Add third-party Windows build definitions (GH-29476)

These definition files are for OpenSSL, libffi and Tcl/Tk, which we build and sign ourselves.
This commit is contained in:
Steve Dower 2021-11-08 22:16:53 +00:00 committed by GitHub
parent cbab997efb
commit cfc9154121
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 287 additions and 0 deletions

View File

@ -0,0 +1,26 @@
# Locate a set of the tools used for builds
steps:
- template: windows-release/find-sdk.yml
parameters:
toolname: 'signtool.exe'
- powershell: |
$vcvarsall = (& "${env:ProgramFiles(x86)}\Microsoft Visual Studio\Installer\vswhere.exe" `
-prerelease `
-latest `
-requires Microsoft.VisualStudio.Component.VC.Tools.x86.x64 `
-find VC\Auxiliary\Build\vcvarsall.bat)
Write-Host "Found vcvarsall at $vcvarsall"
Write-Host "##vso[task.setVariable variable=vcvarsall]$vcvarsall"
displayName: 'Find vcvarsall.bat'
- powershell: |
$msbuild = (& "${env:ProgramFiles(x86)}\Microsoft Visual Studio\Installer\vswhere.exe" `
-prerelease `
-latest `
-requires Microsoft.VisualStudio.Component.VC.Tools.x86.x64 `
-find MSBuild\Current\Bin\msbuild.exe)
Write-Host "Found MSBuild at $msbuild"
Write-Host "##vso[task.setVariable variable=msbuild]$msbuild"
displayName: 'Find MSBuild'

View File

@ -0,0 +1,86 @@
name: $(SourceTag)_$(Date:yyyyMMdd)$(Rev:.rr)
variables:
IntDir: '$(Build.BinariesDirectory)'
OutDir: '$(Build.ArtifactStagingDirectory)'
# MUST BE SET AT QUEUE TIME
# SigningCertificate: 'Python Software Foundation'
# SourcesRepo: 'https://github.com/python/cpython-source-deps'
# SourceTag: 'libffi-3.4.2'
jobs:
- job: Build_LibFFI
displayName: LibFFI
pool:
vmImage: windows-latest
workspace:
clean: all
steps:
- checkout: none
- template: ./find-tools.yml
- powershell: |
mkdir -Force "$(IntDir)\script"
iwr "https://github.com/python/cpython/raw/main/PCbuild/prepare_libffi.bat" `
-outfile "$(IntDir)\script\prepare_libffi.bat"
displayName: 'Download build script'
- powershell: |
git clone $(SourcesRepo) -b $(SourceTag) --depth 1 -c core.autocrlf=false -c core.eol=lf .
displayName: 'Check out LibFFI sources'
- script: 'prepare_libffi.bat --install-cygwin'
workingDirectory: '$(IntDir)\script'
displayName: 'Install Cygwin and build'
env:
VCVARSALL: '$(vcvarsall)'
LIBFFI_SOURCE: '$(Build.SourcesDirectory)'
LIBFFI_OUT: '$(OutDir)'
- powershell: |
if ((gci *\*.dll).Count -lt 4) {
Write-Error "Did not generate enough DLL files"
}
if ((gci *\Include\ffi.h).Count -lt 4) {
Write-Error "Did not generate enough include files"
}
failOnStderr: true
workingDirectory: '$(OutDir)'
displayName: 'Verify files were created'
- publish: '$(OutDir)'
artifact: 'unsigned'
displayName: 'Publish unsigned build'
- job: Sign_LibFFI
displayName: Sign LibFFI
dependsOn: Build_LibFFI
pool:
name: 'Windows Release'
workspace:
clean: all
steps:
- checkout: none
- download: current
artifact: unsigned
- template: ./find-tools.yml
- powershell: |
signtool sign /q /a `
/n "Python Software Foundation" `
/fd sha256 `
/tr http://timestamp.digicert.com/ /td sha256 `
/d "LibFFI for Python" `
(gci "$(Pipeline.Workspace)\unsigned\*.dll" -r)
displayName: 'Sign files'
- publish: '$(Pipeline.Workspace)\unsigned'
artifact: 'libffi'
displayName: 'Publish libffi'

View File

@ -0,0 +1,110 @@
name: $(SourceTag)_$(Date:yyyyMMdd)$(Rev:.rr)
variables:
IntDir: '$(Build.BinariesDirectory)'
OutDir: '$(Build.ArtifactStagingDirectory)'
# MUST BE SET AT QUEUE TIME
# SigningCertificate: 'Python Software Foundation'
# SourcesRepo: 'https://github.com/python/cpython-source-deps'
# SourceTag: 'openssl-1.1.1k'
jobs:
- job: Build_SSL
displayName: OpenSSL
pool:
name: 'Windows Release'
#vmImage: windows-latest
strategy:
matrix:
win32:
Platform: 'win32'
VCPlatform: 'amd64_x86'
OpenSSLPlatform: 'VC-WIN32 no-asm'
amd64:
Platform: 'amd64'
VCPlatform: 'amd64'
OpenSSLPlatform: 'VC-WIN64A-masm'
arm32:
Platform: 'arm32'
VCPlatform: 'amd64_arm'
OpenSSLPlatform: 'VC-WIN32-ARM'
arm64:
Platform: 'arm64'
VCPlatform: 'amd64_arm64'
OpenSSLPlatform: 'VC-WIN64-ARM'
workspace:
clean: all
steps:
- checkout: none
- template: ./find-tools.yml
- powershell: |
git clone $(SourcesRepo) -b $(SourceTag) --depth 1 .
displayName: 'Check out OpenSSL sources'
- powershell: |
$f = gi ms\uplink.c
$c1 = gc $f
$c2 = $c1 -replace '\(\(h = GetModuleHandle\(NULL\)\) == NULL\)', '((h = GetModuleHandleA("_ssl.pyd")) == NULL) if ((h = GetModuleHandleA("_ssl_d.pyd")) == NULL) if ((h = GetModuleHandle(NULL)) == NULL /*patched*/)'
if ($c2 -ne $c1) {
$c2 | Out-File $f -Encoding ASCII
} else {
Write-Host '##warning Failed to patch uplink.c'
}
displayName: 'Apply uplink.c patch'
- script: |
call "$(vcvarsall)" $(VCPlatform)
perl "$(Build.SourcesDirectory)\Configure" $(OpenSSLPlatform)
nmake
workingDirectory: '$(IntDir)'
displayName: 'Build OpenSSL'
- script: |
call "$(vcvarsall)" $(VCPlatform)
signtool sign /q /a /n "$(SigningCertificate)" /fd sha256 /tr http://timestamp.digicert.com/ /td sha256 /d "OpenSSL for Python" *.dll
workingDirectory: '$(IntDir)'
displayName: 'Sign OpenSSL Build'
condition: and(succeeded(), variables['SigningCertificate'])
- task: CopyFiles@2
displayName: 'Copy built libraries for upload'
inputs:
SourceFolder: '$(IntDir)'
Contents: |
lib*.dll
lib*.pdb
lib*.lib
include\openssl\*.h
TargetFolder: '$(OutDir)'
- task: CopyFiles@2
displayName: 'Copy header files for upload'
inputs:
SourceFolder: '$(Build.SourcesDirectory)'
Contents: |
include\openssl\*
TargetFolder: '$(OutDir)'
- task: CopyFiles@2
displayName: 'Copy applink files for upload'
inputs:
SourceFolder: '$(Build.SourcesDirectory)\ms'
Contents: applink.c
TargetFolder: '$(OutDir)\include'
- task: CopyFiles@2
displayName: 'Copy LICENSE for upload'
inputs:
SourceFolder: '$(Build.SourcesDirectory)'
Contents: LICENSE
TargetFolder: '$(OutDir)'
- publish: '$(OutDir)'
artifact: '$(Platform)'
displayName: 'Publishing $(Platform)'

View File

@ -0,0 +1,65 @@
name: tcl$(TkSourceTag)_$(Date:yyyyMMdd)$(Rev:.rr)
variables:
IntDir: '$(Build.BinariesDirectory)\obj'
ExternalsDir: '$(Build.BinariesDirectory)\externals'
OutDir: '$(Build.ArtifactStagingDirectory)'
Configuration: 'Release'
# MUST BE SET AT QUEUE TIME
# SigningCertificate: 'Python Software Foundation'
# SourcesRepo: 'https://github.com/python/cpython-source-deps'
# TclSourceTag: 'tcl-core-8.6.12.0'
# TkSourceTag: 'tk-8.6.12.0'
# TixSourceTag: 'tix-8.4.3.6'
jobs:
- job: Build_TclTk
displayName: 'Tcl/Tk'
pool:
name: 'Windows Release'
#vmImage: windows-latest
workspace:
clean: all
steps:
- template: ./find-tools.yml
- powershell: |
git clone $(SourcesRepo) -b $(TclSourceTag) --depth 1 "$(ExternalsDir)\$(TclSourceTag)"
displayName: 'Check out Tcl sources'
- powershell: |
git clone $(SourcesRepo) -b $(TkSourceTag) --depth 1 "$(ExternalsDir)\$(TkSourceTag)"
displayName: 'Check out Tk sources'
- powershell: |
git clone $(SourcesRepo) -b $(TixSourceTag) --depth 1 "$(ExternalsDir)\$(TixSourceTag)"
displayName: 'Check out Tix sources'
# This msbuild.rsp file will be used by the build to forcibly override these variables
- powershell: |
del -Force -EA 0 msbuild.rsp
"/p:IntDir=$(IntDir)\" >> msbuild.rsp
"/p:ExternalsDir=$(ExternalsDir)\" >> msbuild.rsp
"/p:tclDir=$(ExternalsDir)\$(TclSourceTag)\" >> msbuild.rsp
"/p:tkDir=$(ExternalsDir)\$(TkSourceTag)\" >> msbuild.rsp
"/p:tixDir=$(ExternalsDir)\$(TixSourceTag)\" >> msbuild.rsp
displayName: 'Generate msbuild.rsp'
- powershell: |
& "$(msbuild)" PCbuild\tcl.vcxproj "@msbuild.rsp" /p:Platform=Win32 /p:tcltkDir="$(OutDir)\win32"
& "$(msbuild)" PCbuild\tk.vcxproj "@msbuild.rsp" /p:Platform=Win32 /p:tcltkDir="$(OutDir)\win32"
& "$(msbuild)" PCbuild\tix.vcxproj "@msbuild.rsp" /p:Platform=Win32 /p:tcltkDir="$(OutDir)\win32"
displayName: 'Build for win32'
- powershell: |
& "$(msbuild)" PCbuild\tcl.vcxproj "@msbuild.rsp" /p:Platform=x64 /p:tcltkDir="$(OutDir)\amd64"
& "$(msbuild)" PCbuild\tk.vcxproj "@msbuild.rsp" /p:Platform=x64 /p:tcltkDir="$(OutDir)\amd64"
& "$(msbuild)" PCbuild\tix.vcxproj "@msbuild.rsp" /p:Platform=x64 /p:tcltkDir="$(OutDir)\amd64"
displayName: 'Build for amd64'
- publish: '$(OutDir)'
artifact: 'tcltk'
displayName: 'Publishing tcltk'