From 35f99ee426384831799997fac22909e5fdab3dea Mon Sep 17 00:00:00 2001
From: Andy Feller <andyfeller@github.com>
Date: Tue, 12 Dec 2023 10:09:47 -0500
Subject: [PATCH] Final fixes

---
 .github/workflows/deployment-hsm-testing.yml | 38 ++------------------
 script/sign-hsm.bat                          |  2 +-
 2 files changed, 4 insertions(+), 36 deletions(-)

diff --git a/.github/workflows/deployment-hsm-testing.yml b/.github/workflows/deployment-hsm-testing.yml
index 71eb7778f..2d586a79c 100644
--- a/.github/workflows/deployment-hsm-testing.yml
+++ b/.github/workflows/deployment-hsm-testing.yml
@@ -43,50 +43,18 @@ jobs:
           METADATA_PATH: ${{ runner.temp }}\acs\metadata.json
         run: |
           Invoke-WebRequest -Uri https://www.nuget.org/api/v2/package/Azure.CodeSigning.Client/1.0.38 -OutFile $Env:ACS_ZIP -Verbose
-          Expand-Archive $acsZip -Destination $Env:ACS_DIR -Force -Verbose
+          Expand-Archive $Env:ACS_ZIP -Destination $Env:ACS_DIR -Force -Verbose
 
           # Generate metadata file for signtool
           @{
             CertificateProfileName = "GitHubInc"
             CodeSigningAccountName = "GitHubInc"
             CorrelationId = $Env:CORRELATION_ID
-            Description = "GitHub CLI"
-            Endpoint =  "https://wus.codesigning.azure.net/
-
-            # Unused metadata configuration:
-            # AppendSignature
-            # DescriptionUrl
-            # EnhancedKeyUsage
-            # ExcludeAzureCliCredential
-            # ExcludeAzurePowerShellCredential
-            # ExcludeEnvironmentCredential
-            # ExcludeInteractiveBrowserCredential
-            # ExcludeManagedIdentityCredential
-            # ExcludeSharedTokenCacheCredential
-            # ExcludeVisualStudioCodeCredential
-            # ExcludeVisualStudioCredential
-            # FileDigest
-            # FilesCatalog
-            # FilesFolder
-            # FilesFolderDepth
-            # FilesFolderFilter
-            # FilesFolderRecurse
-            # GenerateDigestPath
-            # GenerateDigestXml
-            # GeneratePageHashes
-            # GeneratePkcs7
-            # IngestDigestPath
-            # Pkcs7Oid
-            # Pkcs7Options
-            # SignDigest
-            # SuppressPageHashes
-            # Timeout
-            # TimestampDigest
-            # TimestampRfc3161
+            Endpoint =  "https://wus.codesigning.azure.net/"
           } | ConvertTo-Json | Out-File -FilePath $Env:METADATA_PATH
+
       # Azure Code Signing leverages the environment variables for secrets that complement the metadata.json
       # file generated above (AZURE_CLIENT_ID, AZURE_CLIENT_SECRET, AZURE_TENANT_ID)
-      # 
       # For more information, see https://learn.microsoft.com/en-us/dotnet/api/azure.identity.defaultazurecredential?view=azure-dotnet
       - name: Build release binaries
         shell: bash
diff --git a/script/sign-hsm.bat b/script/sign-hsm.bat
index 2a2d7d1ee..2b70726f7 100644
--- a/script/sign-hsm.bat
+++ b/script/sign-hsm.bat
@@ -11,4 +11,4 @@ if "%METADATA_PATH%" == "" (
 )
 
 REM For more information on signtool, see https://learn.microsoft.com/en-us/windows/win32/seccrypto/signtool
-"C:\Program Files (x86)\Windows Kits\10\bin\10.0.22621.0\x64\signtool" sign /fd sha256 /td sha256 /tr http://timestamp.acs.microsoft.com /v /dlib "%DLIB_PATH%" /dmdf "%METADATA_PATH%" "%1"
+"C:\Program Files (x86)\Windows Kits\10\bin\10.0.22621.0\x64\signtool" sign /d "GitHub CLI" /fd sha256 /td sha256 /tr http://timestamp.acs.microsoft.com /v /dlib "%DLIB_PATH%" /dmdf "%METADATA_PATH%" "%1"