Tags · Devolutions/psign · GitHub
Skip to content

Tags: Devolutions/psign

Tags

v0.6.1

Toggle v0.6.1's commit message

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
Add portable AKV signing for PowerShell scripts (#29)

## Summary
- extend `--mode portable sign --azure-key-vault-*` to support
PowerShell Authenticode script targets such as `.psd1`
- route non-PE Azure Key Vault signing through `psign-portable-core`,
including certificate-version and authority plumbing
- add CLI regression coverage and update docs that previously described
this path as PE-only

## Validation
- `cargo fmt --all`
- `cargo clippy --workspace --all-targets --locked`
- `cargo test --locked --test cli_pe_digest
mode_portable_sign_uses_azure_key_vault_for_psd1 --quiet`
- `cargo test --locked --test cli_pe_digest
mode_portable_sign_uses_azure_key_vault_for_pe --quiet`
- `bash scripts/linux-portable-validation.sh`

## Notes
- `cargo test --workspace --locked` still reproduces the pre-existing
unrelated `tests/fixture_vector_manifest.rs` failure for
`tests/fixtures/msix-minimal/AppxManifest.xml` size mismatch.

---------

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>

v0.6.0

Toggle v0.6.0's commit message

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
Bump version to 0.6.0 (#27)

## Summary
- Bump all psign workspace crate versions from 0.5.1 to 0.6.0
- Update Cargo.lock package metadata for local crates
- Update NuGet tool, PowerShell module, README packaging example, and
release workflow example versions

## Validation
- `cargo fmt --all`
- `cargo clippy --workspace --all-targets --locked`
- `cargo metadata --format-version 1 --locked --quiet`
- `cargo test --workspace --locked --exclude psign`

Note: `cargo test --workspace --locked` reaches existing local
WinVerifyTrust corpus failures with `0x800B010A` in `psign --test
corpus_sign_verify`.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

v0.5.1

Toggle v0.5.1's commit message

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
Bump version to 0.5.1 (#22)

## Summary
- Bump the root psign package and workspace crate versions to 0.5.1
- Update Cargo.lock and release/package documentation examples for 0.5.1

## Validation
- cargo fmt --all
- cargo metadata --locked --format-version 1
- cargo test --workspace --locked --quiet
- cargo clippy --workspace --all-targets --locked --quiet

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

v0.5.0

Toggle v0.5.0's commit message

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
Add portable file catalog cmdlets (#19)

## Summary
- add portable `New-PsignFileCatalog` and `Test-PsignFileCatalog`
PowerShell cmdlets
- expose catalog create/test operations through `psign-portable-core`
and `psign-portable-ffi`
- support recursive directory catalogs, detailed validation, skipped
files, signature reporting, and 0.5.0 version metadata

## Validation
- `cargo fmt --all`
- `cargo clippy --workspace --all-targets --locked`
- `cargo test --workspace --locked`
- `Invoke-Pester -Path
'.\PowerShell\tests\PsignFileCatalog.Cmdlets.Tests.ps1' -CI`
- `cargo metadata --format-version 1 --locked --quiet`
- `Test-ModuleManifest
'.\PowerShell\Devolutions.Psign\Devolutions.Psign.psd1'`

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

v0.4.0

Toggle v0.4.0's commit message

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
Sign PowerShell module release payload (#14)

## Summary
- sign the staged PowerShell module payload before packaging/publishing
- route portable cloud signing through `psign-portable-core` for Azure
Key Vault and Artifact Signing providers
- build PowerShell module native libraries with cloud-signing features
and keep release ZIPs transport-only

## Validation
- `cargo fmt --all`
- `cargo check --locked -q -p psign-portable-core`
- `cargo check --locked -q -p psign-portable-core --features
azure-kv-sign,artifact-signing-rest`
- `cargo check --locked -q -p psign-portable-ffi --features
azure-kv-sign,artifact-signing-rest`
- `cargo clippy --locked -q -p psign-portable-core --all-targets -- -D
warnings`
- `cargo clippy --locked -q -p psign-portable-core --features
azure-kv-sign,artifact-signing-rest --all-targets -- -D warnings`
- `cargo clippy --locked -q -p psign-portable-ffi --features
azure-kv-sign,artifact-signing-rest --all-targets -- -D warnings`
- `cargo test --locked -q -p psign-portable-core --features
azure-kv-sign,artifact-signing-rest`
- `cargo test --locked -q -p psign-sip-digest`
- `cargo test --workspace --locked`
- PowerShell parser checks for `PowerShell/package.ps1`,
`PowerShell/sign-module.ps1`, `PowerShell/build.ps1`
- `pwsh -NoLogo -NoProfile -File .\PowerShell\package.ps1 -Configuration
Release -SkipNativeBuild -OutputDirectory .\artifacts\powershell-smoke`
- release dry-run with signing:
https://github.com/Devolutions/psign/actions/runs/26410077854

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

v0.3.0

Toggle v0.3.0's commit message

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
Expand PowerShell module coverage and bump 0.3.0 (#9)

## Summary
- migrate the PowerShell module test entrypoint to a Pester-based suite
while preserving the existing smoke coverage
- add PowerShell module coverage for package-native signing and
inspection of NuGet, SNuGet, VSIX, ClickOnce manifests, App Installer
companions, and recursive module trees
- bump the repo, PowerShell module, and package/tool release metadata to
`0.3.0`

## Details
- keep the existing `PowerShell/tests/Invoke-PortableSignatureTests.ps1`
CI entrypoint, but make it build once and run Pester tests
- preserve the previous end-to-end smoke script as a legacy smoke test
under Pester
- add new Pester assertions for:
  - Azure Key Vault parameter validation
  - mixed signing-source rejection
  - `-OutputPath` / `-Content` validation
  - `.nupkg` / `.snupkg` signing and `.signature.p7s` inspection
  - `.vsix` signing and OPC signature-part inspection
- `.manifest`, `.application`, and `.vsto` ClickOnce XMLDSig signing and
inspection
  - `.appinstaller` detached companion `.p7` generation and inspection
  - recursive module-directory discovery of the new signable extensions
- update PowerShell module docs to reflect the expanded recursive
behavior and test coverage

## Validation
- `pwsh -File .\PowerShell\tests\Invoke-PortableSignatureTests.ps1
-Configuration Release`
- `cargo test -p psign-portable-core -p psign-portable-ffi --locked`
- `cargo fmt --all --check`
- `cargo clippy --workspace --all-targets --locked --quiet`
- `cargo test --workspace --locked`

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

v0.2.0

Toggle v0.2.0's commit message

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
Avoid blocked Rust toolchain action (#6)

## Summary
- Replace `dtolnay/rust-toolchain@stable` in non-release workflows with
direct `rustup` install steps
- Match the existing Devolutions workflow pattern used by multi-pwsh,
pinget, and psign release builds
- Keep existing allowed GitHub and cache actions unchanged

## Context
Recent workflow runs failed at startup because
`dtolnay/rust-toolchain@stable` is not permitted by the Devolutions
GitHub Actions allowlist.

## Validation
- Confirmed `dtolnay/rust-toolchain` no longer appears under
`.github/workflows`
- Ran `git diff --check`

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

v0.1.0

Toggle v0.1.0's commit message

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
Merge pull request #1 from Devolutions/awakecoding/repo-move-audit

Prepare 0.1.0 release workflow