Add support for azure trusted signing

Builders/WindowsBuilder.cs

@@ -13,13 +13,9 @@ public class WindowsBuilder : Builder
         private const string os_name = "win";
         private const string channel = "win";
 
-        private readonly string? codeSigningPassword;
-
-        public WindowsBuilder(string version, string? codeSigningPassword)
+        public WindowsBuilder(string version)
             : base(version)
         {
-            if (!string.IsNullOrEmpty(Program.WindowsCodeSigningCertPath))
-                this.codeSigningPassword = codeSigningPassword ?? Program.ReadLineMasked("Enter code signing password: ");
         }
 
         protected override string TargetFramework => "net8.0";
@@ -32,8 +28,13 @@ public override Uploader CreateUploader()
                                + $" --icon=\"{installIcon}\""
                                + $" --noPortable";
 
-            if (!string.IsNullOrEmpty(Program.WindowsCodeSigningCertPath))
-                extraArgs += $" --signParams=\"/td sha256 /fd sha256 /f {Path.GetFullPath(Program.WindowsCodeSigningCertPath)} /p {codeSigningPassword} /tr http://timestamp.comodoca.com\"";
+            if (!string.IsNullOrEmpty(Program.WindowsCodeSigningMetadataPath))
+            {
+                // TODO: resolve from .nuget (or just include locally...)
+                string dlibPath = "Azure.CodeSigning.Dlib.dll";
+
+                extraArgs += $" --signParams=\"/td sha256 /fd sha256 /dlib {dlibPath} /dmdf {Program.WindowsCodeSigningMetadataPath} /tr http://timestamp.acs.microsoft.com\"";
+            }
 
             return new WindowsVelopackUploader(app_name, os_name, RuntimeIdentifier, channel, extraArgs: extraArgs);
         }

Program.cs

@@ -37,7 +37,7 @@ internal static class Program
         public static string GitHubRepoUrl => $"https://github.com/{GitHubUsername}/{GitHubRepoName}";
         public static bool CanGitHub => !string.IsNullOrEmpty(GitHubAccessToken);
 
-        public static string? WindowsCodeSigningCertPath => ConfigurationManager.AppSettings["WindowsCodeSigningCertPath"];
+        public static string? WindowsCodeSigningMetadataPath => ConfigurationManager.AppSettings["WindowsCodeSigningMetadataPath"];
         public static string? AndroidCodeSigningCertPath => ConfigurationManager.AppSettings["AndroidCodeSigningCertPath"];
         public static string? AppleCodeSignCertName => ConfigurationManager.AppSettings["AppleCodeSignCertName"];
         public static string? AppleInstallSignCertName => ConfigurationManager.AppSettings["AppleInstallSignCertName"];
@@ -99,7 +99,7 @@ public static void Main(string[] args)
 
             Console.ResetColor();
             Console.WriteLine($"Increment Version:     {IncrementVersion}");
-            Console.WriteLine($"Signing Certificate:   {WindowsCodeSigningCertPath}");
+            Console.WriteLine($"Signing Certificate:   {WindowsCodeSigningMetadataPath}");
             Console.WriteLine($"Upload to GitHub:      {GitHubUpload}");
             Console.WriteLine();
             Console.Write($"Ready to deploy version {version} on platform {targetPlatform}!");
@@ -113,7 +113,7 @@ public static void Main(string[] args)
             switch (targetPlatform)
             {
                 case RuntimeInfo.Platform.Windows:
-                    builder = new WindowsBuilder(version, getArg(0));
+                    builder = new WindowsBuilder(version);
                     break;
 
                 case RuntimeInfo.Platform.Linux:

osu.Desktop.Deploy.csproj

@@ -7,6 +7,7 @@
     <Nullable>enable</Nullable>
   </PropertyGroup>
   <ItemGroup Label="Package References">
+    <PackageReference Include="Microsoft.Trusted.Signing.Client" Version="1.0.60" />
     <PackageReference Include="NUnit" Version="3.13.3" />
     <PackageReference Include="ppy.osu.Framework" Version="2022.1130.0" />
     <PackageReference Include="System.Configuration.ConfigurationManager" Version="6.0.1" />