@@ -84,31 +84,6 @@ steps:
8484files_to_sign :' **\*.psd1;**\*.psm1;**\*.ps1xml;**\*.ps1;**\*.dll;**\*.exe;**\pwsh'
8585search_root :$(Pipeline.Workspace)/toBeSigned
8686
87- -task :onebranch.pipeline.signing@1
88- displayName :Sign pwsh.exe with Windows cert
89- inputs :
90- command :' sign'
91- cp_code :' 203'
92- files_to_sign :' **\pwsh.exe'
93- search_root :$(Pipeline.Workspace)/toBeSigned
94-
95- -pwsh :|
96- if (Test-Path $(Pipeline.Workspace)/toBeSigned/pwsh.exe) {
97- Write-Verbose -Verbose "pwsh.exe is found, verifying signature"
98- $signature = Get-AuthenticodeSignature -FilePath $(Pipeline.Workspace)/toBeSigned/pwsh.exe
99- if ($signature.SignerCertificate.Issuer -notmatch '^CN=Microsoft Windows Production.*') {
100- Write-Error -ErrorAction Stop "pwsh.exe is not signed by Microsoft"
101- }
102- else {
103- Write-Verbose -Verbose "pwsh.exe is signed by Microsoft"
104- }
105- }
106- else {
107- Write-Verbose -Verbose "pwsh.exe is not found, skipping"
108- }
109-
110- displayName :' Verify windows signature'
111-
11287-pwsh :|
11388 Get-ChildItem -Path env: | Out-String -width 9999 -Stream | write-Verbose -Verbose
11489displayName :Capture environment