From: Steve Dower Date: Mon, 12 Aug 2019 21:09:36 +0000 (-0700) Subject: bpo-37354: Sign Activate.ps1 for release (GH-15235) X-Git-Tag: v3.9.0a1~887 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=3e34a25a7a5c9ea2c46f2daeeb60f072faa5aaa1;p=thirdparty%2FPython%2Fcpython.git bpo-37354: Sign Activate.ps1 for release (GH-15235) --- diff --git a/.azure-pipelines/windows-release/msi-steps.yml b/.azure-pipelines/windows-release/msi-steps.yml index c55fa534eaec..f7bff162f8e0 100644 --- a/.azure-pipelines/windows-release/msi-steps.yml +++ b/.azure-pipelines/windows-release/msi-steps.yml @@ -51,6 +51,10 @@ steps: artifactName: tcltk_lib_amd64 targetPath: $(Build.BinariesDirectory)\tcltk_lib_amd64 + - powershell: | + copy $(Build.BinariesDirectory)\amd64\Activate.ps1 Lib\venv\scripts\common\Activate.ps1 -Force + displayName: 'Copy signed files into sources' + - script: | call Tools\msi\get_externals.bat call PCbuild\find_python.bat diff --git a/.azure-pipelines/windows-release/stage-build.yml b/.azure-pipelines/windows-release/stage-build.yml index ce7b38176935..c98576ef9705 100644 --- a/.azure-pipelines/windows-release/stage-build.yml +++ b/.azure-pipelines/windows-release/stage-build.yml @@ -122,7 +122,7 @@ jobs: displayName: Publish Tcl/Tk Library pool: - vmName: win2016-vs2017 + vmName: windows-latest workspace: clean: all diff --git a/.azure-pipelines/windows-release/stage-layout-full.yml b/.azure-pipelines/windows-release/stage-layout-full.yml index 8b412dffcc82..12c347239013 100644 --- a/.azure-pipelines/windows-release/stage-layout-full.yml +++ b/.azure-pipelines/windows-release/stage-layout-full.yml @@ -47,6 +47,10 @@ jobs: artifactName: tcltk_lib_$(Name) targetPath: $(Build.BinariesDirectory)\tcltk_lib + - powershell: | + copy $(Build.BinariesDirectory)\bin\Activate.ps1 Lib\venv\scripts\common\Activate.ps1 -Force + displayName: 'Copy signed files into sources' + - template: ./layout-command.yml - powershell: | diff --git a/.azure-pipelines/windows-release/stage-layout-msix.yml b/.azure-pipelines/windows-release/stage-layout-msix.yml index 7d66e8f9821c..ba86392f3ec6 100644 --- a/.azure-pipelines/windows-release/stage-layout-msix.yml +++ b/.azure-pipelines/windows-release/stage-layout-msix.yml @@ -40,6 +40,10 @@ jobs: artifactName: tcltk_lib_$(Name) targetPath: $(Build.BinariesDirectory)\tcltk_lib + - powershell: | + copy $(Build.BinariesDirectory)\bin\Activate.ps1 Lib\venv\scripts\common\Activate.ps1 -Force + displayName: 'Copy signed files into sources' + - template: ./layout-command.yml - powershell: | diff --git a/.azure-pipelines/windows-release/stage-layout-nuget.yml b/.azure-pipelines/windows-release/stage-layout-nuget.yml index 01512975e9db..7954c4547f50 100644 --- a/.azure-pipelines/windows-release/stage-layout-nuget.yml +++ b/.azure-pipelines/windows-release/stage-layout-nuget.yml @@ -29,6 +29,10 @@ jobs: artifactName: bin_$(Name) targetPath: $(Build.BinariesDirectory)\bin + - powershell: | + copy $(Build.BinariesDirectory)\bin\Activate.ps1 Lib\venv\scripts\common\Activate.ps1 -Force + displayName: 'Copy signed files into sources' + - template: ./layout-command.yml - powershell: | diff --git a/.azure-pipelines/windows-release/stage-sign.yml b/.azure-pipelines/windows-release/stage-sign.yml index d6984a0a137c..2307c6c9c8f9 100644 --- a/.azure-pipelines/windows-release/stage-sign.yml +++ b/.azure-pipelines/windows-release/stage-sign.yml @@ -1,3 +1,7 @@ +parameters: + Include: '*.exe, *.dll, *.pyd, *.cat, *.ps1' + Exclude: 'vcruntime*, libffi*, libcrypto*, libssl*' + jobs: - job: Sign_Python displayName: Sign Python binaries @@ -17,7 +21,7 @@ jobs: Name: amd64 steps: - - checkout: none + - template: ./checkout.yml - template: ./find-sdk.yml - powershell: | @@ -31,13 +35,18 @@ jobs: targetPath: $(Build.BinariesDirectory)\bin - powershell: | - $files = (gi *.exe, *.dll, *.pyd, *.cat -Exclude vcruntime*, libffi*, libcrypto*, libssl*) + copy "$(Build.SourcesDirectory)\Lib\venv\scripts\common\Activate.ps1" . + displayName: 'Copy files from source' + workingDirectory: $(Build.BinariesDirectory)\bin + + - powershell: | + $files = (gi ${{ parameters.Include }} -Exclude ${{ parameters.Exclude }}) signtool sign /a /n "$(SigningCertificate)" /fd sha256 /d "$(SigningDescription)" $files displayName: 'Sign binaries' workingDirectory: $(Build.BinariesDirectory)\bin - powershell: | - $files = (gi *.exe, *.dll, *.pyd, *.cat -Exclude vcruntime*, libffi*, libcrypto*, libssl*) + $files = (gi ${{ parameters.Include }} -Exclude ${{ parameters.Exclude }}) $failed = $true foreach ($retry in 1..10) { signtool timestamp /t http://timestamp.verisign.com/scripts/timestamp.dll $files