From bdc43b4cd61717fd5302316ea647c488591f407b Mon Sep 17 00:00:00 2001 From: tomverin Date: Tue, 7 Nov 2023 09:57:23 +0100 Subject: [PATCH] Use nuget for signing --- azure-pipelines.yml | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/azure-pipelines.yml b/azure-pipelines.yml index 209efc468ea..e6782a71beb 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -149,20 +149,14 @@ stages: SM_CERT: $(SM_CERT) SM_CERT_FP: $(SM_CERT_FP) SM_HOST: $(SM_HOST) + BUILD_DIR: '$(Build.ArtifactStagingDirectory)\packages\' inputs: script: | - certutil.exe -csp "DigiCert Software Trust Manager KSP" -key -user - smksp_cert_sync - echo "with smctl:" - smctl sign --fingerprint 372ca3c0b69c28d6b46918512c6ea25db8052e62 --tool signtool --input $(Build.ArtifactStagingDirectory)/packages/ - echo "with signtool:" - "%SIGNTOOL_PATH%" sign /v /csp "DigiCert Signing Manager KSP" /kc "$SM_KEYPAIR_ALIAS" /sha1 372ca3c0b69c28d6b46918512c6ea25db8052e62 /fd SHA256 "$(Build.ArtifactStagingDirectory)/packages/" -# signtool sign /tr http://timestamp.digicert.com /td SHA256 /fd SHA256 /csp "DigiCert Signing Manager KSP" /kc "$SM_KEYPAIR_ALIAS" /f "$SM_CLIENT_CERT_FILE" /p "$SM_CLIENT_CERT_PASSWORD" $(Build.ArtifactStagingDirectory)\packages\*.nupkg -# "%SIGNTOOL_PATH%" sign /a /tr http://timestamp.digicert.com /td SHA256 /fd SHA256 /f %SM_CLIENT_CERT_FILE% /p "%SM_CLIENT_CERT_PASSWORD%" $(Build.ArtifactStagingDirectory)\packages\*.nupkg -# script: '"%SIGNTOOL_PATH%" sign /sha1 6AE98FC3C4668889C48DF0823E11A4678BBCF53A /tr http://timestamp.digicert.com $(Build.ArtifactStagingDirectory)\packages\*.nupkg' - + smctl windows certsync + nuget sign "%BUILD_DIR%\*.nupkg" -Overwrite -HashAlgorithm SHA256 -CertificateFingerprint %SM_CERT_FP% -Timestamper http://timestamp.digicert.com -TimestampHashAlgorithm SHA256 + - task: PublishBuildArtifacts@1 displayName: 'Publish NuGet packages as build artifacts' inputs: