actions/runner-images
1
0
Fork 0
mirror of https://github.com/actions/runner-images.git synced 2026-01-04 01:03:18 +08:00
Code Issues Packages Projects Releases Wiki Activity

Validate authenticode signature using the certificate Subject (#12474)

Browse Source 
* Use cerificate subject to verify authenticode signature

* Use function instead of script variables

* Switch all places to using Get-MicrosoftPublisher

* Remove SignatureThumbprint

* Use common subject for the Edge driver
This commit is contained in:
Pavel Iakovenko
2025-06-30 21:33:57 -04:00
committed by GitHub
parent 0790ef6e2a
commit 7eede67cd0
25 changed files with 72 additions and 103 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
images/windows/scripts/build/Install-WDK.ps1
View File

@@ -9,15 +9,13 @@ if (Test-IsWin19) {
Install-Binary -Type EXE `
-Url 'https://go.microsoft.com/fwlink/?linkid=2173743' `
-InstallArgs @("/features", "+", "/quiet") `
-ExpectedSignature '44796EB5BD439B4BFB078E1DC2F8345AE313CBB1'
-ExpectedSubject $(Get-MicrosoftPublisher)
$wdkUrl = "https://go.microsoft.com/fwlink/?linkid=2166289"
$wdkSignatureThumbprint = "914A09C2E02C696AF394048BCB8D95449BCD5B9E"
$wdkExtensionPath = "C:\Program Files (x86)\Windows Kits\10\Vsix\VS2019\WDK.vsix"
} elseif (Test-IsWin22) {
# SDK is available through Visual Studio
$wdkUrl = "https://go.microsoft.com/fwlink/?linkid=2294834"
$wdkSignatureThumbprint = "7920AC8FB05E0FFFE21E8FF4B4F03093BA6AC16E"
} else {
throw "Invalid version of Visual Studio is found. Either 2019 or 2022 are required"
}
@@ -26,7 +24,7 @@ if (Test-IsWin19) {
Install-Binary -Type EXE `
-Url $wdkUrl `
-InstallArgs @("/features", "+", "/quiet") `
-ExpectedSignature $wdkSignatureThumbprint
-ExpectedSubject $(Get-MicrosoftPublisher)
if (Test-IsWin19){
# Need to install the VSIX to get the build targets when running VSBuild