/// <summary> /// nuget restore /// </summary> public static ITargetDefinition Restore(ITargetDefinition _, IMsBuild build) => _ .DependsOn(build.Clean) .Executes( () => { NuGetTasks .NuGetRestore( settings => settings .SetSolutionDirectory(build.Solution) .EnableNoCache() ); } );
private bool IsPackageAlreadyPublished() { ToolPathResolver.NuGetPackagesConfigFile = Solution.GetProject("_build").Path; var output = NuGetTasks.NuGet($"list \"PackageId: Sharp.CSS\" -PreRelease -Source {Source}", RootDirectory); if (output.Count == 0) { return(false); } var version = output.ElementAt(0).Text.Replace("Sharp.CSS", string.Empty).Trim(); var count = PackagesDirectory.GlobFiles($"*{version}*.nupkg").Count; return(count > 0); }
/// <summary> /// nuget pack /// </summary> public static ITargetDefinition Pack(ITargetDefinition _, IMsBuild build) => _ .DependsOn(build.Build) .Executes( () => { foreach (var project in build.NuspecDirectory.GlobFiles("*.nuspec")) { NuGetTasks .NuGetPack( settings => settings .SetTargetPath(project) .SetConfiguration(build.Configuration) .SetGitVersionEnvironment(build.GitVersion) .SetVersion(build.GitVersion.NuGetVersionV2) .SetOutputDirectory(build.NuGetPackageDirectory) .SetSymbols(true) ); } } );
async Task SignFiles(IEnumerable <AbsolutePath> filesToSign) { // To create a pfx certificate for local testing, use powershell and run: // $outputLocation = "test_cert.pfx" // $cert = New-SelfSignedCertificate -DnsName sample.contoso.com -Type CodeSigning -CertStoreLocation Cert:\CurrentUser\My // $CertPassword = ConvertTo-SecureString -String "Passw0rd" -Force –AsPlainText // Export-PfxCertificate -Cert "cert:\CurrentUser\My\$($cert.Thumbprint)" -FilePath $outputLocation -Password $CertPassword var tempFileName = Path.GetTempFileName(); const string timestampServer = "http://timestamp.digicert.com/"; try { var(certPath, certPassword) = UseTestPfxCertificate ? (@"test_cert.pfx", "Passw0rd") : await GetSigningMaterial(tempFileName); Logger.Info("Signing material retrieved"); var binaries = filesToSign .Where(x => !x.ToString().EndsWith(".nupkg")) .ToList(); if (binaries.Any()) { Logger.Info("Signing binaries..."); binaries.ForEach(file => SignBinary(certPath, certPassword, file)); Logger.Info("Binary signing complete"); } var nupkgs = filesToSign .Where(x => x.ToString().EndsWith(".nupkg")) .ToList(); if (nupkgs.Any()) { Logger.Info("Signing NuGet packages..."); nupkgs.ForEach(file => SignNuGet(certPath, certPassword, file)); Logger.Info("NuGet signing complete"); } } finally { File.Delete(tempFileName); } return; void SignBinary(string certPath, string certPassword, AbsolutePath binaryPath) { Logger.Info($"Signing {binaryPath}"); SignToolTasks.SignTool( x => x .SetFiles(binaryPath) .SetFile(certPath) .SetPassword(certPassword) .SetTimestampServerUrl(timestampServer) ); } void SignNuGet(string certPath, string certPassword, AbsolutePath binaryPath) { Logger.Info($"Signing {binaryPath}"); // nuke doesn't expose the sign tool try { NuGetTasks.NuGet( $"sign \"{binaryPath}\"" + $" -CertificatePath {certPath}" + $" -CertificatePassword {certPassword}" + $" -Timestamper {timestampServer} -NonInteractive", logOutput: false, logInvocation: false, logTimestamp: false); // don't print to std out/err } catch (Exception) { // Exception doesn't say anything useful generally and don't want to expose it if it does // so don't log it Logger.Error($"Failed to sign nuget package '{binaryPath}"); } } async Task <(string CertificateFilePath, string Password)> GetSigningMaterial(string keyFile) { // Get the signing keys from SSM var pfxB64EncodedPart1 = await GetFileValueFromSsmUsingAmazonSdk("keygen.dd_win_agent_codesign.pfx_b64_0"); var pfxB64EncodedPart2 = await GetFileValueFromSsmUsingAmazonSdk("keygen.dd_win_agent_codesign.pfx_b64_1"); var pfxPassword = await GetFileValueFromSsmUsingAmazonSdk("keygen.dd_win_agent_codesign.password"); var pfxB64Encoded = pfxB64EncodedPart1 + pfxB64EncodedPart2; Logger.Info($"Retrieved base64 encoded pfx. Length: {pfxB64Encoded.Length}"); var pfxB64Decoded = Convert.FromBase64String(pfxB64Encoded); Logger.Info($"Writing key material to temporary file {keyFile}"); File.WriteAllBytes(keyFile, pfxB64Decoded); Logger.Info("Verifying key material"); var file = new X509Certificate2(keyFile, pfxPassword); file.Verify(); return(CertificateFilePath : keyFile, Password : pfxPassword);
public void SignNupkg(string pkgPath, string password) { NuGetTasks.NuGet( $"sign \"{pkgPath}\" -CertificatePath cert.pfx -CertificatePassword {password} -Timestamper http://timestamp.digicert.com", outputFilter: x => x.Replace(password, "hunter2")); }