azure-pipelines-agent/.azure-pipelines/scripts/RemoveSignatureScript.ps1 at b6d01d55b00afe1202f4450ccbc01b0aebefc45d · microsoft/azure-pipelines-agent · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
function Remove-ThirdPartySignatures() {
  <#
    .SYNOPSIS
      The script is used to perform signature removal of third party assemblies

    .PARAMETER SigntoolPath
      Path to signtool.exe

    .PARAMETER LayoutRoot
      Parameter that contains path to the _layout directory for current agent build
  #>
  [CmdletBinding()]
  param(
      [Parameter(Mandatory = $true)]
      [string]$SigntoolPath,
      [Parameter(Mandatory = $true)]
      [string]$LayoutRoot)

  $failedToUnsign = New-Object Collections.Generic.List[String]
  $succesfullyUnsigned = New-Object Collections.Generic.List[String]
  $filesWithoutSignatures = New-Object Collections.Generic.List[String]
  $filesCounter = 0
  foreach ($tree in Get-ChildItem -Path "$LayoutRoot" -Include "*.dll","*.exe" -Recurse | select FullName) {
    $filesCounter = $filesCounter + 1
    try {
      # check that file contain a signature before removal
      $verificationOutput = & "$SigntoolPath" verify /pa "$($tree.FullName)" 2>&1 | Write-Output
      $fileDoesntContainSignature = $false;

      if ($verificationOutput -match "No signature found.") {
        $fileDoesntContainSignature = $true;
        $filesWithoutSignatures.Add("$($tree.FullName)")
        $Error.clear()
      }

      if ($fileDoesntContainSignature -ne $true) {
        $removeOutput = & "$SigntoolPath" remove /s "$($tree.FullName)" 2>&1 | Write-Output
        if ($lastExitcode -ne 0) {
          $failedToUnsign.Add("$($tree.FullName)")
          $Error.clear()
        } else {
          $succesfullyUnsigned.Add("$($tree.FullName)")
        }
      }
    } catch {
        $failedToUnsign.Add("$($tree.FullName)")
        $Error.clear()
    }
  }

  Write-host "Failed to unsign - $($failedtounsign.Count)"
  Write-host "Succesfully unsigned - $($succesfullyUnsigned.Count)"
  Write-host "Files without signature - $($filesWithoutSignatures.Count)"
  foreach ($s in $filesWithoutSignatures) {
    Write-Host "File $s doesn't contain signature"
  }
  foreach ($s in $succesfullyunsigned) {
    Write-Host "Signature succefully removed for $s file"
  }

  if ($failedToUnsign.Count -gt 0) {
    foreach ($f in $failedtounsign) {
      Write-Host "##[error]Something went wrong, failed to process $f file"
    }
    exit 1
  }

  exit 0
}