From f6d55cb4c4194d6c1a063cb5c84cbcc941a63390 Mon Sep 17 00:00:00 2001
From: Medeni Baykal <433724+Haplois@users.noreply.github.com>
Date: Wed, 21 Oct 2020 12:57:46 +0200
Subject: [PATCH 1/6] Signing instructions for Newtonsoft.Json.dll added
---
src/package/sign/sign.proj | 30 +++++++++++++++++++++++++++++-
1 file changed, 29 insertions(+), 1 deletion(-)
diff --git a/src/package/sign/sign.proj b/src/package/sign/sign.proj
index dad338e4cb..cd70558020 100644
--- a/src/package/sign/sign.proj
+++ b/src/package/sign/sign.proj
@@ -164,6 +164,9 @@
+
+
+
@@ -197,7 +200,7 @@
-
+
@@ -209,6 +212,9 @@
+
+
+
@@ -329,6 +335,11 @@
+
+
+
+
+
@@ -419,6 +430,12 @@
+
+
+
+
+
+
@@ -466,8 +483,19 @@
Microsoft402400
StrongName
+
+
+ 3PartySHA2
+ StrongName
+
+
+
+
Date: Wed, 21 Oct 2020 13:15:26 +0200
Subject: [PATCH 2/6] Added `Newtonsoft.Json.dll` to verification list
---
scripts/verify-sign.ps1 | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/scripts/verify-sign.ps1 b/scripts/verify-sign.ps1
index a2368926d2..a63cc2724d 100644
--- a/scripts/verify-sign.ps1
+++ b/scripts/verify-sign.ps1
@@ -30,7 +30,7 @@ $env:TP_TOOLS_DIR = Join-Path $env:TP_ROOT_DIR "tools"
Write-Verbose "Setup build configuration."
$TPB_SignCertificate = $Certificate
$TPB_Configuration = $Configuration
-$TPB_AssembliesPattern = @("*test*.dll", "*qualitytools*.dll", "*test*.exe", "*datacollector*.dll", "*datacollector*.exe", "QTAgent*.exe", "VsWebSite.Interop.dll", "Microsoft.VisualStudio*.dll", "Microsoft.TestPlatform.Build.dll", "Microsoft.DiaSymReader.dll", "Microsoft.IntelliTrace*.dll", "concrt140.dll", "msvcp140.dll", "vccorlib140.dll", "vcruntime140.dll", "codecoveragemessages.dll", "covrun32.dll", "msdia140.dll", "covrun64.dll", "IntelliTrace.exe", "ProcessSnapshotCleanup.exe", "TDEnvCleanup.exe", "CodeCoverage.exe", "Microsoft.ShDocVw.dll", "UIAComwrapper.dll", "Interop.UIAutomationClient.dll", "SettingsMigrator.exe")
+$TPB_AssembliesPattern = @("*test*.dll", "*qualitytools*.dll", "*test*.exe", "*datacollector*.dll", "*datacollector*.exe", "QTAgent*.exe", "VsWebSite.Interop.dll", "Microsoft.VisualStudio*.dll", "Microsoft.TestPlatform.Build.dll", "Microsoft.DiaSymReader.dll", "Microsoft.IntelliTrace*.dll", "concrt140.dll", "msvcp140.dll", "vccorlib140.dll", "vcruntime140.dll", "codecoveragemessages.dll", "covrun32.dll", "msdia140.dll", "covrun64.dll", "IntelliTrace.exe", "ProcessSnapshotCleanup.exe", "TDEnvCleanup.exe", "CodeCoverage.exe", "Microsoft.ShDocVw.dll", "UIAComwrapper.dll", "Interop.UIAutomationClient.dll", "SettingsMigrator.exe", "Newtonsoft.Json.dll")
function Verify-Assemblies
{
From 58e33eb1e2de94e9b841b3858fc853f66e481234 Mon Sep 17 00:00:00 2001
From: Medeni Baykal <433724+Haplois@users.noreply.github.com>
Date: Wed, 21 Oct 2020 13:34:16 +0200
Subject: [PATCH 3/6] Removed StrongName from 3rd party files
---
src/package/sign/sign.proj | 1 -
1 file changed, 1 deletion(-)
diff --git a/src/package/sign/sign.proj b/src/package/sign/sign.proj
index cd70558020..ed6f70a1e5 100644
--- a/src/package/sign/sign.proj
+++ b/src/package/sign/sign.proj
@@ -486,7 +486,6 @@
3PartySHA2
- StrongName
From b4acc98fb80da8309637caccc89d7663befe1a42 Mon Sep 17 00:00:00 2001
From: Medeni Baykal <433724+Haplois@users.noreply.github.com>
Date: Wed, 21 Oct 2020 13:48:53 +0200
Subject: [PATCH 4/6] Removed unnecessary file.
---
src/package/sign/sign.proj | 1 -
1 file changed, 1 deletion(-)
diff --git a/src/package/sign/sign.proj b/src/package/sign/sign.proj
index ed6f70a1e5..4361e54416 100644
--- a/src/package/sign/sign.proj
+++ b/src/package/sign/sign.proj
@@ -338,7 +338,6 @@
-
From 2d4620677dbcb956a24865327927b42c39b223d4 Mon Sep 17 00:00:00 2001
From: Medeni Baykal <433724+Haplois@users.noreply.github.com>
Date: Wed, 21 Oct 2020 14:09:20 +0200
Subject: [PATCH 5/6] Added missing a file to sign list
---
src/package/sign/sign.proj | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/package/sign/sign.proj b/src/package/sign/sign.proj
index 4361e54416..852bacb8ff 100644
--- a/src/package/sign/sign.proj
+++ b/src/package/sign/sign.proj
@@ -338,7 +338,7 @@
-
+
From 239ef6ff4d7bf4c31633fd2b25b5199f8cf92716 Mon Sep 17 00:00:00 2001
From: Medeni Baykal <433724+Haplois@users.noreply.github.com>
Date: Wed, 21 Oct 2020 14:55:07 +0200
Subject: [PATCH 6/6] Added 3rdParty AuthentiCode thumbprint to the acceptlist.
---
scripts/verify-sign.ps1 | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/scripts/verify-sign.ps1 b/scripts/verify-sign.ps1
index a63cc2724d..f3c36833ef 100644
--- a/scripts/verify-sign.ps1
+++ b/scripts/verify-sign.ps1
@@ -54,18 +54,22 @@ function Verify-Assemblies
elseif ($signature.SignerCertificate.Thumbprint -eq "5EAD300DC7E4D637948ECB0ED829A072BD152E17") {
Write-Log "Valid (Prod Signed): $($_.FullName)."
}
- # For some dlls e.g. "Interop.UIAutomationClient.dll", sign certificate is different signature. Skip such binaries.
+ # For some dlls e.g. "Interop.UIAutomationClient.dll", sign certificate is different signature. Skip such binaries.
elseif ($signature.SignerCertificate.Thumbprint -eq "67B1757863E3EFF760EA9EBB02849AF07D3A8080") {
Write-Log "Valid (Prod Signed): $($_.FullName)."
}
- # For some dlls e.g. "Microsoft.VisualStudio.ArchitectureTools.PEReader.dll", sign certificate is different signature. Skip such binaries.
+ # For some dlls e.g. "Microsoft.VisualStudio.ArchitectureTools.PEReader.dll", sign certificate is different signature. Skip such binaries.
elseif ($signature.SignerCertificate.Thumbprint -eq "9DC17888B5CFAD98B3CB35C1994E96227F061675") {
Write-Log "Valid (Prod Signed): $($_.FullName)."
}
- # For some dlls sign certificate is different signature. Skip such binaries.
+ # For some dlls sign certificate is different signature. Skip such binaries.
elseif ($signature.SignerCertificate.Thumbprint -eq "62009AAABDAE749FD47D19150958329BF6FF4B34") {
Write-Log "Valid (Prod Signed): $($_.FullName)."
}
+ # Microsoft 3rd Party Authenticode Signature
+ elseif ($signature.SignerCertificate.Thumbprint -eq "899FA016DEE8E665FF2A315A1151C43FB96C430B") {
+ Write-Log "Valid (Prod Signed): $($_.FullName)."
+ }
else {
Write-FailLog "Incorrect certificate. File: $($_.FullName). Certificate: $($signature.SignerCertificate.Thumbprint)."
}