bpo-37354: Sign Activate.ps1 for release (GH-15235)

zooba · web-flow · commit 3e34a25a7a5c · 2019-08-12T14:09:36.000-07:00
diff --git a/.azure-pipelines/windows-release/msi-steps.yml b/.azure-pipelines/windows-release/msi-steps.yml
@@ -51,6 +51,10 @@ steps:
       artifactName: tcltk_lib_amd64
       targetPath: $(Build.BinariesDirectory)\tcltk_lib_amd64
 
+  - powershell: |
+      copy $(Build.BinariesDirectory)\amd64\Activate.ps1 Lib\venv\scripts\common\Activate.ps1 -Force
+    displayName: 'Copy signed files into sources'
+
   - script: |
       call Tools\msi\get_externals.bat
       call PCbuild\find_python.bat
diff --git a/.azure-pipelines/windows-release/stage-build.yml b/.azure-pipelines/windows-release/stage-build.yml
@@ -122,7 +122,7 @@ jobs:
   displayName: Publish Tcl/Tk Library
 
   pool:
-    vmName: win2016-vs2017
+    vmName: windows-latest
 
   workspace:
     clean: all
diff --git a/.azure-pipelines/windows-release/stage-layout-full.yml b/.azure-pipelines/windows-release/stage-layout-full.yml
@@ -47,6 +47,10 @@ jobs:
       artifactName: tcltk_lib_$(Name)
       targetPath: $(Build.BinariesDirectory)\tcltk_lib
 
+  - powershell: |
+      copy $(Build.BinariesDirectory)\bin\Activate.ps1 Lib\venv\scripts\common\Activate.ps1 -Force
+    displayName: 'Copy signed files into sources'
+
   - template: ./layout-command.yml
 
   - powershell: |
diff --git a/.azure-pipelines/windows-release/stage-layout-msix.yml b/.azure-pipelines/windows-release/stage-layout-msix.yml
@@ -40,6 +40,10 @@ jobs:
       artifactName: tcltk_lib_$(Name)
       targetPath: $(Build.BinariesDirectory)\tcltk_lib
 
+  - powershell: |
+      copy $(Build.BinariesDirectory)\bin\Activate.ps1 Lib\venv\scripts\common\Activate.ps1 -Force
+    displayName: 'Copy signed files into sources'
+
   - template: ./layout-command.yml
 
   - powershell: |
diff --git a/.azure-pipelines/windows-release/stage-layout-nuget.yml b/.azure-pipelines/windows-release/stage-layout-nuget.yml
@@ -29,6 +29,10 @@ jobs:
       artifactName: bin_$(Name)
       targetPath: $(Build.BinariesDirectory)\bin
 
+  - powershell: |
+      copy $(Build.BinariesDirectory)\bin\Activate.ps1 Lib\venv\scripts\common\Activate.ps1 -Force
+    displayName: 'Copy signed files into sources'
+
   - template: ./layout-command.yml
 
   - powershell: |
diff --git a/.azure-pipelines/windows-release/stage-sign.yml b/.azure-pipelines/windows-release/stage-sign.yml
@@ -1,3 +1,7 @@
+parameters:
+  Include: '*.exe, *.dll, *.pyd, *.cat, *.ps1'
+  Exclude: 'vcruntime*, libffi*, libcrypto*, libssl*'
+
 jobs:
 - job: Sign_Python
   displayName: Sign Python binaries
@@ -17,7 +21,7 @@ jobs:
         Name: amd64
 
   steps:
-  - checkout: none
+  - template: ./checkout.yml
   - template: ./find-sdk.yml
 
   - powershell: |
@@ -31,13 +35,18 @@ jobs:
       targetPath: $(Build.BinariesDirectory)\bin
 
   - powershell: |
-      $files = (gi *.exe, *.dll, *.pyd, *.cat -Exclude vcruntime*, libffi*, libcrypto*, libssl*)
+      copy "$(Build.SourcesDirectory)\Lib\venv\scripts\common\Activate.ps1" .
+    displayName: 'Copy files from source'
+    workingDirectory: $(Build.BinariesDirectory)\bin
+
+  - powershell: |
+      $files = (gi ${{ parameters.Include }} -Exclude ${{ parameters.Exclude }})
       signtool sign /a /n "$(SigningCertificate)" /fd sha256 /d "$(SigningDescription)" $files
     displayName: 'Sign binaries'
     workingDirectory: $(Build.BinariesDirectory)\bin
 
   - powershell: |
-      $files = (gi *.exe, *.dll, *.pyd, *.cat -Exclude vcruntime*, libffi*, libcrypto*, libssl*)
+      $files = (gi ${{ parameters.Include }} -Exclude ${{ parameters.Exclude }})
       $failed = $true
       foreach ($retry in 1..10) {
           signtool timestamp /t http://timestamp.verisign.com/scripts/timestamp.dll $files
