diff --git a/eng/native/functions.cmake b/eng/native/functions.cmake index 7022a46a7a2778..2b8db967373341 100644 --- a/eng/native/functions.cmake +++ b/eng/native/functions.cmake @@ -678,3 +678,15 @@ function(adhoc_sign_with_entitlements targetName entitlementsFile) POST_BUILD COMMAND codesign -s - -f --entitlements ${entitlementsFile} $) endfunction() + +function(esrp_sign targetName) + if ("${CLR_CMAKE_ESRP_CLIENT}" STREQUAL "") + return() + endif() + + add_custom_command( + TARGET ${targetName} + POST_BUILD + COMMAND powershell -ExecutionPolicy ByPass -NoProfile "${CMAKE_CURRENT_FUNCTION_LIST_DIR}/sign-with-dac-certificate.ps1" -esrpClient ${CLR_CMAKE_ESRP_CLIENT} $ + ) +endfunction() diff --git a/eng/native/sign-with-dac-certificate.ps1 b/eng/native/sign-with-dac-certificate.ps1 new file mode 100644 index 00000000000000..97d5c5d6763aad --- /dev/null +++ b/eng/native/sign-with-dac-certificate.ps1 @@ -0,0 +1,50 @@ +[CmdletBinding()] +param( + [string] + [Parameter(Mandatory)] + $esrpClient, + [Parameter(ValueFromRemainingArguments=$true)][string[]]$filesToSign +) + +$inputFile = Get-Content -Raw $PSScriptRoot/signing/input.template.json | ConvertFrom-Json +$inputFile.SignBatches.SignRequestFiles = $filesToSign | ForEach-Object { + @{ + SourceLocation = $_ + } +} + +$inputJson = [System.IO.Path]::GetTempFileName() +# Our JSON goes up to 6 levels deep, so we need to set the depth to 6 +# to successfully round-trip our JSON through ConvertTo-Json +$inputFile | ConvertTo-Json -Depth 6 | Out-File -FilePath $inputJson -Encoding utf8 + +$outputJson = Resolve-Path "$PSScriptRoot/../../artifacts/log/Release/signing-$(New-Guid).json.log" + +Write-Host "Signing files with DAC certificate" +Write-Host "Logging output to $outputJson" + +& $esrpClient sign -a $PSScriptRoot/signing/auth.json -c $PSScriptRoot/signing/config.json -i $inputJson -o $outputJson -p $PSScriptRoot/signing/policy.json + +# Validate that the files are signed correctly +foreach ($file in $filesToSign) { + $signingCert = $(Get-AuthenticodeSignature $file).SignerCertificate + if ($null -eq $signingCert) + { + throw "File $file does not contain a signature." + } + + if ($signingCert.Subject -ne "CN=.NET DAC, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ` + -or $signingCert.Issuer -ne "CN=Microsoft Code Signing PCA 2010, O=Microsoft Corporation, L=Redmond, S=Washington, C=US") + { + throw "File $file not in expected trust chain." + } + + $certEKU = $signingCert.Extensions.Where({ $_.Oid.FriendlyName -eq "Enhanced Key Usage" }) | Select-Object -First 1 + + if ($certEKU.EnhancedKeyUsages.Where({ $_.Value -eq "1.3.6.1.4.1.311.84.4.1" }).Count -ne 1) + { + throw "Signature for $file does not contain expected EKU." + } + + Write-Host "$file is correctly signed." +} diff --git a/eng/native/signing/auth.json b/eng/native/signing/auth.json new file mode 100644 index 00000000000000..10f5d5791a7e5c --- /dev/null +++ b/eng/native/signing/auth.json @@ -0,0 +1,18 @@ +{ + "Version" : "1.0.0", + "AuthenticationType" : "AAD_CERT", + "TenantId" : "72f988bf-86f1-41af-91ab-2d7cd011db47", + "ClientId" : "2234cdec-a13f-4bb2-aa63-04c57fd7a1f9", + "AuthCert" : + { + "SubjectName" : "CN=2234cdec-a13f-4bb2-aa63-04c57fd7a1f9.microsoft.com", + "StoreLocation" : "CurrentUser", + "StoreName": "My", + "SendX5c" : "true" + }, + "RequestSigningCert" : { + "SubjectName" : "CN=2234cdec-a13f-4bb2-aa63-04c57fd7a1f9", + "StoreLocation" : "CurrentUser", + "StoreName" : "My" + } +} diff --git a/eng/native/signing/config.json b/eng/native/signing/config.json new file mode 100644 index 00000000000000..95fa7faba4b3ca --- /dev/null +++ b/eng/native/signing/config.json @@ -0,0 +1,6 @@ +{ + "Version" : "1.0.0", + "MaxDegreeOfParallelism" : "50", + "ExponentialRetryCount" : "5", + "EsrpSessionTimeoutInSec" : "1800" +} diff --git a/eng/native/signing/input.template.json b/eng/native/signing/input.template.json new file mode 100644 index 00000000000000..7ee214cb62e83a --- /dev/null +++ b/eng/native/signing/input.template.json @@ -0,0 +1,36 @@ +{ + "Version": "1.0.0", + "UseMinimatch" : false, + "SignBatches": [ + { + "SigningInfo" : { + "Operations" : [ + { + "keyCode": "CP-471322", + "operationCode": "SigntoolSign", + "parameters": { + "OpusName": "Microsoft", + "OpusInfo": "http://www.microsoft.com", + "PageHash": "/NPH", + "FileDigest": "/fd sha256", + "TimeStamp": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256" + }, + "toolName": "sign", + "toolVersion": "1.0" + }, + { + "KeyCode": "CP-471322", + "OperationCode": "SigntoolVerify", + "Parameters": {}, + "ToolName": "sign", + "ToolVersion": "1.0" + } + ] + }, + "SourceLocationType" : "UNC", + "DestinationLocationType": "UNC", + "SignRequestFiles" : [ + ] + } + ] +} diff --git a/eng/native/signing/policy.json b/eng/native/signing/policy.json new file mode 100644 index 00000000000000..abbe16c1b9576b --- /dev/null +++ b/eng/native/signing/policy.json @@ -0,0 +1,3 @@ +{ + "Version": "1.0.0" +} diff --git a/eng/pipelines/coreclr/templates/install-diagnostic-certs.yml b/eng/pipelines/coreclr/templates/install-diagnostic-certs.yml new file mode 100644 index 00000000000000..92584746b424d0 --- /dev/null +++ b/eng/pipelines/coreclr/templates/install-diagnostic-certs.yml @@ -0,0 +1,34 @@ +parameters: + isOfficialBuild: + type: boolean + displayName: 'Is Official Build' + certNames: + type: array + displayName: 'Certificate Name' + vaultName: + type: string + displayName: 'Key Vault Name' + azureSubscription: + type: string + displayName: 'Azure Subscription' + +steps: +- ${{ if and(eq(parameters.isOfficialBuild, true), ne(variables['Build.Reason'], 'PullRequest'), or(startswith(variables['Build.SourceBranch'], 'refs/heads/release/'), startswith(variables['Build.SourceBranch'], 'refs/heads/internal/release/'), startswith(variables['Build.SourceBranch'], 'refs/heads/reltest/')), not(endsWith(variables['Build.SourceBranch'], '-staging'))) }}: + - task: AzureKeyVault@2 + inputs: + azureSubscription: ${{ parameters.azureSubscription }} + KeyVaultName: ${{ parameters.vaultName }} + SecretsFilter: ${{ join(',', parameters.certNames) }} + displayName: 'Download secrets: Diagnostic Certificates' + + - task: EsrpClientTool@2 + displayName: Download ESRPClient + + - powershell: | + eng/pipelines/install-diagnostic-certs.ps1 "${{ join(',', parameters.certNames) }}" + $signArgs = '/p:DotNetEsrpToolPath=$(esrpclient.toolpath)\$(esrpclient.toolname)' + echo "##vso[task.setvariable variable=_SignDiagnosticFilesArgs;]$signArgs" + displayName: 'Install diagnostic certificates' + env: + ${{ each cert in parameters.certNames }}: + ${{ cert }}: $(${{ cert }}) diff --git a/eng/pipelines/coreclr/templates/remove-diagnostic-certs.yml b/eng/pipelines/coreclr/templates/remove-diagnostic-certs.yml new file mode 100644 index 00000000000000..e2ee7c8d224d7f --- /dev/null +++ b/eng/pipelines/coreclr/templates/remove-diagnostic-certs.yml @@ -0,0 +1,11 @@ +parameters: + isOfficialBuild: + type: boolean + displayName: 'Is Official Build' + +steps: +- ${{ if and(eq(parameters.isOfficialBuild, true), ne(variables['Build.Reason'], 'PullRequest'), or(startswith(variables['Build.SourceBranch'], 'refs/heads/release/'), startswith(variables['Build.SourceBranch'], 'refs/heads/internal/release/'), startswith(variables['Build.SourceBranch'], 'refs/heads/reltest/')), not(endsWith(variables['Build.SourceBranch'], '-staging'))) }}: + - powershell: | + eng/pipelines/remove-diagnostic-certs.ps1 "$(DacCertificateThumbprints)" + displayName: 'Remove Diagnostic Certificates' + condition: always() diff --git a/eng/pipelines/coreclr/templates/sign-diagnostic-files.yml b/eng/pipelines/coreclr/templates/sign-diagnostic-files.yml deleted file mode 100644 index 2e6ec556150b8f..00000000000000 --- a/eng/pipelines/coreclr/templates/sign-diagnostic-files.yml +++ /dev/null @@ -1,86 +0,0 @@ -parameters: - basePath: '' - isOfficialBuild: '' - timeoutInMinutes: '' - -steps: -- ${{ if and(eq(parameters.isOfficialBuild, true), ne(variables['Build.Reason'], 'PullRequest'), or(startswith(variables['Build.SourceBranch'], 'refs/heads/release/'), startswith(variables['Build.SourceBranch'], 'refs/heads/internal/release/'), startswith(variables['Build.SourceBranch'], 'refs/heads/reltest/')), not(endsWith(variables['Build.SourceBranch'], '-staging'))) }}: - - task: UseDotNet@2 - displayName: Install .NET 6 SDK for signing. - inputs: - packageType: 'sdk' - version: '6.0.x' - installationPath: '$(Agent.TempDirectory)/dotnet' - - - task: EsrpCodeSigning@5 - displayName: Sign Diagnostic Binaries - inputs: - ConnectedServiceName: 'diagnostics-esrp-kvcertuser' - AppRegistrationClientId: '2234cdec-a13f-4bb2-aa63-04c57fd7a1f9' - AppRegistrationTenantId: '72f988bf-86f1-41af-91ab-2d7cd011db47' - AuthAKVName: 'clrdiag-esrp-id' - AuthCertName: 'dotnetesrp-diagnostics-aad-ssl-cert' - AuthSignCertName: 'dotnet-diagnostics-esrp-pki-onecert' - FolderPath: ${{ parameters.basePath }} - Pattern: | - **/mscordaccore*.dll - **/mscordbi*.dll - UseMinimatch: true - signConfigType: 'inlineSignParams' - inlineOperation: >- - [ - { - "keyCode": "CP-471322", - "operationCode": "SigntoolSign", - "parameters": { - "OpusName": "Microsoft", - "OpusInfo": "http://www.microsoft.com", - "PageHash": "/NPH", - "FileDigest": "/fd sha256", - "TimeStamp": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256" - }, - "toolName": "sign", - "toolVersion": "1.0" - }, - { - "KeyCode": "CP-471322", - "OperationCode": "SigntoolVerify", - "Parameters": {}, - "ToolName": "sign", - "ToolVersion": "1.0" - } - ] - SessionTimeout: ${{ parameters.timeoutInMinutes }} - MaxConcurrency: '50' - MaxRetryAttempts: '5' - PendingAnalysisWaitTimeoutMinutes: '5' - env: - DOTNET_MULTILEVEL_LOOKUP: 0 - DOTNET_ROOT: '$(Agent.TempDirectory)/dotnet' - DOTNET_MSBUILD_SDK_RESOLVER_CLI_DIR: '$(Agent.TempDirectory)/dotnet' - - - powershell: | - $filesToSign = $(Get-ChildItem -Recurse ${{ parameters.basePath }} -Include mscordaccore*.dll, mscordbi*.dll) - foreach ($file in $filesToSign) { - $signingCert = $(Get-AuthenticodeSignature $file).SignerCertificate - if ($signingCert -eq $null) - { - throw "File $file does not contain a signature." - } - - if ($signingCert.Subject -ne "CN=.NET DAC, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ` - -or $signingCert.Issuer -ne "CN=Microsoft Code Signing PCA 2010, O=Microsoft Corporation, L=Redmond, S=Washington, C=US") - { - throw "File $file not in expected trust chain." - } - - $certEKU = $signingCert.Extensions.Where({ $_.Oid.FriendlyName -eq "Enhanced Key Usage" }) | Select -First 1 - - if ($certEKU.EnhancedKeyUsages.Where({ $_.Value -eq "1.3.6.1.4.1.311.84.4.1" }).Count -ne 1) - { - throw "Signature for $file does not contain expected EKU." - } - - Write-Host "$file is correctly signed." - } - displayName: Validate diagnostic signatures diff --git a/eng/pipelines/install-diagnostic-certs.ps1 b/eng/pipelines/install-diagnostic-certs.ps1 new file mode 100644 index 00000000000000..74d3c43f75739a --- /dev/null +++ b/eng/pipelines/install-diagnostic-certs.ps1 @@ -0,0 +1,32 @@ +[CmdletBinding()] +param( + [string] + [Parameter(Mandatory)] + $certList +) +# Required for the pipeline logging functions +$ci = $true +. $PSScriptRoot/../common/pipeline-logging-functions.ps1 + +$certs = $certList -split ',' +$thumbprints = @() +$certCollection = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2Collection +foreach ($cert in $certs) +{ + $certBytes = [System.Convert]::FromBase64String($(Get-Item "Env:$cert").Value) + $certCollection.Import($certBytes,$null, [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::PersistKeySet) +} + +foreach ($cert in $certCollection) +{ + Write-Host "Installed certificate '$($cert.Thumbprint)' with subject: '$($cert.Subject)'" + $thumbprints += $cert.Thumbprint +} + +$store = Get-Item -Path Cert:\CurrentUser\My +$store.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadWrite) +$store.AddRange($certCollection) +$store.Close() + +Write-PipelineSetVariable -name "DacCertificateThumbprints" -Value "$($thumbprints -join ',')" -IsMultiJobVariable $false +Write-Host "Successfully installed diagnostic certificates" diff --git a/eng/pipelines/remove-diagnostic-certs.ps1 b/eng/pipelines/remove-diagnostic-certs.ps1 new file mode 100644 index 00000000000000..3ebea9f3e287ae --- /dev/null +++ b/eng/pipelines/remove-diagnostic-certs.ps1 @@ -0,0 +1,22 @@ +[CmdletBinding()] +param( + [string] + [Parameter(Mandatory)] + $thumbprintList +) + +$thumbprints = $thumbprintList -split ',' +$store = Get-Item -Path Cert:\CurrentUser\My +$store.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadWrite) +foreach ($thumbprint in $thumbprints) +{ + $cert = $store.Certificates.Find([System.Security.Cryptography.X509Certificates.X509FindType]::FindByThumbprint, $thumbprint, $false) + if ($null -eq $cert) + { + Write-Host "Certificate with thumbprint '$thumbprint' not found in the user store." + } + $store.RemoveRange($cert) + Write-Host "Removed certificate '$thumbprint'" +} +$store.Close() +Write-Host "Successfully removed diagnostic certificates" diff --git a/eng/pipelines/runtime-official.yml b/eng/pipelines/runtime-official.yml index 4604248840acb0..2b99888d192866 100644 --- a/eng/pipelines/runtime-official.yml +++ b/eng/pipelines/runtime-official.yml @@ -70,23 +70,29 @@ extends: - windows_x64 - windows_x86 - windows_arm64 + variables: + - name: _SignDiagnosticFilesArgs + value: '' jobParameters: templatePath: 'templates-official' - buildArgs: -s clr.runtime+clr.alljits+clr.nativeaotruntime -c $(_BuildConfig) /bl:$(Build.SourcesDirectory)/artifacts/logs/$(_BuildConfig)/CoreClrNativeBuild.binlog + preBuildSteps: + - template: /eng/pipelines/coreclr/templates/install-diagnostic-certs.yml + parameters: + isOfficialBuild: ${{ variables.isOfficialBuild }} + certNames: + - 'dotnetesrp-diagnostics-aad-ssl-cert' + - 'dotnet-diagnostics-esrp-pki-onecert' + vaultName: 'clrdiag-esrp-id' + azureSubscription: 'diagnostics-esrp-kvcertuser' + + buildArgs: -c $(_BuildConfig) /p:DotNetBuildAllRuntimePacks=true $(_SignDiagnosticFilesArgs) nameSuffix: AllRuntimes isOfficialBuild: ${{ variables.isOfficialBuild }} timeoutInMinutes: 120 postBuildSteps: - - template: /eng/pipelines/coreclr/templates/sign-diagnostic-files.yml + - template: /eng/pipelines/coreclr/templates/remove-diagnostic-certs.yml parameters: - basePath: $(Build.SourcesDirectory)/artifacts/bin/coreclr isOfficialBuild: ${{ variables.isOfficialBuild }} - timeoutInMinutes: 30 - # Now that we've signed the diagnostic files, do the rest of the build. - - template: /eng/pipelines/common/templates/global-build-step.yml - parameters: - buildArgs: -s clr.corelib+clr.nativecorelib+clr.nativeaotlibs+clr.tools+clr.packages+mono+libs+host+packs -c $(_BuildConfig) /p:DotNetBuildAllRuntimePacks=true - displayName: Build managed CoreCLR components, Mono, all libraries, hosts, and packs # Upload the results. - template: /eng/pipelines/common/upload-intermediate-artifacts-step.yml @@ -209,10 +215,21 @@ extends: artifactName: $(crossDacArtifactsContainer) downloadPath: $(crossDacArtifactsBasePath) checkDownloadedFiles: true + - template: /eng/pipelines/coreclr/templates/install-diagnostic-certs.yml + parameters: + isOfficialBuild: ${{ variables.isOfficialBuild }} + certNames: + - 'dotnetesrp-diagnostics-aad-ssl-cert' + - 'dotnet-diagnostics-esrp-pki-onecert' + vaultName: 'clrdiag-esrp-id' + azureSubscription: 'diagnostics-esrp-kvcertuser' - template: /eng/pipelines/common/templates/global-build-step.yml parameters: - buildArgs: -s linuxdac+alpinedac -c $(_BuildConfig) + buildArgs: -s linuxdac+alpinedac -c $(_BuildConfig) $(_SignDiagnosticFilesArgs) archParameter: -arch x64,x86,arm,arm64 + - template: /eng/pipelines/coreclr/templates/remove-diagnostic-certs.yml + parameters: + isOfficialBuild: ${{ variables.isOfficialBuild }} - task: CopyFiles@2 displayName: Gather CrossDacs inputs: @@ -221,11 +238,6 @@ extends: ** !**\sharedFramework\** TargetFolder: $(crossDacArtifactsPath) - - template: /eng/pipelines/coreclr/templates/sign-diagnostic-files.yml - parameters: - basePath: $(crossDacArtifactsPath) - isOfficialBuild: ${{ variables.isOfficialBuild }} - timeoutInMinutes: 30 postBuildSteps: # Save packages using the prepare-signed-artifacts format. # CrossDac packages are expected to be in the windows_x64 folder. diff --git a/src/coreclr/dlls/mscordac/CMakeLists.txt b/src/coreclr/dlls/mscordac/CMakeLists.txt index ef91243448c518..05b903b5698087 100644 --- a/src/coreclr/dlls/mscordac/CMakeLists.txt +++ b/src/coreclr/dlls/mscordac/CMakeLists.txt @@ -194,6 +194,8 @@ endif(CLR_CMAKE_HOST_UNIX) target_link_libraries(mscordaccore PRIVATE ${COREDAC_LIBRARIES}) +esrp_sign(mscordaccore) + # add the install targets install_clr(TARGETS mscordaccore DESTINATIONS . sharedFramework COMPONENT debug) diff --git a/src/coreclr/dlls/mscordbi/CMakeLists.txt b/src/coreclr/dlls/mscordbi/CMakeLists.txt index a92f844b0f9d9e..87e566175a25c0 100644 --- a/src/coreclr/dlls/mscordbi/CMakeLists.txt +++ b/src/coreclr/dlls/mscordbi/CMakeLists.txt @@ -130,5 +130,7 @@ elseif(CLR_CMAKE_HOST_UNIX) endif(CLR_CMAKE_HOST_WIN32) +esrp_sign(mscordbi) + # add the install targets install_clr(TARGETS mscordbi DESTINATIONS . sharedFramework COMPONENT debug) diff --git a/src/coreclr/dlls/mscoree/coreclr/CMakeLists.txt b/src/coreclr/dlls/mscoree/coreclr/CMakeLists.txt index aed404b39e5ae2..32a0a952dfebe9 100644 --- a/src/coreclr/dlls/mscoree/coreclr/CMakeLists.txt +++ b/src/coreclr/dlls/mscoree/coreclr/CMakeLists.txt @@ -215,14 +215,15 @@ if(CLR_CMAKE_TARGET_WIN32) configure_file(dump_helper_resource.rc.in ${CMAKE_CURRENT_BINARY_DIR}/dump_helper_resource.rc) - set(EMBEDDED_MINIDUMP_AUXILIARY_PROVIDER ON) - configure_file(dump_helper_resource.rc.in ${CMAKE_CURRENT_BINARY_DIR}/dump_helper_resource_embedded_minidump_provider.rc) + set(EMBEDDED_MINIDUMP_AUXILIARY_PROVIDER $) + configure_file(dump_helper_resource.rc.in ${CMAKE_CURRENT_BINARY_DIR}/dump_helper_resource_embedded_minidump_provider.rc.gen) + file(GENERATE OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/$/dump_helper_resource_embedded_minidump_provider.rc INPUT ${CMAKE_CURRENT_BINARY_DIR}/dump_helper_resource_embedded_minidump_provider.rc.gen) target_sources(coreclr PUBLIC ${CMAKE_CURRENT_BINARY_DIR}/dump_helper_resource.rc) - target_sources(coreclr_static PUBLIC ${CMAKE_CURRENT_BINARY_DIR}/dump_helper_resource_embedded_minidump_provider.rc) + target_sources(coreclr_static PUBLIC ${CMAKE_CURRENT_BINARY_DIR}/$/dump_helper_resource_embedded_minidump_provider.rc) add_dependencies(coreclr clr_debug_resources) - add_dependencies(coreclr_static clr_debug_resources) + add_dependencies(coreclr_static clr_debug_resources mscordaccore) endif(CLR_CMAKE_TARGET_WIN32) # add the install targets diff --git a/src/coreclr/dlls/mscoree/coreclr/dump_helper_resource.rc.in b/src/coreclr/dlls/mscoree/coreclr/dump_helper_resource.rc.in index e8b99b1b058702..b516c1fcf2437c 100644 --- a/src/coreclr/dlls/mscoree/coreclr/dump_helper_resource.rc.in +++ b/src/coreclr/dlls/mscoree/coreclr/dump_helper_resource.rc.in @@ -8,6 +8,10 @@ LANGUAGE LANG_NEUTRAL, SUBLANG_NEUTRAL MINIDUMP_AUXILIARY_PROVIDER RCDATA { "mscordaccore.dll\0" } +#else + +MINIDUMP_EMBEDDED_AUXILIARY_PROVIDER RCDATA "@EMBEDDED_MINIDUMP_AUXILIARY_PROVIDER@" + #endif @CLRDEBUGINFO_RESOURCE_NAME@ RCDATA "@CLRDEBUGINFO_RESOURCE_PATH@" diff --git a/src/coreclr/runtime.proj b/src/coreclr/runtime.proj index 12e655d9fdedba..ece995e04fe013 100644 --- a/src/coreclr/runtime.proj +++ b/src/coreclr/runtime.proj @@ -90,6 +90,10 @@ <_CoreClrBuildArg Include="-cmakeargs -DFEATURE_EVENT_TRACE=0"/> + + <_CoreClrBuildArg Include="-cmakeargs "-DCLR_CMAKE_ESRP_CLIENT=$(DotNetEsrpToolPath)"" /> + + <_CoreClrBuildScript Condition="$([MSBuild]::IsOsPlatform(Windows))">build-runtime.cmd <_CoreClrBuildScript Condition="!$([MSBuild]::IsOsPlatform(Windows))">build-runtime.sh diff --git a/src/coreclr/tools/InjectResource/InjectResource.csproj b/src/coreclr/tools/InjectResource/InjectResource.csproj deleted file mode 100644 index f8537a0cb11d58..00000000000000 --- a/src/coreclr/tools/InjectResource/InjectResource.csproj +++ /dev/null @@ -1,17 +0,0 @@ - - - - Exe - $(NetCoreAppToolCurrent) - enable - AnyCPU - AnyCPU - false - $(RuntimeBinDir)\InjectResource - false - - - - - - diff --git a/src/coreclr/tools/InjectResource/Program.cs b/src/coreclr/tools/InjectResource/Program.cs deleted file mode 100644 index 2fcf8cf5e166b3..00000000000000 --- a/src/coreclr/tools/InjectResource/Program.cs +++ /dev/null @@ -1,21 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. - -using System.CommandLine; -using System.IO; - -CliOption binOption = new("--bin") { Description = "Binary data to attach to the image" }; -CliOption imageOption = new("--image") { Description = "PE image to add the binary resource into" }; -CliOption nameOption = new("--name") { Description = "Resource name" }; -CliRootCommand rootCommand = new("Inject native resources into a Portable Executable image"); -rootCommand.Options.Add(binOption); -rootCommand.Options.Add(imageOption); -rootCommand.Options.Add(nameOption); - -rootCommand.SetAction(result => -{ - using ResourceUpdater updater = new(result.GetValue(imageOption)!); - updater.AddBinaryResource(result.GetValue(nameOption)!, File.ReadAllBytes(result.GetValue(binOption)!.FullName)); -}); - -return new CliConfiguration(rootCommand).Invoke(args); diff --git a/src/coreclr/tools/InjectResource/ResourceUpdater.cs b/src/coreclr/tools/InjectResource/ResourceUpdater.cs deleted file mode 100644 index dcb0ee92f37b63..00000000000000 --- a/src/coreclr/tools/InjectResource/ResourceUpdater.cs +++ /dev/null @@ -1,69 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. -using System; -using System.ComponentModel; -using System.IO; -using System.Runtime.InteropServices; - -class ResourceUpdater : IDisposable -{ - private class UpdateResourceHandle : SafeHandle - { - public UpdateResourceHandle() - :base(IntPtr.Zero, true) - { - - } - - protected override bool ReleaseHandle() - { - return EndUpdateResource(handle, false); - } - - public override bool IsInvalid => handle == IntPtr.Zero; - } - - [DllImport("kernel32", EntryPoint = "BeginUpdateResourceA", CharSet = CharSet.Ansi, SetLastError = true)] - private static extern UpdateResourceHandle BeginUpdateResource(string pFileName, bool bDeleteExistingResources); - - [DllImport("kernel32", EntryPoint = "UpdateResourceA", CharSet = CharSet.Ansi, SetLastError = true)] - private static extern bool UpdateResource( - UpdateResourceHandle hUpdate, - nint lpType, - string lpName, - ushort wLanguage, - byte[] lpData, - int cb); - - [DllImport("kernel32", EntryPoint = "EndUpdateResourceA", CharSet = CharSet.Ansi, SetLastError = true)] - private static extern bool EndUpdateResource(IntPtr hUpdate, bool fDiscard); - - private UpdateResourceHandle handle; - - public ResourceUpdater(FileInfo peFile) - { - handle = BeginUpdateResource(peFile.FullName, false); - if (handle.IsInvalid) - { - throw new Win32Exception(Marshal.GetLastPInvokeError(), peFile.FullName); - } - } - - private static readonly nint RT_RCDATA = 10; - - private const ushort LANG_NEUTRAL = 0; - - public void AddBinaryResource(string name, byte[] data) - { - bool success = UpdateResource(handle, RT_RCDATA, name, LANG_NEUTRAL, data, data.Length); - if (!success) - { - throw new Win32Exception(Marshal.GetLastPInvokeError(), name); - } - } - - public void Dispose() - { - handle.Dispose(); - } -} \ No newline at end of file diff --git a/src/native/corehost/corehost.proj b/src/native/corehost/corehost.proj index ed13d5113b869a..4bb50f98bb8b7c 100644 --- a/src/native/corehost/corehost.proj +++ b/src/native/corehost/corehost.proj @@ -16,11 +16,8 @@ $(ArtifactsObjDir)_version.c - - - + - $(CoreCLRArtifactsPath)/corehost/singlefilehost$(ExeSuffix) $(CoreCLRArtifactsPath)/mscordaccore$(LibSuffix) @@ -36,33 +33,14 @@ $(CoreCLRArtifactsPath)/corehost/singlefilehost$(SymbolsSuffix) $(DotNetHostBinDir)/singlefilehost$(SymbolsSuffix) - - - - - + + - -