Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .gitattributes
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
# Fixture bytes are test inputs; do not let Git normalize line endings or encodings.
tests/fixtures/msix-minimal/AppxManifest.xml -text
tests/fixtures/*.js -text
tests/fixtures/*.ps1 -text
tests/fixtures/*.psd1 -text
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ on:
workflow_dispatch:
inputs:
version:
description: Release version to build/publish (for example 0.6.0)
description: Release version to build/publish (for example 0.6.1)
required: true
type: string
publish_nuget:
Expand Down
18 changes: 9 additions & 9 deletions Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 3 additions & 1 deletion Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ repository = "https://github.com/Devolutions/psign"

[package]
name = "psign"
version = "0.6.0"
version = "0.6.1"
edition = "2024"
description = "Rust port of the Windows SDK signtool.exe (Authenticode sign/verify/timestamp) with portable digest helpers."
license.workspace = true
Expand All @@ -46,9 +46,11 @@ default = [
]
## Azure Key Vault signing (`AuthenticatorDigestSign` callback + REST); enables Azure-shaped CLI flags on `sign`.
azure-kv-sign = [
"dep:psign-portable-core",
"dep:psign-azure-kv-rest",
"dep:reqwest",
"psign-digest-cli/azure-kv-sign-portable",
"psign-portable-core/azure-kv-sign",
]
## Azure Artifact Signing / Trusted Signing **data-plane** hash signing (REST LRO); experimental helper command `artifact-signing-submit`.
artifact-signing-rest = [
Expand Down
2 changes: 1 addition & 1 deletion PowerShell/Devolutions.Psign/Devolutions.Psign.psd1
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
@{
RootModule = 'Devolutions.Psign.psm1'
ModuleVersion = '0.6.0'
ModuleVersion = '0.6.1'
GUID = 'e6e50e4b-bf25-4ed6-a343-49f904e79f8f'
Author = 'Devolutions'
CompanyName = 'Devolutions'
Expand Down
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@ dotnet tool run psign-tool -- --help
Create local dotnet tool packages from prebuilt release artifacts:

```powershell
pwsh ./nuget/pack-psign-dotnet-tool.ps1 -Version 0.6.0 -ArtifactsRoot ./dist -OutputDir ./dist/nuget
pwsh ./nuget/pack-psign-dotnet-tool.ps1 -Version 0.6.1 -ArtifactsRoot ./dist -OutputDir ./dist/nuget
```

The package is built from native `psign-tool` artifacts for `win-x64`, `win-arm64`, `linux-x64`, `linux-arm64`, `osx-x64`, and `osx-arm64`, plus an `any` fallback package for unsupported runtimes.
Expand Down
2 changes: 1 addition & 1 deletion crates/psign-authenticode-trust/Cargo.toml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[package]
name = "psign-authenticode-trust"
version = "0.6.0"
version = "0.6.1"
edition = "2024"
description = "Portable Authenticode PKCS#7 trust verification (anchors, chain, EKU) using picky-rs"
license.workspace = true
Expand Down
2 changes: 1 addition & 1 deletion crates/psign-azure-kv-rest/Cargo.toml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[package]
name = "psign-azure-kv-rest"
version = "0.6.0"
version = "0.6.1"
edition = "2024"
description = "Azure Key Vault certificate metadata + keys/sign REST (portable, blocking HTTP)"
license.workspace = true
Expand Down
2 changes: 1 addition & 1 deletion crates/psign-codesigning-rest/Cargo.toml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[package]
name = "psign-codesigning-rest"
version = "0.6.0"
version = "0.6.1"
edition = "2024"
description = "Azure Code Signing data-plane CertificateProfileOperations Sign LRO (portable, blocking HTTP)"
license.workspace = true
Expand Down
2 changes: 1 addition & 1 deletion crates/psign-digest-cli/Cargo.toml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[package]
name = "psign-digest-cli"
version = "0.6.0"
version = "0.6.1"
edition = "2024"
description = "Linux/macOS-friendly CLI over portable Authenticode SIP digests (psign-sip-digest)"
license.workspace = true
Expand Down
2 changes: 1 addition & 1 deletion crates/psign-opc-sign/Cargo.toml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[package]
name = "psign-opc-sign"
version = "0.6.0"
version = "0.6.1"
edition = "2024"
description = "Portable OPC, VSIX, and NuGet package signing primitives"
license.workspace = true
Expand Down
2 changes: 1 addition & 1 deletion crates/psign-portable-core/Cargo.toml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[package]
name = "psign-portable-core"
version = "0.6.0"
version = "0.6.1"
edition = "2024"
description = "Reusable portable Authenticode signing and inspection APIs for psign"
license.workspace = true
Expand Down
19 changes: 16 additions & 3 deletions crates/psign-portable-core/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -311,6 +311,8 @@ pub struct PortableSignRequest {
#[serde(default)]
pub azure_key_vault_certificate: Option<String>,
#[serde(default)]
pub azure_key_vault_certificate_version: Option<String>,
#[serde(default)]
pub azure_key_vault_access_token: Option<String>,
#[serde(default)]
pub azure_key_vault_client_id: Option<String>,
Expand All @@ -320,6 +322,8 @@ pub struct PortableSignRequest {
pub azure_key_vault_tenant_id: Option<String>,
#[serde(default)]
pub azure_key_vault_managed_identity: Option<bool>,
#[serde(default)]
pub azure_authority: Option<String>,
// Azure Artifact Signing / Trusted Signing
#[serde(default)]
pub artifact_signing_endpoint: Option<String>,
Expand Down Expand Up @@ -367,11 +371,13 @@ impl Default for PortableSignRequest {
timestamp_hash_algorithm: None,
azure_key_vault_url: None,
azure_key_vault_certificate: None,
azure_key_vault_certificate_version: None,
azure_key_vault_access_token: None,
azure_key_vault_client_id: None,
azure_key_vault_client_secret: None,
azure_key_vault_tenant_id: None,
azure_key_vault_managed_identity: None,
azure_authority: None,
artifact_signing_endpoint: None,
artifact_signing_account_name: None,
artifact_signing_profile_name: None,
Expand Down Expand Up @@ -1437,11 +1443,16 @@ fn load_azure_key_vault_signing_provider(request: &PortableSignRequest) -> Resul
tenant_id: request.azure_key_vault_tenant_id.as_deref(),
client_id: request.azure_key_vault_client_id.as_deref(),
client_secret: request.azure_key_vault_client_secret.as_deref(),
authority: None,
authority: request.azure_authority.as_deref(),
};
let token = psign_azure_kv_rest::acquire_kv_access_token(&auth)?;
let key_vault_certificate =
psign_azure_kv_rest::fetch_kv_certificate(&http, &vault_url, &certificate, None, &token)?;
let key_vault_certificate = psign_azure_kv_rest::fetch_kv_certificate(
&http,
&vault_url,
&certificate,
request.azure_key_vault_certificate_version.as_deref(),
&token,
)?;
let signer_cert_der = psign_azure_kv_rest::kv_decode_cer_b64(&key_vault_certificate.cer)?;
let signer_cert =
rdp::parse_certificate(&signer_cert_der).context("parse Key Vault signer certificate")?;
Expand Down Expand Up @@ -3889,11 +3900,13 @@ mod tests {
timestamp_hash_algorithm: None,
azure_key_vault_url: None,
azure_key_vault_certificate: None,
azure_key_vault_certificate_version: None,
azure_key_vault_access_token: None,
azure_key_vault_client_id: None,
azure_key_vault_client_secret: None,
azure_key_vault_tenant_id: None,
azure_key_vault_managed_identity: None,
azure_authority: None,
artifact_signing_endpoint: None,
artifact_signing_account_name: None,
artifact_signing_profile_name: None,
Expand Down
2 changes: 1 addition & 1 deletion crates/psign-portable-ffi/Cargo.toml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[package]
name = "psign-portable-ffi"
version = "0.6.0"
version = "0.6.1"
edition = "2024"
description = "C ABI shared library for psign portable Authenticode operations"
license.workspace = true
Expand Down
2 changes: 1 addition & 1 deletion crates/psign-sip-digest/Cargo.toml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[package]
name = "psign-sip-digest"
version = "0.6.0"
version = "0.6.1"
edition = "2024"
description = "Portable Authenticode SIP digest recomputation (PE, CAB, MSI, MSIX, scripts, …) without Win32"
license.workspace = true
Expand Down
Loading