bpo-37354: Sign Activate.ps1 for release (GH-15235)

2019-08-12 14:09:36 -07:00 · 2019-08-12 14:09:36 -07:00 · 3e34a25a7a
parent 732775d6be
commit 3e34a25a7a
6 changed files with 29 additions and 4 deletions
--- a/.azure-pipelines/windows-release/msi-steps.yml
+++ b/.azure-pipelines/windows-release/msi-steps.yml
@ -51,6 +51,10 @@ steps:
      artifactName: tcltk_lib_amd64
      targetPath: $(Build.BinariesDirectory)\tcltk_lib_amd64

+  - powershell: |
+      copy $(Build.BinariesDirectory)\amd64\Activate.ps1 Lib\venv\scripts\common\Activate.ps1 -Force
+    displayName: 'Copy signed files into sources'
+
  - script: |
      call Tools\msi\get_externals.bat
      call PCbuild\find_python.bat
--- a/.azure-pipelines/windows-release/stage-build.yml
+++ b/.azure-pipelines/windows-release/stage-build.yml
@ -122,7 +122,7 @@ jobs:
  displayName: Publish Tcl/Tk Library

  pool:
-    vmName: win2016-vs2017
+    vmName: windows-latest

  workspace:
    clean: all
--- a/.azure-pipelines/windows-release/stage-layout-full.yml
+++ b/.azure-pipelines/windows-release/stage-layout-full.yml
@ -47,6 +47,10 @@ jobs:
      artifactName: tcltk_lib_$(Name)
      targetPath: $(Build.BinariesDirectory)\tcltk_lib

+  - powershell: |
+      copy $(Build.BinariesDirectory)\bin\Activate.ps1 Lib\venv\scripts\common\Activate.ps1 -Force
+    displayName: 'Copy signed files into sources'
+
  - template: ./layout-command.yml

  - powershell: |
--- a/.azure-pipelines/windows-release/stage-layout-msix.yml
+++ b/.azure-pipelines/windows-release/stage-layout-msix.yml
@ -40,6 +40,10 @@ jobs:
      artifactName: tcltk_lib_$(Name)
      targetPath: $(Build.BinariesDirectory)\tcltk_lib

+  - powershell: |
+      copy $(Build.BinariesDirectory)\bin\Activate.ps1 Lib\venv\scripts\common\Activate.ps1 -Force
+    displayName: 'Copy signed files into sources'
+
  - template: ./layout-command.yml

  - powershell: |
--- a/.azure-pipelines/windows-release/stage-layout-nuget.yml
+++ b/.azure-pipelines/windows-release/stage-layout-nuget.yml
@ -29,6 +29,10 @@ jobs:
      artifactName: bin_$(Name)
      targetPath: $(Build.BinariesDirectory)\bin

+  - powershell: |
+      copy $(Build.BinariesDirectory)\bin\Activate.ps1 Lib\venv\scripts\common\Activate.ps1 -Force
+    displayName: 'Copy signed files into sources'
+
  - template: ./layout-command.yml

  - powershell: |
--- a/.azure-pipelines/windows-release/stage-sign.yml
+++ b/.azure-pipelines/windows-release/stage-sign.yml
@ -1,3 +1,7 @@
+parameters:
+  Include: '*.exe, *.dll, *.pyd, *.cat, *.ps1'
+  Exclude: 'vcruntime*, libffi*, libcrypto*, libssl*'
+
 jobs:
 - job: Sign_Python
  displayName: Sign Python binaries
@ -17,7 +21,7 @@ jobs:
        Name: amd64

  steps:
-  - checkout: none
+  - template: ./checkout.yml
  - template: ./find-sdk.yml

  - powershell: |
@ -31,13 +35,18 @@ jobs:
      targetPath: $(Build.BinariesDirectory)\bin

  - powershell: |
-      $files = (gi *.exe, *.dll, *.pyd, *.cat -Exclude vcruntime*, libffi*, libcrypto*, libssl*)
+      copy "$(Build.SourcesDirectory)\Lib\venv\scripts\common\Activate.ps1" .
+    displayName: 'Copy files from source'
+    workingDirectory: $(Build.BinariesDirectory)\bin
+
+  - powershell: |
+      $files = (gi ${{ parameters.Include }} -Exclude ${{ parameters.Exclude }})
      signtool sign /a /n "$(SigningCertificate)" /fd sha256 /d "$(SigningDescription)" $files
    displayName: 'Sign binaries'
    workingDirectory: $(Build.BinariesDirectory)\bin

  - powershell: |
-      $files = (gi *.exe, *.dll, *.pyd, *.cat -Exclude vcruntime*, libffi*, libcrypto*, libssl*)
+      $files = (gi ${{ parameters.Include }} -Exclude ${{ parameters.Exclude }})
      $failed = $true
      foreach ($retry in 1..10) {
          signtool timestamp /t http://timestamp.verisign.com/scripts/timestamp.dll $files