Add option to disable all strong name signing during build of NuGet.Client repository (#5744)

Author: jeffkl

build.ps1

@@ -21,7 +21,7 @@ Indicates the build script is invoked from CI
 Indicates whether to create the end to end package.
 
 .PARAMETER SkipDelaySigning
-Indicates whether to skip delay signing.  By default assemblies will be delay signed.
+Indicates whether to skip strong name signing.  By default assemblies will be delay signed and require strong name validation exclusions.
 
 .EXAMPLE
 .\build.ps1
@@ -135,8 +135,7 @@ Invoke-BuildStep $VSMessage {
 
     If ($SkipDelaySigning)
     {
-        $buildArgs += "/p:MS_PFX_PATH="
-        $buildArgs += "/p:NUGET_PFX_PATH="
+        $buildArgs += "/p:SkipSigning=true"
     }
 
     if ($Binlog)

build/common.targets

@@ -24,9 +24,7 @@
     </ItemGroup>
   </Target>
 
-  <ImportGroup Condition=" '$(SkipSigning)' != 'true' ">
-    <Import Project="sign.targets" />
-  </ImportGroup>
+  <Import Project="sign.targets" Condition=" '$(SkipSigning)' != 'true' "/>
 
   <PropertyGroup Condition="'$(Shipping)' == 'true'">
     <GetSigningInputsDependsOn Condition="'$(GetSigningInputsDependsOn)' == ''">GetSigningInputsDefault</GetSigningInputsDependsOn>

build/config.props

@@ -90,11 +90,6 @@
     <PackageIcon>icon.png</PackageIcon>
   </PropertyGroup>
 
-  <PropertyGroup>
-    <NUGET_PFX_PATH>$(MSBuildThisFileDirectory)..\keys\NuGetKey.snk</NUGET_PFX_PATH>
-    <MS_PFX_PATH>$(MSBuildThisFileDirectory)..\keys\35MSSharedLib1024.snk</MS_PFX_PATH>
-  </PropertyGroup>
-
   <Target Name="GetSemanticVersion">
     <Message Text="$(SemanticVersion)" Importance="High"/>
   </Target>

build/sign.targets

@@ -1,27 +1,44 @@
-<Project xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-
-  <!-- Use NuGet SNK by default for all projects except API.Test. -->
+<Project>
   <PropertyGroup>
-    <StrongNameKey>$(NUGET_PFX_PATH)</StrongNameKey>
-    <DefaultStrongNameCert>67</DefaultStrongNameCert>
+    <SignAssembly>true</SignAssembly>
+    <SignWithTestKey Condition="'$(TestProject)' == 'true'">true</SignWithTestKey>
   </PropertyGroup>
 
-  <!-- Use MSFT SNK for all NuGet.Core test and source projects and since we do not own MSFT SNK we can only delay sign the assemblies. -->
-  <PropertyGroup Condition = " $(MSBuildProjectFullPath.Contains('src\NuGet.Core')) == 'true' or $(MSBuildProjectFullPath.Contains('test/NuGet.Core')) == 'true' or
-                               $(MSBuildProjectFullPath.Contains('src/NuGet.Core')) == 'true' or $(MSBuildProjectFullPath.Contains('test\NuGet.Core')) == 'true' or
-                               $(MSBuildProjectFullPath.Contains('NuGet.CommandLine.csproj')) == 'true' or
-                               $(MSBuildProjectFullPath.Contains('NuGet.Indexing.csproj')) == 'true' ">
+  <PropertyGroup Condition="'$(TestProject)' != 'true' And '$(SignWithTestKey)' != 'true'">
+    <SignWithNuGetKey Condition="'$(SignWithMicrosoftKey)' != 'true' And '$(SignWithNuGetKey)' == ''">true</SignWithNuGetKey>
+    <SignWithMicrosoftKey Condition="'$(SignWithNuGetKey)' != 'true' And '$(SignWithMicrosoftKey)' == ''">true</SignWithMicrosoftKey>
+  </PropertyGroup>
+  
+  <!-- Use Test SNK by default for all test projects -->
+  <PropertyGroup Condition="'$(SignWithTestKey)' == 'true'">
+    <AssemblyOriginatorKeyFile>$([System.IO.Path]::Combine($(MSBuildThisFileDirectory), '..', 'keys', 'Test.snk'))</AssemblyOriginatorKeyFile>
+  </PropertyGroup>
 
-    <StrongNameKey>$(MS_PFX_PATH)</StrongNameKey>
-    <DefaultStrongNameCert>MsSharedLib72</DefaultStrongNameCert>
+  <!-- Use NuGet SNK by default for all projects -->
+  <PropertyGroup Condition="'$(SignWithNuGetKey)' == 'true'">
+    <AssemblyOriginatorKeyFile>$([System.IO.Path]::Combine($(MSBuildThisFileDirectory), '..', 'keys', 'NuGetKey.snk'))</AssemblyOriginatorKeyFile>
+    <StrongNameCert>67</StrongNameCert>
   </PropertyGroup>
 
-  <PropertyGroup Condition = " Exists($(StrongNameKey)) ">
-    <SignAssembly>true</SignAssembly>
+  <!-- Use MSFT SNK for all NuGet.Core projects and since we do not own MSFT SNK we can only delay sign the assemblies. -->
+  <PropertyGroup Condition="'$(SignWithMicrosoftKey)' == 'true'">
+    <AssemblyOriginatorKeyFile>$([System.IO.Path]::Combine($(MSBuildThisFileDirectory), '..', 'keys', '35MSSharedLib1024.snk'))</AssemblyOriginatorKeyFile>
+    <StrongNameCert>MsSharedLib72</StrongNameCert>
+  </PropertyGroup>
+
+  <PropertyGroup Condition="'$(SignWithNuGetKey)' == 'true' Or '$(SignWithMicrosoftKey)' == 'true'">
     <DelaySign Condition="'$(IsXplat)' != 'true'">true</DelaySign>
     <PublicSign Condition="'$(IsXplat)' == 'true'">true</PublicSign>
-    <AssemblyOriginatorKeyFile Condition = " '$(AssemblyOriginatorKeyFile)' == '' ">$(StrongNameKey)</AssemblyOriginatorKeyFile>
-    <StrongNameCert Condition="'$(StrongNameCert)' == ''">$(DefaultStrongNameCert)</StrongNameCert>
   </PropertyGroup>
 
+  <ItemGroup>
+    <!-- All InternalsVisibleTo are supposed to be tests so update them with the public key from Test.snk -->
+    <InternalsVisibleTo Update="@(InternalsVisibleTo)" PublicKey="0024000004800000940000000602000000240000525341310004000001000100A5276DF8650A58CB43396DC7B3D395F30A82D0D1FA98FBCFE3ABEAD5DE0B1DB6764347A0F6BF0B060A27C202CCD122DB5DED8F596CEBE2ECC3A6629015EEB96C94F6B9E8185D4ACC84C376FF6B1C3147431A4D55CB5736DB97A9E88FCC47D9193F4DB5896DC5817E5D0CBD2641726E7431990BCD2DD7FA1D28493D0CFD9DCFA4" />
+    
+    <!-- DynamicProxyGenAssembly2 is the assembly generated by mocks and are signed with a known key -->
+    <InternalsVisibleTo Update="DynamicProxyGenAssembly2" PublicKey="0024000004800000940000000602000000240000525341310004000001000100C547CAC37ABD99C8DB225EF2F6C8A3602F3B3606CC9891605D02BAA56104F4CFC0734AA39B93BF7852F7D9266654753CC297E7D2EDFE0BAC1CDCF9F717241550E0A7B191195B7667BB4F64BCB8E2121380FD1D9D46AD2D92D2D15605093924CCEAF74C4861EFF62ABF69B9291ED0A340E113BE11E6A7D3113E92484CF7045CC7" />
+    
+    <!-- Test.Utility is shipped so is singed with the NuGet key -->
+    <InternalsVisibleTo Update="Test.Utility" PublicKey="002400000480000094000000060200000024000052534131000400000100010007D1FA57C4AED9F0A32E84AA0FAEFD0DE9E8FD6AEC8F87FB03766C834C99921EB23BE79AD9D5DCC1DD9AD236132102900B723CF980957FC4E177108FC607774F29E8320E92EA05ECE4E821C0A5EFE8F1645C4C0C93C1AB99285D622CAA652C1DFAD63D745D6F2DE5F17E5EAF0FC4963D261C8A12436518206DC093344D5AD293" />
+  </ItemGroup>
 </Project>

keys/Test.snk

@@ -12,6 +12,7 @@
     <ApplicationManifest>app.manifest</ApplicationManifest>
     <Shipping>true</Shipping>
     <OutputType>Exe</OutputType>
+    <SignWithMicrosoftKey>true</SignWithMicrosoftKey>
     <ComVisible>false</ComVisible>
     <!-- Pack properties-->
     <PackProject>true</PackProject>
@@ -23,7 +24,7 @@
     <UsePublicApiAnalyzer>false</UsePublicApiAnalyzer>
     <GetSigningInputsDependsOn>GetSigningInputsCustom</GetSigningInputsDependsOn>
     <GetSymbolsToIndexDependsOn>GetSymbolsToIndexCustom</GetSymbolsToIndexDependsOn>
-  </PropertyGroup>
+</PropertyGroup>
 
   <Target Name="CreateCommandlineNupkg">
     <ItemGroup>
@@ -101,6 +102,11 @@
     </EmbeddedResource>
   </ItemGroup>
 
+  <ItemGroup>
+    <InternalsVisibleTo Include="NuGet.CommandLine.FuncTest" />
+    <InternalsVisibleTo Include="NuGet.CommandLine.Test" />
+  </ItemGroup>
+
   <Target Name="DetermineILMergeNuGetExeInputsOutputs">
     <PropertyGroup>
       <PathToBuiltNuGetExe>$(OutputPath)NuGet.exe</PathToBuiltNuGetExe>
@@ -124,7 +130,7 @@
           Condition="'$(BuildingInsideVisualStudio)' != 'true' and '$(SkipILMergeOfNuGetExe)' != 'true'" >
     <PropertyGroup>
       <IlmergeCommand>$(ILMergeConsolePath) /lib:$(OutputPath) /out:$(PathToMergedNuGetExe) @(MergeAllowDup -> '/allowdup:%(Identity)', ' ') /log:$(OutputPath)IlMergeLog.txt</IlmergeCommand>
-      <IlmergeCommand Condition="Exists($(MS_PFX_PATH))">$(IlmergeCommand) /delaysign /keyfile:$(MS_PFX_PATH)</IlmergeCommand>
+      <IlmergeCommand Condition="'$(SkipSigning)' != 'true' And Exists($(AssemblyOriginatorKeyFile))">$(IlmergeCommand) /delaysign /keyfile:$(AssemblyOriginatorKeyFile)</IlmergeCommand>
       <IlmergeCommand>$(IlmergeCommand) $(PathToBuiltNuGetExe) @(BuildArtifacts->'%(fullpath)', ' ')</IlmergeCommand>
       <IlmergeCommand>$(IlmergeCommand) @(LocResource->'%(fullpath)', ' ')</IlmergeCommand>
     </PropertyGroup>

src/NuGet.Clients/NuGet.CommandLine/NuGet.CommandLine.csproj

@@ -43,4 +43,10 @@
     </EmbeddedResource>
   </ItemGroup>
 
+  <ItemGroup>
+    <InternalsVisibleTo Include="DynamicProxyGenAssembly2" />
+    <InternalsVisibleTo Include="NuGet.Console.TestContract" />
+    <InternalsVisibleTo Include="NuGet.PowerShellHost.Test" />
+  </ItemGroup>
+
 </Project>

src/NuGet.Clients/NuGet.CommandLine/Properties/AssemblyInfo.cs

@@ -2,17 +2,8 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Reflection;
-using System.Runtime.CompilerServices;
 using System.Runtime.InteropServices;
 
-// General Information about an assembly is controlled through the following 
-// set of attributes. Change these attribute values to modify the information
-// associated with an assembly.
-
-[assembly: InternalsVisibleTo("NuGet.Console.TestContract, PublicKey=002400000480000094000000060200000024000052534131000400000100010007d1fa57c4aed9f0a32e84aa0faefd0de9e8fd6aec8f87fb03766c834c99921eb23be79ad9d5dcc1dd9ad236132102900b723cf980957fc4e177108fc607774f29e8320e92ea05ece4e821c0a5efe8f1645c4c0c93c1ab99285d622caa652c1dfad63d745d6f2de5f17e5eaf0fc4963d261c8a12436518206dc093344d5ad293")]
-[assembly: InternalsVisibleTo("NuGet.PowerShellHost.Test, PublicKey=0024000004800000940000000602000000240000525341310004000001000100b5fc90e7027f67871e773a8fde8938c81dd402ba65b9201d60593e96c492651e889cc13f1415ebb53fac1131ae0bd333c5ee6021672d9718ea31a8aebd0da0072f25d87dba6fc90ffd598ed4da35e44c398c454307e8e33b8426143daec9f596836f97c8f74750e5975c64e2189f45def46b2a2b1247adc3652bf5c308055da9")]
-[assembly: InternalsVisibleTo("DynamicProxyGenAssembly2, PublicKey=0024000004800000940000000602000000240000525341310004000001000100c547cac37abd99c8db225ef2f6c8a3602f3b3606cc9891605d02baa56104f4cfc0734aa39b93bf7852f7d9266654753cc297e7d2edfe0bac1cdcf9f717241550e0a7b191195b7667bb4f64bcb8e2121380fd1d9d46ad2d92d2d15605093924cceaf74c4861eff62abf69b9291ed0a340e113be11e6a7d3113e92484cf7045cc7")]
-
 // The following GUID is for the ID of the typelib if this project is exposed to COM
 
 [assembly: Guid("3f7df594-3ac4-4ed6-93c3-1dcfee7600c6")]

src/NuGet.Clients/NuGet.Console/NuGet.Console.csproj

@@ -6,6 +6,7 @@
     <PackProject>true</PackProject>
     <Shipping>true</Shipping>
     <IncludeInVsix>true</IncludeInVsix>
+    <SignWithMicrosoftKey>true</SignWithMicrosoftKey>
   </PropertyGroup>
 
   <ItemGroup>