RegisterResponder(IHttpResponder responder)
method CreateAsync (line 97) | internal static async Task<ITestServer> CreateAsync()
class Responder (line 118) | private sealed class Responder : IDisposable
method Responder (line 123) | internal Responder(ConcurrentDictionary<string, IHttpResponder> resp...
method Dispose (line 130) | public void Dispose()
FILE: test/Sign.Core.Test/TestInfrastructure/Server/TestServerFixture.cs
class TestServerFixture (line 7) | public sealed class TestServerFixture : IDisposable
method TestServerFixture (line 13) | static TestServerFixture()
method Dispose (line 18) | public void Dispose()
FILE: test/Sign.Core.Test/TestInfrastructure/Server/TestUtility.cs
class TestUtility (line 9) | internal static class TestUtility
method RemoveTestIntermediateCertificates (line 11) | internal static void RemoveTestIntermediateCertificates()
FILE: test/Sign.Core.Test/TestInfrastructure/Server/TimestampService.cs
class TimestampService (line 17) | internal sealed class TimestampService : HttpResponder, IDisposable
method TimestampService (line 42) | private TimestampService(
method Dispose (line 55) | public void Dispose()
method Create (line 62) | internal static TimestampService Create(
method RespondAsync (line 114) | public override async Task RespondAsync(HttpContext context)
method WriteAsync (line 182) | private async Task WriteAsync(RequestAndResponse reqAndResp)
method GenerateTimestamp (line 220) | private SignedCms GenerateTimestamp(Rfc3161TimestampRequest request, R...
method CreateTstInfo (line 240) | private static ReadOnlyMemory<byte> CreateTstInfo(
method CreateResponse (line 281) | private static ReadOnlyMemory<byte> CreateResponse(PkiStatus pkiStatus...
type PkiStatus (line 303) | private enum PkiStatus
type PkiFailureInfo (line 313) | private enum PkiFailureInfo
class RequestAndResponse (line 325) | private sealed class RequestAndResponse
FILE: test/Sign.Core.Test/TestInfrastructure/SignerSpy.cs
class SignerSpy (line 10) | internal sealed class SignerSpy : IDataFormatSigner, IDefaultDataFormatS...
method SignerSpy (line 22) | internal SignerSpy()
method CanSign (line 58) | public bool CanSign(FileInfo file)
method SignAsync (line 63) | public Task SignAsync(IEnumerable<FileInfo> files, SignOptions options)
FILE: test/Sign.Core.Test/TestInfrastructure/TemporaryEnvironmentPathOverride.cs
class TemporaryEnvironmentPathOverride (line 7) | internal sealed class TemporaryEnvironmentPathOverride : IDisposable
method TemporaryEnvironmentPathOverride (line 13) | internal TemporaryEnvironmentPathOverride(string path)
method Dispose (line 23) | public void Dispose()
FILE: test/Sign.Core.Test/Tools/ToolConfigurationProviderTests.cs
class ToolConfigurationProviderTests (line 7) | public class ToolConfigurationProviderTests
method Constructor_WhenAppRootDirectoryLocatorIsNull_Throws (line 13) | [Fact]
method Mage_Always_ReturnsFile (line 22) | [Fact]
method MakeAppx_Always_ReturnsFile (line 30) | [Fact]
method SignToolManifest_Always_ReturnsFile (line 38) | [Fact]
FILE: test/Sign.Core.Test/Tools/VSIXSignTool/CertificateSigningContextTests.cs
class CertificateSigningContextTests (line 10) | [Collection(SigningTestsCollection.Name)]
method CertificateSigningContextTests (line 15) | public CertificateSigningContextTests(PfxFilesFixture pfxFilesFixture)
method ShouldSignABlobOfDataWithRsaSha256 (line 31) | [Theory]
FILE: test/Sign.Core.Test/Tools/VSIXSignTool/Crypt32Tests.cs
class Crypt32Tests (line 12) | [Collection(SigningTestsCollection.Name)]
method Crypt32Tests (line 18) | public Crypt32Tests(CertificatesFixture certificatesFixture, ITestOutp...
method ShouldTimestampData (line 27) | [Fact]
FILE: test/Sign.Core.Test/Tools/VSIXSignTool/HexHelperTests.cs
class HexHelperTests (line 7) | public class HexHelperTests
method TryHexEncode_WhenInputsAreValid_ReturnsTrue (line 9) | [Theory]
method TryHexEncode_WhenBufferIsTooSmall_ReturnsFalse (line 21) | [Fact]
method TryHexEncode_Never_ClobbersSurroundingData (line 28) | [Fact]
method TryHexEncode_WithAnyByteValue_ReturnsTrue (line 36) | [Fact]
method IsHex_WhenTextIsNotHex_ReturnsFalse (line 49) | [Theory]
method IsHex_WhenTextIsHex_ReturnsTrue (line 59) | [Fact]
FILE: test/Sign.Core.Test/Tools/VSIXSignTool/OpcPackageSigningTests.cs
class OpcPackageSigningTests (line 14) | [Collection(SigningTestsCollection.Name)]
method OpcPackageSigningTests (line 24) | public OpcPackageSigningTests(
method ShouldSignFileWithRsa (line 38) | [Theory]
method ShouldTimestampFileWithRsa (line 73) | [Theory]
method ShouldSupportReSigning (line 99) | [Fact]
method ShouldSupportReSigningWithDifferentCertificate (line 135) | [Fact]
method ShouldRemoveSignature (line 173) | [Fact]
method ShouldUseInvariantCultureForContextCreationTime (line 202) | [Fact]
method ShadowCopyPackage (line 277) | private OpcPackage ShadowCopyPackage(string packagePath, out string pa...
method Dispose (line 286) | public void Dispose()
FILE: test/Sign.Core.Test/Tools/VSIXSignTool/OpcPackageTests.cs
class OpcPackageTests (line 7) | public class OpcPackageTests : IDisposable
method ShouldOpenAndDisposeAPackageAndDisposeIsIdempotent (line 13) | [Fact]
method ShouldReadContentTypes (line 21) | [Fact]
method ShouldNotAllowUpdatingContentTypesInReadOnly (line 34) | [Fact]
method ShouldAllowUpdatingContentType (line 45) | [Fact]
method ShouldAllowUpdatingRelationships (line 62) | [Fact]
method ShouldRemovePart (line 80) | [Fact]
method ShouldRemoveRelationshipsForRemovedPartWhereRelationshipIsMaterialized (line 94) | [Fact]
method ShouldRemoveRelationshipsForRemovedPartWhereRelationshipIsNotMaterialized (line 116) | [Fact]
method ShouldEnumerateAllParts (line 135) | [Fact]
method ShouldCreateSignatureBuilder (line 145) | [Fact]
method ShouldOpenSinglePartByRelativeUri (line 159) | [Theory]
method ShouldReturnEmptyEnumerableForNoSignatureOriginRelationship (line 172) | [Fact]
method ShouldReturnSignatureForSignedPackage (line 181) | [Fact]
method ShadowCopyPackage (line 190) | private OpcPackage ShadowCopyPackage(string packagePath, out string pa...
method Dispose (line 199) | public void Dispose()
FILE: test/Sign.Core.Test/Tools/VSIXSignTool/UriHelpersTests.cs
class UriHelpersTests (line 7) | public class UriHelpersTests
method ShouldHandlePackagePathForRelativeUris (line 9) | [Theory]
method ShouldHandleReferencePathForRelativeUris (line 23) | [Theory]
FILE: test/Sign.SignatureProviders.ArtifactSigning.Test/RSATrustedSigningTests.cs
class RSATrustedSigningTests (line 15) | public class RSATrustedSigningTests
method Constructor_WhenClientIsNull_Throws (line 23) | [Fact]
method Constructor_WhenAccountNameIsNull_Throws (line 32) | [Fact]
method Constructor_WhenAccountNameIsEmpty_Throws (line 41) | [Fact]
method Constructor_WhenCertificateProfileNameIsNull_Throws (line 50) | [Fact]
method Constructor_WhenCertificateProfileNameIsEmpty_Throws (line 59) | [Fact]
method Dispose_DisposesRSAKeyVaultAndRSAPublicKey (line 68) | [Fact]
method ExportParameters_IncludePrivateParametersIsTrue_Throws (line 77) | [Fact]
method ExportParameters_IncludePrivateParametersIsFalse_UsesExportParametersOfPublicKey (line 86) | [Fact]
method ImportParameters_Throws (line 96) | [Fact]
method SignHash_InvalidHashLength_Throws (line 105) | [Fact]
method SignHash_UsesClient (line 118) | [Theory]
method VerifyHash_UsesPublicKey (line 178) | [Fact]
FILE: test/Sign.SignatureProviders.ArtifactSigning.Test/TrustedSigningServiceProviderTests.cs
class ArtifactSigningServiceProviderTests (line 13) | public class ArtifactSigningServiceProviderTests
method ArtifactSigningServiceProviderTests (line 18) | public ArtifactSigningServiceProviderTests()
method GetSignatureAlgorithmProvider_WhenServiceProviderIsNull_Throws (line 33) | [Fact]
method GetSignatureAlgorithmProvider_WhenServiceProviderIsValid_ReturnsInstance (line 42) | [Fact]
method GetCertificateProvider_WhenServiceProviderIsValid_ReturnsInstance (line 48) | [Fact]
FILE: test/Sign.SignatureProviders.ArtifactSigning.Test/TrustedSigningServiceTests.cs
class TrustedSigningServiceTests (line 12) | public class TrustedSigningServiceTests
method Constructor_WhenCertificateProfileClientIsNull_Throws (line 19) | [Fact]
method Constructor_WhenAccountNameIsNull_Throws (line 28) | [Fact]
method Constructor_WhenAccountNameIsEmpty_Throws (line 37) | [Fact]
method Constructor_WhenCertificateProfileNameIsNull_Throws (line 46) | [Fact]
method Constructor_WhenCertificateProfileNameIsEmpty_Throws (line 55) | [Fact]
method Constructor_WhenLoggerIsNull_Throws (line 64) | [Fact]
FILE: test/Sign.SignatureProviders.CertificateStore.Test/CertificateStoreServiceProviderTests.cs
class CertificateStoreServiceProviderTests (line 14) | public class CertificateStoreServiceProviderTests
method CertificateStoreServiceProviderTests (line 26) | public CertificateStoreServiceProviderTests()
method Constructor_WhenCertificateFingerprintIsNull_Throws (line 33) | [Fact]
method Constructor_WhenCertificateFingerprintIsEmpty_Throws (line 42) | [Fact]
method Constructor_WhenCryptoServiceProviderIsNullAndPrivateKeyContainerIsNot_Throws (line 51) | [Fact]
method Constructor_WhenCryptoServiceProviderIsEmptyAndPrivateKeyContainerIsNot_Throws (line 60) | [Fact]
method Constructor_WhenPrivateKeyContainerIsNullAndCryptoServiceProviderIsNot_Throws (line 69) | [Fact]
method Constructor_WhenPrivateKeyContainerIsEmptyAndCryptoServiceProviderIsNot_Throws (line 78) | [Fact]
method Constructor_WhenPrivateKeyContainerAndCryptoServiceProviderAreBothNullOrEmpty_DoesNotThrow (line 87) | [Theory]
method GetSignatureAlgorithmProvider_WhenServiceProviderIsNull_Throws (line 97) | [Fact]
method GetSignatureAlgorithmProvider_ReturnsSameInstance (line 108) | [Fact]
method GetCertificateProvider_WhenServiceProviderIsNull_Throws (line 123) | [Fact]
method GetCertificateProvider_ReturnsSameInstance (line 134) | [Fact]
FILE: test/Sign.SignatureProviders.CertificateStore.Test/CertificateStoreServiceTests.cs
class CertificateStoreServiceTests (line 12) | public class CertificateStoreServiceTests
method CertificateStoreServiceTests (line 24) | public CertificateStoreServiceTests()
method Constructor_WhenServiceProviderIsNull_Throws (line 31) | [Fact]
method Constructor_WhenCertificateFingerprintIsNull_Throws (line 40) | [Fact]
method Constructor_WhenCertificateFingerprintIsEmpty_Throws (line 49) | [Fact]
FILE: test/Sign.SignatureProviders.KeyVault.Test/KeyVaultServiceProviderTests.cs
class KeyVaultServiceProviderTests (line 14) | public class KeyVaultServiceProviderTests
method KeyVaultServiceProviderTests (line 19) | public KeyVaultServiceProviderTests()
method GetSignatureAlgorithmProvider_WhenServiceProviderIsNull_Throws (line 33) | [Fact]
method GetSignatureAlgorithmProvider_WhenServiceProviderIsValid_ReturnsSameInstance (line 42) | [Fact]
method GetCertificateProvider_WhenServiceProviderIsNull_Throws (line 50) | [Fact]
method GetCertificateProvider_WhenServiceProviderIsValid_ReturnsSameInstance (line 59) | [Fact]
FILE: test/Sign.SignatureProviders.KeyVault.Test/KeyVaultServiceTests.cs
class KeyVaultServiceTests (line 16) | public class KeyVaultServiceTests
method Constructor_WhenCertificateClientIsNull_Throws (line 24) | [Fact]
method Constructor_WhenCryptographyClientIsNull_Throws (line 33) | [Fact]
method Constructor_WhenCertificateNameIsNull_Throws (line 42) | [Fact]
method Constructor_WhenCertificateNameIsEmpty_Throws (line 51) | [Fact]
method Constructor_WhenLoggerIsNull_Throws (line 60) | [Fact]
method GetCertificateAsync_CalledTwice_CertificateRetrievedOnce (line 69) | [Fact]
method GetRsaAsync_ReturnsRSAKeyVaultWrapper (line 92) | [Fact]
method CreateMockKeyVaultCertificateWithPolicy (line 119) | private static Mock<KeyVaultCertificateWithPolicy> CreateMockKeyVaultC...
FILE: test/Sign.SignatureProviders.KeyVault.Test/RSAKeyVaultWrapperTests.cs
class RSAKeyVaultWrapperTests (line 12) | public class RSAKeyVaultWrapperTests
method Constructor_WhenRSAKeyVaultIsNull_Throws (line 17) | [Fact]
method Constructor_WhenCertificateClientIsNull_Throws (line 26) | [Fact]
method Dispose_DisposesRSAKeyVaultAndRSAPublicKey (line 35) | [Fact]
method ExportParameters_IncludePrivateParametersIsTrue_Throws (line 45) | [Fact]
method ExportParameters_IncludePrivateParametersIsFalse_UsesExportParametersOfPublicKey (line 54) | [Fact]
method ImportParameters_Throws (line 64) | [Fact]
method SignHash_UsesRSAKeyVault (line 73) | [Fact]
method VerifyHash_UsesPublicKey (line 87) | [Fact]
FILE: test/Sign.TestInfrastructure/Constants.cs
class Constants (line 7) | public static class Constants
FILE: test/Sign.TestInfrastructure/EphemeralTrust.cs
class EphemeralTrust (line 11) | public sealed class EphemeralTrust : IDisposable
method EphemeralTrust (line 15) | [SupportedOSPlatform("windows")]
method Dispose (line 26) | public void Dispose()
method RemoveResidualTestCertificates (line 35) | public static void RemoveResidualTestCertificates()
method AddTrust (line 95) | [SupportedOSPlatform("windows")]
method RemoveTrust (line 112) | private void RemoveTrust()
method GetStore (line 124) | private static X509Store GetStore()
FILE: test/Sign.TestInfrastructure/RequiresElevationTheoryAttribute.cs
class RequiresElevationTheoryAttribute (line 9) | public sealed class RequiresElevationTheoryAttribute : TheoryAttribute
method ShouldRun (line 21) | private static bool ShouldRun()
method IsCI (line 28) | private static bool IsCI()
method IsElevated (line 40) | private static bool IsElevated()
FILE: test/Sign.TestInfrastructure/ResidualTestCertificatesFoundInRootStoreException.cs
class ResidualTestCertificatesFoundInRootStoreException (line 7) | public sealed class ResidualTestCertificatesFoundInRootStoreException : ...
method ResidualTestCertificatesFoundInRootStoreException (line 9) | public ResidualTestCertificatesFoundInRootStoreException(string message)
FILE: test/Sign.TestInfrastructure/SelfIssuedCertificateCreator.cs
class SelfIssuedCertificateCreator (line 10) | public static class SelfIssuedCertificateCreator
method CreateCertificate (line 12) | public static X509Certificate2 CreateCertificate()
method CreateCertificate (line 19) | public static X509Certificate2 CreateCertificate(DateTimeOffset notBef...
FILE: test/Sign.TestInfrastructure/TemporaryFile.cs
class TemporaryFile (line 7) | public sealed class TemporaryFile : IDisposable
method TemporaryFile (line 11) | public TemporaryFile()
method Dispose (line 16) | public void Dispose()
FILE: test/Sign.TestInfrastructure/TestAssets.cs
class TestAssets (line 9) | public static class TestAssets
method GetTestAsset (line 11) | public static FileInfo GetTestAsset(DirectoryInfo destinationDirectory...
FILE: test/Sign.TestInfrastructure/TestFileCreator.cs
class TestFileCreator (line 10) | public static class TestFileCreator
method CreateEmptyZipFile (line 12) | internal static FileInfo CreateEmptyZipFile(TemporaryDirectory tempora...
FILE: test/Sign.TestInfrastructure/TestLogEntry.cs
class TestLogEntry (line 9) | public sealed class TestLogEntry
method TestLogEntry (line 14) | internal TestLogEntry(LogLevel logLevel, string message)
FILE: test/Sign.TestInfrastructure/TestLogger.cs
class TestLogger (line 10) | public sealed class TestLogger<T> : ILogger<T>
method BeginScope (line 19) | public IDisposable? BeginScope<TState>(TState state) where TState : no...
method IsEnabled (line 24) | public bool IsEnabled(LogLevel logLevel)
method Log (line 29) | public void Log<TState>(LogLevel logLevel, EventId eventId, TState sta...
FILE: test/Sign.TestInfrastructure/TrustedCertificateFixture.cs
class TrustedCertificateFixture (line 11) | [CollectionDefinition(Name, DisableParallelization = true)]
method TrustedCertificateFixture (line 32) | [SupportedOSPlatform("windows")]
method Dispose (line 42) | public void Dispose()
Condensed preview — 629 files, each showing path, character count, and a content snippet. Download the .json file or copy for the full structured content (2,331K chars).
[
{
"path": ".azuredevops/dependabot.yml",
"chars": 182,
"preview": "version: 2\r\n\r\n# Disabling dependabot on Azure DevOps as this is a mirrored repo. Updates should go through github.\r\nenab"
},
{
"path": ".config/1espt/PipelineAutobaseliningConfig.yml",
"chars": 622,
"preview": "## DO NOT MODIFY THIS FILE MANUALLY. This is part of auto-baselining from 1ES Pipeline Templates. Go to [https://aka.ms/"
},
{
"path": ".config/1espt/README.md",
"chars": 479,
"preview": "Do not merge changes to PipelineAutobaseliningConfig.yml in the internal Azure DevOps repository, as it would break comm"
},
{
"path": ".editorconfig",
"chars": 820,
"preview": "root = true\n\n[*]\ninsert_final_newline = true\nindent_style = space\nindent_size = 4\ntrim_trailing_whitespace = true\n\n[*.{"
},
{
"path": ".gitattributes",
"chars": 2518,
"preview": "###############################################################################\n# Set default behavior to automatically "
},
{
"path": ".github/CODEOWNERS",
"chars": 295,
"preview": "# These owners will be the default owners for everything in\n# the repo. Unless a later match takes precedence,\n# review "
},
{
"path": ".github/ISSUE_TEMPLATE/bug_report.md",
"chars": 725,
"preview": "---\nname: Bug report\nabout: Create a report to help us improve\ntitle: ''\nlabels: ''\nassignees: ''\n\n---\n\n**Describe the b"
},
{
"path": ".github/ISSUE_TEMPLATE/feature_request.md",
"chars": 610,
"preview": "---\nname: Feature request\nabout: Suggest an idea for this project\ntitle: ''\nlabels: ''\nassignees: ''\n\n---\n\n**Is your fea"
},
{
"path": ".github/workflows/stale.yml",
"chars": 742,
"preview": "name: 'Close stale issues'\n\npermissions:\n issues: write\n\non:\n schedule:\n - cron: '30 1 * * *'\n\njobs:\n stale:\n r"
},
{
"path": ".gitignore",
"chars": 4276,
"preview": "## Ignore Visual Studio temporary files, build results, and\n## files generated by popular Visual Studio add-ons.\n\n# Tool"
},
{
"path": ".vsts-ci.yml",
"chars": 6278,
"preview": "# Pipeline: https://dnceng.visualstudio.com/internal/_build?definitionId=1190\n\nvariables:\n - name: _TeamName\n value:"
},
{
"path": ".vsts-pr.yml",
"chars": 1743,
"preview": "# Pipeline: https://dev.azure.com/dnceng-public/public/_build?definitionId=231\n\nvariables:\n - name: _TeamName\n value"
},
{
"path": "CODE-OF-CONDUCT.md",
"chars": 259,
"preview": "# Code of Conduct\n\nThis project has adopted the code of conduct defined by the Contributor Covenant\nto clarify expected "
},
{
"path": "Directory.Build.props",
"chars": 1849,
"preview": "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<Project>\n <Import Project=\"Sdk.props\" Sdk=\"Microsoft.DotNet.Arcade.Sdk\" />\n\n <"
},
{
"path": "Directory.Build.targets",
"chars": 128,
"preview": "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<Project>\n <Import Project=\"Sdk.targets\" Sdk=\"Microsoft.DotNet.Arcade.Sdk\" />\n</"
},
{
"path": "Directory.Packages.props",
"chars": 2396,
"preview": "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<Project>\n <PropertyGroup>\n <ManagePackageVersionsCentrally>true</ManagePacka"
},
{
"path": "LICENSE.txt",
"chars": 1116,
"preview": "The MIT License (MIT)\n\nCopyright (c) .NET Foundation and Contributors\n\nAll rights reserved.\n\nPermission is hereby grante"
},
{
"path": "NuGet.Config",
"chars": 1541,
"preview": "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<configuration>\n <packageSources>\n <clear />\n <add key=\"dotnet-eng\" value="
},
{
"path": "README.md",
"chars": 8506,
"preview": "# Sign CLI\n\n[<img align=\"right\" src=\"https://xunit.net/images/dotnet-fdn-logo.png\" width=\"100\" />](https://www.dotnetfou"
},
{
"path": "SECURITY.md",
"chars": 2786,
"preview": "<!-- BEGIN MICROSOFT SECURITY.MD V0.0.7 BLOCK -->\n\n## Security\n\nMicrosoft takes the security of our software products an"
},
{
"path": "SdkTools.props",
"chars": 3731,
"preview": "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<Project>\n <ItemGroup>\n <PackageReference Include=\"Microsoft.Windows.SDK.Buil"
},
{
"path": "THIRD-PARTY-NOTICES.txt",
"chars": 7845,
"preview": ".NET Core uses third-party libraries or other resources that may be\ndistributed under licenses different than the .NET C"
},
{
"path": "docs/artifact-signing-integration.md",
"chars": 5150,
"preview": "# Artifact Signing integration for Sign CLI\n\nThis document explains how to use the Sign CLI with a Artifact Signing acco"
},
{
"path": "docs/azdo-build-and-sign.yml",
"chars": 2854,
"preview": "trigger:\n- main\n- rel/*\n\npr:\n- main\n- rel/*\n\nstages:\n- stage: Build\n jobs:\n - job: Build\n pool:\n vmImage: ubun"
},
{
"path": "docs/comparisons.md",
"chars": 1813,
"preview": "# Signing Comparisons\n\n## NuGet\n\nThe following tables summarize differences between NuGet, dotnet, and Sign CLI's. \n\n###"
},
{
"path": "docs/file-globbing.md",
"chars": 2394,
"preview": "# File List Filtering and Globbing\n\nThe `code` signing command supports the `--file-list` or `-fl` option. This option s"
},
{
"path": "docs/gh-build-and-sign.yml",
"chars": 3143,
"preview": "name: Build and Sign\n\non:\n push:\n branches: [ \"main\" ]\n pull_request:\n branches: [ \"main\" ]\n\njobs:\n build: \n"
},
{
"path": "docs/signing-tool-spec.md",
"chars": 8295,
"preview": "# Signing CLI tool\n\n## Background\n\nCode signing is a way to provide tamper detection to binary files and provide a way o"
},
{
"path": "eng/PoliCheckExclusions.xml",
"chars": 942,
"preview": "<!-- Original source: https://github.com/dotnet/install-scripts/blob/707d374fc90068daedb5048ce95a1b34d269995e/eng/poli"
},
{
"path": "eng/Signing.props",
"chars": 795,
"preview": "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<Project>\n <PropertyGroup>\n <UseDotNetCertificate>true</UseDotNetCertificate"
},
{
"path": "eng/Version.Details.xml",
"chars": 507,
"preview": "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<Dependencies>\n <Source Uri=\"https://github.com/dotnet/dotnet\" Mapping=\"arcade\" "
},
{
"path": "eng/Versions.props",
"chars": 3524,
"preview": "<Project>\n <Import Project=\"Version.Details.props\" Condition=\"Exists('Version.Details.props')\" />\n <PropertyGroup>\n "
},
{
"path": "eng/common/BuildConfiguration/build-configuration.json",
"chars": 55,
"preview": "{\n \"RetryCountLimit\": 1,\n \"RetryByAnyError\": false\n}\n"
},
{
"path": "eng/common/CIBuild.cmd",
"chars": 140,
"preview": "@echo off\npowershell -ExecutionPolicy ByPass -NoProfile -command \"& \"\"\"%~dp0Build.ps1\"\"\" -restore -build -test -sign -pa"
},
{
"path": "eng/common/PSScriptAnalyzerSettings.psd1",
"chars": 474,
"preview": "@{\n IncludeRules=@('PSAvoidUsingCmdletAliases',\n 'PSAvoidUsingWMICmdlet',\n 'PSAvo"
},
{
"path": "eng/common/README.md",
"chars": 1321,
"preview": "# Don't touch this folder\n\n uuuuuuuuuuuuuuuuuuuu\n u\" uuuuuuuuuuuuuuuuuu \"u\n u\" u$"
},
{
"path": "eng/common/SetupNugetSources.ps1",
"chars": 8891,
"preview": "# This script adds internal feeds required to build commits that depend on internal package sources. For instance,\n# dot"
},
{
"path": "eng/common/SetupNugetSources.sh",
"chars": 8180,
"preview": "#!/usr/bin/env bash\n\n# This script adds internal feeds required to build commits that depend on internal package sources"
},
{
"path": "eng/common/build.cmd",
"chars": 114,
"preview": "@echo off\npowershell -ExecutionPolicy ByPass -NoProfile -command \"& \"\"\"%~dp0build.ps1\"\"\" %*\"\nexit /b %ErrorLevel%\n"
},
{
"path": "eng/common/build.ps1",
"chars": 6563,
"preview": "[CmdletBinding(PositionalBinding=$false)]\nParam(\n [string][Alias('c')]$configuration = \"Debug\",\n [string]$platform = $"
},
{
"path": "eng/common/build.sh",
"chars": 7127,
"preview": "#!/usr/bin/env bash\n\n# Stop script if unbound variable found (use ${var:-} if intentional)\nset -u\n\n# Stop script if comm"
},
{
"path": "eng/common/cibuild.sh",
"chars": 537,
"preview": "#!/usr/bin/env bash\n\nsource=\"${BASH_SOURCE[0]}\"\n\n# resolve $SOURCE until the file is no longer a symlink\nwhile [[ -h $so"
},
{
"path": "eng/common/core-templates/job/job.yml",
"chars": 8981,
"preview": "parameters:\n# Job schema parameters - https://docs.microsoft.com/en-us/azure/devops/pipelines/yaml-schema?view=vsts&tabs"
},
{
"path": "eng/common/core-templates/job/onelocbuild.yml",
"chars": 4632,
"preview": "parameters:\n # Optional: dependencies of the job\n dependsOn: ''\n\n # Optional: A defined YAML pool - https://docs.micr"
},
{
"path": "eng/common/core-templates/job/publish-build-assets.yml",
"chars": 9303,
"preview": "parameters:\n configuration: 'Debug'\n\n # Optional: condition for the job to run\n condition: ''\n\n # Optional: 'true' i"
},
{
"path": "eng/common/core-templates/job/source-build.yml",
"chars": 5214,
"preview": "parameters:\n # This template adds arcade-powered source-build to CI. The template produces a server job with a\n # defa"
},
{
"path": "eng/common/core-templates/job/source-index-stage1.yml",
"chars": 1617,
"preview": "parameters:\n runAsPublic: false\n sourceIndexBuildCommand: powershell -NoLogo -NoProfile -ExecutionPolicy Bypass -Comma"
},
{
"path": "eng/common/core-templates/jobs/codeql-build.yml",
"chars": 1247,
"preview": "parameters:\n # See schema documentation in /Documentation/AzureDevOps/TemplateSchema.md\n continueOnError: false\n # Re"
},
{
"path": "eng/common/core-templates/jobs/jobs.yml",
"chars": 5295,
"preview": "parameters:\n # See schema documentation in /Documentation/AzureDevOps/TemplateSchema.md\n continueOnError: false\n\n # O"
},
{
"path": "eng/common/core-templates/jobs/source-build.yml",
"chars": 1818,
"preview": "parameters:\n # This template adds arcade-powered source-build to CI. A job is created for each platform, as\n # well as"
},
{
"path": "eng/common/core-templates/post-build/common-variables.yml",
"chars": 604,
"preview": "variables:\n - group: Publish-Build-Assets\n\n # Whether the build is internal or not\n - name: IsInternalBuild\n value"
},
{
"path": "eng/common/core-templates/post-build/post-build.yml",
"chars": 15336,
"preview": "parameters:\n # Which publishing infra should be used. THIS SHOULD MATCH THE VERSION ON THE BUILD MANIFEST.\n # Publishi"
},
{
"path": "eng/common/core-templates/post-build/setup-maestro-vars.yml",
"chars": 2879,
"preview": "parameters:\n BARBuildId: ''\n PromoteToChannelIds: ''\n is1ESPipeline: ''\n\nsteps:\n - ${{ if eq(parameters.is1ESPipelin"
},
{
"path": "eng/common/core-templates/steps/cleanup-microbuild.yml",
"chars": 925,
"preview": "parameters:\n # Enable cleanup tasks for MicroBuild\n enableMicrobuild: false\n # Enable cleanup tasks for MicroBuild on"
},
{
"path": "eng/common/core-templates/steps/enable-internal-runtimes.yml",
"chars": 1075,
"preview": "# Obtains internal runtime download credentials and populates the 'dotnetbuilds-internal-container-read-token-base64'\n# "
},
{
"path": "eng/common/core-templates/steps/enable-internal-sources.yml",
"chars": 2301,
"preview": "parameters:\n# This is the Azure federated service connection that we log into to get an access token.\n- name: nugetFeder"
},
{
"path": "eng/common/core-templates/steps/generate-sbom.yml",
"chars": 444,
"preview": "parameters:\n PackageVersion: unused\n BuildDropPath: unused\n PackageName: unused\n ManifestDirPath: unused\n IgnoreDir"
},
{
"path": "eng/common/core-templates/steps/get-delegation-sas.yml",
"chars": 1561,
"preview": "parameters:\n- name: federatedServiceConnection\n type: string\n- name: outputVariableName\n type: string\n- name: expiryIn"
},
{
"path": "eng/common/core-templates/steps/get-federated-access-token.yml",
"chars": 1474,
"preview": "parameters:\n- name: federatedServiceConnection\n type: string\n- name: outputVariableName\n type: string\n- name: is1ESPip"
},
{
"path": "eng/common/core-templates/steps/install-microbuild.yml",
"chars": 5806,
"preview": "parameters:\n # Enable install tasks for MicroBuild\n enableMicrobuild: false\n # Enable install tasks for MicroBuild on"
},
{
"path": "eng/common/core-templates/steps/publish-build-artifacts.yml",
"chars": 667,
"preview": "parameters:\n- name: is1ESPipeline\n type: boolean\n default: false\n- name: args\n type: object\n default: {}\nsteps:\n- ${"
},
{
"path": "eng/common/core-templates/steps/publish-logs.yml",
"chars": 2825,
"preview": "parameters:\n StageLabel: ''\n JobLabel: ''\n CustomSensitiveDataList: ''\n # A default - in case value from eng/common/"
},
{
"path": "eng/common/core-templates/steps/publish-pipeline-artifacts.yml",
"chars": 562,
"preview": "parameters:\n- name: is1ESPipeline\n type: boolean\n default: false\n\n- name: args\n type: object\n default: {} \n\nsteps:\n"
},
{
"path": "eng/common/core-templates/steps/retain-build.yml",
"chars": 1222,
"preview": "parameters:\n # Optional azure devops PAT with build execute permissions for the build's organization,\n # only needed i"
},
{
"path": "eng/common/core-templates/steps/send-to-helix.yml",
"chars": 8338,
"preview": "# Please remember to update the documentation if you make changes to these parameters!\nparameters:\n HelixSource: 'pr/de"
},
{
"path": "eng/common/core-templates/steps/source-build.yml",
"chars": 3135,
"preview": "parameters:\n # This template adds arcade-powered source-build to CI.\n\n # This is a 'steps' template, and is intended f"
},
{
"path": "eng/common/core-templates/steps/source-index-stage1-publish.yml",
"chars": 2059,
"preview": "parameters:\n sourceIndexUploadPackageVersion: 2.0.0-20250818.1\n sourceIndexProcessBinlogPackageVersion: 1.0.1-20250818"
},
{
"path": "eng/common/core-templates/variables/pool-providers.yml",
"chars": 258,
"preview": "parameters:\n is1ESPipeline: false\n\nvariables:\n - ${{ if eq(parameters.is1ESPipeline, 'true') }}:\n - template: /eng/"
},
{
"path": "eng/common/cross/arm/tizen/tizen.patch",
"chars": 488,
"preview": "diff -u -r a/usr/lib/libc.so b/usr/lib/libc.so\n--- a/usr/lib/libc.so\t2016-12-30 23:00:08.284951863 +0900\n+++ b/usr/lib/l"
},
{
"path": "eng/common/cross/arm64/tizen/tizen.patch",
"chars": 506,
"preview": "diff -u -r a/usr/lib/libc.so b/usr/lib/libc.so\n--- a/usr/lib64/libc.so\t2016-12-30 23:00:08.284951863 +0900\n+++ b/usr/lib"
},
{
"path": "eng/common/cross/armel/tizen/tizen.patch",
"chars": 476,
"preview": "diff -u -r a/usr/lib/libc.so b/usr/lib/libc.so\n--- a/usr/lib/libc.so\t2016-12-30 23:00:08.284951863 +0900\n+++ b/usr/lib/l"
},
{
"path": "eng/common/cross/build-android-rootfs.sh",
"chars": 5426,
"preview": "#!/usr/bin/env bash\nset -e\n__NDK_Version=r21\n\nusage()\n{\n echo \"Creates a toolchain and sysroot used for cross-compili"
},
{
"path": "eng/common/cross/build-rootfs.sh",
"chars": 41718,
"preview": "#!/usr/bin/env bash\n\nset -e\n\nusage()\n{\n echo \"Usage: $0 [BuildArch] [CodeName] [lldbx.y] [llvmx[.y]] [--skipunmount] "
},
{
"path": "eng/common/cross/install-debs.py",
"chars": 13176,
"preview": "#!/usr/bin/env python3\n\nimport argparse\nimport asyncio\nimport aiohttp\nimport gzip\nimport os\nimport re\nimport shutil\nimpo"
},
{
"path": "eng/common/cross/riscv64/tizen/tizen.patch",
"chars": 516,
"preview": "diff -u -r a/usr/lib/libc.so b/usr/lib/libc.so\n--- a/usr/lib64/libc.so\t2016-12-30 23:00:08.284951863 +0900\n+++ b/usr/lib"
},
{
"path": "eng/common/cross/tizen-build-rootfs.sh",
"chars": 2100,
"preview": "#!/usr/bin/env bash\nset -e\n\nARCH=$1\nLINK_ARCH=$ARCH\n\ncase \"$ARCH\" in\n arm)\n TIZEN_ARCH=\"armv7hl\"\n ;;\n "
},
{
"path": "eng/common/cross/tizen-fetch.sh",
"chars": 4829,
"preview": "#!/usr/bin/env bash\nset -e\n\nif [[ -z \"${VERBOSE// }\" ]] || [ \"$VERBOSE\" -ne \"$VERBOSE\" ] 2>/dev/null; then\n VERBOSE=0"
},
{
"path": "eng/common/cross/toolchain.cmake",
"chars": 14853,
"preview": "set(CROSS_ROOTFS $ENV{ROOTFS_DIR})\n\n# reset platform variables (e.g. cmake 3.25 sets LINUX=1)\nunset(LINUX)\nunset(FREEBSD"
},
{
"path": "eng/common/darc-init.ps1",
"chars": 1860,
"preview": "param (\n $darcVersion = $null,\n $versionEndpoint = 'https://maestro.dot.net/api/assets/darc-version?api-version=20"
},
{
"path": "eng/common/darc-init.sh",
"chars": 2418,
"preview": "#!/usr/bin/env bash\n\nsource=\"${BASH_SOURCE[0]}\"\ndarcVersion=''\nversionEndpoint='https://maestro.dot.net/api/assets/darc-"
},
{
"path": "eng/common/dotnet-install.cmd",
"chars": 101,
"preview": "@echo off\npowershell -ExecutionPolicy ByPass -NoProfile -command \"& \"\"\"%~dp0dotnet-install.ps1\"\"\" %*\""
},
{
"path": "eng/common/dotnet-install.ps1",
"chars": 786,
"preview": "[CmdletBinding(PositionalBinding=$false)]\nParam(\n [string] $verbosity = 'minimal',\n [string] $architecture = '',\n [st"
},
{
"path": "eng/common/dotnet-install.sh",
"chars": 2230,
"preview": "#!/usr/bin/env bash\n\nsource=\"${BASH_SOURCE[0]}\"\n# resolve $source until the file is no longer a symlink\nwhile [[ -h \"$so"
},
{
"path": "eng/common/dotnet.cmd",
"chars": 225,
"preview": "@echo off\n\n:: This script is used to install the .NET SDK.\n:: It will also invoke the SDK with any provided arguments.\n\n"
},
{
"path": "eng/common/dotnet.ps1",
"chars": 321,
"preview": "# This script is used to install the .NET SDK.\n# It will also invoke the SDK with any provided arguments.\n\n. $PSScriptRo"
},
{
"path": "eng/common/dotnet.sh",
"chars": 803,
"preview": "#!/usr/bin/env bash\n\n# This script is used to install the .NET SDK.\n# It will also invoke the SDK with any provided argu"
},
{
"path": "eng/common/enable-cross-org-publishing.ps1",
"chars": 584,
"preview": "param(\n [string] $token\n)\n\n\n. $PSScriptRoot\\pipeline-logging-functions.ps1\n\n# Write-PipelineSetVariable will no-op if a"
},
{
"path": "eng/common/generate-locproject.ps1",
"chars": 10088,
"preview": "Param(\n [Parameter(Mandatory=$true)][string] $SourcesDirectory, # Directory where source files live; if using a L"
},
{
"path": "eng/common/helixpublish.proj",
"chars": 923,
"preview": "<!-- Licensed to the .NET Foundation under one or more agreements. The .NET Foundation licenses this file to you under t"
},
{
"path": "eng/common/init-tools-native.cmd",
"chars": 133,
"preview": "@echo off\npowershell -NoProfile -NoLogo -ExecutionPolicy ByPass -command \"& \"\"\"%~dp0init-tools-native.ps1\"\"\" %*\"\nexit /b"
},
{
"path": "eng/common/init-tools-native.ps1",
"chars": 7953,
"preview": "<#\n.SYNOPSIS\nEntry point script for installing native tools\n\n.DESCRIPTION\nReads $RepoRoot\\global.json file to determine "
},
{
"path": "eng/common/init-tools-native.sh",
"chars": 7326,
"preview": "#!/usr/bin/env bash\n\nsource=\"${BASH_SOURCE[0]}\"\nscriptroot=\"$( cd -P \"$( dirname \"$source\" )\" && pwd )\"\n\nbase_uri='https"
},
{
"path": "eng/common/internal/Directory.Build.props",
"chars": 408,
"preview": "<!-- Licensed to the .NET Foundation under one or more agreements. The .NET Foundation licenses this file to you under t"
},
{
"path": "eng/common/internal/NuGet.config",
"chars": 339,
"preview": "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<configuration>\n <packageSources>\n <clear />\n <add key=\"dotnet-core-intern"
},
{
"path": "eng/common/internal/Tools.csproj",
"chars": 1579,
"preview": "<!-- Licensed to the .NET Foundation under one or more agreements. The .NET Foundation licenses this file to you under t"
},
{
"path": "eng/common/internal-feed-operations.ps1",
"chars": 4665,
"preview": "param(\n [Parameter(Mandatory=$true)][string] $Operation,\n [string] $AuthToken,\n [string] $CommitSha,\n [string] $Repo"
},
{
"path": "eng/common/internal-feed-operations.sh",
"chars": 4393,
"preview": "#!/usr/bin/env bash\n\nset -e\n\n# Sets VSS_NUGET_EXTERNAL_FEED_ENDPOINTS based on the \"darc-int-*\" feeds defined in NuGet.c"
},
{
"path": "eng/common/loc/P22DotNetHtmlLocalization.lss",
"chars": 1876,
"preview": "<?xml version=\"1.0\"?>\n<LS_SETTINGS_FILE>\n <LS_SETTINGS_DESCRIPTION>\n <![CDATA[]]>\n </LS_SETTINGS_DESCRIPTION>\n <op"
},
{
"path": "eng/common/msbuild.ps1",
"chars": 571,
"preview": "[CmdletBinding(PositionalBinding=$false)]\nParam(\n [string] $verbosity = 'minimal',\n [bool] $warnAsError = $true,\n [bo"
},
{
"path": "eng/common/msbuild.sh",
"chars": 1143,
"preview": "#!/usr/bin/env bash\n\nsource=\"${BASH_SOURCE[0]}\"\n\n# resolve $source until the file is no longer a symlink\nwhile [[ -h \"$s"
},
{
"path": "eng/common/native/CommonLibrary.psm1",
"chars": 12103,
"preview": "<#\n.SYNOPSIS\nHelper module to install an archive to a directory\n\n.DESCRIPTION\nHelper module to download and extract an a"
},
{
"path": "eng/common/native/common-library.sh",
"chars": 4171,
"preview": "#!/usr/bin/env bash\n\nfunction GetNativeInstallDirectory {\n local install_dir\n\n if [[ -z $NETCOREENG_INSTALL_DIRECTORY "
},
{
"path": "eng/common/native/init-compiler.sh",
"chars": 4665,
"preview": "#!/bin/sh\n#\n# This file detects the C/C++ compiler and exports it to the CC/CXX environment variables\n#\n# NOTE: some scr"
},
{
"path": "eng/common/native/init-distro-rid.sh",
"chars": 3706,
"preview": "#!/bin/sh\n\n# getNonPortableDistroRid\n#\n# Input:\n# targetOs: (str)\n# targetArch: (str)\n# rootfsDir: (str)\n#\n# Retur"
},
{
"path": "eng/common/native/init-os-and-arch.sh",
"chars": 1876,
"preview": "#!/bin/sh\n\n# Use uname to determine what the OS is.\nOSName=$(uname -s | tr '[:upper:]' '[:lower:]')\n\nif command -v getpr"
},
{
"path": "eng/common/native/install-cmake-test.sh",
"chars": 3010,
"preview": "#!/usr/bin/env bash\n\nsource=\"${BASH_SOURCE[0]}\"\nscriptroot=\"$( cd -P \"$( dirname \"$source\" )\" && pwd )\"\n\n. $scriptroot/c"
},
{
"path": "eng/common/native/install-cmake.sh",
"chars": 3005,
"preview": "#!/usr/bin/env bash\n\nsource=\"${BASH_SOURCE[0]}\"\nscriptroot=\"$( cd -P \"$( dirname \"$source\" )\" && pwd )\"\n\n. $scriptroot/c"
},
{
"path": "eng/common/native/install-dependencies.sh",
"chars": 1886,
"preview": "#!/bin/sh\n\nset -e\n\n# This is a simple script primarily used for CI to install necessary dependencies\n#\n# Usage:\n#\n# ./in"
},
{
"path": "eng/common/native/install-tool.ps1",
"chars": 4286,
"preview": "<#\n.SYNOPSIS\nInstall native tool\n\n.DESCRIPTION\nInstall cmake native tool from Azure blob storage\n\n.PARAMETER InstallPath"
},
{
"path": "eng/common/pipeline-logging-functions.ps1",
"chars": 8460,
"preview": "# Source for this file was taken from https://github.com/microsoft/azure-pipelines-task-lib/blob/11c9439d4af17e6475d9fe0"
},
{
"path": "eng/common/pipeline-logging-functions.sh",
"chars": 3864,
"preview": "#!/usr/bin/env bash\n\nfunction Write-PipelineTelemetryError {\n local telemetry_category=''\n local force=false\n local f"
},
{
"path": "eng/common/post-build/check-channel-consistency.ps1",
"chars": 2176,
"preview": "param(\n [Parameter(Mandatory=$true)][string] $PromoteToChannels, # List of channels that the build should be"
},
{
"path": "eng/common/post-build/nuget-validation.ps1",
"chars": 763,
"preview": "# This script validates NuGet package metadata information using this \n# tool: https://github.com/NuGet/NuGetGallery/tre"
},
{
"path": "eng/common/post-build/nuget-verification.ps1",
"chars": 4301,
"preview": "<#\n.SYNOPSIS\n Verifies that Microsoft NuGet packages have proper metadata.\n.DESCRIPTION\n Downloads a verification "
},
{
"path": "eng/common/post-build/publish-using-darc.ps1",
"chars": 2489,
"preview": "param(\n [Parameter(Mandatory=$true)][int] $BuildId,\n [Parameter(Mandatory=$true)][int] $PublishingInfraVersion,\n [Par"
},
{
"path": "eng/common/post-build/redact-logs.ps1",
"chars": 3105,
"preview": "[CmdletBinding(PositionalBinding=$False)]\nparam(\n [Parameter(Mandatory=$true, Position=0)][string] $InputPath,\n [Param"
},
{
"path": "eng/common/post-build/sourcelink-validation.ps1",
"chars": 11864,
"preview": "param(\n [Parameter(Mandatory=$true)][string] $InputPath, # Full path to directory where Symbols.NuGet pack"
},
{
"path": "eng/common/post-build/symbols-validation.ps1",
"chars": 11648,
"preview": "param(\n [Parameter(Mandatory = $true)][string] $InputPath, # Full path to directory where NuGet packages to be checked "
},
{
"path": "eng/common/retain-build.ps1",
"chars": 1373,
"preview": "\nParam(\n[Parameter(Mandatory=$true)][int] $buildId,\n[Parameter(Mandatory=$true)][string] $azdoOrgUri, \n[Parameter(Mandat"
},
{
"path": "eng/common/sdk-task.ps1",
"chars": 3556,
"preview": "[CmdletBinding(PositionalBinding=$false)]\nParam(\n [string] $configuration = 'Debug',\n [string] $task,\n [string] $verb"
},
{
"path": "eng/common/sdk-task.sh",
"chars": 2945,
"preview": "#!/usr/bin/env bash\n\nshow_usage() {\n echo \"Common settings:\"\n echo \" --task <value> Name of Arcade task"
},
{
"path": "eng/common/sdl/NuGet.config",
"chars": 562,
"preview": "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<configuration>\n <solution>\n <add key=\"disableSourceControlIntegration\" valu"
},
{
"path": "eng/common/sdl/configure-sdl-tool.ps1",
"chars": 4777,
"preview": "Param(\n [string] $GuardianCliLocation,\n [string] $WorkingDirectory,\n [string] $TargetDirectory,\n [string] $GdnFolder"
},
{
"path": "eng/common/sdl/execute-all-sdl-tools.ps1",
"chars": 12121,
"preview": "Param(\n [string] $GuardianPackageName, # Required: the "
},
{
"path": "eng/common/sdl/extract-artifact-archives.ps1",
"chars": 2341,
"preview": "# This script looks for each archive file in a directory and extracts it into the target directory.\n# For example, the f"
},
{
"path": "eng/common/sdl/extract-artifact-packages.ps1",
"chars": 2612,
"preview": "param(\n [Parameter(Mandatory=$true)][string] $InputPath, # Full path to directory where artifact packages "
},
{
"path": "eng/common/sdl/init-sdl.ps1",
"chars": 2480,
"preview": "Param(\n [string] $GuardianCliLocation,\n [string] $Repository,\n [string] $BranchName='master',\n [string] $WorkingDire"
},
{
"path": "eng/common/sdl/packages.config",
"chars": 121,
"preview": "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<packages>\n <package id=\"Microsoft.Guardian.Cli\" version=\"0.199.0\"/>\n</packages>"
},
{
"path": "eng/common/sdl/run-sdl.ps1",
"chars": 1430,
"preview": "Param(\n [string] $GuardianCliLocation,\n [string] $WorkingDirectory,\n [string] $GdnFolder,\n [string] $UpdateBaseline,"
},
{
"path": "eng/common/sdl/sdl.ps1",
"chars": 1230,
"preview": "\nfunction Install-Gdn {\n param(\n [Parameter(Mandatory=$true)]\n [string]$Path,\n\n # If omitted, in"
},
{
"path": "eng/common/sdl/trim-assets-version.ps1",
"chars": 2229,
"preview": "<#\n.SYNOPSIS\nInstall and run the 'Microsoft.DotNet.VersionTools.Cli' tool with the 'trim-artifacts-version' command to t"
},
{
"path": "eng/common/template-guidance.md",
"chars": 7460,
"preview": "# Overview\n\nArcade provides templates for public (`/templates`) and 1ES pipeline templates (`/templates-official`) scena"
},
{
"path": "eng/common/templates/job/job.yml",
"chars": 4069,
"preview": "parameters: \n enablePublishBuildArtifacts: false\n runAsPublic: false\n# CG related params, unused now and can eventuall"
},
{
"path": "eng/common/templates/job/onelocbuild.yml",
"chars": 197,
"preview": "jobs:\n- template: /eng/common/core-templates/job/onelocbuild.yml\n parameters:\n is1ESPipeline: false\n\n ${{ each pa"
},
{
"path": "eng/common/templates/job/publish-build-assets.yml",
"chars": 206,
"preview": "jobs:\n- template: /eng/common/core-templates/job/publish-build-assets.yml\n parameters:\n is1ESPipeline: false\n\n ${"
},
{
"path": "eng/common/templates/job/source-build.yml",
"chars": 198,
"preview": "jobs:\n- template: /eng/common/core-templates/job/source-build.yml\n parameters:\n is1ESPipeline: false\n\n ${{ each p"
},
{
"path": "eng/common/templates/job/source-index-stage1.yml",
"chars": 205,
"preview": "jobs:\n- template: /eng/common/core-templates/job/source-index-stage1.yml\n parameters:\n is1ESPipeline: false\n\n ${{"
},
{
"path": "eng/common/templates/jobs/codeql-build.yml",
"chars": 199,
"preview": "jobs:\n- template: /eng/common/core-templates/jobs/codeql-build.yml\n parameters:\n is1ESPipeline: false\n\n ${{ each "
},
{
"path": "eng/common/templates/jobs/jobs.yml",
"chars": 191,
"preview": "jobs:\n- template: /eng/common/core-templates/jobs/jobs.yml\n parameters:\n is1ESPipeline: false\n\n ${{ each paramete"
},
{
"path": "eng/common/templates/jobs/source-build.yml",
"chars": 198,
"preview": "jobs:\n- template: /eng/common/core-templates/jobs/source-build.yml\n parameters:\n is1ESPipeline: false\n\n ${{ each "
},
{
"path": "eng/common/templates/post-build/common-variables.yml",
"chars": 248,
"preview": "variables:\n- template: /eng/common/core-templates/post-build/common-variables.yml\n parameters:\n # Specifies whether "
},
{
"path": "eng/common/templates/post-build/post-build.yml",
"chars": 239,
"preview": "stages:\n- template: /eng/common/core-templates/post-build/post-build.yml\n parameters:\n # Specifies whether to use 1E"
},
{
"path": "eng/common/templates/post-build/setup-maestro-vars.yml",
"chars": 246,
"preview": "steps:\n- template: /eng/common/core-templates/post-build/setup-maestro-vars.yml\n parameters:\n # Specifies whether to"
},
{
"path": "eng/common/templates/steps/enable-internal-runtimes.yml",
"chars": 389,
"preview": "# Obtains internal runtime download credentials and populates the 'dotnetbuilds-internal-container-read-token-base64'\n# "
},
{
"path": "eng/common/templates/steps/enable-internal-sources.yml",
"chars": 211,
"preview": "steps:\n- template: /eng/common/core-templates/steps/enable-internal-sources.yml\n parameters:\n is1ESPipeline: false\n\n"
},
{
"path": "eng/common/templates/steps/generate-sbom.yml",
"chars": 202,
"preview": "steps:\n- template: /eng/common/core-templates/steps/generate-sbom.yml\n parameters:\n is1ESPipeline: false\n\n ${{ ea"
},
{
"path": "eng/common/templates/steps/get-delegation-sas.yml",
"chars": 207,
"preview": "steps:\n- template: /eng/common/core-templates/steps/get-delegation-sas.yml\n parameters:\n is1ESPipeline: false\n\n $"
},
{
"path": "eng/common/templates/steps/get-federated-access-token.yml",
"chars": 214,
"preview": "steps:\n- template: /eng/common/core-templates/steps/get-federated-access-token.yml\n parameters:\n is1ESPipeline: fals"
},
{
"path": "eng/common/templates/steps/publish-build-artifacts.yml",
"chars": 1140,
"preview": "parameters:\n- name: is1ESPipeline\n type: boolean\n default: false\n\n- name: displayName\n type: string\n default: 'Publi"
},
{
"path": "eng/common/templates/steps/publish-logs.yml",
"chars": 201,
"preview": "steps:\n- template: /eng/common/core-templates/steps/publish-logs.yml\n parameters:\n is1ESPipeline: false\n\n ${{ eac"
},
{
"path": "eng/common/templates/steps/publish-pipeline-artifacts.yml",
"chars": 1262,
"preview": "parameters:\n- name: is1ESPipeline\n type: boolean\n default: false\n\n- name: args\n type: object\n default: {}\n\nsteps:\n- "
},
{
"path": "eng/common/templates/steps/retain-build.yml",
"chars": 201,
"preview": "steps:\n- template: /eng/common/core-templates/steps/retain-build.yml\n parameters:\n is1ESPipeline: false\n\n ${{ eac"
},
{
"path": "eng/common/templates/steps/send-to-helix.yml",
"chars": 202,
"preview": "steps:\n- template: /eng/common/core-templates/steps/send-to-helix.yml\n parameters:\n is1ESPipeline: false\n\n ${{ ea"
},
{
"path": "eng/common/templates/steps/source-build.yml",
"chars": 201,
"preview": "steps:\n- template: /eng/common/core-templates/steps/source-build.yml\n parameters:\n is1ESPipeline: false\n\n ${{ eac"
},
{
"path": "eng/common/templates/steps/source-index-stage1-publish.yml",
"chars": 216,
"preview": "steps:\n- template: /eng/common/core-templates/steps/source-index-stage1-publish.yml\n parameters:\n is1ESPipeline: fal"
},
{
"path": "eng/common/templates/steps/vmr-sync.yml",
"chars": 6532,
"preview": "### These steps synchronize new code from product repositories into the VMR (https://github.com/dotnet/dotnet).\n### They"
},
{
"path": "eng/common/templates/variables/pool-providers.yml",
"chars": 2855,
"preview": "# Select a pool provider based off branch name. Anything with branch name containing 'release' must go into an -Svc pool"
},
{
"path": "eng/common/templates/vmr-build-pr.yml",
"chars": 1391,
"preview": "# This pipeline is used for running the VMR verification of the PR changes in repo-level PRs.\n#\n# It will run a full set"
},
{
"path": "eng/common/templates-official/job/job.yml",
"chars": 4618,
"preview": "parameters:\n runAsPublic: false\n# Sbom related params, unused now and can eventually be removed\n enableSbom: unused\n "
},
{
"path": "eng/common/templates-official/job/onelocbuild.yml",
"chars": 196,
"preview": "jobs:\n- template: /eng/common/core-templates/job/onelocbuild.yml\n parameters:\n is1ESPipeline: true\n\n ${{ each par"
},
{
"path": "eng/common/templates-official/job/publish-build-assets.yml",
"chars": 205,
"preview": "jobs:\n- template: /eng/common/core-templates/job/publish-build-assets.yml\n parameters:\n is1ESPipeline: true\n\n ${{"
},
{
"path": "eng/common/templates-official/job/source-build.yml",
"chars": 197,
"preview": "jobs:\n- template: /eng/common/core-templates/job/source-build.yml\n parameters:\n is1ESPipeline: true\n\n ${{ each pa"
},
{
"path": "eng/common/templates-official/job/source-index-stage1.yml",
"chars": 204,
"preview": "jobs:\n- template: /eng/common/core-templates/job/source-index-stage1.yml\n parameters:\n is1ESPipeline: true\n\n ${{ "
},
{
"path": "eng/common/templates-official/jobs/codeql-build.yml",
"chars": 198,
"preview": "jobs:\n- template: /eng/common/core-templates/jobs/codeql-build.yml\n parameters:\n is1ESPipeline: true\n\n ${{ each p"
},
{
"path": "eng/common/templates-official/jobs/jobs.yml",
"chars": 190,
"preview": "jobs:\n- template: /eng/common/core-templates/jobs/jobs.yml\n parameters:\n is1ESPipeline: true\n\n ${{ each parameter"
},
{
"path": "eng/common/templates-official/jobs/source-build.yml",
"chars": 197,
"preview": "jobs:\n- template: /eng/common/core-templates/jobs/source-build.yml\n parameters:\n is1ESPipeline: true\n\n ${{ each p"
},
{
"path": "eng/common/templates-official/post-build/common-variables.yml",
"chars": 247,
"preview": "variables:\n- template: /eng/common/core-templates/post-build/common-variables.yml\n parameters:\n # Specifies whether "
},
{
"path": "eng/common/templates-official/post-build/post-build.yml",
"chars": 239,
"preview": "stages:\n- template: /eng/common/core-templates/post-build/post-build.yml\n parameters:\n # Specifies whether to use 1E"
},
{
"path": "eng/common/templates-official/post-build/setup-maestro-vars.yml",
"chars": 245,
"preview": "steps:\n- template: /eng/common/core-templates/post-build/setup-maestro-vars.yml\n parameters:\n # Specifies whether to"
},
{
"path": "eng/common/templates-official/steps/enable-internal-runtimes.yml",
"chars": 387,
"preview": "# Obtains internal runtime download credentials and populates the 'dotnetbuilds-internal-container-read-token-base64'\n# "
},
{
"path": "eng/common/templates-official/steps/enable-internal-sources.yml",
"chars": 210,
"preview": "steps:\n- template: /eng/common/core-templates/steps/enable-internal-sources.yml\n parameters:\n is1ESPipeline: true\n\n "
},
{
"path": "eng/common/templates-official/steps/generate-sbom.yml",
"chars": 201,
"preview": "steps:\n- template: /eng/common/core-templates/steps/generate-sbom.yml\n parameters:\n is1ESPipeline: true\n\n ${{ eac"
},
{
"path": "eng/common/templates-official/steps/get-delegation-sas.yml",
"chars": 206,
"preview": "steps:\n- template: /eng/common/core-templates/steps/get-delegation-sas.yml\n parameters:\n is1ESPipeline: true\n\n ${"
},
{
"path": "eng/common/templates-official/steps/get-federated-access-token.yml",
"chars": 213,
"preview": "steps:\n- template: /eng/common/core-templates/steps/get-federated-access-token.yml\n parameters:\n is1ESPipeline: true"
},
{
"path": "eng/common/templates-official/steps/publish-build-artifacts.yml",
"chars": 1156,
"preview": "parameters:\n- name: displayName\n type: string\n default: 'Publish to Build Artifact'\n\n- name: condition\n type: string\n"
},
{
"path": "eng/common/templates-official/steps/publish-logs.yml",
"chars": 200,
"preview": "steps:\n- template: /eng/common/core-templates/steps/publish-logs.yml\n parameters:\n is1ESPipeline: true\n\n ${{ each"
},
{
"path": "eng/common/templates-official/steps/publish-pipeline-artifacts.yml",
"chars": 1089,
"preview": "parameters:\n- name: is1ESPipeline\n type: boolean\n default: true\n\n- name: args\n type: object\n default: {}\n\nsteps:\n- $"
},
{
"path": "eng/common/templates-official/steps/retain-build.yml",
"chars": 200,
"preview": "steps:\n- template: /eng/common/core-templates/steps/retain-build.yml\n parameters:\n is1ESPipeline: true\n\n ${{ each"
},
{
"path": "eng/common/templates-official/steps/send-to-helix.yml",
"chars": 201,
"preview": "steps:\n- template: /eng/common/core-templates/steps/send-to-helix.yml\n parameters:\n is1ESPipeline: true\n\n ${{ eac"
},
{
"path": "eng/common/templates-official/steps/source-build.yml",
"chars": 200,
"preview": "steps:\n- template: /eng/common/core-templates/steps/source-build.yml\n parameters:\n is1ESPipeline: true\n\n ${{ each"
},
{
"path": "eng/common/templates-official/steps/source-index-stage1-publish.yml",
"chars": 215,
"preview": "steps:\n- template: /eng/common/core-templates/steps/source-index-stage1-publish.yml\n parameters:\n is1ESPipeline: tru"
},
{
"path": "eng/common/templates-official/variables/pool-providers.yml",
"chars": 2236,
"preview": "# Select a pool provider based off branch name. Anything with branch name containing 'release' must go into an -Svc pool"
},
{
"path": "eng/common/templates-official/variables/sdl-variables.yml",
"chars": 302,
"preview": "variables:\n# The Guardian version specified in 'eng/common/sdl/packages.config'. This value must be kept in\n# sync with "
},
{
"path": "eng/common/tools.ps1",
"chars": 38068,
"preview": "# Initialize variables if they aren't already defined.\n# These may be defined as parameters of the importing script, or "
},
{
"path": "eng/common/tools.sh",
"chars": 19927,
"preview": "#!/usr/bin/env bash\n\n# Initialize variables if they aren't already defined.\n\n# CI mode - set to true on CI server for PR"
},
{
"path": "eng/common/vmr-sync.ps1",
"chars": 4394,
"preview": "<#\n.SYNOPSIS\n\nThis script is used for synchronizing the current repository into a local VMR.\nIt pulls the current reposi"
},
{
"path": "eng/common/vmr-sync.sh",
"chars": 6112,
"preview": "#!/bin/bash\n\n### This script is used for synchronizing the current repository into a local VMR.\n### It pulls the current"
},
{
"path": "es-metadata.yml",
"chars": 279,
"preview": "schemaVersion: 1.0.0\nproviders:\n- provider: InventoryAsCode\n version: 1.0.0\n metadata:\n isProduction: true\n acco"
},
{
"path": "global.json",
"chars": 814,
"preview": "{\n \"tools\": {\n \"_comment\": \"Because this affects the runtime environment of Sign CLI *when run from this directory*,"
},
{
"path": "scripts/UpdateWintrust.ps1",
"chars": 865,
"preview": "param(\n [string] $WintrustIniPath\n)\n\n# Test if the Wintrust.ini file exists\nif (!(Test-Path $WintrustIniPath -PathTyp"
},
{
"path": "scripts/VerifyNuGetPackage.ps1",
"chars": 3078,
"preview": "param\n(\n [Parameter(Mandatory = $True)]\n [string] $PackageDirectoryPath\n)\n\nAdd-Type -AssemblyName 'System.IO.Comp"
},
{
"path": "sign.sln",
"chars": 8455,
"preview": "\nMicrosoft Visual Studio Solution File, Format Version 12.00\n# Visual Studio Version 17\nVisualStudioVersion = 17.5.3301"
},
{
"path": "src/Sign.Cli/ArtifactSigningCommand.cs",
"chars": 4737,
"preview": "// Licensed to the .NET Foundation under one or more agreements.\n// The .NET Foundation licenses this file to you under "
},
{
"path": "src/Sign.Cli/ArtifactSigningResources.Designer.cs",
"chars": 4294,
"preview": "//------------------------------------------------------------------------------\n// <auto-generated>\n// This code w"
},
{
"path": "src/Sign.Cli/ArtifactSigningResources.resx",
"chars": 6318,
"preview": "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<root>\n <!-- \n Microsoft ResX Schema \n \n Version 2.0\n \n The prim"
},
{
"path": "src/Sign.Cli/AzureCredentialOptions.cs",
"chars": 6713,
"preview": "// Licensed to the .NET Foundation under one or more agreements.\n// The .NET Foundation licenses this file to you under "
},
{
"path": "src/Sign.Cli/AzureCredentialType.cs",
"chars": 542,
"preview": "// Licensed to the .NET Foundation under one or more agreements.\n// The .NET Foundation licenses this file to you under"
},
{
"path": "src/Sign.Cli/AzureKeyVaultCommand.cs",
"chars": 6041,
"preview": "// Licensed to the .NET Foundation under one or more agreements.\n// The .NET Foundation licenses this file to you under "
},
{
"path": "src/Sign.Cli/AzureKeyVaultResources.Designer.cs",
"chars": 4946,
"preview": "//------------------------------------------------------------------------------\n// <auto-generated>\n// This code w"
},
{
"path": "src/Sign.Cli/AzureKeyVaultResources.resx",
"chars": 6575,
"preview": "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<root>\n <!-- \n Microsoft ResX Schema \n \n Version 2.0\n \n The prim"
}
]
// ... and 429 more files (download for full content)
About this extraction
This page contains the full source code of the dotnet/sign GitHub repository, extracted and formatted as plain text for AI agents and large language models (LLMs). The extraction includes 629 files (2.1 MB), approximately 578.9k tokens, and a symbol index with 1468 extracted functions, classes, methods, constants, and types. Use this with OpenClaw, Claude, ChatGPT, Cursor, Windsurf, or any other AI tool that accepts text input. You can copy the full output to your clipboard or download it as a .txt file.
Extracted by GitExtract — free GitHub repo to text converter for AI. Built by Nikandr Surkov.