arcade icon indicating copy to clipboard operation
arcade copied to clipboard
verified publisher icon dotnet

Microbuild Signing tool now supports Linux and Mac

Open epananth opened this issue 2 years ago • 5 comments

Linux and Mac Signing using Microbuild

For .NET 9 we are planning to move the signing bits to the repo builds. While doing research on splitting Staging pipeline effort, I was looking at moving the Linux signing and Mac signing the repo build.

Previously Microbuild did not support signing Linux on Linux box. (Microbuild depended on desktop msbuild).

But the new and improved Microbuild task now supports Linux signing on Linux box and Mac signing on Macs. Also this does not use msbuild at all.

Here you can read more on this task

Windows : Pretty straight forward like we used the SigntoolTask before, just that it will be moved from Staging pipeline to Repo build Linux : (no longer requires msbuild) So we can sign on the same machine as we build -Details are here Mac ( no longer requires msbuild) So we can sign on the same machine as we build - Additional details are here
NOTE: There is no "test" signing on the Mac. ( I think it was never available)

Brief proposal on what needs to happen:

  1. Modifications to the existing SignToolTask in arcade has to be made to support Linux and Mac platforms. ( Eg: New Microbuild plugin does not use msbuild for Linux and Macs. Currently SignTool has parameters like MSBuildPath, which is no longer necessary for Linux and Macs, so that has to be made optional. We have a .NET core dll which can call directly after we install the Microbuild plugin.

  2. Previously we would have needed separate legs for a) Building Linux b) Building Mac c) Sign these bits But with the new Microbuild plugin and changes to the SignToolTask we can Build + sign in the same stage. ( This will save time in standing up the machines)

  3. Repos onboard to this new feature by getting an arcade update (will need onboarding instructions)

epananth avatar May 23 '23 23:05 epananth

Just to double check, Microbuild doesn't require Desktop MSBuild on Windows either? Asking as it would be great to remove the VS dependency during signing.

ViktorHofer avatar May 24 '23 16:05 ViktorHofer

MicroBuild still uses Desktop MSBuild on Windows. So there is no work around that..

epananth avatar May 24 '23 17:05 epananth

cc: @mmitche @jaredpar

epananth avatar May 24 '23 17:05 epananth

As discussed @mmitche

Changes that has to be made in arcade

  1. Install MicroBuild Plugin
  2. Format the signing manifest depending on which platform
  3. Switch between Desktop msbuild vs .dll
  4. On board all the repos

NOTE : we can bring up windows, linux and mac os legs at the same time so that it won't add to the build time OR Allocate windows machine so that they can sign the linux binaries

epananth avatar Jun 02 '23 23:06 epananth

MicroBuild still uses Desktop MSBuild on Windows. So there is no work around that..

Why is that so? Is there documentation on that?

ViktorHofer avatar Oct 20 '23 13:10 ViktorHofer