Code signing at azure DevOps

Owned by Muhammad Saqib
Last updated: 30 May 2024
6 min read

Now on starting the manual build, we have the option of code signing

image-20240530-132035.png

if developer will push from visual studio by default code signing will be false.

 

Example to sign the file for code signing can be found in file “Git\CI\azure-devops-pipelines\templates\sign\sign_job_template.yml“

 followings files are signed , we can add more files for code signing.

      

# Standard - template: sign_code_template.yml parameters: hostPackagesPath: './packages/drop' inputFilename: 'Standard/Signifikant Standard Setup.exe' hostArtifactsPath: './artifacts' - template: sign_code_template.yml parameters: hostPackagesPath: './packages/drop' inputFilename: 'Standard/Signifikant Manager Setup.exe' hostArtifactsPath: './artifacts' - template: sign_code_template.yml parameters: hostPackagesPath: './packages/drop' inputFilename: 'Standard/Components/Assert/Client Deploy.msi' hostArtifactsPath: './artifacts' - template: sign_code_template.yml parameters: hostPackagesPath: './packages/drop' inputFilename: 'Standard/Components/Assert/Server Deploy.msi' hostArtifactsPath: './artifacts' # Standard/AnyTime - template: sign_code_template.yml parameters: hostPackagesPath: './packages/drop' inputFilename: 'Standard/Components/AnyTime/Setup.exe' hostArtifactsPath: './artifacts' - template: sign_code_template.yml parameters: hostPackagesPath: './packages/drop' inputFilename: 'Standard/Components/AnyTime/AssertAnyTime.Application.exe' hostArtifactsPath: './artifacts' # Webviewer - template: sign_code_template.yml parameters: hostPackagesPath: './packages/drop' inputFilename: 'WebViewer/Signifikant WebViewer Setup.exe' hostArtifactsPath: './artifacts' - template: sign_code_template.yml parameters: hostPackagesPath: './packages/drop' inputFilename: 'WebViewer/Components/Assert/WebViewer Deploy.msi' hostArtifactsPath: './artifacts' # Windows Service - template: sign_code_template.yml parameters: hostPackagesPath: './packages/drop' inputFilename: 'Windows Services/Service Deploy.msi' hostArtifactsPath: './artifacts' - template: sign_code_template.yml parameters: hostPackagesPath: './packages/drop' inputFilename: 'Windows Services/setup.exe' hostArtifactsPath: './artifacts' # Forms - template: sign_code_template.yml parameters: hostPackagesPath: './packages/drop' inputFilename: 'Forms/FormsManager/Forms.Manager.Deploy.msi' hostArtifactsPath: './artifacts' - template: sign_code_template.yml parameters: hostPackagesPath: './packages/drop' inputFilename: 'Forms/FormsManager/setup.exe' hostArtifactsPath: './artifacts' - template: sign_code_template.yml parameters: hostPackagesPath: './packages/drop' inputFilename: 'Forms/FormsApi/FormsApiDeploy.msi' hostArtifactsPath: './artifacts' - template: sign_code_template.yml parameters: hostPackagesPath: './packages/drop' inputFilename: 'Forms/FormsApi/setup.exe' hostArtifactsPath: './artifacts' # SignifikantEmailService - template: sign_code_template.yml parameters: hostPackagesPath: './packages/drop' inputFilename: 'SignifikantEmailService/DeployService.msi' hostArtifactsPath: './artifacts' - template: sign_code_template.yml parameters: hostPackagesPath: './packages/drop' inputFilename: 'SignifikantEmailService/setup.exe' hostArtifactsPath: './artifacts' # UsageLog - template: sign_code_template.yml parameters: hostPackagesPath: './packages/drop' inputFilename: 'UsageLog/UsageLogDeploy.msi' hostArtifactsPath: './artifacts' - template: sign_code_template.yml parameters: hostPackagesPath: './packages/drop' inputFilename: 'UsageLog/setup.exe' hostArtifactsPath: './artifacts' # ContentApi - template: sign_code_template.yml parameters: hostPackagesPath: './packages/drop' inputFilename: 'ContentApi/ContentApiDeploy.msi' hostArtifactsPath: './artifacts' - template: sign_code_template.yml parameters: hostPackagesPath: './packages/drop' inputFilename: 'ContentApi/setup.exe' hostArtifactsPath: './artifacts'

 We have credentials for code signing and they are stored in variable group in azure DevOps. Following credentials are required. They can be found in KeePassXC

image-20240530-131956.png

Code signing verification

We can download the build and check the files if they are signed by clicking the file properties and then Digital Signatures tab.

Â