compile_powershell
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| compile_powershell [2024/12/23 20:32] – kenson | compile_powershell [2025/10/25 23:11] (current) – kenson | ||
|---|---|---|---|
| Line 17: | Line 17: | ||
| To sign the binary, I followed the steps in the following docs: | To sign the binary, I followed the steps in the following docs: | ||
| - | [[https:// | + | * [[https:// |
| - | [[https:// | + | |
| - | ]] | + | |
| Signing Command once everything is set up: | Signing Command once everything is set up: | ||
| Line 26: | Line 25: | ||
| </ | </ | ||
| + | The key is to get the following metadata correct and log into azure with the correct credentials | ||
| metadata.json | metadata.json | ||
| Line 35: | Line 35: | ||
| | | ||
| </ | </ | ||
| - | -- | ||
| - | Notes: | + | The CodeSigningAccountName is the TrustedSigningAccount in the Azure Dashboard |
| - | < | + | |
| - | Azure CLI | + | |
| - | https:// | + | |
| + | {{: | ||
| - | .NET 6.0 | + | The CertificateProfileName is the relevant entry in your CertificateProfile |
| - | https:// | + | |
| + | {{: | ||
| - | * `AZURE_TENANT_ID`: | + | To set up azure CLI environment for signing, from powershell run: |
| - | The Microsoft Entra tenant (directory) ID. | + | < |
| - | Use the value you noted down earlier. Can also be found in Microsoft Entra ID. | + | az login |
| - | * `AZURE_CLIENT_ID`: | + | </ |
| - | The client (application) ID of an App Registration in the tenant. | + | |
| - | Use the value you noted down earlier. | + | |
| - | * `AZURE_CLIENT_SECRET`: | + | |
| - | A client secret (" | + | |
| - | Use the value you noted down earlier. | + | |
| - | Secret ID | + | e.g. |
| - | b9f633b1-95a9-41a3-916d-5f767a5a1eff | + | |
| - | Secret ID | + | |
| - | b9f633b1-95a9-41a3-916d-5f767a5a1eff | + | |
| - | -- | + | |
| - | ----------------------------------------------------------- | + | |
| - | EmbrientApplication | + | |
| - | + | ||
| - | Application (client) ID: | + | |
| - | bce73e33-0cd2-46e0-b6d5-5e02177d1e7e | + | |
| - | + | ||
| - | Object ID: | + | |
| - | f767a96b-d3d9-4b47-831b-702fae753509 | + | |
| - | + | ||
| - | Directory (tenant) ID: | + | |
| - | 5b98d9c4-2ba7-4bbe-84e6-3009d4892a19 | + | |
| - | + | ||
| - | -- | + | |
| - | + | ||
| - | EmbrientApplicationClientSecret (expires 12/ | + | |
| - | + | ||
| - | Value: | + | |
| - | jOD8Q~ta949oEVabqnjxdSm3vpLnE3HTHExJOaeV | + | |
| - | + | ||
| - | Secret ID: | + | |
| - | ba0b65af-583b-48fd-ab4b-6abdc122da98 | + | |
| - | + | ||
| - | -- | + | |
| + | < | ||
| PS C: | PS C: | ||
| Select the account you want to log in with. For more information on login with Azure CLI, see https:// | Select the account you want to log in with. For more information on login with Azure CLI, see https:// | ||
| Line 95: | Line 61: | ||
| No | No | ||
| ----- --------------------- | ----- --------------------- | ||
| - | [1] * Azure subscription 1 eded16d8-8a4d-4848-ae8b-b015efb8ac7b | + | [1] * Azure subscription 1 xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx |
| - | [2] Code Signing Embrient | + | [2] Code Signing Embrient |
| - | The default is marked with an *; the default tenant is ' | + | The default is marked with an *; the default tenant is ' |
| - | Select a subscription and tenant (Type a number or Enter for no changes): | + | Select a subscription and tenant (Type a number or Enter for no changes):</ |
| - | Tenant: Default Directory | ||
| - | Subscription: | ||
| - | [Announcements] | + | Next set up for code signing via the command |
| - | With the new Azure CLI login experience, you can select the subscription you want to use more easily. Learn more about it and its configuration at https:// | + | |
| - | If you encounter any problem, please open an issue at https://aka.ms/azclibug | + | < |
| + | az ad sp create --id cf2ab426-f71a-4b61-bb8a-9e505b85bc2e | ||
| + | </code> | ||
| + | < | ||
| + | az ad app permission grant --id cf2ab426-f71a-4b61-bb8a-9e505b85bc2e --api 00000003-0000-0000-c000-000000000000 --scope User.Read | ||
| + | </code> | ||
| - | [Warning] The login output has been updated. Please be aware that it no longer displays the full list of available subscriptions by default. | + | < |
| - | PS C: | ||
| - | { | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | }, | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | { | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | } | ||
| - | ], | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | ], | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | ], | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | } | ||
| - | } | ||
| - | PS C: | ||
| - | >> | ||
| - | { | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | } | ||
| - | |||
| - | -- | ||
| - | SIGNTOOL: | ||
| - | C:\Program Files (x86)\Windows Kits\10\bin\10.0.26100.0\x64\signtool.exe | ||
| - | |||
| - | AZURE_TENANT_ID: | ||
| - | 5b98d9c4-2ba7-4bbe-84e6-3009d4892a19 | ||
| - | |||
| - | AZURE_CLIENT_ID: | ||
| - | bce73e33-0cd2-46e0-b6d5-5e02177d1e7e | ||
| - | |||
| - | AZURE_CLIENT_SECRET: | ||
| - | jOD8Q~ta949oEVabqnjxdSm3vpLnE3HTHExJOaeV | ||
| - | |||
| - | ACS_DLIB: | ||
| - | C: | ||
| - | |||
| - | ACS_JSON: | ||
| - | U: | ||
| - | |||
| - | |||
| - | |||
| - | set AZURE_TENANT_ID=5b98d9c4-2ba7-4bbe-84e6-3009d4892a19 | ||
| - | set AZURE_CLIENT_ID=bce73e33-0cd2-46e0-b6d5-5e02177d1e7e | ||
| - | set AZURE_CLIENT_SECRET=jOD8Q~ta949oEVabqnjxdSm3vpLnE3HTHExJOaeV | ||
| - | |||
| - | |||
| - | " | ||
| - | |||
| - | |||
| - | -- | ||
| - | |||
| - | az login --service-principal -u " | ||
| - | |||
| - | -- | ||
| - | |||
| - | |||
| - | Worked!!! | ||
| - | |||
| - | & " | ||
| - | |||
| - | |||
| - | -- | ||
| - | |||
| - | & " | ||
| - | |||
| - | |||
| - | -- | ||
| - | |||
| - | |||
| - | |||
| - | PS U: | ||
| - | |||
| - | Trusted Signing | ||
| - | |||
| - | Version: 1.0.60 | ||
| - | |||
| - | " | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | } | ||
| - | |||
| - | Submitting digest for signing... | ||
| - | |||
| - | OperationId 761b5826-3a59-4a4f-bee0-862d8014db98: | ||
| - | |||
| - | Signing completed with status ' | ||
| - | |||
| - | Successfully signed: FlashGMS.exe | ||
| - | |||
| - | Number of files successfully Signed: 1 | ||
| - | Number of warnings: 0 | ||
| - | Number of errors: 0 | ||
| - | PS U: | ||
| - | |||
| - | Verifying: FlashGMS.exe | ||
| - | |||
| - | Signature Index: 0 (Primary Signature) | ||
| - | Hash of file (sha256): 591B2DB7FC4EFD21D3E6F6495E6AB38F7B0E1A29B22D2160CBAED4A9280A5A23 | ||
| - | |||
| - | Signing Certificate Chain: | ||
| - | Issued to: Microsoft Identity Verification Root Certificate Authority 2020 | ||
| - | Issued by: Microsoft Identity Verification Root Certificate Authority 2020 | ||
| - | Expires: | ||
| - | SHA1 hash: F40042E2E5F7E8EF8189FED15519AECE42C3BFA2 | ||
| - | |||
| - | Issued to: Microsoft ID Verified Code Signing PCA 2021 | ||
| - | Issued by: Microsoft Identity Verification Root Certificate Authority 2020 | ||
| - | Expires: | ||
| - | SHA1 hash: 8E750F459DAF9A79D6370DB747AD2226866AD818 | ||
| - | |||
| - | Issued to: Microsoft ID Verified CS AOC CA 02 | ||
| - | Issued by: Microsoft ID Verified Code Signing PCA 2021 | ||
| - | Expires: | ||
| - | SHA1 hash: 7BEE5EE49C8AC13A21A202BBC266A5547CD0265D | ||
| - | |||
| - | Issued to: Embrient, Inc. | ||
| - | Issued by: Microsoft ID Verified CS AOC CA 02 | ||
| - | Expires: | ||
| - | SHA1 hash: 78667D9D10B712F94B4E7CA856B2401C9444B3D7 | ||
| - | |||
| - | The signature is timestamped: | ||
| - | Timestamp Verified by: | ||
| - | Issued to: Microsoft Identity Verification Root Certificate Authority 2020 | ||
| - | Issued by: Microsoft Identity Verification Root Certificate Authority 2020 | ||
| - | Expires: | ||
| - | SHA1 hash: F40042E2E5F7E8EF8189FED15519AECE42C3BFA2 | ||
| - | |||
| - | Issued to: Microsoft Public RSA Timestamping CA 2020 | ||
| - | Issued by: Microsoft Identity Verification Root Certificate Authority 2020 | ||
| - | Expires: | ||
| - | SHA1 hash: 27F0ABAC2877BA255F62B389B43FF539A0FB598E | ||
| - | |||
| - | Issued to: Microsoft Public RSA Time Stamping Authority | ||
| - | Issued by: Microsoft Public RSA Timestamping CA 2020 | ||
| - | Expires: | ||
| - | SHA1 hash: D24C0B49D69EC0C7057842693F741708C7351F23 | ||
| - | |||
| - | |||
| - | Successfully verified: FlashGMS.exe | ||
| - | |||
| - | Number of files successfully Verified: 1 | ||
| - | Number of warnings: 0 | ||
| - | Number of errors: 0 | ||
| - | PS U: | ||
| - | |||
| - | |||
| - | Azure CLI | ||
| - | https:// | ||
| - | |||
| - | |||
| - | .NET 6.0 | ||
| - | https:// | ||
| - | |||
| - | |||
| - | * `AZURE_TENANT_ID`: | ||
| - | The Microsoft Entra tenant (directory) ID. | ||
| - | Use the value you noted down earlier. Can also be found in Microsoft Entra ID. | ||
| - | * `AZURE_CLIENT_ID`: | ||
| - | The client (application) ID of an App Registration in the tenant. | ||
| - | Use the value you noted down earlier. | ||
| - | * `AZURE_CLIENT_SECRET`: | ||
| - | A client secret (" | ||
| - | Use the value you noted down earlier. | ||
| - | |||
| - | Secret ID | ||
| - | b9f633b1-95a9-41a3-916d-5f767a5a1eff | ||
| - | Secret ID | ||
| - | b9f633b1-95a9-41a3-916d-5f767a5a1eff | ||
| - | -- | ||
| - | ----------------------------------------------------------- | ||
| - | EmbrientApplication | ||
| - | |||
| - | Application (client) ID: | ||
| - | bce73e33-0cd2-46e0-b6d5-5e02177d1e7e | ||
| - | |||
| - | Object ID: | ||
| - | f767a96b-d3d9-4b47-831b-702fae753509 | ||
| - | |||
| - | Directory (tenant) ID: | ||
| - | 5b98d9c4-2ba7-4bbe-84e6-3009d4892a19 | ||
| - | |||
| - | -- | ||
| - | |||
| - | EmbrientApplicationClientSecret (expires 12/10/2026) | ||
| - | |||
| - | Value: | ||
| - | jOD8Q~ta949oEVabqnjxdSm3vpLnE3HTHExJOaeV | ||
| - | |||
| - | Secret ID: | ||
| - | ba0b65af-583b-48fd-ab4b-6abdc122da98 | ||
| - | |||
| - | -- | ||
| - | |||
| - | PS C: | ||
| - | Select the account you want to log in with. For more information on login with Azure CLI, see https:// | ||
| - | |||
| - | Retrieving tenants and subscriptions for the selection... | ||
| - | |||
| - | [Tenant and subscription selection] | ||
| - | |||
| - | No | ||
| - | ----- --------------------- | ||
| - | [1] * Azure subscription 1 | ||
| - | [2] Code Signing Embrient | ||
| - | |||
| - | The default is marked with an *; the default tenant is ' | ||
| - | |||
| - | Select a subscription and tenant (Type a number or Enter for no changes): 2 | ||
| - | |||
| - | Tenant: Default Directory | ||
| - | Subscription: | ||
| - | |||
| - | [Announcements] | ||
| - | With the new Azure CLI login experience, you can select the subscription you want to use more easily. Learn more about it and its configuration at https:// | ||
| - | |||
| - | If you encounter any problem, please open an issue at https:// | ||
| - | |||
| - | [Warning] The login output has been updated. Please be aware that it no longer displays the full list of available subscriptions by default. | ||
| - | |||
| - | PS C: | ||
| - | { | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | }, | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | { | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | } | ||
| - | ], | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | ], | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | ], | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | } | ||
| - | } | ||
| - | PS C: | ||
| - | >> | ||
| - | { | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | } | ||
| - | |||
| - | -- | ||
| - | SIGNTOOL: | ||
| - | C:\Program Files (x86)\Windows Kits\10\bin\10.0.26100.0\x64\signtool.exe | ||
| - | |||
| - | AZURE_TENANT_ID: | ||
| - | 5b98d9c4-2ba7-4bbe-84e6-3009d4892a19 | ||
| - | |||
| - | AZURE_CLIENT_ID: | ||
| - | bce73e33-0cd2-46e0-b6d5-5e02177d1e7e | ||
| - | |||
| - | AZURE_CLIENT_SECRET: | ||
| - | jOD8Q~ta949oEVabqnjxdSm3vpLnE3HTHExJOaeV | ||
| - | |||
| - | ACS_DLIB: | ||
| - | C: | ||
| - | |||
| - | ACS_JSON: | ||
| - | U: | ||
| - | |||
| - | |||
| - | |||
| - | set AZURE_TENANT_ID=5b98d9c4-2ba7-4bbe-84e6-3009d4892a19 | ||
| - | set AZURE_CLIENT_ID=bce73e33-0cd2-46e0-b6d5-5e02177d1e7e | ||
| - | set AZURE_CLIENT_SECRET=jOD8Q~ta949oEVabqnjxdSm3vpLnE3HTHExJOaeV | ||
| - | |||
| - | |||
| - | " | ||
| - | |||
| - | |||
| - | -- | ||
| - | |||
| - | az login --service-principal -u " | ||
| - | |||
| - | -- | ||
| - | |||
| - | |||
| - | Worked!!! | ||
| - | |||
| - | & " | ||
| - | |||
| - | |||
| - | -- | ||
| - | |||
| - | & " | ||
| - | |||
| - | |||
| - | -- | ||
| - | |||
| - | |||
| - | |||
| - | PS U: | ||
| - | |||
| - | Trusted Signing | ||
| - | |||
| - | Version: 1.0.60 | ||
| - | |||
| - | " | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | " | ||
| - | } | ||
| - | |||
| - | Submitting digest for signing... | ||
| - | |||
| - | OperationId 761b5826-3a59-4a4f-bee0-862d8014db98: | ||
| - | |||
| - | Signing completed with status ' | ||
| - | |||
| - | Successfully signed: FlashGMS.exe | ||
| - | |||
| - | Number of files successfully Signed: 1 | ||
| - | Number of warnings: 0 | ||
| - | Number of errors: 0 | ||
| - | PS U: | ||
| - | |||
| - | Verifying: FlashGMS.exe | ||
| - | |||
| - | Signature Index: 0 (Primary Signature) | ||
| - | Hash of file (sha256): 591B2DB7FC4EFD21D3E6F6495E6AB38F7B0E1A29B22D2160CBAED4A9280A5A23 | ||
| - | |||
| - | Signing Certificate Chain: | ||
| - | Issued to: Microsoft Identity Verification Root Certificate Authority 2020 | ||
| - | Issued by: Microsoft Identity Verification Root Certificate Authority 2020 | ||
| - | Expires: | ||
| - | SHA1 hash: F40042E2E5F7E8EF8189FED15519AECE42C3BFA2 | ||
| - | |||
| - | Issued to: Microsoft ID Verified Code Signing PCA 2021 | ||
| - | Issued by: Microsoft Identity Verification Root Certificate Authority 2020 | ||
| - | Expires: | ||
| - | SHA1 hash: 8E750F459DAF9A79D6370DB747AD2226866AD818 | ||
| - | |||
| - | Issued to: Microsoft ID Verified CS AOC CA 02 | ||
| - | Issued by: Microsoft ID Verified Code Signing PCA 2021 | ||
| - | Expires: | ||
| - | SHA1 hash: 7BEE5EE49C8AC13A21A202BBC266A5547CD0265D | ||
| - | |||
| - | Issued to: Embrient, Inc. | ||
| - | Issued by: Microsoft ID Verified CS AOC CA 02 | ||
| - | Expires: | ||
| - | SHA1 hash: 78667D9D10B712F94B4E7CA856B2401C9444B3D7 | ||
| - | |||
| - | The signature is timestamped: | ||
| - | Timestamp Verified by: | ||
| - | Issued to: Microsoft Identity Verification Root Certificate Authority 2020 | ||
| - | Issued by: Microsoft Identity Verification Root Certificate Authority 2020 | ||
| - | Expires: | ||
| - | SHA1 hash: F40042E2E5F7E8EF8189FED15519AECE42C3BFA2 | ||
| - | |||
| - | Issued to: Microsoft Public RSA Timestamping CA 2020 | ||
| - | Issued by: Microsoft Identity Verification Root Certificate Authority 2020 | ||
| - | Expires: | ||
| - | SHA1 hash: 27F0ABAC2877BA255F62B389B43FF539A0FB598E | ||
| - | |||
| - | Issued to: Microsoft Public RSA Time Stamping Authority | ||
| - | Issued by: Microsoft Public RSA Timestamping CA 2020 | ||
| - | Expires: | ||
| - | SHA1 hash: D24C0B49D69EC0C7057842693F741708C7351F23 | ||
| - | |||
| - | |||
| - | Successfully verified: FlashGMS.exe | ||
| - | |||
| - | Number of files successfully Verified: 1 | ||
| - | Number of warnings: 0 | ||
| - | Number of errors: 0 | ||
| - | PS U: | ||
| - | |||
| - | </ | ||
compile_powershell.1734985931.txt.gz · Last modified: 2024/12/23 20:32 by kenson
