bpo-37354: Sign Activate.ps1 for release (GH-15235)

(cherry picked from commit 3e34a25a7a5c9ea2c46f2daeeb60f072faa5aaa1)

Co-authored-by: Steve Dower <steve.dower@python.org>

diff --git a/.azure-pipelines/windows-release/msi-steps.yml b/.azure-pipelines/windows-release/msi-steps.yml
index c55fa534eaec863f9a51a51f94ed74d7926695b0..f7bff162f8e027ff2d8f69385de02a1d2e9d1ce0 100644 (file)
--- a/.azure-pipelines/windows-release/msi-steps.yml
+++ b/.azure-pipelines/windows-release/msi-steps.yml
@@ -51,6 +51,10 @@ steps:
       artifactName: tcltk_lib_amd64
       targetPath: $(Build.BinariesDirectory)\tcltk_lib_amd64
 
+  - powershell: |
+      copy $(Build.BinariesDirectory)\amd64\Activate.ps1 Lib\venv\scripts\common\Activate.ps1 -Force
+    displayName: 'Copy signed files into sources'
+
   - script: |
       call Tools\msi\get_externals.bat
       call PCbuild\find_python.bat

diff --git a/.azure-pipelines/windows-release/stage-build.yml b/.azure-pipelines/windows-release/stage-build.yml
index ce7b38176935dfbe5342f789e70407beaf0f0e04..c98576ef9705c06ea7f827a8aab8343a9da3905a 100644 (file)
--- a/.azure-pipelines/windows-release/stage-build.yml
+++ b/.azure-pipelines/windows-release/stage-build.yml
@@ -122,7 +122,7 @@ jobs:
   displayName: Publish Tcl/Tk Library
 
   pool:
-    vmName: win2016-vs2017
+    vmName: windows-latest
 
   workspace:
     clean: all

diff --git a/.azure-pipelines/windows-release/stage-layout-full.yml b/.azure-pipelines/windows-release/stage-layout-full.yml
index 8b412dffcc8240ce6c0aa1e63899a31ec38c2b03..12c347239013c12baf7571d5b1547b5feb3ee1f0 100644 (file)
--- a/.azure-pipelines/windows-release/stage-layout-full.yml
+++ b/.azure-pipelines/windows-release/stage-layout-full.yml
@@ -47,6 +47,10 @@ jobs:
       artifactName: tcltk_lib_$(Name)
       targetPath: $(Build.BinariesDirectory)\tcltk_lib
 
+  - powershell: |
+      copy $(Build.BinariesDirectory)\bin\Activate.ps1 Lib\venv\scripts\common\Activate.ps1 -Force
+    displayName: 'Copy signed files into sources'
+
   - template: ./layout-command.yml
 
   - powershell: |

diff --git a/.azure-pipelines/windows-release/stage-layout-msix.yml b/.azure-pipelines/windows-release/stage-layout-msix.yml
index 7d66e8f9821ca51c493c5a7dba43b0ebaa1b0a28..ba86392f3ec69955d36785854375d72b64da7b8c 100644 (file)
--- a/.azure-pipelines/windows-release/stage-layout-msix.yml
+++ b/.azure-pipelines/windows-release/stage-layout-msix.yml
@@ -40,6 +40,10 @@ jobs:
       artifactName: tcltk_lib_$(Name)
       targetPath: $(Build.BinariesDirectory)\tcltk_lib
 
+  - powershell: |
+      copy $(Build.BinariesDirectory)\bin\Activate.ps1 Lib\venv\scripts\common\Activate.ps1 -Force
+    displayName: 'Copy signed files into sources'
+
   - template: ./layout-command.yml
 
   - powershell: |

diff --git a/.azure-pipelines/windows-release/stage-layout-nuget.yml b/.azure-pipelines/windows-release/stage-layout-nuget.yml
index 01512975e9db015ba1aae9b637b65c27607f8874..7954c4547f50ab08fe22b9944156d8746c7c67ae 100644 (file)
--- a/.azure-pipelines/windows-release/stage-layout-nuget.yml
+++ b/.azure-pipelines/windows-release/stage-layout-nuget.yml
@@ -29,6 +29,10 @@ jobs:
       artifactName: bin_$(Name)
       targetPath: $(Build.BinariesDirectory)\bin
 
+  - powershell: |
+      copy $(Build.BinariesDirectory)\bin\Activate.ps1 Lib\venv\scripts\common\Activate.ps1 -Force
+    displayName: 'Copy signed files into sources'
+
   - template: ./layout-command.yml
 
   - powershell: |

diff --git a/.azure-pipelines/windows-release/stage-sign.yml b/.azure-pipelines/windows-release/stage-sign.yml
index d6984a0a137ceacabea14564852c96651f2872c6..2307c6c9c8f97de00c061efdb3bf01a47d49a21d 100644 (file)
--- a/.azure-pipelines/windows-release/stage-sign.yml
+++ b/.azure-pipelines/windows-release/stage-sign.yml
@@ -1,3 +1,7 @@
+parameters:
+  Include: '*.exe, *.dll, *.pyd, *.cat, *.ps1'
+  Exclude: 'vcruntime*, libffi*, libcrypto*, libssl*'
+
 jobs:
 - job: Sign_Python
   displayName: Sign Python binaries
@@ -17,7 +21,7 @@ jobs:
         Name: amd64
 
   steps:
-  - checkout: none
+  - template: ./checkout.yml
   - template: ./find-sdk.yml
 
   - powershell: |
@@ -31,13 +35,18 @@ jobs:
       targetPath: $(Build.BinariesDirectory)\bin
 
   - powershell: |
-      $files = (gi *.exe, *.dll, *.pyd, *.cat -Exclude vcruntime*, libffi*, libcrypto*, libssl*)
+      copy "$(Build.SourcesDirectory)\Lib\venv\scripts\common\Activate.ps1" .
+    displayName: 'Copy files from source'
+    workingDirectory: $(Build.BinariesDirectory)\bin
+
+  - powershell: |
+      $files = (gi ${{ parameters.Include }} -Exclude ${{ parameters.Exclude }})
       signtool sign /a /n "$(SigningCertificate)" /fd sha256 /d "$(SigningDescription)" $files
     displayName: 'Sign binaries'
     workingDirectory: $(Build.BinariesDirectory)\bin
 
   - powershell: |
-      $files = (gi *.exe, *.dll, *.pyd, *.cat -Exclude vcruntime*, libffi*, libcrypto*, libssl*)
+      $files = (gi ${{ parameters.Include }} -Exclude ${{ parameters.Exclude }})
       $failed = $true
       foreach ($retry in 1..10) {
           signtool timestamp /t http://timestamp.verisign.com/scripts/timestamp.dll $files