aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSteve Dower <steve.dower@python.org>2019-08-12 14:09:36 -0700
committerGitHub <noreply@github.com>2019-08-12 14:09:36 -0700
commit3e34a25a7a5c9ea2c46f2daeeb60f072faa5aaa1 (patch)
tree5ad774ffda1f0c944a57092230fab411bab3c24e
parentbpo-37354: Make Powershell Activate.ps1 script static to allow for signing (G... (diff)
downloadcpython-3e34a25a7a5c9ea2c46f2daeeb60f072faa5aaa1.tar.gz
cpython-3e34a25a7a5c9ea2c46f2daeeb60f072faa5aaa1.tar.bz2
cpython-3e34a25a7a5c9ea2c46f2daeeb60f072faa5aaa1.zip
bpo-37354: Sign Activate.ps1 for release (GH-15235)
-rw-r--r--.azure-pipelines/windows-release/msi-steps.yml4
-rw-r--r--.azure-pipelines/windows-release/stage-build.yml2
-rw-r--r--.azure-pipelines/windows-release/stage-layout-full.yml4
-rw-r--r--.azure-pipelines/windows-release/stage-layout-msix.yml4
-rw-r--r--.azure-pipelines/windows-release/stage-layout-nuget.yml4
-rw-r--r--.azure-pipelines/windows-release/stage-sign.yml15
6 files changed, 29 insertions, 4 deletions
diff --git a/.azure-pipelines/windows-release/msi-steps.yml b/.azure-pipelines/windows-release/msi-steps.yml
index c55fa534eae..f7bff162f8e 100644
--- a/.azure-pipelines/windows-release/msi-steps.yml
+++ b/.azure-pipelines/windows-release/msi-steps.yml
@@ -51,6 +51,10 @@ steps:
artifactName: tcltk_lib_amd64
targetPath: $(Build.BinariesDirectory)\tcltk_lib_amd64
+ - powershell: |
+ copy $(Build.BinariesDirectory)\amd64\Activate.ps1 Lib\venv\scripts\common\Activate.ps1 -Force
+ displayName: 'Copy signed files into sources'
+
- script: |
call Tools\msi\get_externals.bat
call PCbuild\find_python.bat
diff --git a/.azure-pipelines/windows-release/stage-build.yml b/.azure-pipelines/windows-release/stage-build.yml
index ce7b3817693..c98576ef970 100644
--- a/.azure-pipelines/windows-release/stage-build.yml
+++ b/.azure-pipelines/windows-release/stage-build.yml
@@ -122,7 +122,7 @@ jobs:
displayName: Publish Tcl/Tk Library
pool:
- vmName: win2016-vs2017
+ vmName: windows-latest
workspace:
clean: all
diff --git a/.azure-pipelines/windows-release/stage-layout-full.yml b/.azure-pipelines/windows-release/stage-layout-full.yml
index 8b412dffcc8..12c34723901 100644
--- a/.azure-pipelines/windows-release/stage-layout-full.yml
+++ b/.azure-pipelines/windows-release/stage-layout-full.yml
@@ -47,6 +47,10 @@ jobs:
artifactName: tcltk_lib_$(Name)
targetPath: $(Build.BinariesDirectory)\tcltk_lib
+ - powershell: |
+ copy $(Build.BinariesDirectory)\bin\Activate.ps1 Lib\venv\scripts\common\Activate.ps1 -Force
+ displayName: 'Copy signed files into sources'
+
- template: ./layout-command.yml
- powershell: |
diff --git a/.azure-pipelines/windows-release/stage-layout-msix.yml b/.azure-pipelines/windows-release/stage-layout-msix.yml
index 7d66e8f9821..ba86392f3ec 100644
--- a/.azure-pipelines/windows-release/stage-layout-msix.yml
+++ b/.azure-pipelines/windows-release/stage-layout-msix.yml
@@ -40,6 +40,10 @@ jobs:
artifactName: tcltk_lib_$(Name)
targetPath: $(Build.BinariesDirectory)\tcltk_lib
+ - powershell: |
+ copy $(Build.BinariesDirectory)\bin\Activate.ps1 Lib\venv\scripts\common\Activate.ps1 -Force
+ displayName: 'Copy signed files into sources'
+
- template: ./layout-command.yml
- powershell: |
diff --git a/.azure-pipelines/windows-release/stage-layout-nuget.yml b/.azure-pipelines/windows-release/stage-layout-nuget.yml
index 01512975e9d..7954c4547f5 100644
--- a/.azure-pipelines/windows-release/stage-layout-nuget.yml
+++ b/.azure-pipelines/windows-release/stage-layout-nuget.yml
@@ -29,6 +29,10 @@ jobs:
artifactName: bin_$(Name)
targetPath: $(Build.BinariesDirectory)\bin
+ - powershell: |
+ copy $(Build.BinariesDirectory)\bin\Activate.ps1 Lib\venv\scripts\common\Activate.ps1 -Force
+ displayName: 'Copy signed files into sources'
+
- template: ./layout-command.yml
- powershell: |
diff --git a/.azure-pipelines/windows-release/stage-sign.yml b/.azure-pipelines/windows-release/stage-sign.yml
index d6984a0a137..2307c6c9c8f 100644
--- a/.azure-pipelines/windows-release/stage-sign.yml
+++ b/.azure-pipelines/windows-release/stage-sign.yml
@@ -1,3 +1,7 @@
+parameters:
+ Include: '*.exe, *.dll, *.pyd, *.cat, *.ps1'
+ Exclude: 'vcruntime*, libffi*, libcrypto*, libssl*'
+
jobs:
- job: Sign_Python
displayName: Sign Python binaries
@@ -17,7 +21,7 @@ jobs:
Name: amd64
steps:
- - checkout: none
+ - template: ./checkout.yml
- template: ./find-sdk.yml
- powershell: |
@@ -31,13 +35,18 @@ jobs:
targetPath: $(Build.BinariesDirectory)\bin
- powershell: |
- $files = (gi *.exe, *.dll, *.pyd, *.cat -Exclude vcruntime*, libffi*, libcrypto*, libssl*)
+ copy "$(Build.SourcesDirectory)\Lib\venv\scripts\common\Activate.ps1" .
+ displayName: 'Copy files from source'
+ workingDirectory: $(Build.BinariesDirectory)\bin
+
+ - powershell: |
+ $files = (gi ${{ parameters.Include }} -Exclude ${{ parameters.Exclude }})
signtool sign /a /n "$(SigningCertificate)" /fd sha256 /d "$(SigningDescription)" $files
displayName: 'Sign binaries'
workingDirectory: $(Build.BinariesDirectory)\bin
- powershell: |
- $files = (gi *.exe, *.dll, *.pyd, *.cat -Exclude vcruntime*, libffi*, libcrypto*, libssl*)
+ $files = (gi ${{ parameters.Include }} -Exclude ${{ parameters.Exclude }})
$failed = $true
foreach ($retry in 1..10) {
signtool timestamp /t http://timestamp.verisign.com/scripts/timestamp.dll $files