-
Notifications
You must be signed in to change notification settings - Fork 407
/
sign.ps1
49 lines (38 loc) · 1.47 KB
/
sign.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
if ($env:CI -eq "true") {
exit 0
}
Remove-Item -Path .\*.nupkg
$nuget = ".\nuget.exe"
if (!(Test-Path $nuget))
{
Invoke-WebRequest https://dist.nuget.org/win-x86-commandline/latest/nuget.exe -OutFile nuget.exe
}
& $nuget update /self | Write-Debug
Set-Location .\GlobalTools
& dotnet pack -c Release
Set-Location ..
$cert = Get-ChildItem -Path Cert:\CurrentUser\My -CodeSigningCert | Select-Object -First 1
if ($null -eq $cert) {
Write-Host "No code signing certificate found in MY store. Exit."
exit 1
}
Write-Host "Certificate found. Sign the assemblies."
$signtool = Get-ChildItem -Path "${env:ProgramFiles(x86)}\Windows Kits", "${env:ProgramFiles(x86)}\Microsoft SDKs" -Recurse -Filter "signtool.exe" | Select-Object -First 1 -ExpandProperty FullName
& $signtool sign /tr http://timestamp.digicert.com /td sha256 /fd sha256 /a .\console\bin\release\net462\obfuscar.console.exe | Write-Debug
Write-Host "Verify digital signature."
& $signtool verify /pa /q .\console\bin\release\net462\obfuscar.console.exe 2>&1 | Write-Debug
if ($LASTEXITCODE -ne 0)
{
Write-Host "$_.FullName is not signed. Exit."
exit $LASTEXITCODE
}
& $nuget pack
Write-Host "Sign NuGet packages."
& $nuget sign *.nupkg -CertificateSubjectName "Yang Li" -Timestamper http://timestamp.digicert.com | Write-Debug
& $nuget verify -All *.nupkg | Write-Debug
if ($LASTEXITCODE -ne 0)
{
Write-Host "NuGet package is not signed. Exit."
exit $LASTEXITCODE
}
Write-Host "Verification finished."