Browse Source

Set OpenSSL SHA1 flag in build scripts

Local OpenSSL defaults can reject legacy SHA-1 signatures during dotnet operations. Set the required compatibility flag inside the repository scripts so restore, build, publish, clean, and formatting paths do not depend on each caller's shell environment.

Assisted-by: OpenCode:openai/gpt-5.5:OpenCode
pull/3829/head
Siegfried Pammer 5 days ago committed by Siegfried Pammer
parent
commit
6b2852ce49
  1. 1
      BuildTools/format.ps1
  2. 1
      BuildTools/pre-commit
  3. 1
      build.ps1
  4. 1
      clean.ps1
  5. 1
      publish.ps1
  6. 5
      publishlocaldev.ps1
  7. 1
      restore.ps1
  8. 1
      updatedeps.ps1

1
BuildTools/format.ps1

@ -2,6 +2,7 @@
# Trigger the commit hook's formatter against the working tree without committing, # Trigger the commit hook's formatter against the working tree without committing,
# applying the same formatting the pre-commit hook enforces. # applying the same formatting the pre-commit hook enforces.
$ErrorActionPreference = 'Stop' $ErrorActionPreference = 'Stop'
$env:OPENSSL_ENABLE_SHA1_SIGNATURES = '1'
Push-Location (Join-Path $PSScriptRoot '..') Push-Location (Join-Path $PSScriptRoot '..')
try { try {
bash BuildTools/pre-commit --format bash BuildTools/pre-commit --format

1
BuildTools/pre-commit

@ -8,6 +8,7 @@ set -eu
DOTNET_FORMAT_VERSION=10.0.100-rtm.25531.102 DOTNET_FORMAT_VERSION=10.0.100-rtm.25531.102
DOTNET_FORMAT_SOURCE="https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet10-transport/nuget/v3/index.json" DOTNET_FORMAT_SOURCE="https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet10-transport/nuget/v3/index.json"
export OPENSSL_ENABLE_SHA1_SIGNATURES=1
# Per-OS tool cache location + binary suffix. Windows uses %LOCALAPPDATA% and a .exe # Per-OS tool cache location + binary suffix. Windows uses %LOCALAPPDATA% and a .exe
# suffix; Unix-likes follow the XDG basedir spec (falling back to ~/.local/share) and # suffix; Unix-likes follow the XDG basedir spec (falling back to ~/.local/share) and

1
build.ps1

@ -6,4 +6,5 @@ param(
[string]$Configuration = 'Debug' [string]$Configuration = 'Debug'
) )
$ErrorActionPreference = 'Stop' $ErrorActionPreference = 'Stop'
$env:OPENSSL_ENABLE_SHA1_SIGNATURES = '1'
dotnet build ILSpy.sln -c $Configuration "-p:Platform=Any CPU" @args dotnet build ILSpy.sln -c $Configuration "-p:Platform=Any CPU" @args

1
clean.ps1

@ -1,5 +1,6 @@
#!/usr/bin/env pwsh #!/usr/bin/env pwsh
# Clean the Debug and Release build outputs of ILSpy.sln. # Clean the Debug and Release build outputs of ILSpy.sln.
$ErrorActionPreference = 'Stop' $ErrorActionPreference = 'Stop'
$env:OPENSSL_ENABLE_SHA1_SIGNATURES = '1'
dotnet clean ILSpy.sln -c Debug "-p:Platform=Any CPU" @args dotnet clean ILSpy.sln -c Debug "-p:Platform=Any CPU" @args
dotnet clean ILSpy.sln -c Release "-p:Platform=Any CPU" @args dotnet clean ILSpy.sln -c Release "-p:Platform=Any CPU" @args

1
publish.ps1

@ -13,6 +13,7 @@ param(
[string]$Platform = 'windows' [string]$Platform = 'windows'
) )
$ErrorActionPreference = 'Stop' $ErrorActionPreference = 'Stop'
$env:OPENSSL_ENABLE_SHA1_SIGNATURES = '1'
$base = "./ILSpy/bin/$Configuration/net10.0" $base = "./ILSpy/bin/$Configuration/net10.0"

5
publishlocaldev.ps1

@ -1,5 +1,8 @@
# For local development of the VSIX package - build and publish (VS2022 also needs arm64) # For local development of the VSIX package - build and publish (VS2022 also needs arm64)
$ErrorActionPreference = 'Stop'
$env:OPENSSL_ENABLE_SHA1_SIGNATURES = '1'
$configuration = "Debug" $configuration = "Debug"
dotnet build ./ILSpy.sln -c $configuration dotnet build ./ILSpy.sln -c $configuration
@ -12,4 +15,4 @@ dotnet publish ./ILSpy.ReadyToRun/ILSpy.ReadyToRun.csproj -c $configuration --no
$output_arm64 = "./ILSpy/bin/$configuration/net10.0/win-arm64/publish/fwdependent" $output_arm64 = "./ILSpy/bin/$configuration/net10.0/win-arm64/publish/fwdependent"
dotnet publish ./ILSpy/ILSpy.csproj -c $configuration --no-restore --no-self-contained -r win-arm64 -o $output_arm64 dotnet publish ./ILSpy/ILSpy.csproj -c $configuration --no-restore --no-self-contained -r win-arm64 -o $output_arm64
dotnet publish ./ILSpy.ReadyToRun/ILSpy.ReadyToRun.csproj -c $configuration --no-restore --no-self-contained -r win-arm64 -o $output_arm64 dotnet publish ./ILSpy.ReadyToRun/ILSpy.ReadyToRun.csproj -c $configuration --no-restore --no-self-contained -r win-arm64 -o $output_arm64

1
restore.ps1

@ -2,4 +2,5 @@
# Restore all NuGet packages for ILSpy.sln, honouring the committed packages.lock.json files. # Restore all NuGet packages for ILSpy.sln, honouring the committed packages.lock.json files.
# Use updatedeps.ps1 instead when you have changed a PackageVersion and need to refresh the locks. # Use updatedeps.ps1 instead when you have changed a PackageVersion and need to refresh the locks.
$ErrorActionPreference = 'Stop' $ErrorActionPreference = 'Stop'
$env:OPENSSL_ENABLE_SHA1_SIGNATURES = '1'
dotnet restore ILSpy.sln -p:RestoreEnablePackagePruning=false @args dotnet restore ILSpy.sln -p:RestoreEnablePackagePruning=false @args

1
updatedeps.ps1

@ -3,4 +3,5 @@
# Run this after changing a PackageVersion in Directory.Packages.props (or adding a package), # Run this after changing a PackageVersion in Directory.Packages.props (or adding a package),
# then commit the updated lock files. # then commit the updated lock files.
$ErrorActionPreference = 'Stop' $ErrorActionPreference = 'Stop'
$env:OPENSSL_ENABLE_SHA1_SIGNATURES = '1'
dotnet restore ILSpy.sln --force-evaluate -p:RestoreEnablePackagePruning=false @args dotnet restore ILSpy.sln --force-evaluate -p:RestoreEnablePackagePruning=false @args

Loading…
Cancel
Save