diff options
-rw-r--r-- | .gitignore | 5 | ||||
-rw-r--r-- | Directory.Build.props | 1 | ||||
-rw-r--r-- | Directory.Build.targets | 4 | ||||
-rw-r--r-- | eng/Signing.props | 61 | ||||
-rw-r--r-- | eng/build-job.yml | 21 | ||||
-rw-r--r-- | eng/xplat-job.yml | 3 |
6 files changed, 88 insertions, 7 deletions
diff --git a/.gitignore b/.gitignore index c3d1f56b52..7e029112e1 100644 --- a/.gitignore +++ b/.gitignore @@ -318,3 +318,8 @@ sandbox #IL linker for testing linker + +# Arcade files +/artifacts/toolset +/.packages +/.dotnet diff --git a/Directory.Build.props b/Directory.Build.props index 2082362adc..63bb6d6c6e 100644 --- a/Directory.Build.props +++ b/Directory.Build.props @@ -1,4 +1,5 @@ <Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> + <Import Project="Sdk.props" Sdk="Microsoft.DotNet.Arcade.Sdk" Condition="'$(ArcadeBuild)' == 'True'"/> <PropertyGroup> <CL_MPCount>$(NumberOfCores)</CL_MPCount> </PropertyGroup> diff --git a/Directory.Build.targets b/Directory.Build.targets new file mode 100644 index 0000000000..29123fe77f --- /dev/null +++ b/Directory.Build.targets @@ -0,0 +1,4 @@ +<?xml version="1.0" encoding="utf-8"?> +<Project> + <Import Project="Sdk.targets" Sdk="Microsoft.DotNet.Arcade.Sdk" Condition="'$(ArcadeBuild)' == 'True'"/> +</Project>
\ No newline at end of file diff --git a/eng/Signing.props b/eng/Signing.props new file mode 100644 index 0000000000..c51b9d3d41 --- /dev/null +++ b/eng/Signing.props @@ -0,0 +1,61 @@ +<Project> + <Import Project="..\dir.props"/> + <Import Project="..\dir.targets" /> + + <PropertyGroup> + <!-- The SignFiles target needs OutDir to be defined --> + <OutDir>$(BinDir)</OutDir> + </PropertyGroup> + + <UsingTask AssemblyFile="$(BuildToolsTaskDir)Microsoft.DotNet.Build.Tasks.dll" TaskName="ReadSigningRequired" /> + + <ItemGroup> + <WindowsNativeLocation Include="$(BinDir)*.dll" /> + <WindowsNativeLocation Include="$(BinDir)*.exe" /> + </ItemGroup> + + <ItemGroup Condition="'$(BuildArch)' == 'x86'"> + <!-- Sign api-ms-win-core-xstate-l2-1-0 binary as it is only catalog signed in the current SDK. --> + <WindowsNativeLocation Condition="'$(BuildType)'=='Release'" Include="$(BinDir)Redist\ucrt\DLLs\$(BuildArch)\api-ms-win-core-xstate-l2-1-0.dll" /> + </ItemGroup> + + <!-- sign the cross targeted files as well --> + <ItemGroup Condition="'$(CrossTargetComponentFolder)' != ''"> + <WindowsNativeLocation Include="$(BinDir)$(CrossTargetComponentFolder)/*.dll" /> + <WindowsNativeLocation Include="$(BinDir)$(CrossTargetComponentFolder)/*.exe" /> + </ItemGroup> + + <Target Name="GenerateSignForWindowsNative"> + <!-- + Managed assemblies should already have a requires_signing file dropped so only generate + a requires_signing file for ones that don't exist which should leave just native assembies + --> + <WriteSigningRequired AuthenticodeSig="$(AuthenticodeSig)" + MarkerFile="%(WindowsNativeLocation.Identity).requires_signing" + Condition="!Exists('%(WindowsNativeLocation.Identity).requires_signing')" /> + </Target> + + <!-- populates item group ItemsToSign with the list of files to sign --> + <Target Name="GetFilesToSignItems" + DependsOnTargets="GenerateSignForWindowsNative" + BeforeTargets="ValidateSignFileListIsNotEmpty"> + <!-- read all of the marker files and populate the ItemsToSign item group --> + <ItemGroup> + <SignMarkerFile Include="$(OutDir)**\*.requires_signing" /> + </ItemGroup> + <ReadSigningRequired MarkerFiles="@(SignMarkerFile)"> + <Output TaskParameter="SigningMetadata" ItemName="ItemsToSign" /> + </ReadSigningRequired> + + <!-- Temporarily disable signing CoreLib due to https://github.com/dotnet/arcade/issues/1582 --> + <ItemGroup> + <ItemsToSign Remove="$(BinDir)System.Private.CoreLib.dll" /> + </ItemGroup> + + <Message Importance="High" Text="Attempting to sign %(ItemsToSign.Identity) with authenticode='%(ItemsToSign.Authenticode)' and strongname='%(ItemsToSign.StrongName)'" /> + </Target> + + <Target Name="ValidateSignFileListIsNotEmpty" BeforeTargets="Sign"> + <Error Condition="'@(ItemsToSign)' == ''" Text="List of files to sign is empty" /> + </Target> +</Project>
\ No newline at end of file diff --git a/eng/build-job.yml b/eng/build-job.yml index d8a5f61102..064db098ed 100644 --- a/eng/build-job.yml +++ b/eng/build-job.yml @@ -14,6 +14,7 @@ jobs: archType: ${{ parameters.archType }} osGroup: ${{ parameters.osGroup }} osIdentifier: ${{ parameters.osIdentifier }} + enableMicrobuild: true # Compute job name from template parameters name: ${{ format('build_{0}_{1}_{2}', parameters.osIdentifier, parameters.archType, parameters.buildConfig) }} @@ -68,6 +69,19 @@ jobs: - script: set __TestIntermediateDir=int&&build.cmd $(buildConfig) $(archType) -skiptests -skipbuildpackages displayName: Build product + # Sign on Windows + - ${{ if and(ne(variables['System.TeamProject'], 'public'), ne(variables['Build.Reason'], 'PullRequest'), eq(parameters.osGroup, 'Windows_NT')) }}: + - script: powershell eng\common\build.ps1 -ci -sign -restore -configuration:$(buildConfig) -warnaserror:0 /p:ArcadeBuild=true /p:OfficialBuild=true /p:BuildOS=$(osGroup) /p:BuildArch=$(archType) /p:BuildType=$(buildConfig) /p:DotNetSignType=%_SignType% + displayName: Sign Binaries + + - task: PublishBuildArtifacts@1 + displayName: Publish Signing Logs to VSTS + inputs: + PathtoPublish: '$(Build.SourcesDirectory)/artifacts/' + PublishLocation: Container + ArtifactName: $(Agent.Os)_$(Agent.JobName)_$(archType) + continueOnError: true + condition: always() # Upload build as pipeline artifact - ${{ if ne(parameters.osGroup, 'Windows_NT') }}: @@ -83,13 +97,6 @@ jobs: artifactName: ${{ format('{0}_{1}_{2}_build', parameters.osIdentifier, parameters.archType, parameters.buildConfig) }} targetPath: $(Build.SourcesDirectory)\bin\Product\$(osGroup).$(archType).$(buildConfigUpper) - - # TODO: Sign - - ${{ if and(ne(variables['System.TeamProject'], 'public'), ne(variables['Build.Reason'], 'PullRequest')) }}: - - script: echo Sign! - displayName: Sign Binaries (empty for now) - - # Get key vault secrets for publishing - ${{ if and(ne(variables['System.TeamProject'], 'public'), ne(variables['Build.Reason'], 'PullRequest')) }}: - task: AzureKeyVault@1 diff --git a/eng/xplat-job.yml b/eng/xplat-job.yml index 8b251751c1..a59dcefefd 100644 --- a/eng/xplat-job.yml +++ b/eng/xplat-job.yml @@ -11,6 +11,7 @@ parameters: timeoutInMinutes: '' helixType: '' crossrootfsDir: '' + enableMicrobuild: '' # arcade-specific parameters gatherAssetManifests: false @@ -31,6 +32,8 @@ jobs: helixRepo: 'dotnet/coreclr' helixType: ${{ parameters.helixType }} + enableMicrobuild: ${{ parameters.enableMicrobuild }} + pool: ${{ if and(eq(parameters.osGroup, 'Linux'), eq(variables['System.TeamProject'], 'public')) }}: name: Hosted Ubuntu 1604 |