Skip already signed packages (dotnet#1142)

Author: natemcmaster

build/Prepare.targets

@@ -17,14 +17,38 @@
 
   <Target Name="ExtractInputs">
     <ItemGroup>
-      <UnsignedPackages Include="$(UnsignedPackagesDir)*.nupkg" />
-      <UnsignedVSIX Include="$(DepsDirectory)build\*.vsix" />
+      <_InputPackages Include="$(UnsignedPackagesDir)*.nupkg" />
+      <_InputVSIX Include="$(DepsDirectory)build\*.vsix" />
       <UnsignedSharedFx Include="$(DepsDirectory)runtime\*.zip" />
       <UnsignedOobArchive Include="$(DepsDirectory)build\AspNetCoreModule.zip" Condition="Exists('$(DepsDirectory)build\AspNetCoreModule.zip')" />
       <UnsignedOobArchive Include="$(DepsDirectory)build\runtime-site-extension-*.zip" />
       <PoliCheckPackages Include="@(UnsignedPackages)" />
       <UnsignedMPacks Include="$(DepsDirectory)build\**\*.mpack" />
+    </ItemGroup>
+
+    <!-- Filter already signed .nupkgs -->
+    <FilterSignedPackagesFiles Files="@(_InputPackages)">
+      <Output TaskParameter="Signed" ItemName="AlreadySignedPackages" />
+      <Output TaskParameter="Unsigned" ItemName="UnsignedPackages" />
+    </FilterSignedPackagesFiles>
+
+    <StupidCopy Condition="'@(AlreadySignedPackages)' != ''"
+      SourceFiles="@(AlreadySignedPackages)"
+      DestinationFolder="$(PackagesOutputPath)" />
+
+    <!-- Filter already signed .vsix -->
+    <FilterSignedPackagesFiles Files="@(_InputVSIX)">
+      <Output TaskParameter="Signed" ItemName="AlreadySignedVSIX" />
+      <Output TaskParameter="Unsigned" ItemName="UnsignedVSIX" />
+    </FilterSignedPackagesFiles>
 
+    <MakeDir Directories="$(SignedVSIXPath)%(AlreadySignedVSIX.FileName)\" />
+
+    <StupidCopy Condition="'@(AlreadySignedVSIX)' != ''"
+      SourceFiles="%(AlreadySignedVSIX.FullPath);$(DepsDirectory)build\%(AlreadySignedVSIX.FileName).json"
+      DestinationFolder="$(SignedVSIXPath)%(AlreadySignedVSIX.FileName)\" />
+
+    <ItemGroup>
       <_UnzipFiles Include="@(UnsignedPackages)" Destination="$(UnsignedPackagesPath)" />
       <_UnzipFiles Include="@(UnsignedVSIX)" Destination="$(UnsignedVSIXPath)" />
       <_UnzipFiles Include="@(UnsignedSharedFx)" Destination="$(UnsignedSharedFxPath)" />

build/Sign.targets

@@ -162,8 +162,18 @@
     </PropertyGroup>
 
     <ItemGroup>
-      <_UnsignedJars Include="$(UnsignedPackagesDir)**\*.jar" />
+      <_InputJar Include="$(UnsignedPackagesDir)**\*.jar" />
     </ItemGroup>
+    
+    <!-- Filter already signed .jar -->
+    <FilterSignedPackagesFiles Files="@(_InputJar)">
+      <Output TaskParameter="Signed" ItemName="AlreadySignedJar" />
+      <Output TaskParameter="Unsigned" ItemName="_UnsignedJars" />
+    </FilterSignedPackagesFiles>
+
+    <StupidCopy Condition="'@(AlreadySignedJar)' != ''"
+      SourceFiles="@(AlreadySignedJar)"
+      DestinationFolder="$(PackagesOutputPath)" />
 
     <Microsoft.Build.OOB.ESRP.CreateSignManifests Condition="'@(_UnsignedJars)'!=''"
        ApplicationId="$(ESRPApplicationId)"
@@ -373,7 +383,8 @@
     <ZipArchive
       File="$(OutputFile)"
       SourceFiles="@(Files)"
-      WorkingDirectory="$(ZipRoot)" />
+      WorkingDirectory="$(ZipRoot)"
+      Overwrite="true" />
   </Target>
 
   <Target Name="SignCheck" >

build/tasks/FilterSignedPackagesFiles.cs

@@ -0,0 +1,77 @@
+using System.Collections.Concurrent;
+using System.Diagnostics;
+using System.IO;
+using System.IO.Compression;
+using System.Threading.Tasks;
+using Microsoft.Build.Framework;
+
+namespace RepoTasks
+{
+    /// <summary>
+    /// Determine which files are already signed.
+    /// </summary>
+    public class FilterSignedPackagesFiles : Microsoft.Build.Utilities.Task
+    {
+        /// <summary>
+        /// The files to be hashed.
+        /// </summary>
+        [Required]
+        public ITaskItem[] Files { get; set; }
+
+        /// <summary>
+        /// The files which are signed.
+        /// </summary>
+        [Output]
+        public ITaskItem[] Signed { get; set; }
+
+        /// <summary>
+        /// The files which are not
+        /// </summary>
+        [Output]
+        public ITaskItem[] Unsigned { get; set; }
+
+        public override bool Execute()
+        {
+            var signed = new ConcurrentBag<ITaskItem>();
+            var unsigned = new ConcurrentBag<ITaskItem>();
+            Parallel.ForEach(Files, file =>
+            {
+                if (IsPackageSigned(file.ItemSpec))
+                {
+                    signed.Add(file);
+                }
+                else
+                {
+                    Log.LogMessage(MessageImportance.High, "Package {0} is not signed.", Path.GetFileName(file.ItemSpec));
+                    unsigned.Add(file);
+                }
+            });
+
+            Signed = signed.ToArray();
+            Unsigned = unsigned.ToArray();
+            Log.LogMessage(MessageImportance.High, "Found {0} signed and {1} unsigned files", Signed.Length, Unsigned.Length);
+            Debug.Assert(Signed.Length + Unsigned.Length == Files.Length, "Make sure all files are accounted for");
+            return !Log.HasLoggedErrors;
+        }
+
+        private bool IsPackageSigned(string filePath)
+        {
+            using (var file = File.OpenRead(filePath))
+            using (var zip = new ZipArchive(file, ZipArchiveMode.Read))
+            {
+                switch (Path.GetExtension(filePath).ToLowerInvariant())
+                {
+                    case ".nupkg":
+                        return zip.GetEntry(".signature.p7s") != null;
+                    case ".vsix":
+                        return zip.GetEntry("package/services/digital-signature/_rels/origin.psdor.rels") != null;
+                    case ".jar":
+                        return zip.GetEntry("META-INF/MSFTSIG.RSA") != null;
+                    default:
+                        Log.LogError("Unrecognized package type: {0}", filePath);
+                        return false;
+                }
+            }
+        }
+    }
+}

build/tasks/RepoTasks.tasks

@@ -7,6 +7,7 @@
 
   <UsingTask TaskName="RepoTasks.GetFileHash" AssemblyFile="$(_RepoTaskAssembly)" />
   <UsingTask TaskName="RepoTasks.FilterAuthenticodeSignedFiles" AssemblyFile="$(_RepoTaskAssembly)" />
+  <UsingTask TaskName="RepoTasks.FilterSignedPackagesFiles" AssemblyFile="$(_RepoTaskAssembly)" />
   <UsingTask TaskName="RepoTasks.StupidCopy" AssemblyFile="$(_RepoTaskAssembly)" />
   <UsingTask TaskName="RepoTasks.VerifyPoliCheckResults" AssemblyFile="$(_RepoTaskAssembly)" />
   <UsingTask TaskName="Microsoft.Build.OOB.ESRP.CreateSignManifests" AssemblyFile="$(_RepoTaskAssembly)" />

build/tasks/tasks.sln

@@ -0,0 +1,34 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio 15
+VisualStudioVersion = 15.0.26124.0
+MinimumVisualStudioVersion = 15.0.26124.0
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "RepoTasks", "RepoTasks.csproj", "{78054E53-3D57-4401-AFAA-B31F50E64CEC}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Any CPU = Debug|Any CPU
+		Debug|x64 = Debug|x64
+		Debug|x86 = Debug|x86
+		Release|Any CPU = Release|Any CPU
+		Release|x64 = Release|x64
+		Release|x86 = Release|x86
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{78054E53-3D57-4401-AFAA-B31F50E64CEC}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{78054E53-3D57-4401-AFAA-B31F50E64CEC}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{78054E53-3D57-4401-AFAA-B31F50E64CEC}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{78054E53-3D57-4401-AFAA-B31F50E64CEC}.Debug|x64.Build.0 = Debug|Any CPU
+		{78054E53-3D57-4401-AFAA-B31F50E64CEC}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{78054E53-3D57-4401-AFAA-B31F50E64CEC}.Debug|x86.Build.0 = Debug|Any CPU
+		{78054E53-3D57-4401-AFAA-B31F50E64CEC}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{78054E53-3D57-4401-AFAA-B31F50E64CEC}.Release|Any CPU.Build.0 = Release|Any CPU
+		{78054E53-3D57-4401-AFAA-B31F50E64CEC}.Release|x64.ActiveCfg = Release|Any CPU
+		{78054E53-3D57-4401-AFAA-B31F50E64CEC}.Release|x64.Build.0 = Release|Any CPU
+		{78054E53-3D57-4401-AFAA-B31F50E64CEC}.Release|x86.ActiveCfg = Release|Any CPU
+		{78054E53-3D57-4401-AFAA-B31F50E64CEC}.Release|x86.Build.0 = Release|Any CPU
+	EndGlobalSection
+EndGlobal