bpo-37354: Sign Activate.ps1 for release (GH-15235)

3e34a25a · Steve Dower · GitHub · 732775d6 · 3e34a25a · 3e34a25a
Commit 3e34a25a authored Aug 12, 2019 by Steve Dower Committed by GitHub Aug 12, 2019
6 changed files
--- a/.azure-pipelines/windows-release/msi-steps.yml
+++ b/.azure-pipelines/windows-release/msi-steps.yml
@@ -51,6 +51,10 @@ steps:
      artifactName: tcltk_lib_amd64
      targetPath: $(Build.BinariesDirectory)\tcltk_lib_amd64
+  - powershell: |
+      copy $(Build.BinariesDirectory)\amd64\Activate.ps1 Lib\venv\scripts\common\Activate.ps1 -Force
+    displayName: 'Copy signed files into sources'
  - script: |
      call Tools\msi\get_externals.bat
      call PCbuild\find_python.bat

--- a/.azure-pipelines/windows-release/stage-build.yml
+++ b/.azure-pipelines/windows-release/stage-build.yml
@@ -122,7 +122,7 @@ jobs:
  displayName: Publish Tcl/Tk Library
  pool:
-    vmName: win2016-vs2017
+    vmName: windows-latest
  workspace:
    clean: all

--- a/.azure-pipelines/windows-release/stage-layout-full.yml
+++ b/.azure-pipelines/windows-release/stage-layout-full.yml
@@ -47,6 +47,10 @@ jobs:
      artifactName: tcltk_lib_$(Name)
      targetPath: $(Build.BinariesDirectory)\tcltk_lib
+  - powershell: |
+      copy $(Build.BinariesDirectory)\bin\Activate.ps1 Lib\venv\scripts\common\Activate.ps1 -Force
+    displayName: 'Copy signed files into sources'
  - template: ./layout-command.yml
  - powershell: |

--- a/.azure-pipelines/windows-release/stage-layout-msix.yml
+++ b/.azure-pipelines/windows-release/stage-layout-msix.yml
@@ -40,6 +40,10 @@ jobs:
      artifactName: tcltk_lib_$(Name)
      targetPath: $(Build.BinariesDirectory)\tcltk_lib
+  - powershell: |
+      copy $(Build.BinariesDirectory)\bin\Activate.ps1 Lib\venv\scripts\common\Activate.ps1 -Force
+    displayName: 'Copy signed files into sources'
  - template: ./layout-command.yml
  - powershell: |

--- a/.azure-pipelines/windows-release/stage-layout-nuget.yml
+++ b/.azure-pipelines/windows-release/stage-layout-nuget.yml
@@ -29,6 +29,10 @@ jobs:
      artifactName: bin_$(Name)
      targetPath: $(Build.BinariesDirectory)\bin
+  - powershell: |
+      copy $(Build.BinariesDirectory)\bin\Activate.ps1 Lib\venv\scripts\common\Activate.ps1 -Force
+    displayName: 'Copy signed files into sources'
  - template: ./layout-command.yml
  - powershell: |

--- a/.azure-pipelines/windows-release/stage-sign.yml
+++ b/.azure-pipelines/windows-release/stage-sign.yml
+parameters:
+  Include: '*.exe, *.dll, *.pyd, *.cat, *.ps1'
+  Exclude: 'vcruntime*, libffi*, libcrypto*, libssl*'
 jobs:
 - job: Sign_Python
  displayName: Sign Python binaries
@@ -17,7 +21,7 @@ jobs:
        Name: amd64
  steps:
-  - checkout: none
+  - template: ./checkout.yml
  - template: ./find-sdk.yml
  - powershell: |
@@ -31,13 +35,18 @@ jobs:
      targetPath: $(Build.BinariesDirectory)\bin
  - powershell: |
-      $files = (gi *.exe, *.dll, *.pyd, *.cat -Exclude vcruntime*, libffi*, libcrypto*, libssl*)
+      copy "$(Build.SourcesDirectory)\Lib\venv\scripts\common\Activate.ps1" .
+    displayName: 'Copy files from source'
+    workingDirectory: $(Build.BinariesDirectory)\bin
+  - powershell: |
+      $files = (gi ${{ parameters.Include }} -Exclude ${{ parameters.Exclude }})
      signtool sign /a /n "$(SigningCertificate)" /fd sha256 /d "$(SigningDescription)" $files
    displayName: 'Sign binaries'
    workingDirectory: $(Build.BinariesDirectory)\bin
  - powershell: |
-      $files = (gi *.exe, *.dll, *.pyd, *.cat -Exclude vcruntime*, libffi*, libcrypto*, libssl*)
+      $files = (gi ${{ parameters.Include }} -Exclude ${{ parameters.Exclude }})
      $failed = $true
      foreach ($retry in 1..10) {
          signtool timestamp /t http://timestamp.verisign.com/scripts/timestamp.dll $files