Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
337 commits
Select commit Hold shift + click to select a range
c64111d
credential: set trace2_child_class for credential manager children
jeffhostetler Oct 3, 2019
4404bff
sub-process: do not borrow cmd pointer from caller
jeffhostetler Sep 18, 2019
cddbc3f
sub-process: add subprocess_start_argv()
jeffhostetler Sep 18, 2019
2c6dd9e
sha1-file: add function to update existing loose object cache
jeffhostetler Sep 24, 2019
38c9857
index-pack: avoid immediate object fetch while parsing packfile
dscho Apr 17, 2026
4ff7b00
gvfs-helper: create tool to fetch objects using the GVFS Protocol
jeffhostetler Aug 13, 2019
88dd0e5
sha1-file: create shared-cache directory if it doesn't exist
jeffhostetler Oct 7, 2019
ab715cb
gvfs-helper: better handling of network errors
jeffhostetler Oct 8, 2019
d58bf5e
gvfs-helper-client: properly update loose cache with fetched OID
jeffhostetler Oct 8, 2019
e4e032d
gvfs-helper: V2 robust retry and throttling
jeffhostetler Oct 10, 2019
83cbcb1
gvfs-helper: expose gvfs/objects GET and POST semantics
jeffhostetler Oct 21, 2019
37c8d8f
gvfs-helper: dramatically reduce progress noise
derrickstolee Oct 24, 2019
97641e4
gvfs-helper: handle pack-file after single POST request
derrickstolee Nov 11, 2019
be8762e
test-gvfs-prococol, t5799: tests for gvfs-helper
jeffhostetler Oct 25, 2019
1cbab9e
gvfs-helper: move result-list construction into install functions
jeffhostetler Nov 13, 2019
40ab73b
t5799: add support for POST to return either a loose object or packfile
jeffhostetler Nov 13, 2019
77afaf2
t5799: cleanup wc-l and grep-c lines
jeffhostetler Nov 13, 2019
4a1e85f
gvfs-helper: verify loose objects after write
derrickstolee Sep 18, 2020
283ad1a
Trace2:gvfs:experiment: capture more 'tracking' details
jeffhostetler Jul 26, 2019
59438b5
t7599: create corrupt blob test
jeffhostetler Sep 18, 2020
fe76797
gvfs-helper: add prefetch support
jeffhostetler Nov 11, 2019
8e2b8a7
gvfs-helper: add prefetch .keep file for last packfile
jeffhostetler Nov 26, 2019
75280df
gvfs-helper: do one read in my_copy_fd_len_tail()
derrickstolee Dec 16, 2019
2fb6021
gvfs-helper: move content-type warning for prefetch packs
derrickstolee Dec 16, 2019
d72feaa
fetch: use gvfs-helper prefetch under config
derrickstolee Dec 17, 2019
f162507
gvfs-helper: better support for concurrent packfile fetches
jeffhostetler Dec 18, 2019
e274b65
remote-curl: do not call fetch-pack when using gvfs-helper
derrickstolee Feb 3, 2020
c81f6fd
t5799: explicitly test gvfs-helper --fallback and --no-fallback
jeffhostetler Jun 28, 2024
1e27016
fetch: reprepare packs before checking connectivity
derrickstolee Mar 12, 2020
4639c63
gvfs-helper: add --max-retries to prefetch verb
jeffhostetler Apr 12, 2023
4266eaa
gvfs-helper: don't fallback with new config
derrickstolee Jun 27, 2024
d8b6330
gvfs-helper: retry when creating temp files
derrickstolee Dec 26, 2019
2961f9e
t5799: add tests to detect corrupt pack/idx files in prefetch
jeffhostetler Apr 13, 2023
3ef5217
test-gvfs-protocol: add cache_http_503 to mayhem
jeffhostetler Jun 28, 2024
a225fd0
sparse: avoid warnings about known cURL issues in gvfs-helper.c
derrickstolee Aug 3, 2021
22c6486
gvfs-helper: ignore .idx files in prefetch multi-part responses
jeffhostetler Apr 13, 2023
5a9a265
t5799: add unit tests for new `gvfs.fallback` config setting
jeffhostetler Jun 28, 2024
c246a5d
maintenance: care about gvfs.sharedCache config
derrickstolee Dec 15, 2020
e044ae6
.github/actions/akv-secret: add action to get secrets
mjcheetham Apr 1, 2025
db9cc31
release: create initial Windows installer build workflow
dscho Apr 29, 2026
4e3e75d
help: special-case HOST_CPU `universal`
jeffhostetler Oct 17, 2023
d533a77
release: add Mac OSX installer build
vdye Jul 16, 2021
bf1e49d
release: build unsigned Ubuntu .deb package
vdye Jul 16, 2021
cbbdfc8
release: add signing step for .deb package
vdye Jul 16, 2021
22d7862
release: create draft GitHub release with packages & installers
vdye Jul 16, 2021
810cf31
dist: archive HEAD instead of HEAD^{tree}
vdye Dec 2, 2021
691ddd0
update-microsoft-git: create barebones builtin
derrickstolee Apr 29, 2021
e0c5167
homebrew: add GitHub workflow to release Cask
mjcheetham Jul 24, 2020
e3417fa
Disable the `monitor-components` workflow in msft-git
dscho May 13, 2022
7a03260
build-git-installers: publish gpg public key
ldennington Oct 24, 2023
ef3279a
release: include GIT_BUILT_FROM_COMMIT in MacOS build
vdye Dec 2, 2021
dd99d23
update-microsoft-git: Windows implementation
derrickstolee Apr 29, 2021
5efced6
unpack-trees:virtualfilesystem: Improve efficiency of clear_ce_flags
neerajsi-msft2 Feb 6, 2021
6560eff
Adding winget workflows
Apr 29, 2021
7ae2bba
.github: enable windows builds on microsoft fork
derrickstolee Mar 8, 2023
0904361
release: continue pestering until user upgrades
derrickstolee Oct 6, 2021
9f61567
release: add installer validation
ldennington Aug 17, 2022
e58416e
update-microsoft-git: use brew on macOS
derrickstolee Apr 29, 2021
43da41b
git_config_set_multivar_in_file_gently(): add a lock timeout
dscho May 18, 2021
12a8aa2
scalar: set the config write-lock timeout to 150ms
dscho May 18, 2021
efbd18c
scalar: add docs from microsoft/scalar
derrickstolee Jun 16, 2021
f8f1071
Merge branch 'scalar-gentler-config-locking'
dscho May 19, 2021
5a031f4
Merge branch 'scalar-extra-docs'
dscho Nov 16, 2021
48ef38e
scalar (Windows): use forward slashes as directory separators
dscho May 10, 2022
6ec1e1b
.github: reinstate ISSUE_TEMPLATE.md for microsoft/git
derrickstolee Mar 16, 2022
9411981
scalar: add retry logic to run_git()
derrickstolee Jun 17, 2021
53b4908
.github: update PULL_REQUEST_TEMPLATE.md
derrickstolee Mar 16, 2022
3a242e4
scalar: support the `config` command for backwards compatibility
dscho May 27, 2021
790e547
Adjust README.md for microsoft/git
May 4, 2021
9676f63
scalar: implement a minimal JSON parser
dscho Apr 26, 2021
d680224
scalar clone: support GVFS-enabled remote repositories
dscho Aug 24, 2021
ff853b4
test-gvfs-protocol: also serve smart protocol
dscho Apr 16, 2021
0ce420b
Merge branch 'microsoft/vfs-2.35.0'
dscho Oct 7, 2021
4d11773
gvfs-helper: add the `endpoint` command
dscho Apr 26, 2021
ef0e486
Merge branch 'scalar'
dscho Aug 24, 2021
ba2c7c3
dir_inside_of(): handle directory separators correctly
dscho May 14, 2021
2a13a39
scalar: disable authentication in unattended mode
dscho May 6, 2021
1b4d513
abspath: make strip_last_path_component() global
derrickstolee Oct 4, 2022
55226d1
scalar: do initialize `gvfs.sharedCache`
dscho May 3, 2021
0cebd3d
scalar diagnose: include shared cache info
dscho Jun 1, 2021
8bfa488
scalar: only try GVFS protocol on https:// URLs
dscho Apr 28, 2021
77fcdc7
scalar: verify that we can use a GVFS-enabled repository
dscho Apr 16, 2021
f34397a
scalar: add the `cache-server` command
dscho Apr 23, 2021
abe682c
scalar: add a test toggle to skip accessing the vsts/info endpoint
dscho May 12, 2021
214803a
scalar: adjust documentation to the microsoft/git fork
dscho Jan 25, 2022
0f5f72b
scalar: enable untracked cache unconditionally
derrickstolee Jun 21, 2021
8cacb6b
scalar: parse `clone --no-fetch-commits-and-trees` for backwards comp…
dscho Aug 24, 2021
5436ac8
scalar: make GVFS Protocol a forced choice
derrickstolee May 1, 2024
182ec1c
scalar: work around GVFS Protocol HTTP/2 failures
Copilot May 22, 2025
236cdb2
scalar diagnose: accommodate Scalar's Functional Tests
dscho May 9, 2022
4aa2b23
gvfs-helper-client: clean up server process(es)
derrickstolee May 23, 2025
80777af
ci: run Scalar's Functional Tests
dscho Jun 8, 2021
bb66729
Merge branch 'scalar-with-gvfs'
dscho May 3, 2021
6ffbe4c
scalar: upgrade to newest FSMonitor config setting
vdye Apr 5, 2022
4c582c0
Merge branch 'run-scalar-functional-tests'
dscho Nov 16, 2021
723152f
sparse-checkout: add config to disable deleting dirs
derrickstolee Aug 22, 2021
bda6599
add/rm: allow adding sparse entries when virtual
derrickstolee Jun 29, 2021
0536ef8
Merge branch 'scalar-reconfigure'
dscho Jun 1, 2021
1911816
diff: ignore sparse paths in diffstat
derrickstolee Jul 26, 2021
685b656
repo-settings: enable sparse index by default
derrickstolee Jun 15, 2021
5d50249
TO-UPSTREAM: sequencer: avoid progress when stderr is redirected
derrickstolee Sep 23, 2021
31a4bae
Merge pull request #392: add: allow adding sparse entries when virtual
derrickstolee Jul 1, 2021
3da87e7
Merge pull request #410: Sparse Index: latest integrations
derrickstolee Aug 24, 2021
8fd9544
TO-CHECK: t1092: use quiet mode for rebase tests
derrickstolee Oct 31, 2021
b89a259
Merge pull request #414: Make sparse index the default
derrickstolee Aug 26, 2021
c9d1123
reset: fix mixed reset when using virtual filesystem
Mar 15, 2017
fc33cc6
Merge pull request #432: sequencer: avoid progress when stderr is red…
derrickstolee Sep 23, 2021
ad67805
diff(sparse-index): verify with partially-sparse
ldennington Sep 10, 2021
b25ab9a
stash: expand testing for `git stash -u`
vdye Sep 22, 2021
3c7d3e8
sparse-index: add ensure_full_index_with_reason()
derrickstolee Sep 30, 2024
67ab008
treewide: add reasons for expanding index
derrickstolee Sep 30, 2024
f0dcb27
treewide: custom reasons for expanding index
derrickstolee Sep 30, 2024
c94d991
sparse-index: add macro for unaudited expansions
derrickstolee Sep 30, 2024
3e02eaf
Docs: update sparse index plan with logging
derrickstolee Sep 30, 2024
f4654eb
sparse-index: log failure to clear skip-worktree
derrickstolee Sep 30, 2024
52f1b9d
stash: use -f in checkout-index child process
derrickstolee Sep 30, 2024
ba03c72
sparse-index: do not copy hashtables during expansion
derrickstolee Sep 27, 2024
faf4b95
Merge pull request #494: reset: fix mixed reset when using virtual fi…
derrickstolee Apr 4, 2022
a099fc7
Merge pull request #419 from ldennington/sparse-index-diff
ldennington Sep 12, 2021
d83bce7
Merge pull request #430 from vdye/sparse-index/clean
vdye Sep 23, 2021
96a5261
Fix rare segfault in sparse-index (#690)
dscho Oct 9, 2024
e3b2e24
Merge core VFS features
dscho Jun 11, 2018
d6719f0
Merge advanced VFS-specific features
dscho Jun 11, 2018
31b88ba
Permit `repack` command in Scalar clones (#732)
mjcheetham Mar 31, 2025
f1e6f79
Merge virtualfilesystem hook
dscho Jun 11, 2018
70664d8
Merge updates to serialized status
dscho Jun 11, 2018
02dde09
Merge trace2 experimental regions
jeffhostetler Apr 23, 2019
bffdd34
Merge first wave of gvfs-helper feature
jeffhostetler Nov 14, 2019
6dde88d
Merge gvfs-helper prefetch feature
derrickstolee Dec 17, 2019
3ee01d4
Harden gvfs-helper to validate the packfiles in a multipart prefetch …
jeffhostetler Apr 17, 2023
0fee4b3
gvfs-helper: add gvfs.fallback and unit tests (#665)
dscho Jul 1, 2024
3390755
Merge pull request #301: Update 'git maintenance' to match upstream
derrickstolee Dec 15, 2020
d6a883c
Merge pull request #315: unpack-trees:virtualfilesystem: Improve effi…
derrickstolee Feb 16, 2021
f6129fb
Merge branch 'add-workflows'
derrickstolee Apr 30, 2021
dc9c352
Merge branch 'adjust-g4w-workflows'
dscho May 13, 2022
62c7426
Merge pull request #399 from vdye/feature/build-installers
vdye Jul 29, 2021
692b164
Merge pull request #472 from vdye/ms/macos-build-options
vdye Dec 6, 2021
9eb94d8
Merge pull request #329: Add `git update-microsoft-git`
derrickstolee Apr 30, 2021
d2d0635
Merge pull request #333: update microsoft/git README
derrickstolee May 17, 2021
0c581e7
Merge pull request #371 from dscho/run-scalar-functional-tests-and-fi…
dscho Jun 9, 2021
a0366b9
TO-UPSTREAM: sub-process: avoid leaking `cmd`
dscho Dec 18, 2024
5cb0176
Merge branch 'sparse-index-stuff'
dscho Jun 17, 2022
07b4d06
hooks: add custom post-command hook config
derrickstolee Mar 25, 2025
14117b7
remote-curl: release filter options before re-setting them
dscho Dec 18, 2024
2be625e
TO-UPSTREAM: Docs: fix asciidoc failures from short delimiters
derrickstolee Mar 25, 2025
3b37512
t7900-maintenance.sh: reset config between tests
mjcheetham Jan 22, 2025
c80c493
transport: release object filter options
dscho Dec 18, 2024
233cfcb
hooks: make hook logic memory-leak free
derrickstolee Mar 25, 2025
7a5af41
maintenance: add cache-local-objects maintenance task
mjcheetham Jan 14, 2025
416a515
push: don't reuse deltas with path walk
derrickstolee Nov 16, 2024
bcb5dc7
Merge branch 'leak-fixes'
dscho Dec 18, 2024
04afdcf
t0401: test post-command for alias, version, typo
derrickstolee Nov 7, 2025
13e557f
scalar.c: add cache-local-objects task
mjcheetham Jan 23, 2025
5249a21
pack-objects: don't reuse deltas with path walk (#707)
dscho Dec 19, 2024
8454287
cat_one_file(): make it easy to see that the `size` variable is initi…
dscho Oct 27, 2022
63dd7fa
hooks: better handle config without gitdir
derrickstolee Nov 7, 2025
c94e2e1
maintenance: add new `cache-local-objects` maintenance task (#720)
mjcheetham Jan 31, 2025
08c6fe8
revision: defensive programming
dscho Dec 16, 2022
0ede4f0
get_parent(): defensive programming
dscho Dec 16, 2022
d1559b6
fetch-pack: defensive programming
dscho Dec 16, 2022
6b367b9
codeql: run static analysis as part of CI builds
dscho Aug 9, 2022
6458e23
unparse_commit(): defensive programming
dscho Dec 16, 2022
f7d940e
codeql: publish the sarif file as build artifact
dscho Mar 22, 2023
7396e03
verify_commit_graph(): defensive programming
dscho Dec 16, 2022
708febc
codeql: disable a couple of non-critical queries for now
dscho Mar 21, 2025
59e1d5f
stash: defensive programming
dscho Dec 16, 2022
5242574
date: help CodeQL understand that there are no leap-year issues here
dscho Jul 23, 2025
1a1ed99
stash: defensive programming
dscho Dec 16, 2022
3dc3f08
fsck: avoid using an uninitialized variable
dscho Dec 16, 2022
47a2e33
help: help CodeQL understand that consuming envvars is okay here
dscho Jul 23, 2025
3b147ac
push: defensive programming
dscho Dec 16, 2022
dfd98c7
load_revindex_from_disk(): avoid accessing uninitialized data
dscho Dec 16, 2022
cb2a751
ctype: help CodeQL understand that `sane_istest()` does not access ar…
dscho Jul 23, 2025
b340977
test-tool repository: check return value of `lookup_commit()`
dscho Dec 16, 2022
c49b40b
fetch: defensive programming
dscho Dec 16, 2022
40d8927
load_pack_mtimes_file(): avoid accessing uninitialized data
dscho Dec 16, 2022
629c2d7
ctype: accommodate for CodeQL misinterpreting the `z` in `mallocz()`
dscho Jul 23, 2025
989f755
shallow: handle missing shallow commits gracefully
dscho Dec 16, 2022
3c3c954
inherit_tracking(): defensive programming
dscho Dec 16, 2022
0880aef
Merge branch 'uninitialized-variables'
dscho Oct 27, 2022
c3ea9ed
strbuf_read: help with CodeQL misunderstanding that `strbuf_read()` d…
dscho Jul 23, 2025
a84a0a5
commit-graph: suppress warning about using a stale stack addresses
dscho Dec 17, 2022
e139ac8
Merge branch 'defensive-programming'
dscho Mar 21, 2025
2745bbf
codeql: also check JavaScript code
dscho Jul 24, 2025
8148a3f
Merge branch 'codeql-fixes'
dscho Mar 21, 2025
6a0d2da
gvfs-helper: skip collision check for loose objects
derrickstolee Jan 8, 2026
e9a6793
scalar: add run_git_argv
mjcheetham Dec 17, 2025
9a9509c
Merge branch 'codeql'
dscho Mar 21, 2025
a08c9eb
hooks: add custom post-command hook config (#736)
dscho Apr 7, 2025
3dc9149
gvfs-helper: emit advice on transient errors
derrickstolee Jan 8, 2026
0613e00
scalar: add --ref-format option to scalar clone
mjcheetham Dec 17, 2025
42ef1a6
Merge branch 'codeql'
dscho Mar 21, 2025
b4fd903
gvfs-helper: avoid collision check for packfiles
derrickstolee Jan 8, 2026
cf7cbb3
Add `--ref-format` option to scalar clone (port to `vfs-2.52.0`) (#832)
dscho Jan 8, 2026
b41aaa8
gvfs-helper: prevent and/or give advice on repeated downloads to shar…
dscho Jan 9, 2026
75845f4
t5799: update cache-server methods for multiple instances
derrickstolee Jan 17, 2026
fd6407c
gvfs-helper: override cache server for prefetch
derrickstolee Jan 5, 2026
b4668fc
gvfs-helper: override cache server for get
derrickstolee Jan 5, 2026
97eae2e
gvfs-helper: override cache server for post
derrickstolee Jan 5, 2026
92a9687
t5799: add test for all verb-specific cache-servers together
derrickstolee Jan 17, 2026
548af29
lib-gvfs-helper: create helper script for protocol tests
derrickstolee Jan 18, 2026
27de0de
t579*: split t5799 into several parts
derrickstolee Jan 18, 2026
0bff5ab
scalar: add --<verb>-cache-server-url options
derrickstolee Jan 23, 2026
06616a4
Restore previous errno after post command hook
tyrielv Feb 10, 2026
5688833
gvfs-helper: add config to incrementally replace cache servers (#836)
derrickstolee Jan 22, 2026
1d9095a
t9210: differentiate origin and cache servers
derrickstolee Jan 28, 2026
26308b7
Restore previous errno after post command hook (#860)
dscho Feb 10, 2026
6f693c2
unpack-trees: skip lstats for deleted VFS entries in checkout
Mar 6, 2026
a53de40
scalar: add --<verb>-cache-server-url options (#849)
dscho Feb 11, 2026
8f83a69
worktree: conditionally allow worktree on VFS-enabled repos
Mar 26, 2026
7bf9502
unpack-trees: skip lstats for deleted VFS entries in checkout (#865)
dscho Mar 26, 2026
5b6b46c
gvfs-helper: send X-Session-Id headers
derrickstolee Mar 24, 2026
17848a9
gvfs-helper: create shared object cache if missing
derrickstolee Feb 12, 2026
b9e11b8
worktree: conditionally allow worktree on VFS-enabled repos (#868)
mjcheetham Mar 27, 2026
4c41212
gvfs: add gvfs.sessionKey config
derrickstolee Mar 24, 2026
185dbc2
gvfs-helper: create shared object cache if missing (#861)
mjcheetham Mar 27, 2026
bed370f
gvfs: clear DIE_IF_CORRUPT in streaming incore fallback
tyrielv Mar 27, 2026
024837d
gvfs-helper: emit X-Session-Id headers for requests (#862)
mjcheetham Mar 27, 2026
241f1c4
workflow: add release-vfsforgit to automate VFS for Git updates
mjcheetham Mar 27, 2026
dfa0d1a
gvfs: clear DIE_IF_CORRUPT in streaming incore fallback (#873)
dscho Mar 28, 2026
21ae6a1
worktree remove: use GVFS_SUPPORTS_WORKTREES for skip-clean-check gate
tyrielv Mar 30, 2026
e01450c
workflow: add release-vfsforgit to automate VFS for Git updates (#871)
mjcheetham Mar 31, 2026
a4a48d4
ci: add new VFS for Git functional tests workflow
mjcheetham Mar 30, 2026
f16d633
worktree remove: use gvfs_config_is_set for skip-clean-check gate (#875)
mjcheetham Apr 2, 2026
a771e02
azure-pipelines: add stub release pipeline for Azure
mjcheetham Apr 17, 2026
11732fc
Add VFS for Git functional tests workflow (#874)
mjcheetham Apr 2, 2026
4cade5c
gvfs-helper: separate packfile extraction from indexing
derrickstolee Apr 7, 2026
32936ce
blame: add blame.renames, blame.renameThreshold, blame.renameLimit
Apr 20, 2026
e551e62
diff: add renameThreshold configuration option
tyrielv Apr 8, 2026
e63e119
azure-pipelines: add stub release pipeline for Azure (#886)
mjcheetham Apr 17, 2026
5b7027b
gvfs-helper: run prefetch index-pack in parallel
derrickstolee Apr 7, 2026
5e6a476
blame: add blame.rename* configuration (#894)
dscho Apr 22, 2026
bdd73e8
diff: add renameThreshold configuration option (#878)
dscho Apr 20, 2026
355cd4a
gvfs-helper: add gvfs.prefetchThreads config for parallel prefetch
derrickstolee Apr 21, 2026
a060847
Synchronize `vfs-2.54.0` with `vfs-2.53.0` (`git blame` changes) (#896)
dscho Apr 27, 2026
2e8febb
azure-pipelines: add ESRP code signing
mjcheetham Apr 30, 2026
41500d3
azure-pipelines: allow overriding Git version
mjcheetham May 15, 2026
08a9f59
azure-pipelines: build, sign and stage the Linux Debian package
dscho Apr 30, 2026
02e2d8e
azure-pipelines: build, sign, notarize and stage the macOS installer
dscho Apr 30, 2026
c4ded8c
azure-pipelines: build, sign and stage the Windows installer
mjcheetham May 1, 2026
8a204a2
azure-pipelines: enable on tag push, default ESRP and GitHub release on
dscho May 8, 2026
61ff841
release: binskim for Windows
mjcheetham May 21, 2026
3f15f8c
release: suppress unfixable binskim findings
mjcheetham May 28, 2026
41d240c
binskim: add baseline
microsoft-github-policy-service[bot] May 29, 2026
dd4ff21
scalar: Install prefetch packfiles in parallel (#876)
dscho Apr 28, 2026
b7252dd
checkout: preserve skip-worktree for virtual filesystem paths
tyrielv May 14, 2026
128853d
azure-pipelines: migrate installer release pipeline from GitHub Actio…
dscho May 19, 2026
0b5f3f1
checkout: preserve skip-worktree for virtual filesystem paths (forwar…
dscho May 27, 2026
e96535a
rust: pick a GCC-compatible Cargo target under MSYS2/MinGW
dscho Jun 11, 2026
de444c4
ci(vfs): install the GCC-compatible Rust target before building
dscho Jun 11, 2026
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
106 changes: 106 additions & 0 deletions .azure-pipelines/esrp/sign.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,106 @@
# Reusable step template for ESRP code signing via EsrpCodeSigning@6.
#
# For macOS, ESRP requires files to be submitted as a zip archive.
# Set 'useArchive: true' to automatically handle the
# copy → zip → sign → extract cycle. For Windows/Linux where ESRP
# can sign files directly in a folder, leave it as false (default).
#
parameters:
- name: displayName
type: string
- name: folderPath
type: string
- name: pattern
type: string
- name: inlineOperation
type: string
# When true, matching files are copied to a staging dir, zipped,
# signed, and extracted back to folderPath.
- name: useArchive
type: boolean
default: false
# ESRP connection parameters (defaults use pipeline variables)
- name: connectedServiceName
type: string
default: $(esrpAppConnectionName)
- name: appRegistrationClientId
type: string
default: $(esrpClientId)
- name: appRegistrationTenantId
type: string
default: $(esrpTenantId)
- name: authAkvName
type: string
default: $(esrpKeyVaultName)
- name: authSignCertName
type: string
default: $(esrpSignReqCertName)
- name: serviceEndpointUrl
type: string
default: $(esrpEndpointUrl)

steps:
- ${{ if eq(parameters.useArchive, true) }}:
- task: DeleteFiles@1
displayName: 'Clean staging dir for ${{ parameters.displayName }}'
inputs:
SourceFolder: '$(Agent.TempDirectory)/esrp-staging'
Contents: '*'
RemoveSourceFolder: true
- task: CopyFiles@2
displayName: 'Collect files for ${{ parameters.displayName }}'
inputs:
SourceFolder: '${{ parameters.folderPath }}'
Contents: '${{ parameters.pattern }}'
TargetFolder: '$(Agent.TempDirectory)/esrp-staging/contents'
- task: ArchiveFiles@2
displayName: 'Archive files for ${{ parameters.displayName }}'
inputs:
rootFolderOrFile: '$(Agent.TempDirectory)/esrp-staging/contents'
includeRootFolder: false
archiveType: zip
archiveFile: '$(Agent.TempDirectory)/esrp-staging/archive.zip'
- task: EsrpCodeSigning@6
displayName: '${{ parameters.displayName }}'
inputs:
connectedServiceName: '${{ parameters.connectedServiceName }}'
useMSIAuthentication: true
appRegistrationClientId: '${{ parameters.appRegistrationClientId }}'
appRegistrationTenantId: '${{ parameters.appRegistrationTenantId }}'
authAkvName: '${{ parameters.authAkvName }}'
authSignCertName: '${{ parameters.authSignCertName }}'
serviceEndpointUrl: '${{ parameters.serviceEndpointUrl }}'
folderPath: '$(Agent.TempDirectory)/esrp-staging'
pattern: 'archive.zip'
useMinimatch: true
signConfigType: inlineSignParams
inlineOperation: ${{ parameters.inlineOperation }}
- task: ExtractFiles@1
displayName: 'Extract signed files for ${{ parameters.displayName }}'
inputs:
archiveFilePatterns: '$(Agent.TempDirectory)/esrp-staging/archive.zip'
destinationFolder: '${{ parameters.folderPath }}'
overwriteExistingFiles: true
- task: DeleteFiles@1
displayName: 'Clean up staging dir for ${{ parameters.displayName }}'
condition: always()
inputs:
SourceFolder: '$(Agent.TempDirectory)/esrp-staging'
Contents: '*'
RemoveSourceFolder: true
- ${{ else }}:
- task: EsrpCodeSigning@6
displayName: '${{ parameters.displayName }}'
inputs:
connectedServiceName: '${{ parameters.connectedServiceName }}'
useMSIAuthentication: true
appRegistrationClientId: '${{ parameters.appRegistrationClientId }}'
appRegistrationTenantId: '${{ parameters.appRegistrationTenantId }}'
authAkvName: '${{ parameters.authAkvName }}'
authSignCertName: '${{ parameters.authSignCertName }}'
serviceEndpointUrl: '${{ parameters.serviceEndpointUrl }}'
folderPath: '${{ parameters.folderPath }}'
pattern: '${{ parameters.pattern }}'
useMinimatch: true
signConfigType: inlineSignParams
inlineOperation: ${{ parameters.inlineOperation }}
173 changes: 173 additions & 0 deletions .azure-pipelines/esrp/windows/esrpsign.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,173 @@
#!/bin/bash
#
# Sign Windows files using the ESRP client (Authenticode).
# Usage: esrpsign.sh <file1> [file2 ...]
#
# Required environment variables:
# ESRP_TOOL - Path to ESRPClient.exe
# ESRP_AUTH - Path to the ESRP auth JSON file
# SYSTEM_ACCESSTOKEN - ADO system access token (OAuth bearer)
#
# Optional environment variables:
# ESRP_KEYCODE - Signing key code (default: CP-231522)
#
# The script generates the auth and input JSON files and sets the
# following ESRP client environment variables automatically:
# ESRP_AUTH_CONFIG - Path to the auth JSON file
# ESRP_POLICY_CONFIG - Path to the policy JSON file
# ESRP_SESSION_CONFIG - Not set; ESRP client defaults are used
#
set -euo pipefail

if [ $# -lt 1 ]; then
echo "usage: esrpsign.sh <file> [file ...]" >&2
exit 1
fi

if [ -z "${ESRP_TOOL:-}" ]; then
echo "error: ESRP_TOOL environment variable must be set" >&2
exit 1
fi
if [ -z "${ESRP_AUTH:-}" ]; then
echo "error: ESRP_AUTH environment variable must be set" >&2
exit 1
fi
if [ -z "${SYSTEM_ACCESSTOKEN:-}" ]; then
echo "error: SYSTEM_ACCESSTOKEN environment variable must be set" >&2
exit 1
fi

SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
. "$SCRIPT_DIR/../../scripts/windows/utils.sh"

# Check for overriden key code, otherwise use default (Microsoft Third-Party/OSS)
ESRP_KEYCODE="${ESRP_KEYCODE:-CP-231522}"

# Create work dir and resolve its Windows path by cd-ing into it.
WORK_DIR="$(mktemp -d)"
WORK_DIR_WIN="$(cd "$WORK_DIR" && pwd -W | sed 's|/|\\|g')"

echo "==> ESRP signing tool: $ESRP_TOOL"
echo "==> Working directory: $WORK_DIR"

if [ ! -f "$ESRP_TOOL" ]; then
echo "error: ESRPClient.exe not found at $ESRP_TOOL" >&2
exit 1
fi

# Build the SignRequestFiles JSON array
echo "==> Preparing files for signing ($# file(s))..."
files_json=""
for file in "$@"; do
if [ ! -f "$file" ]; then
echo "error: file not found: $file" >&2
exit 1
fi

abs_path="$(cd "$(dirname "$file")" && pwd)/$(basename "$file")"
win_path="$(to_windows_path "$abs_path")"
# Escape backslashes for JSON
win_path_escaped="${win_path//\\/\\\\}"
echo " - $win_path"

if [ -n "$files_json" ]; then
files_json+=","
fi
files_json+="
{
\"SourceLocation\": \"$win_path_escaped\",
\"DestinationLocation\": \"$win_path_escaped\"
}"
done

# Generate the input JSON
input_json="$WORK_DIR/input.json"
output_json="$WORK_DIR/output.json"

echo "==> Generating input JSON: $input_json"
cat > "$input_json" <<-EOF
{
"Version": "1.0.0",
"SignBatches": [
{
"SourceLocationType": "UNC",
"DestinationLocationType": "UNC",
"SignRequestFiles": [$files_json
],
"SigningInfo": {
"Operations": [
{
"KeyCode": "$ESRP_KEYCODE",
"OperationCode": "SigntoolSign",
"ToolName": "sign",
"ToolVersion": "1.0",
"Parameters": {
"OpusName": "Microsoft",
"OpusInfo": "https://www.microsoft.com",
"FileDigest": "/fd SHA256",
"PageHash": "/NPH",
"TimeStamp": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256"
}
},
{
"KeyCode": "$ESRP_KEYCODE",
"OperationCode": "SigntoolVerify",
"ToolName": "sign",
"ToolVersion": "1.0",
"Parameters": {}
}
]
}
}
]
}
EOF

# Generate policy JSON
echo "==> Generating policy JSON..."
policy_json="$WORK_DIR/policy.json"
cat > "$policy_json" <<-EOF
{
"Version": "1.0.0",
"Intent": "ProductRelease",
"ContentType": "Binaries",
"ContentOrigin": "1stParty",
"ProductState": "Current",
"Audience": "ExternalBroad"
}
EOF

# Use auth JSON from ESRP_AUTH
export ESRP_AUTH_CONFIG="$(to_windows_path "$ESRP_AUTH")"
export ESRP_POLICY_CONFIG="$WORK_DIR_WIN\\policy.json"

# The ADO system access token is referenced in the auth JSON via the environment
# variable - export this so the ESRP client can pick it up when it runs.
export SYSTEM_ACCESSTOKEN

# Print generated JSON files for debugging
echo "==> Auth JSON:"
cat "$ESRP_AUTH"
echo ""
echo "==> Policy JSON:"
cat "$policy_json"
echo ""
echo "==> Input JSON:"
cat "$input_json"
echo ""

# Sign the files
esrp_tool_win="$(to_windows_path "$ESRP_TOOL")"
input_json_win="$WORK_DIR_WIN\\input.json"
output_json_win="$WORK_DIR_WIN\\output.json"

echo "==> ESRP_AUTH_CONFIG=$ESRP_AUTH_CONFIG"
echo "==> ESRP_POLICY_CONFIG=$ESRP_POLICY_CONFIG"
echo "==> Running: $esrp_tool_win sign -i $input_json_win -o $output_json_win"
"$esrp_tool_win" sign \
-i "$input_json_win" \
-o "$output_json_win"

echo "==> Signing complete."
echo "==> Output JSON:"
cat "$output_json"
69 changes: 69 additions & 0 deletions .azure-pipelines/esrp/windows/setup.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,69 @@
parameters:
- name: serviceConnectionName
type: string
- name: esrpClientId
type: string
- name: keyVaultName
type: string
- name: signCertName
type: string

steps:
- task: EsrpClientTool@5
name: esrpinstall
displayName: 'Install ESRP client'
- task: AzureCLI@2
displayName: 'Set up ESRP environment'
inputs:
azureSubscription: ${{ parameters.serviceConnectionName }}
addSpnToEnvironment: true
scriptType: ps
scriptLocation: inlineScript
inlineScript: |
# Resolve ESRP client tool path (passed via env to avoid PS subexpression issues)
$esrpTool = "$env:ESRPCLIENT_TOOLPATH\$env:ESRPCLIENT_TOOLNAME"
if (-not (Test-Path $esrpTool)) { Write-Error "ESRPClient.exe not found at $esrpTool"; exit 1 }
Write-Host "Found ESRP client: $esrpTool"
Write-Host "##vso[task.setvariable variable=ESRP_TOOL]$esrpTool"

# Derive the service connection GUID from the ENDPOINT_URL_* env vars
# that the agent emits for the bound connection. Filter out the
# built-in SystemVssConnection which is always present.
$scId = (Get-ChildItem env:ENDPOINT_URL_*).Name `
-replace '^ENDPOINT_URL_','' |
Where-Object { $_ -ne 'SYSTEMVSSCONNECTION' }
if (-not $scId) { Write-Error "Could not derive service connection GUID"; exit 1 }
Write-Host "Resolved service connection GUID: $scId"

# servicePrincipalId and tenantId are provided by addSpnToEnvironment
$authJson = @{
Version = "1.0.0"
AuthenticationType = "AAD_MSI_WIF"
EsrpClientId = "${{ parameters.esrpClientId }}"
ClientId = $env:servicePrincipalId
TenantId = $env:tenantId
AADAuthorityBaseUri = "https://login.microsoftonline.com/"
FederatedTokenData = @{
JobId = "$(System.JobId)"
PlanId = "$(System.PlanId)"
ProjectId = "$(System.TeamProjectId)"
Hub = "$(System.HostType)"
Uri = "$(System.CollectionUri)"
ServiceConnectionId = $scId
SystemAccessToken = "SYSTEM_ACCESSTOKEN"
}
RequestSigningCert = @{
GetCertFromKeyVault = $true
KeyVaultName = "${{ parameters.keyVaultName }}"
KeyVaultCertName = "${{ parameters.signCertName }}"
}
} | ConvertTo-Json -Depth 4

$authPath = "$(Agent.TempDirectory)\esrp-auth.json"
$authJson | Set-Content -Path $authPath -Encoding UTF8
Write-Host "Generated ESRP auth JSON: $authPath"
Write-Host "##vso[task.setvariable variable=ESRP_AUTH]$authPath"
env:
SYSTEM_ACCESSTOKEN: $(System.AccessToken)
ESRPCLIENT_TOOLPATH: $(esrpinstall.esrpclient.toolpath)
ESRPCLIENT_TOOLNAME: $(esrpinstall.esrpclient.toolname)
1 change: 1 addition & 0 deletions .azure-pipelines/patches/.gitattributes
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
*.patch whitespace=-trailing-space,-blank-at-eof
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
diff --git a/installer/install.iss b/installer/install.iss
index 70787b7..137f660 100644
--- a/installer/install.iss
+++ b/installer/install.iss
@@ -65,7 +65,7 @@ SignTool=signtool
; Installer-related
AllowNoIcons=yes
AppName={#APP_NAME}
-AppPublisher=The Git Development Community
+AppPublisher=The Git Client Team at Microsoft
AppPublisherURL={#APP_URL}
AppSupportURL={#APP_CONTACT_URL}
AppVersion={#APP_VERSION}
Loading
Loading