Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Release GCM Core with various fixes and new Windows user-installer #206

Merged
merged 38 commits into from
Nov 2, 2020
Merged
Changes from 1 commit
Commits
Show all changes
38 commits
Select commit Hold shift + click to select a range
90b2209
docs: update readme and FAQs; drop preview wording
mjcheetham Sep 30, 2020
122da6f
Merge pull request #185 from mjcheetham/docupdate
mjcheetham Oct 1, 2020
ef29f9a
Update readme to say Linux support is in preview
mjcheetham Oct 1, 2020
bc52940
winget: update winget pkg on release
mjcheetham Oct 2, 2020
3d5e6c7
Merge pull request #187 from mjcheetham/winget
mjcheetham Oct 6, 2020
3b4e022
docs: add GitHub auth API deprecation docs
mjcheetham Oct 19, 2020
0340279
Update GitHub auth change document PAT link
mjcheetham Oct 26, 2020
be4bf29
Merge pull request #195 from microsoft/gh-patdoc-update
mjcheetham Oct 26, 2020
abaaf67
wia: fix bug where Allow WIA setting default wrong
mjcheetham Oct 26, 2020
fc36448
Merge pull request #196 from mjcheetham/fix-wia
mjcheetham Oct 27, 2020
4514b0f
osx: update the Mac installer to make product archives
mjcheetham Oct 28, 2020
2ef55df
git: ensure that Git config quotes cmd args
mjcheetham Oct 28, 2020
241580f
Just two tiny typos
Molkree Oct 28, 2020
3c4a151
Merge pull request #200: Just two tiny typos
derrickstolee Oct 28, 2020
9b8c6d5
.gitignore: ignore signing outputs
Oct 28, 2020
aaaee55
Signing: add python script for Linux signing
Oct 28, 2020
2a1ed62
Release: build and sign Linux installers
Oct 28, 2020
8c5667a
configuration: update config cmd to set full path
mjcheetham Oct 28, 2020
4f12cc7
windows: split Windows installer in to user/system
mjcheetham Oct 28, 2020
95c731d
Merge pull request #199 from mjcheetham/install-fix
mjcheetham Oct 29, 2020
f6c5b30
Merge pull request #198 from mjcheetham/osx-installv2
mjcheetham Oct 29, 2020
6d3132e
osx: fix incorrect wording of installer welcome msg
mjcheetham Oct 29, 2020
1d11923
Merge pull request #202 from mjcheetham/osxinstall-fixwording
mjcheetham Oct 29, 2020
aca1953
Merge pull request #201: Setup Microsoft ESRP Signing for .deb installer
derrickstolee Oct 29, 2020
96c52e4
Merge pull request #197 from mjcheetham/winstall-split
mjcheetham Oct 29, 2020
dc5135d
windows: fix a typo in the user windows installer
mjcheetham Oct 29, 2020
364aeb3
configure: append GCMCore even in system case
mjcheetham Oct 29, 2020
1c01f1f
git: add --get-all and --add Git config commands
mjcheetham Oct 29, 2020
1638afe
git: drop the redundant 'Value' from Get/Set methods
mjcheetham Oct 29, 2020
16ee304
configure: handle subsequent empty entries after GCM
mjcheetham Oct 29, 2020
8ce1ed2
git: better gitcfg error and trace messages
mjcheetham Oct 30, 2020
c552709
azrepos-cfg: only clear useHttpPath on Windows if no manager-core
mjcheetham Oct 30, 2020
ba81146
git: fix --get-all output parsing bug
mjcheetham Oct 30, 2020
e483a98
Actions: use workflow_dispatch for manually running workflows
derrickstolee Oct 30, 2020
b3966f5
Merge pull request #204: Actions: use workflow_dispatch for manually …
derrickstolee Oct 30, 2020
67e3189
fix missing space in username input
mastercoms Nov 1, 2020
9666c94
Merge pull request #205 from mastercoms/patch-1
mjcheetham Nov 2, 2020
ff1043f
Merge pull request #203 from mjcheetham/fixtypowin
mjcheetham Nov 2, 2020
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Signing: add python script for Linux signing
The .github/run_esrp_signing.py script is executed on the signing
machines. This mostly accumulates a set of JSON input files before
running the ESRP signing tool that was securely downloaded.

Signed-off-by: Derrick Stolee <dstolee@microsoft.com>
  • Loading branch information
Kyle Rader authored and derrickstolee committed Oct 28, 2020
commit aaaee557baaf37523445ba41dba5a7a83ff42d80
112 changes: 112 additions & 0 deletions .github/run_esrp_signing.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,112 @@
import json
import os
import glob
import pprint
import subprocess
import sys

esrp_tool = os.path.join("esrp", "tools", "EsrpClient.exe")

aad_id = os.environ['AZURE_AAD_ID'].strip()
workspace = os.environ['GITHUB_WORKSPACE'].strip()

source_root_location = os.path.join(workspace, "deb", "Release")
destination_location = os.path.join(workspace)

files = glob.glob(os.path.join(source_root_location, "*.deb"))

print("Found files:")
pprint.pp(files)

if len(files) < 1 or not files[0].endswith(".deb"):
print("Error: cannot find .deb to sign")
exit(1)

file_to_sign = os.path.basename(files[0])

auth_json = {
"Version": "1.0.0",
"AuthenticationType": "AAD_CERT",
"TenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47",
"ClientId": aad_id,
"AuthCert": {
"SubjectName": f"CN={aad_id}.microsoft.com",
"StoreLocation": "LocalMachine",
"StoreName": "My",
},
"RequestSigningCert": {
"SubjectName": f"CN={aad_id}",
"StoreLocation": "LocalMachine",
"StoreName": "My",
}
}

input_json = {
"Version": "1.0.0",
"SignBatches": [
{
"SourceLocationType": "UNC",
"SourceRootDirectory": source_root_location,
"DestinationLocationType": "UNC",
"DestinationRootDirectory": destination_location,
"SignRequestFiles": [
{
"CustomerCorrelationId": "01A7F55F-6CDD-4123-B255-77E6F212CDAD",
"SourceLocation": file_to_sign,
"DestinationLocation": os.path.join("Signed", file_to_sign),
}
],
"SigningInfo": {
"Operations": [
{
"KeyCode": "CP-450779-Pgp",
"OperationCode": "LinuxSign",
"Parameters": {},
"ToolName": "sign",
"ToolVersion": "1.0",
}
]
}
}
]
}

policy_json = {
"Version": "1.0.0",
"Intent": "production release",
"ContentType": "Debian package",
}

configs = [
("auth.json", auth_json),
("input.json", input_json),
("policy.json", policy_json),
]

for filename, data in configs:
with open(filename, 'w') as fp:
json.dump(data, fp)

# Run ESRP Client
esrp_out = "esrp_out.json"
result = subprocess.run(
[esrp_tool, "sign",
"-a", "auth.json",
"-i", "input.json",
"-p", "policy.json",
"-o", esrp_out,
"-l", "Verbose"],
cwd=workspace)

if result.returncode != 0:
print("Failed to run ESRPClient.exe")
sys.exit(1)

if os.path.isfile(esrp_out):
print("ESRP output json:")
with open(esrp_out, 'r') as fp:
pprint.pp(json.load(fp))

signed_file = os.path.join(destination_location, "Signed", file_to_sign)
if os.path.isfile(signed_file):
print(f"Success!\nSigned {signed_file}")