Skip to content

Commit

Permalink
Add Digital Signature to DLLs in Maven Build (microsoft#22401)
Browse files Browse the repository at this point in the history
### Description
* Add digital signature to dll files in jar files.
* Jar file names: onnxruntime-{version}.jar,
onnxruntime_gpu-{version}.jar

### Motivation and Context
microsoft#19204
  • Loading branch information
idiskyle authored and Ishwar Raut committed Nov 19, 2024
1 parent 0742f4f commit 9219062
Show file tree
Hide file tree
Showing 4 changed files with 81 additions and 0 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,11 @@ stages:
showWarnings: true
workingDirectory: '$(Build.BinariesDirectory)\java-artifact'

- template: ../templates/jar-esrp-dll.yml
parameters:
JarFileDirectory: '$(Build.BinariesDirectory)\java-artifact\onnxruntime-java-win-x64'
JarFileName: 'onnxruntime_gpu-$(OnnxRuntimeVersion).jar'

- template: ../templates/jar-maven-signing-win.yml
parameters:
JarFileDirectory: '$(Build.BinariesDirectory)\java-artifact\onnxruntime-java-win-x64'
Expand Down
5 changes: 5 additions & 0 deletions tools/ci_build/github/azure-pipelines/templates/c-api-cpu.yml
Original file line number Diff line number Diff line change
Expand Up @@ -260,6 +260,11 @@ stages:
showWarnings: true
workingDirectory: '$(Build.BinariesDirectory)\java-artifact'

- template: jar-esrp-dll.yml
parameters:
JarFileDirectory: '$(Build.BinariesDirectory)\java-artifact\onnxruntime-java-win-x64'
JarFileName: 'onnxruntime-$(OnnxRuntimeVersion).jar'

- template: jar-maven-signing-win.yml
parameters:
JarFileDirectory: '$(Build.BinariesDirectory)\java-artifact\onnxruntime-java-win-x64'
Expand Down
30 changes: 30 additions & 0 deletions tools/ci_build/github/azure-pipelines/templates/jar-esrp-dll.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
parameters:
- name: JarFileDirectory
type: string
default: ''

- name: JarFileName
type: string
default: ''

steps:
- task: PowerShell@2
displayName: 'ESRP Jar - Extract Jar File'
inputs:
targetType: filePath
filePath: $(Build.SourcesDirectory)\tools\ci_build\github\windows\jar_esrp_dll.ps1
arguments: extract '${{ parameters.JarFileDirectory }}' '${{ parameters.JarFileName }}'
workingDirectory: '$(Build.BinariesDirectory)'

- template: win-esrp-dll.yml
parameters:
FolderPath: '${{ parameters.JarFileDirectory }}\jar_extracted_full_files'
DisplayName: 'ESRP Jar - Sign Dlls'

- task: PowerShell@2
displayName: 'ESRP Jar - Repack Jar File'
inputs:
targetType: filePath
filePath: $(Build.SourcesDirectory)\tools\ci_build\github\windows\jar_esrp_dll.ps1
arguments: repack '${{ parameters.JarFileDirectory }}' '${{ parameters.JarFileName }}'
workingDirectory: '$(Build.BinariesDirectory)'
41 changes: 41 additions & 0 deletions tools/ci_build/github/windows/jar_esrp_dll.ps1
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
$instruction = $args[0] # extract or repack
$original_jar_file_directory = $args[1] # The directory where the original jar file is located
$original_jar_file_name = $args[2] # The name of the original jar file

$original_jar_file_full_path = "$original_jar_file_directory\$original_jar_file_name"
$extracted_file_directory = "$original_jar_file_directory\jar_extracted_full_files"

if ($instruction -eq "extract") {
Write-Host "Extracting the jar file $original_jar_file_full_path..."
& 7z x $original_jar_file_full_path -o"$extracted_file_directory"
if ($lastExitCode -ne 0) {
Write-Host -Object "7z extracting the jar file command failed. Exitcode: $exitCode"
exit $lastExitCode
}
Write-Host "Extracted files directory: $extracted_file_directory"

Write-Host "Removing the original jar file..."
Remove-Item -Path "$original_jar_file_full_path" -Force
Write-Host "Removed the original jar file."
}
elseif ($instruction -eq "repack") {
Write-Host "Removing ESRP's CodeSignSummary file..."
# It is the summary generated by ESRP tool. It is not needed in the jar file.
Remove-Item -Path "$extracted_file_directory/CodeSignSummary*.*" -Force
Write-Host "Removed ESRP's CodeSignSummary file."

Write-Host "Repacking the jar file from directory $extracted_file_directory..."
& 7z a "$original_jar_file_full_path" "$extracted_file_directory\*"
if ($lastExitCode -ne 0) {
Write-Host -Object "7z repacking the jar file command failed. Exitcode: $exitCode"
exit $lastExitCode
}
Write-Host "Repacked the jar file $original_jar_file_full_path."

Write-Host "Removing the extracted files..."
Remove-Item -Path "$extracted_file_directory" -Recurse -Force
Write-Host "Removed the extracted files."
}
else {
Write-Host "Invalid instruction: $instruction"
}

0 comments on commit 9219062

Please sign in to comment.