3
0
Fork 0
mirror of https://github.com/Z3Prover/z3 synced 2025-04-05 17:14:07 +00:00

add ESRP signing of nuget packages

Signed-off-by: Nikolaj Bjorner <nbjorner@microsoft.com>
This commit is contained in:
Nikolaj Bjorner 2019-02-27 14:43:39 -08:00
parent ea9e2f6642
commit a2dcf87e10
3 changed files with 78 additions and 2 deletions

View file

@ -0,0 +1,15 @@
{
"Version": "1.0.0",
"AuthenticationType": "AAD_CERT",
"ClientId": "1c614a83-2dbe-4d3c-853b-effaefd4fb20",
"AuthCert": {
"SubjectName": "1c614a83-2dbe-4d3c-853b-effaefd4fb20.microsoft.com",
"StoreLocation": "LocalMachine",
"StoreName": "My"
},
"RequestSigningCert": {
"SubjectName": "1c614a83-2dbe-4d3c-853b-effaefd4fb20",
"StoreLocation": "LocalMachine",
"StoreName": "My"
}
}

View file

@ -7,6 +7,7 @@
# 3. copy over Microsoft.Z3.dll from suitable distribution
# 4. copy nuspec file from packages
# 5. call nuget pack
# 6. sign package
import json
import os
@ -22,6 +23,7 @@ import mk_project
data = json.loads(urllib.request.urlopen("https://api.github.com/repos/Z3Prover/z3/releases/latest").read().decode())
version_str = data['tag_name']
version_num = version_str[3:]
print(version_str)
@ -50,7 +52,8 @@ def classify_package(f):
ext, dst = os_info[os_name]
return os_name, f[:-4], ext, dst
return None
def unpack():
shutil.rmtree("out", ignore_errors=True)
# unzip files in packages
@ -103,17 +106,67 @@ Linux Dependencies:
</package>"""
with open("out/Microsoft.Z3.nuspec", 'w') as f:
f.write(contents % version_str[3:])
f.write(contents % version_num)
def create_nuget_package():
subprocess.call(["nuget", "pack"], cwd="out")
nuget_sign_input = """
{
"Version": "1.0.0",
"SignBatches"
:
[
{
"SourceLocationType": "UNC",
"SourceRootDirectory": "%s",
"DestinationLocationType": "UNC",
"DestinationRootDirectory": "%s",
"SignRequestFiles": [
{
"CustomerCorrelationId": "42fc9577-af9e-4ac9-995d-1788d8721d17",
"SourceLocation": "Microsoft.Z3.%s.nupkg",
"DestinationLocation": "Microsoft.Z3.%s.nupkg"
}
],
"SigningInfo": {
"Operations": [
{
"KeyCode" : "CP-401405",
"OperationCode" : "NuGetSign",
"Parameters" : {},
"ToolName" : "sign",
"ToolVersion" : "1.0"
},
{
"KeyCode" : "CP-401405",
"OperationCode" : "NuGetVerify",
"Parameters" : {},
"ToolName" : "sign",
"ToolVersion" : "1.0"
}
]
}
}
]
}"""
def sign_nuget_package():
package_name = "Microsoft.Z3.%s.nupkg" % version_num
input_file = "out/nuget_sign_input.json"
output_path = os.path.abspath("out").replace("\\","\\\\")
with open(input_file, 'w') as f:
f.write(nuget_sign_input % (output_path, output_path, version_num, version_num))
subprocess.call(["EsrpClient.exe", "sign", "-a", "authorization.json", "-p", "policy.json", "-i", input_file, "-o", "out\\diagnostics.json"])
def main():
mk_dir("packages")
download_installs()
unpack()
create_nuget_spec()
create_nuget_package()
sign_nuget_package()
main()

8
scripts/policy.json Normal file
View file

@ -0,0 +1,8 @@
{
"Version": "1.0.0",
"Intent": "ProductRelease",
"ContentType": "Binaries",
"ContentOrigin": "1stParty",
"ProductState": "Next",
"Audience": "ExternalBroad"
}