scripts/Sign-FileMap.ps1

param(
    [Parameter(Mandatory = $true)]
    [string]$FilesJsonPath,

    [Parameter(Mandatory = $true)]
    [string]$PrivateKeyPath,

    [Parameter(Mandatory = $false)]
    [string]$OutputPath
)

$ErrorActionPreference = "Stop"

if ($PSVersionTable.PSVersion.Major -lt 7) {
    throw "Sign-FileMap.ps1 requires PowerShell 7 or newer."
}

if (-not (Test-Path -LiteralPath $FilesJsonPath)) {
    throw "Manifest file not found: $FilesJsonPath"
}

if (-not (Test-Path -LiteralPath $PrivateKeyPath)) {
    throw "Private key file not found: $PrivateKeyPath"
}

if ([string]::IsNullOrWhiteSpace($OutputPath)) {
    $OutputPath = "$FilesJsonPath.sig"
}

$resolvedManifestPath = (Resolve-Path -LiteralPath $FilesJsonPath).Path
$manifestBytes = [System.IO.File]::ReadAllBytes($resolvedManifestPath)

$privateKeyPem = Get-Content -LiteralPath $PrivateKeyPath -Raw
if ([string]::IsNullOrWhiteSpace($privateKeyPem)) {
    throw "Private key PEM is empty: $PrivateKeyPath"
}

$rsa = [System.Security.Cryptography.RSA]::Create()
try {
    $rsa.ImportFromPem($privateKeyPem)
    $signatureBytes = $rsa.SignData(
        $manifestBytes,
        [System.Security.Cryptography.HashAlgorithmName]::SHA256,
        [System.Security.Cryptography.RSASignaturePadding]::Pkcs1
    )
}
finally {
    $rsa.Dispose()
}

$signatureBase64 = [Convert]::ToBase64String($signatureBytes)
[System.IO.File]::WriteAllText($OutputPath, $signatureBase64, [System.Text.Encoding]::ASCII)

Write-Host "Signed manifest file."
Write-Host "Manifest:  $FilesJsonPath"
Write-Host "Signature: $OutputPath"
激进的更新 2026-04-16 01:59:21 +08:00			`param(`
chore: migrate release pipeline to signed filemap and wire rainyun s3 2026-04-20 07:48:53 +08:00			`[Parameter(Mandatory = $true)]`
激进的更新 2026-04-16 01:59:21 +08:00			`[string]$FilesJsonPath,`
chore: migrate release pipeline to signed filemap and wire rainyun s3 2026-04-20 07:48:53 +08:00
			`[Parameter(Mandatory = $true)]`
激进的更新 2026-04-16 01:59:21 +08:00			`[string]$PrivateKeyPath,`
chore: migrate release pipeline to signed filemap and wire rainyun s3 2026-04-20 07:48:53 +08:00
			`[Parameter(Mandatory = $false)]`
激进的更新 2026-04-16 01:59:21 +08:00			`[string]$OutputPath`
			`)`

			`$ErrorActionPreference = "Stop"`

chore: migrate release pipeline to signed filemap and wire rainyun s3 2026-04-20 07:48:53 +08:00			`if ($PSVersionTable.PSVersion.Major -lt 7) {`
			`throw "Sign-FileMap.ps1 requires PowerShell 7 or newer."`
			`}`
激进的更新 2026-04-16 01:59:21 +08:00
chore: migrate release pipeline to signed filemap and wire rainyun s3 2026-04-20 07:48:53 +08:00			`if (-not (Test-Path -LiteralPath $FilesJsonPath)) {`
			`throw "Manifest file not found: $FilesJsonPath"`
激进的更新 2026-04-16 01:59:21 +08:00			`}`

chore: migrate release pipeline to signed filemap and wire rainyun s3 2026-04-20 07:48:53 +08:00			`if (-not (Test-Path -LiteralPath $PrivateKeyPath)) {`
			`throw "Private key file not found: $PrivateKeyPath"`
激进的更新 2026-04-16 01:59:21 +08:00			`}`

			`if ([string]::IsNullOrWhiteSpace($OutputPath)) {`
			`$OutputPath = "$FilesJsonPath.sig"`
			`}`

chore: migrate release pipeline to signed filemap and wire rainyun s3 2026-04-20 07:48:53 +08:00			`$resolvedManifestPath = (Resolve-Path -LiteralPath $FilesJsonPath).Path`
			`$manifestBytes = [System.IO.File]::ReadAllBytes($resolvedManifestPath)`
激进的更新 2026-04-16 01:59:21 +08:00
chore: migrate release pipeline to signed filemap and wire rainyun s3 2026-04-20 07:48:53 +08:00			`$privateKeyPem = Get-Content -LiteralPath $PrivateKeyPath -Raw`
			`if ([string]::IsNullOrWhiteSpace($privateKeyPem)) {`
			`throw "Private key PEM is empty: $PrivateKeyPath"`
			`}`
激进的更新 2026-04-16 01:59:21 +08:00
			`$rsa = [System.Security.Cryptography.RSA]::Create()`
chore: migrate release pipeline to signed filemap and wire rainyun s3 2026-04-20 07:48:53 +08:00			`try {`
			`$rsa.ImportFromPem($privateKeyPem)`
			`$signatureBytes = $rsa.SignData(`
			`$manifestBytes,`
			`[System.Security.Cryptography.HashAlgorithmName]::SHA256,`
			`[System.Security.Cryptography.RSASignaturePadding]::Pkcs1`
			`)`
			`}`
			`finally {`
			`$rsa.Dispose()`
			`}`
激进的更新 2026-04-16 01:59:21 +08:00
chore: migrate release pipeline to signed filemap and wire rainyun s3 2026-04-20 07:48:53 +08:00			`$signatureBase64 = [Convert]::ToBase64String($signatureBytes)`
			`[System.IO.File]::WriteAllText($OutputPath, $signatureBase64, [System.Text.Encoding]::ASCII)`
激进的更新 2026-04-16 01:59:21 +08:00
chore: migrate release pipeline to signed filemap and wire rainyun s3 2026-04-20 07:48:53 +08:00			`Write-Host "Signed manifest file."`
			`Write-Host "Manifest: $FilesJsonPath"`
			`Write-Host "Signature: $OutputPath"`