actions/runner-images
1
0
Fork 0
mirror of https://github.com/actions/runner-images.git synced 2025-12-20 06:35:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

[Windows] Add signature validation (#8390)

Browse Source
This commit is contained in:
sergei-pyshnoi
2023-10-11 11:02:59 +02:00
committed by GitHub
parent 47a634e28b
commit 6315b7ed2c
26 changed files with 122 additions and 59 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
images/win/scripts/ImageHelpers/ImageHelpers.psm1
View File

@@ -57,4 +57,5 @@ Export-ModuleMember -Function @(
'Get-ModuleVersionAsJob' 'Get-ModuleVersionAsJob'
'Use-ChecksumComparison' 'Use-ChecksumComparison'
'Get-HashFromGitHubReleaseBody' 'Get-HashFromGitHubReleaseBody'
'Test-FileSignature'
) )

18
images/win/scripts/ImageHelpers/InstallHelpers.ps1
View File

@@ -29,7 +29,7 @@ function Install-Binary
[Parameter(Mandatory, ParameterSetName="LocalPath")] [Parameter(Mandatory, ParameterSetName="LocalPath")]
[String] $FilePath, [String] $FilePath,
[String[]] $ArgumentList, [String[]] $ArgumentList,
[String] $ExpectedSignature [String[]] $ExpectedSignature
) )
if ($PSCmdlet.ParameterSetName -eq "LocalPath") if ($PSCmdlet.ParameterSetName -eq "LocalPath")
@@ -47,7 +47,6 @@ function Install-Binary
if ($ExpectedSignature) if ($ExpectedSignature)
{ {
Test-FileSignature -FilePath $filePath -ExpectedThumbprint $ExpectedSignature Test-FileSignature -FilePath $filePath -ExpectedThumbprint $ExpectedSignature
} }
else else
{ {
@@ -722,7 +721,7 @@ function Test-FileSignature {
[Parameter(Mandatory=$true)] [Parameter(Mandatory=$true)]
[string]$FilePath, [string]$FilePath,
[Parameter(Mandatory=$true)] [Parameter(Mandatory=$true)]
[string]$ExpectedThumbprint [string[]]$ExpectedThumbprint
) )
$signature = Get-AuthenticodeSignature $FilePath $signature = Get-AuthenticodeSignature $FilePath
@@ -731,9 +730,18 @@ function Test-FileSignature {
throw "Signature status is not valid. Status: $($signature.Status)" throw "Signature status is not valid. Status: $($signature.Status)"
} }
if ($signature.SignerCertificate.Thumbprint.Contains($ExpectedThumbprint) -ne $true) { foreach ($thumbprint in $ExpectedThumbprint) {
throw "Signature thumbprint do not match expected" if ($signature.SignerCertificate.Thumbprint.Contains($thumbprint)) {
Write-Output "Signature for $FilePath is valid"
$signatureMatched = $true
return
}
} }
if ($signatureMatched) {
Write-Output "Signature for $FilePath is valid" Write-Output "Signature for $FilePath is valid"
} }
else {
throw "Signature thumbprint do not match expected."
}
}

6
images/win/scripts/ImageHelpers/VisualStudioHelpers.ps1
View File

@@ -28,7 +28,8 @@ Function Install-VisualStudio {
[Parameter(Mandatory)] [String] $Edition, [Parameter(Mandatory)] [String] $Edition,
[Parameter(Mandatory)] [String] $Channel, [Parameter(Mandatory)] [String] $Channel,
[Parameter(Mandatory)] [String[]] $RequiredComponents, [Parameter(Mandatory)] [String[]] $RequiredComponents,
[String] $ExtraArgs = "" [String] $ExtraArgs = "",
[Parameter(Mandatory)] [String] $SignatureThumbprint
) )
$bootstrapperUrl = "https://aka.ms/vs/${Version}/${Channel}/vs_${Edition}.exe" $bootstrapperUrl = "https://aka.ms/vs/${Version}/${Channel}/vs_${Edition}.exe"
@@ -40,6 +41,9 @@ Function Install-VisualStudio {
$BootstrapperName = [IO.Path]::GetFileName($BootstrapperUrl) $BootstrapperName = [IO.Path]::GetFileName($BootstrapperUrl)
$bootstrapperFilePath = Start-DownloadWithRetry -Url $BootstrapperUrl -Name $BootstrapperName $bootstrapperFilePath = Start-DownloadWithRetry -Url $BootstrapperUrl -Name $BootstrapperName
# Verify that the bootstrapper is signed by Microsoft
Test-FileSignature -FilePath $bootstrapperFilePath -ExpectedThumbprint $SignatureThumbprint
try { try {
Write-Host "Enable short name support on Windows needed for Xamarin Android AOT, defaults appear to have been changed in Azure VMs" Write-Host "Enable short name support on Windows needed for Xamarin Android AOT, defaults appear to have been changed in Azure VMs"
$shortNameEnableProcess = Start-Process -FilePath fsutil.exe -ArgumentList ('8dot3name', 'set', '0') -Wait -PassThru $shortNameEnableProcess = Start-Process -FilePath fsutil.exe -ArgumentList ('8dot3name', 'set', '0') -Wait -PassThru

3
images/win/scripts/Installers/Install-AWS.ps1
View File

@@ -10,7 +10,8 @@ Choco-Install -PackageName awscli
# Install Session Manager Plugin for the AWS CLI # Install Session Manager Plugin for the AWS CLI
$sessionManagerName = "SessionManagerPluginSetup.exe" $sessionManagerName = "SessionManagerPluginSetup.exe"
$sessionManagerUrl = "https://s3.amazonaws.com/session-manager-downloads/plugin/latest/windows/$sessionManagerName" $sessionManagerUrl = "https://s3.amazonaws.com/session-manager-downloads/plugin/latest/windows/$sessionManagerName"
Install-Binary -Url $sessionManagerUrl -Name $sessionManagerName -ArgumentList ("/silent", "/install") $sessionManagerSignatureThumbprint = "FF457E5732E98A9F156E657F8CC7C4432507C3BB"
Install-Binary -Url $sessionManagerUrl -Name $sessionManagerName -ArgumentList ("/silent", "/install") -ExpectedSignature $sessionManagerSignatureThumbprint
$env:Path = $env:Path + ";$env:ProgramFiles\Amazon\SessionManagerPlugin\bin" $env:Path = $env:Path + ";$env:ProgramFiles\Amazon\SessionManagerPlugin\bin"
# Install AWS SAM CLI # Install AWS SAM CLI

3
images/win/scripts/Installers/Install-AzureCli.ps1
View File

@@ -13,7 +13,8 @@ ${env:AZURE_CONFIG_DIR} = $azureCliConfigPath
#temporary pin 2.52.0 version #temporary pin 2.52.0 version
$azCliUrl = 'https://azcliprod.blob.core.windows.net/msi/azure-cli-2.52.0-x64.msi' $azCliUrl = 'https://azcliprod.blob.core.windows.net/msi/azure-cli-2.52.0-x64.msi'
Install-Binary -Url $azCliUrl -Name 'azure-cli.msi' $azCliSignatureThumbprint = "72105B6D5F370B62FD5C82F1512F7AD7DEE5F2C0"
Install-Binary -Url $azCliUrl -Name 'azure-cli.msi' -ExpectedSignature $azCliSignatureThumbprint
$azureCliExtensionPath = Join-Path $Env:CommonProgramFiles 'AzureCliExtensionDirectory' $azureCliExtensionPath = Join-Path $Env:CommonProgramFiles 'AzureCliExtensionDirectory'
$null = New-Item -ItemType 'Directory' -Path $azureCliExtensionPath $null = New-Item -ItemType 'Directory' -Path $azureCliExtensionPath

3
images/win/scripts/Installers/Install-AzureCosmosDbEmulator.ps1
View File

@@ -5,7 +5,8 @@
$InstallerName = "AzureCosmosDBEmulator.msi" $InstallerName = "AzureCosmosDBEmulator.msi"
$InstallerUrl = "https://aka.ms/cosmosdb-emulator" $InstallerUrl = "https://aka.ms/cosmosdb-emulator"
$SignatureThumbprint = "F372C27F6E052A6BE8BAB3112B465C692196CD6F"
Install-Binary -Url $InstallerUrl -Name $InstallerName Install-Binary -Url $InstallerUrl -Name $InstallerName -ExpectedSignature $SignatureThumbprint
Invoke-PesterTests -TestFile "Tools" -TestName "Azure Cosmos DB Emulator" Invoke-PesterTests -TestFile "Tools" -TestName "Azure Cosmos DB Emulator"

5
images/win/scripts/Installers/Install-BizTalkBuildComponent.ps1
View File

@@ -73,6 +73,11 @@ Write-Host "Unzip $setupZipFile to $setupPath..."
Extract-7Zip -Path $setupZipFile -DestinationPath $setupPath Extract-7Zip -Path $setupZipFile -DestinationPath $setupPath
Remove-Item $setupZipFile Remove-Item $setupZipFile
# Verify signature
$BuildComponentSignatureThumbprint = "8740DF4ACB749640AD318E4BE842F72EC651AD80"
Test-FileSignature -FilePath "$setupPath\Bootstrap.msi" -ExpectedThumbprint $BuildComponentSignatureThumbprint
Test-FileSignature -FilePath "$setupPath\BuildComponentSetup.msi" -ExpectedThumbprint $BuildComponentSignatureThumbprint
# Install # Install
Install-Msi -MsiPath "$setupPath\Bootstrap.msi" -LogPath "$setupPath\bootstrap.log" Install-Msi -MsiPath "$setupPath\Bootstrap.msi" -LogPath "$setupPath\bootstrap.log"
Install-Msi -MsiPath "$setupPath\BuildComponentSetup.msi" -LogPath "$setupPath\buildComponentSetup.log" Install-Msi -MsiPath "$setupPath\BuildComponentSetup.msi" -LogPath "$setupPath\buildComponentSetup.log"

7
images/win/scripts/Installers/Install-Choco.ps1
View File

@@ -17,8 +17,11 @@ if ($userPath) {
$env:Path = $systemPath $env:Path = $systemPath
} }
# Run the installer # Verify and run choco installer
Invoke-Expression ((new-object net.webclient).DownloadString('https://chocolatey.org/install.ps1')) $signatureThumbprint = "83AC7D88C66CB8680BCE802E0F0F5C179722764B"
$InstallScriptPath = Start-DownloadWithRetry -Url 'https://chocolatey.org/install.ps1'
Test-FileSignature -FilePath $InstallScriptPath -ExpectedThumbprint $signatureThumbprint
Invoke-Expression $InstallScriptPath
# Turn off confirmation # Turn off confirmation
choco feature enable -n allowGlobalConfirmation choco feature enable -n allowGlobalConfirmation

3
images/win/scripts/Installers/Install-Chrome.ps1
View File

@@ -4,9 +4,10 @@
################################################################################ ################################################################################
# Download and install latest Chrome browser # Download and install latest Chrome browser
$ChromeSignatureThumbprint = "2673EA6CC23BEFFDA49AC715B121544098A1284C"
$ChromeInstallerFile = "googlechromestandaloneenterprise64.msi" $ChromeInstallerFile = "googlechromestandaloneenterprise64.msi"
$ChromeInstallerUrl = "https://dl.google.com/tag/s/dl/chrome/install/${ChromeInstallerFile}" $ChromeInstallerUrl = "https://dl.google.com/tag/s/dl/chrome/install/${ChromeInstallerFile}"
Install-Binary -Url $ChromeInstallerUrl -Name $ChromeInstallerFile -ArgumentList @() Install-Binary -Url $ChromeInstallerUrl -Name $ChromeInstallerFile -ArgumentList @() -ExpectedSignature $ChromeSignatureThumbprint
# Prepare firewall rules # Prepare firewall rules
Write-Host "Adding the firewall rule for Google update blocking..." Write-Host "Adding the firewall rule for Google update blocking..."

4
images/win/scripts/Installers/Install-CloudFoundryCli.ps1
View File

@@ -20,4 +20,8 @@ Extract-7Zip -Path $CloudFoundryArchPath -DestinationPath $CloudFoundryCliPath
# Add cf to path # Add cf to path
Add-MachinePathItem $CloudFoundryCliPath Add-MachinePathItem $CloudFoundryCliPath
# Validate cf signature
$CloudFoundrySignatureThumbprint = "4C69EDD13930ED01B83DD1D17B09C434DC1F2177"
Test-FileSignature -FilePath "$CloudFoundryCliPath\cf.exe" -ExpectedThumbprint $CloudFoundrySignatureThumbprint
Invoke-PesterTests -TestFile "CLI.Tools" -TestName "CloudFoundry CLI" Invoke-PesterTests -TestFile "CLI.Tools" -TestName "CloudFoundry CLI"

3
images/win/scripts/Installers/Install-DACFx.ps1
View File

@@ -5,7 +5,8 @@
$InstallerName = "DacFramework.msi" $InstallerName = "DacFramework.msi"
$InstallerUrl = "https://aka.ms/dacfx-msi" $InstallerUrl = "https://aka.ms/dacfx-msi"
$SignatureThumbprint = "72105B6D5F370B62FD5C82F1512F7AD7DEE5F2C0"
Install-Binary -Url $InstallerUrl -Name $InstallerName Install-Binary -Url $InstallerUrl -Name $InstallerName -ExpectedSignature $SignatureThumbprint
Invoke-PesterTests -TestFile "Tools" -TestName "DACFx" Invoke-PesterTests -TestFile "Tools" -TestName "DACFx"

5
images/win/scripts/Installers/Install-Edge.ps1
View File

@@ -26,6 +26,7 @@ Write-Host "Download Microsoft Edge WebDriver..."
$EdgeDriverLatestVersion = Get-Content -Path $EdgeDriverVersionFile $EdgeDriverLatestVersion = Get-Content -Path $EdgeDriverVersionFile
$EdgeDriverArchName = "edgedriver_win64.zip" $EdgeDriverArchName = "edgedriver_win64.zip"
$EdgeDriverDownloadUrl = "https://msedgedriver.azureedge.net/${EdgeDriverLatestVersion}/${EdgeDriverArchName}" $EdgeDriverDownloadUrl = "https://msedgedriver.azureedge.net/${EdgeDriverLatestVersion}/${EdgeDriverArchName}"
$EdgeDriverArchPath = Start-DownloadWithRetry -Url $EdgeDriverDownloadUrl -Name $EdgeDriverArchName $EdgeDriverArchPath = Start-DownloadWithRetry -Url $EdgeDriverDownloadUrl -Name $EdgeDriverArchName
@@ -33,6 +34,10 @@ $EdgeDriverArchPath = Start-DownloadWithRetry -Url $EdgeDriverDownloadUrl -Name
Write-Host "Expand Microsoft Edge WebDriver archive..." Write-Host "Expand Microsoft Edge WebDriver archive..."
Extract-7Zip -Path $EdgeDriverArchPath -DestinationPath $EdgeDriverPath Extract-7Zip -Path $EdgeDriverArchPath -DestinationPath $EdgeDriverPath
#Validate the EdgeDriver signature
$EdgeDriverSignatureThumbprint = ("7C94971221A799907BB45665663BBFD587BAC9F8", "70E52D50651BB9E8DC08DE566C4DD5713833B038")
Test-FileSignature -FilePath "$EdgeDriverPath\msedgedriver.exe" -ExpectedThumbprint $EdgeDriverSignatureThumbprint
Write-Host "Setting the environment variables..." Write-Host "Setting the environment variables..."
setx EdgeWebDriver "$EdgeDriverPath" /M setx EdgeWebDriver "$EdgeDriverPath" /M

4
images/win/scripts/Installers/Install-Firefox.ps1
View File

@@ -45,6 +45,10 @@ $GeckoDriverArchPath = Start-DownloadWithRetry -Url $GeckoDriverDownloadUrl -Nam
Write-Host "Expand Gecko WebDriver archive..." Write-Host "Expand Gecko WebDriver archive..."
Extract-7Zip -Path $GeckoDriverArchPath -DestinationPath $GeckoDriverPath Extract-7Zip -Path $GeckoDriverArchPath -DestinationPath $GeckoDriverPath
# Validate Gecko WebDriver signature
$GeckoDriverSignatureThumbprint = "1326B39C3D5D2CA012F66FB439026F7B59CB1974"
Test-FileSignature -FilePath "$GeckoDriverPath/geckodriver.exe" -ExpectedThumbprint $GeckoDriverSignatureThumbprint
Write-Host "Setting the environment variables..." Write-Host "Setting the environment variables..."
Add-MachinePathItem -PathItem $GeckoDriverPath Add-MachinePathItem -PathItem $GeckoDriverPath
setx GeckoWebDriver "$GeckoDriverPath" /M setx GeckoWebDriver "$GeckoDriverPath" /M

4
images/win/scripts/Installers/Install-GoogleCloudCLI.ps1
View File

@@ -6,6 +6,8 @@
# https://cloud.google.com/sdk/docs/downloads-interactive # https://cloud.google.com/sdk/docs/downloads-interactive
$googleCloudCLIInstaller = "https://dl.google.com/dl/cloudsdk/channels/rapid/GoogleCloudSDKInstaller.exe" $googleCloudCLIInstaller = "https://dl.google.com/dl/cloudsdk/channels/rapid/GoogleCloudSDKInstaller.exe"
$argumentList = @("/S", "/allusers", "/noreporting") $argumentList = @("/S", "/allusers", "/noreporting")
Install-Binary -Url $googleCloudCLIInstaller -Name "GoogleCloudSDKInstaller.exe" -ArgumentList $argumentList $googleCloudCLISignatureThumbprint = "2673EA6CC23BEFFDA49AC715B121544098A1284C"
Install-Binary -Url $googleCloudCLIInstaller -Name "GoogleCloudSDKInstaller.exe" -ArgumentList $argumentList -ExpectedSignature $googleCloudCLISignatureThumbprint
Invoke-PesterTests -TestFile "Tools" -TestName "GoogleCloudCLI" Invoke-PesterTests -TestFile "Tools" -TestName "GoogleCloudCLI"

3
images/win/scripts/Installers/Install-NET48-devpack.ps1
View File

@@ -6,8 +6,9 @@
# .NET 4.8 Dev pack # .NET 4.8 Dev pack
$InstallerName = "ndp48-devpack-enu.exe" $InstallerName = "ndp48-devpack-enu.exe"
$InstallerUrl = "https://download.visualstudio.microsoft.com/download/pr/014120d7-d689-4305-befd-3cb711108212/0307177e14752e359fde5423ab583e43/${InstallerName}" $InstallerUrl = "https://download.visualstudio.microsoft.com/download/pr/014120d7-d689-4305-befd-3cb711108212/0307177e14752e359fde5423ab583e43/${InstallerName}"
$InstallerSignatureThumbprint = "C82273A065EC470FB1EBDE846A91E6FFB29E9C12"
$ArgumentList = ("Setup", "/passive", "/norestart") $ArgumentList = ("Setup", "/passive", "/norestart")
Install-Binary -Url $InstallerUrl -Name $InstallerName -ArgumentList $ArgumentList Install-Binary -Url $InstallerUrl -Name $InstallerName -ArgumentList $ArgumentList -ExpectedSignature $InstallerSignatureThumbprint
Invoke-PesterTests -TestFile "Tools" -TestName "NET48" Invoke-PesterTests -TestFile "Tools" -TestName "NET48"

3
images/win/scripts/Installers/Install-NET48.ps1
View File

@@ -6,6 +6,7 @@
# .NET 4.8 Dev pack # .NET 4.8 Dev pack
$InstallerName = "ndp48-x86-x64-allos-enu.exe" $InstallerName = "ndp48-x86-x64-allos-enu.exe"
$InstallerUrl = "https://download.visualstudio.microsoft.com/download/pr/2d6bb6b2-226a-4baa-bdec-798822606ff1/8494001c276a4b96804cde7829c04d7f/${InstallerName}" $InstallerUrl = "https://download.visualstudio.microsoft.com/download/pr/2d6bb6b2-226a-4baa-bdec-798822606ff1/8494001c276a4b96804cde7829c04d7f/${InstallerName}"
$InstallerSignatureThumbprint = "ABDCA79AF9DD48A0EA702AD45260B3C03093FB4B"
$ArgumentList = ("Setup", "/passive", "/norestart") $ArgumentList = ("Setup", "/passive", "/norestart")
Install-Binary -Url $InstallerUrl -Name $InstallerName -ArgumentList $ArgumentList Install-Binary -Url $InstallerUrl -Name $InstallerName -ArgumentList $ArgumentList -ExpectedSignature $InstallerSignatureThumbprint

2
images/win/scripts/Installers/Install-PostgreSQL.ps1
View File

@@ -48,7 +48,7 @@ do {
$ErrorActionPreference = $ErrorActionOldValue $ErrorActionPreference = $ErrorActionOldValue
$InstallerName = $InstallerUrl.Split('/')[-1] $InstallerName = $InstallerUrl.Split('/')[-1]
$ArgumentList = ("--install_runtimes 0","--superpassword root","--enable_acledit 1","--unattendedmodeui none","--mode unattended") $ArgumentList = ("--install_runtimes 0","--superpassword root","--enable_acledit 1","--unattendedmodeui none","--mode unattended")
Install-Binary -Url $InstallerUrl -Name $InstallerName -ArgumentList $ArgumentList Install-Binary -Url $InstallerUrl -Name $InstallerName -ArgumentList $ArgumentList -ExpectedSignature (Get-ToolsetContent).postgresql.signature
# Get Path to pg_ctl.exe # Get Path to pg_ctl.exe
$pgPath = (Get-CimInstance Win32_Service -Filter "Name LIKE 'postgresql-%'").PathName $pgPath = (Get-CimInstance Win32_Service -Filter "Name LIKE 'postgresql-%'").PathName

7
images/win/scripts/Installers/Install-SQLPowerShellTools.ps1
View File

@@ -4,16 +4,17 @@
################################################################################ ################################################################################
$BaseUrl = "https://download.microsoft.com/download/B/1/7/B1783FE9-717B-4F78-A39A-A2E27E3D679D/ENU/x64" $BaseUrl = "https://download.microsoft.com/download/B/1/7/B1783FE9-717B-4F78-A39A-A2E27E3D679D/ENU/x64"
$SignatureThumbrint = "9ACA9419E53D3C9E56396DD2335FF683A8B0B8F3"
# install required MSIs # install required MSIs
$SQLSysClrTypesName = "SQLSysClrTypes.msi" $SQLSysClrTypesName = "SQLSysClrTypes.msi"
$SQLSysClrTypesUrl = "${BaseUrl}/${SQLSysClrTypesName}" $SQLSysClrTypesUrl = "${BaseUrl}/${SQLSysClrTypesName}"
Install-Binary -Url $SQLSysClrTypesUrl -Name $SQLSysClrTypesName Install-Binary -Url $SQLSysClrTypesUrl -Name $SQLSysClrTypesName -ExpectedSignature $SignatureThumbrint
$SharedManagementObjectsName = "SharedManagementObjects.msi" $SharedManagementObjectsName = "SharedManagementObjects.msi"
$SharedManagementObjectsUrl = "${BaseUrl}/${SharedManagementObjectsName}" $SharedManagementObjectsUrl = "${BaseUrl}/${SharedManagementObjectsName}"
Install-Binary -Url $SharedManagementObjectsUrl -Name $SharedManagementObjectsName Install-Binary -Url $SharedManagementObjectsUrl -Name $SharedManagementObjectsName -ExpectedSignature $SignatureThumbrint
$PowerShellToolsName = "PowerShellTools.msi" $PowerShellToolsName = "PowerShellTools.msi"
$PowerShellToolsUrl = "${BaseUrl}/${PowerShellToolsName}" $PowerShellToolsUrl = "${BaseUrl}/${PowerShellToolsName}"
Install-Binary -Url $PowerShellToolsUrl -Name $PowerShellToolsName Install-Binary -Url $PowerShellToolsUrl -Name $PowerShellToolsName -ExpectedSignature $SignatureThumbrint

4
images/win/scripts/Installers/Install-ServiceFabricSDK.ps1
View File

@@ -15,11 +15,11 @@ $serviceFabricSDKVersion = (Get-ToolsetContent).serviceFabric.sdk.version
$InstallerName = "MicrosoftServiceFabric.${serviceFabricRuntimeVersion}.exe" $InstallerName = "MicrosoftServiceFabric.${serviceFabricRuntimeVersion}.exe"
$InstallerUrl = "https://download.microsoft.com/download/b/8/a/b8a2fb98-0ec1-41e5-be98-9d8b5abf7856/${InstallerName}" $InstallerUrl = "https://download.microsoft.com/download/b/8/a/b8a2fb98-0ec1-41e5-be98-9d8b5abf7856/${InstallerName}"
$ArgumentList = ("/accepteula ","/quiet","/force") $ArgumentList = ("/accepteula ","/quiet","/force")
Install-Binary -Url $InstallerUrl -Name $InstallerName -ArgumentList $ArgumentList Install-Binary -Url $InstallerUrl -Name $InstallerName -ArgumentList $ArgumentList -ExpectedSignature (Get-ToolsetContent).serviceFabric.runtime.signature
# Install Service Fabric SDK # Install Service Fabric SDK
$InstallerName = "MicrosoftServiceFabricSDK.${serviceFabricSDKVersion}.msi" $InstallerName = "MicrosoftServiceFabricSDK.${serviceFabricSDKVersion}.msi"
$InstallerUrl = "https://download.microsoft.com/download/b/8/a/b8a2fb98-0ec1-41e5-be98-9d8b5abf7856/${InstallerName}" $InstallerUrl = "https://download.microsoft.com/download/b/8/a/b8a2fb98-0ec1-41e5-be98-9d8b5abf7856/${InstallerName}"
Install-Binary -Url $InstallerUrl -Name $InstallerName Install-Binary -Url $InstallerUrl -Name $InstallerName -ExpectedSignature (Get-ToolsetContent).serviceFabric.sdk.signature
Invoke-PesterTests -TestFile "Tools" -TestName "ServiceFabricSDK" Invoke-PesterTests -TestFile "Tools" -TestName "ServiceFabricSDK"

5
images/win/scripts/Installers/Install-VCRedist.ps1
View File

@@ -8,8 +8,9 @@ $vc2010x86URI = "https://download.microsoft.com/download/1/6/5/165255E7-1014-4D0
$vc2010x64Name = "vcredist_x64.exe" $vc2010x64Name = "vcredist_x64.exe"
$vc2010x64URI = "https://download.microsoft.com/download/1/6/5/165255E7-1014-4D0A-B094-B6A430A6BFFC/${Vc2010x64Name}" $vc2010x64URI = "https://download.microsoft.com/download/1/6/5/165255E7-1014-4D0A-B094-B6A430A6BFFC/${Vc2010x64Name}"
$argumentList = ("/install", "/quiet", "/norestart") $argumentList = ("/install", "/quiet", "/norestart")
$vcSignatureThumbprint = "ABDCA79AF9DD48A0EA702AD45260B3C03093FB4B"
Install-Binary -Url $vc2010x86URI -Name $vc2010x86Name -ArgumentList $argumentList Install-Binary -Url $vc2010x86URI -Name $vc2010x86Name -ArgumentList $argumentList -ExpectedSignature $vcSignatureThumbprint
Install-Binary -Url $vc2010x64URI -Name $vc2010x64Name -ArgumentList $argumentList Install-Binary -Url $vc2010x64URI -Name $vc2010x64Name -ArgumentList $argumentList -ExpectedSignature $vcSignatureThumbprint
Invoke-PesterTests -TestFile "Tools" -TestName "VCRedist" Invoke-PesterTests -TestFile "Tools" -TestName "VCRedist"

13
images/win/scripts/Installers/Install-VS.ps1
View File

@@ -11,7 +11,8 @@ Install-VisualStudio `
-Edition $toolset.visualStudio.edition ` -Edition $toolset.visualStudio.edition `
-Channel $toolset.visualStudio.channel ` -Channel $toolset.visualStudio.channel `
-RequiredComponents $toolset.visualStudio.workloads ` -RequiredComponents $toolset.visualStudio.workloads `
-ExtraArgs "--allWorkloads --includeRecommended --remove Component.CPython3.x64" -ExtraArgs "--allWorkloads --includeRecommended --remove Component.CPython3.x64" `
-SignatureThumbprint $toolset.visualStudio.signature
# Find the version of VS installed for this instance # Find the version of VS installed for this instance
# Only supports a single instance # Only supports a single instance
@@ -30,25 +31,29 @@ $newContent = '{"Extensions":[{"Key":"1e906ff5-9da8-4091-a299-5c253c55fdc9","Val
Set-Content -Path "$vsInstallRoot\Common7\IDE\Extensions\MachineState.json" -Value $newContent Set-Content -Path "$vsInstallRoot\Common7\IDE\Extensions\MachineState.json" -Value $newContent
if (Test-IsWin19) { if (Test-IsWin19) {
# Install Windows 10 SDK version 10.0.14393.795 # Install Windows 10 SDK version 10.0.14393.795
$sdkSignatureThumbprint = "C91545B333C52C4465DE8B90A3FAF4E1D9C58DFA"
$sdkUrl = "https://go.microsoft.com/fwlink/p/?LinkId=838916" $sdkUrl = "https://go.microsoft.com/fwlink/p/?LinkId=838916"
$sdkFileName = "sdksetup14393.exe" $sdkFileName = "sdksetup14393.exe"
$argumentList = ("/q", "/norestart", "/ceip off", "/features OptionId.WindowsSoftwareDevelopmentKit") $argumentList = ("/q", "/norestart", "/ceip off", "/features OptionId.WindowsSoftwareDevelopmentKit")
Install-Binary -Url $sdkUrl -Name $sdkFileName -ArgumentList $argumentList Install-Binary -Url $sdkUrl -Name $sdkFileName -ArgumentList $argumentList -ExpectedSignature $sdkSignatureThumbprint
# Install Windows 11 SDK version 10.0.22621.0 # Install Windows 11 SDK version 10.0.22621.0
$sdkSignatureThumbprint = "E4C5C5FCDB68B930EE4E19BC25D431EF6D864C51"
$sdkUrl = "https://go.microsoft.com/fwlink/p/?linkid=2196241" $sdkUrl = "https://go.microsoft.com/fwlink/p/?linkid=2196241"
$sdkFileName = "sdksetup22621.exe" $sdkFileName = "sdksetup22621.exe"
$argumentList = ("/q", "/norestart", "/ceip off", "/features OptionId.UWPManaged OptionId.UWPCPP OptionId.UWPLocalized OptionId.DesktopCPPx86 OptionId.DesktopCPPx64 OptionId.DesktopCPParm64") $argumentList = ("/q", "/norestart", "/ceip off", "/features OptionId.UWPManaged OptionId.UWPCPP OptionId.UWPLocalized OptionId.DesktopCPPx86 OptionId.DesktopCPPx64 OptionId.DesktopCPParm64")
Install-Binary -Url $sdkUrl -Name $sdkFileName -ArgumentList $argumentList Install-Binary -Url $sdkUrl -Name $sdkFileName -ArgumentList $argumentList -ExpectedSignature $sdkSignatureThumbprint
} }
if (Test-IsWin22) { if (Test-IsWin22) {
# Install Windows 10 SDK version 10.0.17763 # Install Windows 10 SDK version 10.0.17763
$sdkSignatureThumbprint = "7535269B94C1FEA4A5EF6D808E371DA242F27936"
$sdkUrl = "https://go.microsoft.com/fwlink/p/?LinkID=2033908" $sdkUrl = "https://go.microsoft.com/fwlink/p/?LinkID=2033908"
$sdkFileName = "sdksetup17763.exe" $sdkFileName = "sdksetup17763.exe"
$argumentList = ("/q", "/norestart", "/ceip off", "/features OptionId.UWPManaged OptionId.UWPCPP OptionId.UWPLocalized OptionId.DesktopCPPx86 OptionId.DesktopCPPx64 OptionId.DesktopCPParm64") $argumentList = ("/q", "/norestart", "/ceip off", "/features OptionId.UWPManaged OptionId.UWPCPP OptionId.UWPLocalized OptionId.DesktopCPPx86 OptionId.DesktopCPPx64 OptionId.DesktopCPParm64")
Install-Binary -Url $sdkUrl -Name $sdkFileName -ArgumentList $argumentList Install-Binary -Url $sdkUrl -Name $sdkFileName -ArgumentList $argumentList -ExpectedSignature $sdkSignatureThumbprint
} }
Invoke-PesterTests -TestFile "VisualStudio" Invoke-PesterTests -TestFile "VisualStudio"

7
images/win/scripts/Installers/Install-WDK.ps1
View File

@@ -8,10 +8,13 @@ if (Test-IsWin22) {
# SDK available through Visual Studio # SDK available through Visual Studio
$wdkUrl = "https://go.microsoft.com/fwlink/?linkid=2196230" $wdkUrl = "https://go.microsoft.com/fwlink/?linkid=2196230"
$FilePath = "C:\Program Files (x86)\Windows Kits\10\Vsix\VS2022\*\WDK.vsix" $FilePath = "C:\Program Files (x86)\Windows Kits\10\Vsix\VS2022\*\WDK.vsix"
$wdkSignatureThumbprint = "DE2396BCEB7E3CD13BF3D370424A560F97CABDE7"
} elseif (Test-IsWin19) { } elseif (Test-IsWin19) {
$winSdkUrl = "https://go.microsoft.com/fwlink/?linkid=2173743" $winSdkUrl = "https://go.microsoft.com/fwlink/?linkid=2173743"
$wdkUrl = "https://go.microsoft.com/fwlink/?linkid=2166289" $wdkUrl = "https://go.microsoft.com/fwlink/?linkid=2166289"
$FilePath = "C:\Program Files (x86)\Windows Kits\10\Vsix\VS2019\WDK.vsix" $FilePath = "C:\Program Files (x86)\Windows Kits\10\Vsix\VS2019\WDK.vsix"
$wdkSignatureThumbprint = "914A09C2E02C696AF394048BCB8D95449BCD5B9E"
$winSdkSignatureThumbprint = "44796EB5BD439B4BFB078E1DC2F8345AE313CBB1"
} else { } else {
throw "Invalid version of Visual Studio is found. Either 2019 or 2022 are required" throw "Invalid version of Visual Studio is found. Either 2019 or 2022 are required"
} }
@@ -20,11 +23,11 @@ $argumentList = ("/features", "+", "/quiet")
if (Test-IsWin19) { if (Test-IsWin19) {
# `winsdksetup.exe /features + /quiet` installs all features without showing the GUI # `winsdksetup.exe /features + /quiet` installs all features without showing the GUI
Install-Binary -Url $winSdkUrl -Name "winsdksetup.exe" -ArgumentList $argumentList Install-Binary -Url $winSdkUrl -Name "winsdksetup.exe" -ArgumentList $argumentList -ExpectedSignature $winSdkSignatureThumbprint
} }
# `wdksetup.exe /features + /quiet` installs all features without showing the GUI # `wdksetup.exe /features + /quiet` installs all features without showing the GUI
Install-Binary -Url $wdkUrl -Name "wdksetup.exe" -ArgumentList $argumentList Install-Binary -Url $wdkUrl -Name "wdksetup.exe" -ArgumentList $argumentList -ExpectedSignature $wdkSignatureThumbprint
# Need to install the VSIX to get the build targets when running VSBuild # Need to install the VSIX to get the build targets when running VSBuild
$FilePath = Resolve-Path -Path $FilePath $FilePath = Resolve-Path -Path $FilePath

3
images/win/scripts/Installers/Install-WebPlatformInstaller.ps1
View File

@@ -6,6 +6,7 @@
# Download and install WebPlatformInstaller # Download and install WebPlatformInstaller
$webPlatformInstallerFile = "WebPlatformInstaller_x64_en-US.msi" $webPlatformInstallerFile = "WebPlatformInstaller_x64_en-US.msi"
$webPlatformInstallerUrl = "http://go.microsoft.com/fwlink/?LinkId=287166" $webPlatformInstallerUrl = "http://go.microsoft.com/fwlink/?LinkId=287166"
Install-Binary -Url $webPlatformInstallerUrl -Name $webPlatformInstallerFile $webPlatformInstallerSignatureThumbprint = "C3A3D43788E7ABCD287CB4F5B6583043774F99D2"
Install-Binary -Url $webPlatformInstallerUrl -Name $webPlatformInstallerFile -ExpectedSignature $webPlatformInstallerSignatureThumbprint
Invoke-PesterTests -TestFile "Tools" -TestName "WebPlatformInstaller" Invoke-PesterTests -TestFile "Tools" -TestName "WebPlatformInstaller"

3
images/win/scripts/Installers/Install-WinAppDriver.ps1
View File

@@ -6,8 +6,9 @@
$LatestReleaseUrl = 'https://api.github.com/repos/microsoft/WinAppDriver/releases/latest' $LatestReleaseUrl = 'https://api.github.com/repos/microsoft/WinAppDriver/releases/latest'
$InstallerUrl = (Invoke-RestMethod -Uri $LatestReleaseUrl).assets.browser_download_url $InstallerUrl = (Invoke-RestMethod -Uri $LatestReleaseUrl).assets.browser_download_url
$InstallerName = "WindowsApplicationDriver.msi" $InstallerName = "WindowsApplicationDriver.msi"
$InstallerSignatureThumbprint = "2485A7AFA98E178CB8F30C9838346B514AEA4769"
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
Install-Binary -Url $InstallerUrl -Name $InstallerName Install-Binary -Url $InstallerUrl -Name $InstallerName -ExpectedSignature $InstallerSignatureThumbprint
Invoke-PesterTests -TestFile "WinAppDriver" -TestName "WinAppDriver" Invoke-PesterTests -TestFile "WinAppDriver" -TestName "WinAppDriver"

10
images/win/toolsets/toolset-2019.json
View File

@@ -267,6 +267,7 @@
"subversion" : "16", "subversion" : "16",
"edition" : "Enterprise", "edition" : "Enterprise",
"channel": "release", "channel": "release",
"signature": "72105B6D5F370B62FD5C82F1512F7AD7DEE5F2C0",
"workloads": [ "workloads": [
"Component.Dotfuscator", "Component.Dotfuscator",
"Component.Linux.CMake", "Component.Linux.CMake",
@@ -412,10 +413,12 @@
}, },
"serviceFabric": { "serviceFabric": {
"runtime": { "runtime": {
"version": "9.1.1436.9590" "version": "9.1.1436.9590",
"signature": "AFBF0B8B6A18F7E23CCA1DDCD0AC1A55B4035173"
}, },
"sdk": { "sdk": {
"version": "6.1.1436" "version": "6.1.1436",
"signature": "AFBF0B8B6A18F7E23CCA1DDCD0AC1A55B4035173"
} }
}, },
"dotnet": { "dotnet": {
@@ -478,7 +481,8 @@
"version": "16" "version": "16"
}, },
"postgresql": { "postgresql": {
"version": "14" "version": "14",
"signature": "698BA51AA27CC31282AACA5055E4B9190BC6C0E9"
}, },
"kotlin": { "kotlin": {
"version": "latest", "version": "latest",

10
images/win/toolsets/toolset-2022.json
View File

@@ -177,6 +177,7 @@
"subversion" : "17", "subversion" : "17",
"edition" : "Enterprise", "edition" : "Enterprise",
"channel": "release", "channel": "release",
"signature": "72105B6D5F370B62FD5C82F1512F7AD7DEE5F2C0",
"workloads": [ "workloads": [
"Component.Dotfuscator", "Component.Dotfuscator",
"Component.Linux.CMake", "Component.Linux.CMake",
@@ -353,10 +354,12 @@
}, },
"serviceFabric": { "serviceFabric": {
"runtime": { "runtime": {
"version": "9.1.1436.9590" "version": "9.1.1436.9590",
"signature": "AFBF0B8B6A18F7E23CCA1DDCD0AC1A55B4035173"
}, },
"sdk": { "sdk": {
"version": "6.1.1436" "version": "6.1.1436",
"signature": "AFBF0B8B6A18F7E23CCA1DDCD0AC1A55B4035173"
} }
}, },
"dotnet": { "dotnet": {
@@ -418,7 +421,8 @@
"version": "8.2" "version": "8.2"
}, },
"postgresql": { "postgresql": {
"version": "14" "version": "14",
"signature": "698BA51AA27CC31282AACA5055E4B9190BC6C0E9"
}, },
"kotlin": { "kotlin": {
"version": "latest", "version": "latest",