[
{
"path": ".azuredevops/dependabot.yml",
"content": "version: 2\r\n\r\n# Disabling dependabot on Azure DevOps as this is a mirrored repo. Updates should go through github.\r\nenable-campaigned-updates: false\r\nenable-security-updates: false\r\n"
},
{
"path": ".config/1espt/PipelineAutobaseliningConfig.yml",
"content": "## DO NOT MODIFY THIS FILE MANUALLY. This is part of auto-baselining from 1ES Pipeline Templates. Go to [https://aka.ms/1espt-autobaselining] for more details.\n\npipelines:\n 1190:\n retail:\n source:\n credscan:\n lastModifiedDate: 2024-03-28\n eslint:\n lastModifiedDate: 2024-03-28\n psscriptanalyzer:\n lastModifiedDate: 2024-03-28\n armory:\n lastModifiedDate: 2024-03-28\n binary:\n credscan:\n lastModifiedDate: 2024-03-28\n binskim:\n lastModifiedDate: 2025-03-19\n spotbugs:\n lastModifiedDate: 2024-03-28\n"
},
{
"path": ".config/1espt/README.md",
"content": "Do not merge changes to PipelineAutobaseliningConfig.yml in the internal Azure DevOps repository, as it would break commit mirroring from the public GitHub repository. Instead, merge the changes into the public GitHub repository.\n\nSee https://dev.azure.com/dnceng/internal/_wiki/wikis/DNCEng%20Services%20Wiki/1214/1ES-Pipeline-Template-Migration-FAQ?anchor=should-i-accept-these-automated-prs-into-my-repo-that-is-mirrored-from-github-to-fix-cg/security-issues%3F for guidance."
},
{
"path": ".editorconfig",
"content": "root = true\n\n[*]\ninsert_final_newline = true\nindent_style = space\nindent_size = 4\ntrim_trailing_whitespace = true\n\n[*.{csproj,md,props,targets,yml}]\nindent_size = 2\n\n[*.cs]\n\n# IDE0063: Use simple 'using' statement\ncsharp_prefer_simple_using_statement = false\n\n# CA2254: Template should be a static expression\n# See https://github.com/dotnet/roslyn-analyzers/issues/5626\ndotnet_diagnostic.CA2254.severity = none\n\n# CA2255: The ModuleInitializer attribute should not be used in libraries\ndotnet_diagnostic.CA2255.severity = none\n\n# IDE0073: File header\ndotnet_diagnostic.IDE0073.severity = warning\nfile_header_template = Licensed to the .NET Foundation under one or more agreements.\\nThe .NET Foundation licenses this file to you under the MIT license.\\nSee the LICENSE.txt file in the project root for more information.\n"
},
{
"path": ".gitattributes",
"content": "###############################################################################\n# Set default behavior to automatically normalize line endings.\n###############################################################################\n* text=auto\n\n###############################################################################\n# Set default behavior for command prompt diff.\n#\n# This is need for earlier builds of msysgit that does not have it on by\n# default for csharp files.\n# Note: This is only used by command line\n###############################################################################\n#*.cs diff=csharp\n\n###############################################################################\n# Set the merge driver for project and solution files\n#\n# Merging from the command prompt will add diff markers to the files if there\n# are conflicts (Merging from VS is not affected by the settings below, in VS\n# the diff markers are never inserted). Diff markers may cause the following \n# file extensions to fail to load in VS. An alternative would be to treat\n# these files as binary and thus will always conflict and require user\n# intervention with every merge. To do so, just uncomment the entries below\n###############################################################################\n#*.sln merge=binary\n#*.csproj merge=binary\n#*.vbproj merge=binary\n#*.vcxproj merge=binary\n#*.vcproj merge=binary\n#*.dbproj merge=binary\n#*.fsproj merge=binary\n#*.lsproj merge=binary\n#*.wixproj merge=binary\n#*.modelproj merge=binary\n#*.sqlproj merge=binary\n#*.wwaproj merge=binary\n\n###############################################################################\n# behavior for image files\n#\n# image files are treated as binary by default.\n###############################################################################\n#*.jpg binary\n#*.png binary\n#*.gif binary\n\n###############################################################################\n# diff behavior for common document formats\n# \n# Convert binary document formats to text before diffing them. This feature\n# is only available from the command line. Turn it on by uncommenting the \n# entries below.\n###############################################################################\n#*.doc diff=astextplain\n#*.DOC diff=astextplain\n#*.docx diff=astextplain\n#*.DOCX diff=astextplain\n#*.dot diff=astextplain\n#*.DOT diff=astextplain\n#*.pdf diff=astextplain\n#*.PDF diff=astextplain\n#*.rtf diff=astextplain\n#*.RTF diff=astextplain\n"
},
{
"path": ".github/CODEOWNERS",
"content": "# These owners will be the default owners for everything in\n# the repo. Unless a later match takes precedence,\n# review when someone opens a pull request.\n# For more on how to customize the CODEOWNERS file - https://help.github.com/en/articles/about-code-owners\n* @dotnet/sign-maintainers\n"
},
{
"path": ".github/ISSUE_TEMPLATE/bug_report.md",
"content": "---\nname: Bug report\nabout: Create a report to help us improve\ntitle: ''\nlabels: ''\nassignees: ''\n\n---\n\n**Describe the bug**\nA clear and concise description of what the bug is.\n\n**Repro steps**\n\n\n**Expected behavior**\nA clear and concise description of what you expected to happen.\n\n**Actual behavior**\nA clear and concise description of what actually happened.\n\n**Additional context**\n- Include the output of `sign --version`.\n- Include the output of `dotnet --info`.\n- Add any other context about the problem here.\n"
},
{
"path": ".github/ISSUE_TEMPLATE/feature_request.md",
"content": "---\nname: Feature request\nabout: Suggest an idea for this project\ntitle: ''\nlabels: ''\nassignees: ''\n\n---\n\n**Is your feature request related to a problem? Please describe.**\nA clear and concise description of what the problem is. Ex. I'm always frustrated when [...]\n\n**Describe the solution you'd like**\nA clear and concise description of what you want to happen.\n\n**Describe alternatives you've considered**\nA clear and concise description of any alternative solutions or features you've considered.\n\n**Additional context**\nInclude the output of sign --version.\nAdd any other context about the problem here.\n"
},
{
"path": ".github/workflows/stale.yml",
"content": "name: 'Close stale issues'\n\npermissions:\n issues: write\n\non:\n schedule:\n - cron: '30 1 * * *'\n\njobs:\n stale:\n runs-on: ubuntu-latest\n steps:\n - uses: actions/stale@v9\n with:\n stale-issue-message: 'This issue is stale because it has been open 10 days with no activity after asking for more info. Comment or this will be closed in 4 days.'\n close-issue-message: 'This issue was closed because it has been stalled for 14 days with no activity. This can be reopened if additional information is provided.'\n days-before-issue-stale: 10 \n days-before-issue-close: 4\n days-before-pr-stale: -1\n days-before-pr-close: -1\n any-of-labels: \"needs-more-info\"\n"
},
{
"path": ".gitignore",
"content": "## Ignore Visual Studio temporary files, build results, and\n## files generated by popular Visual Studio add-ons.\n\n# Tools directory\n.dotnet/\n.packages/\n.tools/\n/[Tt]ools/\n\n# User-specific files\n*.suo\n*.user\n*.userosscache\n*.sln.docstates\n\n# User-specific files (MonoDevelop/Xamarin Studio)\n*.userprefs\n\n# Build results\n[Dd]ebug/\n[Dd]ebugPublic/\n[Rr]elease/\n[Rr]eleases/\n[Xx]64/\n[Xx]86/\n[Bb]uild/\nbld/\n[Bb]in/\n[Oo]bj/\n\n# Visual Studio 2015 cache/options directory\n.vs/\n.vscode/\n.store/\n# Uncomment if you have tasks that create the project's static files in wwwroot\n#wwwroot/\n\n# MSTest test Results\n[Tt]est[Rr]esult*/\n[Bb]uild[Ll]og.*\n\n# NUNIT\n*.VisualState.xml\nTestResult.xml\n\n# Build Results of an ATL Project\n[Dd]ebugPS/\n[Rr]eleasePS/\ndlldata.c\n\n# DNX\nproject.lock.json\n*.lock.json\nartifacts/\n\n*_i.c\n*_p.c\n*_i.h\n*.ilk\n*.meta\n*.obj\n*.pch\n*.pdb\n*.pgc\n*.pgd\n*.rsp\n*.sbr\n*.tlb\n*.tli\n*.tlh\n*.tmp\n*.tmp_proj\n*.log\n*.vspscc\n*.vssscc\n.builds\n*.pidb\n*.svclog\n*.scc\n\n# Chutzpah Test files\n_Chutzpah*\n\n# Visual C++ cache files\nipch/\n*.aps\n*.ncb\n*.opendb\n*.opensdf\n*.sdf\n*.cachefile\n*.VC.db\n\n# Visual Studio profiler\n*.psess\n*.vsp\n*.vspx\n*.sap\n\n# TFS 2012 Local Workspace\n$tf/\n\n# Guidance Automation Toolkit\n*.gpState\n\n# ReSharper is a .NET coding add-in\n_ReSharper*/\n*.[Rr]e[Ss]harper\n*.DotSettings.user\n\n# JustCode is a .NET coding add-in\n.JustCode\n\n# TeamCity is a build add-in\n_TeamCity*\n\n# DotCover is a Code Coverage Tool\n*.dotCover\n\n# NCrunch\n_NCrunch_*\n.*crunch*.local.xml\nnCrunchTemp_*\n\n# MightyMoose\n*.mm.*\nAutoTest.Net/\n\n# Web workbench (sass)\n.sass-cache/\n\n# Installshield output folder\n[Ee]xpress/\n\n# DocProject is a documentation generator add-in\nDocProject/buildhelp/\nDocProject/Help/*.HxT\nDocProject/Help/*.HxC\nDocProject/Help/*.hhc\nDocProject/Help/*.hhk\nDocProject/Help/*.hhp\nDocProject/Help/Html2\nDocProject/Help/html\n\n# Click-Once directory\npublish/\n\n# Publish Web Output\n*.[Pp]ublish.xml\n*.azurePubxml\n\n# TODO: Un-comment the next line if you do not want to checkin \n# your web deploy settings because they may include unencrypted\n# passwords\n#*.pubxml\n*.publishproj\n\n# NuGet Packages\n*.nupkg\n# The packages folder can be ignored because of Package Restore\n**/packages/*\n# except build/, which is used as an MSBuild target.\n!**/packages/build/\n# Uncomment if necessary however generally it will be regenerated when needed\n#!**/packages/repositories.config\n# NuGet v3's project.json files produces more ignoreable files\n*.nuget.props\n*.nuget.targets\n\n# Microsoft Azure Build Output\ncsx/\n*.build.csdef\n\n# Microsoft Azure Emulator\necf/\nrcf/\n\n# Microsoft Azure ApplicationInsights config file\nApplicationInsights.config\n\n# Windows Store app package directory\nAppPackages/\nBundleArtifacts/\n\n# Visual Studio cache files\n# files ending in .cache can be ignored\n*.[Cc]ache\n# but keep track of directories ending in .cache\n!*.[Cc]ache/\n\n# Others\nClientBin/\n[Ss]tyle[Cc]op.*\n~$*\n*~\n*.dbmdl\n*.dbproj.schemaview\n*.pfx\n*.publishsettings\nnode_modules/\norleans.codegen.cs\n\n# RIA/Silverlight projects\nGenerated_Code/\n\n# Backup & report files from converting an old project file\n# to a newer Visual Studio version. Backup files are not needed,\n# because we have git ;-)\n_UpgradeReport_Files/\nBackup*/\nUpgradeLog*.XML\nUpgradeLog*.htm\n\n# SQL Server files\n*.mdf\n*.ldf\n\n# Business Intelligence projects\n*.rdl.data\n*.bim.layout\n*.bim_*.settings\n\n# Microsoft Fakes\nFakesAssemblies/\n\n# GhostDoc plugin setting file\n*.GhostDoc.xml\n\n# Node.js Tools for Visual Studio\n.ntvs_analysis.dat\n\n# Visual Studio 6 build log\n*.plg\n\n# Visual Studio 6 workspace options file\n*.opt\n\n# Visual Studio LightSwitch build output\n**/*.HTMLClient/GeneratedArtifacts\n**/*.DesktopClient/GeneratedArtifacts\n**/*.DesktopClient/ModelManifest.xml\n**/*.Server/GeneratedArtifacts\n**/*.Server/ModelManifest.xml\n_Pvt_Extensions\n\n# LightSwitch generated files\nGeneratedArtifacts/\nModelManifest.xml\n\n# Paket dependency manager\n.paket/paket.exe\n\n# FAKE - F# Make\n.fake/\n/src/SignClient/Properties/launchSettings.json\n/src/SignService/Properties/launchSettings.json\n/src/SignService/App_Data/\n\n/src/SignService/tools/SDK/\n!**/KeyVaultSignToolWrapper/x86/\n!**/KeyVaultSignToolWrapper/x64/\n/src/SignService/Properties/PublishProfiles\n/src/InstallUtility/Properties/launchSettings.json\n/arm/ArmDeploy/azuredeploy.parameters.json\n"
},
{
"path": ".vsts-ci.yml",
"content": "# Pipeline: https://dnceng.visualstudio.com/internal/_build?definitionId=1190\n\nvariables:\n - name: _TeamName\n value: DotNetCore\n - name: Build.Repository.Clean\n value: true\n - name: Codeql.Enabled\n value: true\n - name: Codeql.TSAEnabled\n value: true\n - group: DotNet-Sign-SDLValidation-Params\n - template: /eng/common/templates-official/variables/pool-providers.yml\n\ntrigger:\n batch: true\n branches:\n include:\n - main\n paths:\n exclude:\n - \"*.md\"\n\npr:\n autoCancel: false\n branches:\n include:\n - '*'\n\nresources:\n repositories:\n - repository: 1esPipelines\n type: git\n name: 1ESPipelineTemplates/1ESPipelineTemplates\n ref: refs/tags/release\n\nextends:\n template: v1/1ES.Official.PipelineTemplate.yml@1esPipelines\n parameters:\n settings:\n networkIsolationPolicy: Permissive,CFSClean,CFSClean2\n sdl:\n sourceAnalysisPool:\n name: $(DncEngInternalBuildPool)\n image: 1es-windows-2022\n os: windows\n customBuildTags:\n - ES365AIMigrationTooling\n stages:\n - stage: Build_Windows\n displayName: Build Windows\n jobs:\n - ${{ if and(eq(variables['System.TeamProject'], 'internal'), notin(variables['Build.Reason'], 'PullRequest'), eq(variables['Build.SourceBranch'], 'refs/heads/main')) }}:\n - template: /eng/common/templates-official/job/onelocbuild.yml@self\n parameters:\n LclSource: lclFilesfromPackage\n LclPackageId: 'LCL-JUNO-PROD-SIGNCLI'\n MirrorRepo: sign\n\n - template: /eng/common/templates-official/jobs/jobs.yml@self\n parameters:\n enableMicrobuild: true\n enablePublishBuildArtifacts: true\n enablePublishBuildAssets: true\n enablePublishUsingPipelines: true\n enableTelemetry: true\n jobs:\n - job: Windows\n pool: # See https://helix.dot.net/ for VM names.\n name: NetCore1ESPool-Internal\n demands: ImageOverride -equals windows.vs2022.amd64\n variables:\n # Only enable publishing in official builds.\n - ${{ if and(eq(variables['System.TeamProject'], 'internal'), notin(variables['Build.Reason'], 'PullRequest')) }}:\n # Publish-Build-Assets provides: MaestroAccessToken, BotAccount-dotnet-maestro-bot-PAT\n - group: Publish-Build-Assets\n - name: _SignType\n value: real\n - name: _OfficialBuildArgs\n value: /p:DotNetPublishUsingPipelines=true\n /p:DotNetSignType=$(_SignType)\n /p:OfficialBuildId=$(BUILD.BUILDNUMBER)\n /p:TeamName=$(_TeamName)\n - ${{ else }}:\n - name: _SignType\n value: test\n - name: _OfficialBuildArgs\n value: ''\n strategy:\n matrix:\n Release:\n _BuildConfig: Release\n steps:\n - task: CodeQL3000Init@0\n displayName: Initialize CodeQL\n condition: and(succeeded(), eq(variables['Codeql.Enabled'], 'true'))\n - script: eng\\common\\CIBuild.cmd\n -configuration $(_BuildConfig)\n -prepareMachine\n $(_OfficialBuildArgs)\n name: Build\n displayName: Build and run tests\n condition: succeeded()\n - task: CodeQL3000Finalize@0\n displayName: Finalize CodeQL\n condition: and(succeeded(), eq(variables['Codeql.Enabled'], 'true'))\n # Guardian requires npm.\n - task: NodeTool@0\n inputs:\n versionSpec: '18.x'\n # Validates compiler/linker settings and other security-related binary characteristics.\n # https://github.com/Microsoft/binskim\n # YAML reference: https://eng.ms/docs/security-compliance-identity-and-management-scim/security/azure-security/cloudai-security-fundamentals-engineering/security-integration/guardian-wiki/sdl-azdo-extension/binskim-build-task#v4\n - task: BinSkim@4\n displayName: Run BinSkim\n inputs:\n InputType: Basic\n Function: analyze\n TargetPattern: binskimPattern\n AnalyzeTargetBinskim: $(Build.SourcesDirectory)\\artifacts\\bin\\Sign.Cli\\$(_BuildConfig)\\net8.0\\publish\\*.dll\n AnalyzeSymPath: 'SRV*https://symweb'\n condition: succeededOrFailed()\n - task: PublishTestResults@2\n displayName: 'Publish Unit Test Results'\n inputs:\n testResultsFormat: xUnit\n testResultsFiles: '$(Build.SourcesDirectory)/artifacts/TestResults/**/*.xml'\n mergeTestResults: true\n searchFolder: $(System.DefaultWorkingDirectory)\n testRunTitle: sign unit tests - $(Agent.JobName)\n condition: succeededOrFailed()\n - task: ComponentGovernanceComponentDetection@0\n displayName: Component Governance scan\n inputs:\n ignoreDirectories: '$(Build.SourcesDirectory)/.packages,$(Build.SourcesDirectory)/artifacts/obj/Sign.Cli'\n\n - template: /eng/common/templates-official/post-build/post-build.yml@self\n parameters:\n publishingInfraVersion: 3\n enableSymbolValidation: true\n enableSourceLinkValidation: true\n validateDependsOn:\n - Build_Windows\n publishDependsOn:\n - Validate\n # This is to enable SDL runs part of Post-Build Validation Stage\n SDLValidationParameters:\n enable: true\n params: ' -SourceToolsList @(\"policheck\",\"credscan\")\n -TsaInstanceURL $(_TsaInstanceURL)\n -TsaProjectName $(_TsaProjectName)\n -TsaNotificationEmail $(_TsaNotificationEmail)\n -TsaCodebaseAdmin $(_TsaCodebaseAdmin)\n -TsaBugAreaPath $(_TsaBugAreaPath)\n -TsaIterationPath $(_TsaIterationPath)\n -TsaRepositoryName dotnet-sign\n -TsaCodebaseName dotnet-sign\n -TsaOnboard $True\n -TsaPublish $True\n -PoliCheckAdditionalRunConfigParams @(\"UserExclusionPath < $(Build.SourcesDirectory)/eng/PoliCheckExclusions.xml\")'"
},
{
"path": ".vsts-pr.yml",
"content": "# Pipeline: https://dev.azure.com/dnceng-public/public/_build?definitionId=231\n\nvariables:\n - name: _TeamName\n value: DotNetCore\n - name: Build.Repository.Clean\n value: true\n\ntrigger:\n batch: true\n branches:\n include:\n - main\n paths:\n exclude:\n - \"*.md\"\n\nstages:\n- stage: Build_Windows\n displayName: Build Windows\n jobs:\n - template: /eng/common/templates/jobs/jobs.yml\n parameters:\n enableMicrobuild: true\n jobs:\n - job: Windows\n pool: # See https://helix.dot.net/ for VM names.\n name: NetCore-Public\n demands: ImageOverride -equals windows.vs2022.amd64.open\n variables:\n - name: _SignType\n value: test\n strategy:\n matrix:\n Release:\n _BuildConfig: Release\n steps:\n - script: eng\\common\\CIBuild.cmd\n -configuration $(_BuildConfig)\n -prepareMachine\n name: Build\n displayName: Build and run tests\n condition: succeeded()\n - task: PublishTestResults@2\n displayName: 'Publish test results'\n inputs:\n testResultsFormat: xUnit\n testResultsFiles: '$(Build.SourcesDirectory)/artifacts/TestResults/**/*.xml'\n mergeTestResults: true\n searchFolder: $(System.DefaultWorkingDirectory)\n testRunTitle: sign unit tests - $(Agent.JobName)\n condition: succeededOrFailed()\n - task: PublishBuildArtifacts@1\n displayName: 'Publish log files on failure'\n inputs:\n PathtoPublish: '$(Build.SourcesDirectory)/artifacts/log/$(_BuildConfig)'\n ArtifactName: 'Logs'\n publishLocation: 'Container'\n condition: failed()\n"
},
{
"path": "CODE-OF-CONDUCT.md",
"content": "# Code of Conduct\n\nThis project has adopted the code of conduct defined by the Contributor Covenant\nto clarify expected behavior in our community.\n\nFor more information, see the [.NET Foundation Code of Conduct](https://dotnetfoundation.org/code-of-conduct).\n"
},
{
"path": "Directory.Build.props",
"content": "\n\n \n\n \n true\n $(CopyrightNetFoundation)\n true\n embedded\n true\n true\n strict\n enable\n \n false\n Latest\n \n CS8002\n enable\n MIT\n win-x64\n net8.0\n True\n true\n \n\n \n false\n \n\n \n $(MSBuildThisFileDirectory)\n \n\n \n \n \n\n\n"
},
{
"path": "Directory.Build.targets",
"content": "\n\n \n"
},
{
"path": "Directory.Packages.props",
"content": "\n\n \n true\n true\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n\n"
},
{
"path": "LICENSE.txt",
"content": "The MIT License (MIT)\n\nCopyright (c) .NET Foundation and Contributors\n\nAll rights reserved.\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all\ncopies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\nSOFTWARE.\n"
},
{
"path": "NuGet.Config",
"content": "\n\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n\n"
},
{
"path": "README.md",
"content": "# Sign CLI\n\n[](https://www.dotnetfoundation.org/)\n\nThis project aims to make it easier to integrate secure code signing into a CI pipeline by using cloud-based hardware security module(HSM)-protected keys. This project is part of the [.NET Foundation](https://www.dotnetfoundation.org/) and operates under their [code of conduct](https://www.dotnetfoundation.org/code-of-conduct). It is licensed under [MIT](https://opensource.org/licenses/MIT) (an OSI approved license).\n\nYou can find the latest version of Sign CLI on [NuGet.org](https://www.nuget.org/packages/sign).\n\n## Prerequisites\n\n- An up-to-date x64-based version of Windows currently in [mainstream support](https://learn.microsoft.com/lifecycle/products/)\n- [.NET 8 SDK or later](https://dotnet.microsoft.com/download)\n- [Microsoft Visual C++ 14 runtime](https://aka.ms/vs/17/release/vc_redist.x64.exe)\n\n## Install\n\nTo install Sign CLI in the current directory, open a command prompt and execute:\n\n```\ndotnet tool install --tool-path . --prerelease sign\n```\n\nTo run Sign CLI, execute `sign` from the same directory.\n\n## Design\n\nGiven an initial file path or glob pattern, this tool recursively searches directories and containers to find signable files and containers. For each signable artifact, the tool uses an implementation of [`System.Security.Cryptography.RSA`](https://learn.microsoft.com/dotnet/api/system.security.cryptography.rsa?view=net-8.0) that delegates the signing operation to Azure Key Vault. The tool computes a digest (or hash) of the to-be-signed content and submits the digest --- not the original content --- to Azure Key Vault for digest signing. The returned raw signature value is then incorporated in whatever signature format is appropriate for the file type. Signable content is not sent to Azure Key Vault.\n\nWhile the current version is limited to RSA and Azure Key Vault, it is desirable to support ECDSA and other cloud providers in the future.\n\n## Supported File Types\n\n- `.msi`, `.msp`, `.msm`, `.cab`, `.dll`, `.exe`, `.appx`, `.appxbundle`, `.msix`, `.msixbundle`, `.sys`, `.vxd`, `.ps1`, `.psm1`, and any portable executable (PE) file (via [AzureSignTool](https://github.com/vcsjones/AzureSignTool))\n- `.vsix`\n- ClickOnce `.application` and `.vsto` (via `Mage`). Notes below.\n- `.nupkg`\n\n## ClickOnce\nThere are a couple of possibilities for signing ClickOnce packages.\n\nGenerally you will want to sign an entire package and all its contents i.e. the deployment manifest (`.application` or `.vsto`),\napplication manifest (`.exe.manifest` or `.dll.manifest`) and the underlying `.exe` and `.dll` files themselves.\nTo do this, ensure that the entire contents of the package are available (i.e. the whole `publish` folder from your build) and pass\nthe deployment manifest as the file to sign - the rest of the files will be detected and signed in the proper order automatically.\n\nYou can also re-sign just the deployment manifest in case you want to e.g. change the Deployment URL but leave the rest of the contents the\nsame. To do this, pass the deployment manifest as the file to sign as in the case above, but just don't have the rest of the files\npresent on-disk alongside it. This tool will detect that they're missing and just update the signature on the deployment manifest.\nNote that this is strictly for re-signing an already-signed deployment manifest - you cannot have a signed deployment manifest that\npoints to an un-signed application manifest. You must also take care to sign all manifests with the same certificate otherwise the application\nwill not install.\n\nYou should also use the `filter` parameter with the file list to sign, something like this:\n```\n**/ProjectAddIn1.*\n**/setup.exe\n```\n\n## Best Practices\n\n* Create a [ServicePrincipal with minimum permissions](https://learn.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal). Note that you do not need to assign any subscription-level roles to this identity. Only access to Key Vault is required.\n* Follow [Best practices for using Azure Key Vault](https://learn.microsoft.com/azure/key-vault/general/best-practices). The Premium SKU is required for code signing certificates to meet key storage requirements.\n * If using Azure role-based access control (RBAC), [configure your signing account to have these roles](https://learn.microsoft.com/azure/key-vault/general/rbac-guide?tabs=azure-portal):\n - Key Vault Reader\n - Key Vault Crypto User\n * If using Azure Key Vault access policies, [configure an access policy](https://learn.microsoft.com/azure/key-vault/general/assign-access-policy?tabs=azure-portal) for your signing account to have minimal permissions:\n - Key permissions\n - Cryptographic Operations\n - Sign\n - Key Management Operations\n - Get _(Note: this is only for the public key not the private key.)_\n - Certificate permissions\n - Certificate Management Operations\n - Get\n* Isolate signing operations in a separate leg of your build pipeline.\n* Ensure that this CLI and all input and output files are in a directory under your control.\n* Execute this CLI as a standard user. Elevation is not required.\n* Use [OIDC authentication from your GitHub Action to Azure](https://learn.microsoft.com/azure/developer/github/connect-from-azure?tabs=azure-portal%2Cwindows#use-the-azure-login-action-with-openid-connect).\n\n## Sample Workflows\n\n* [Azure DevOps Pipelines](./docs/azdo-build-and-sign.yml)\n* [GitHub Actions](./docs/gh-build-and-sign.yml)\n\nCode signing is a complex process that may involve multiple signing formats and artifact types. Some artifacts are containers that contain other signable file types. For example, NuGet Packages (`.nupkg`) frequently contain `.dll` files. The signing tool will sign all files inside-out, starting with the most nested files and then the outer files, ensuring everything is signed in the correct order.\n\nSigning `.exe`/`.dll` files, and other Authenticode file types is only possible on Windows at this time. The recommended solution is to build on one agent and sign on another using jobs or stages where the signing steps run on Windows. Running code signing on a separate stage to ensure secrets aren't exposed to the build stage.\n\n### Build Variables\n\nThe following information is needed for the signing build:\n\n* `Tenant Id` Azure AD tenant\n* `Client Id` / `Application Id` ServicePrincipal identifier\n* `Key Vault Url` Url to Key Vault. Must be a Premium Sku for EV code signing certificates and all certificates issued after June 2023\n* `Certificate Id` Id of the certificate in Key Vault.\n* `Client Secret` for Azure DevOps Pipelines\n* `Subscription Id` for GitHub Actions\n\n## Creating a code signing certificate in Azure Key Vault\n\nCode signing certificates must use the `RSA-HSM` key type to ensure the private keys are stored in a FIPS 140-2 compliant manner. While you can import a certificate from a PFX file, if available, the most secure option is to create a new Certificate Signing Request to provide to your certificate authority, and then merge in the public certificate they issue. Detailed steps are available [here](https://learn.microsoft.com/answers/questions/732422/ev-code-signing-with-azure-keyvault-and-azure-pipe).\n\n## Migrating from the legacy code signing service\n\nIf you've been using the legacy code signing service, using `SignClient.exe` to upload files for signing, you can use your existing certificate and Key Vault with this new tool. You will need to create a new ServicePrincipal and assign it permissions as described above.\n\n## FAQ\n\n### What signature algorithms are supported?\n\nAt this time, only RSA PKCS #1 v1.5 is supported.\n\nECDSA is not supported. Not only do some signature providers not support ECDSA, [the Microsoft Trusted Root Program does not support ECDSA code signing.](https://learn.microsoft.com/security/trusted-root/program-requirements#b-signature-requirements)\n\n> **Please Note**: Signatures using elliptical curve cryptography (ECC), such as ECDSA, aren't supported in Windows and newer Windows security features. Users utilizing these algorithms and certificates will face various errors and potential security risks. The Microsoft Trusted Root Program recommends that ECC/ECDSA certificates shouldn't be issued to subscribers due to this known incompatibility and risk.\n\n## Useful Links\n\n* [Issue Triage Policy](triage-policy.md)\n"
},
{
"path": "SECURITY.md",
"content": "\n\n## Security\n\nMicrosoft takes the security of our software products and services seriously, which includes all source code repositories managed through our GitHub organizations, which include [Microsoft](https://github.com/Microsoft), [Azure](https://github.com/Azure), [DotNet](https://github.com/dotnet), [AspNet](https://github.com/aspnet), [Xamarin](https://github.com/xamarin), and [our GitHub organizations](https://opensource.microsoft.com/).\n\nMicrosoft serves as the primary maintainer of this repository. If you believe you have found a security vulnerability that meets [Microsoft's definition of a security vulnerability](https://aka.ms/opensource/security/definition), please report it to us as described below.\n\n## Reporting Security Issues\n\n**Please do not report security vulnerabilities through public GitHub issues.**\n\nInstead, please report them to the Microsoft Security Response Center (MSRC) at [https://msrc.microsoft.com/create-report](https://aka.ms/opensource/security/create-report).\n\nIf you prefer to submit without logging in, send email to [secure@microsoft.com](mailto:secure@microsoft.com). If possible, encrypt your message with our PGP key; please download it from the [Microsoft Security Response Center PGP Key page](https://aka.ms/opensource/security/pgpkey).\n\nYou should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. Additional information can be found at [microsoft.com/msrc](https://aka.ms/opensource/security/msrc). \n\nPlease include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue:\n\n * Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)\n * Full paths of source file(s) related to the manifestation of the issue\n * The location of the affected source code (tag/branch/commit or direct URL)\n * Any special configuration required to reproduce the issue\n * Step-by-step instructions to reproduce the issue\n * Proof-of-concept or exploit code (if possible)\n * Impact of the issue, including how an attacker might exploit the issue\n\nThis information will help us triage your report more quickly.\n\nIf you are reporting for a bug bounty, more complete reports can contribute to a higher bounty award. Please visit our [Microsoft Bug Bounty Program](https://aka.ms/opensource/security/bounty) page for more details about our active programs.\n\n## Preferred Languages\n\nWe prefer all communications to be in English.\n\n## Policy\n\nMicrosoft follows the principle of [Coordinated Vulnerability Disclosure](https://aka.ms/opensource/security/cvd).\n\n\n"
},
{
"path": "SdkTools.props",
"content": "\n\n \n \n \n \n\n \n $(MSBuildProgramFiles32)\\Microsoft SDKs\\Windows\\v10.0A\\bin\\NETFX 4.8 Tools\n \n\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n\n \n \n\n \n \n \n \n\n \n \n %WINDIR%\\System32\\WindowsPowerShell\\v1.0\\powershell.exe \n $(RepositoryRootDirectory)\\scripts\\UpdateWintrust.ps1\n \n\n \n \n\n \n \n true\n tools\\$(TargetFramework)\\any\\tools\\SDK\\x64\n false\n \n \n true\n tools\\$(TargetFramework)\\any\\tools\\SDK\\x64\n false\n \n \n true\n tools\\$(TargetFramework)\\any\\tools\\SDK\\x86\n false\n \n \n\n"
},
{
"path": "THIRD-PARTY-NOTICES.txt",
"content": ".NET Core uses third-party libraries or other resources that may be\ndistributed under licenses different than the .NET Core software.\n\nAttributions and license notices for test cases originally authored by\nthird parties can be found in the respective test directories.\n\nIn the event that we accidentally failed to list a required notice, please\nbring it to our attention. Post an issue or email us:\n\n dotnet@microsoft.com\n\nThe attached notices are provided for information only.\n\nLicense notice for .NET Reference Source\n-------------------------------\n\nThe MIT License (MIT)\n\nCopyright (c) Microsoft Corporation\n\nPermission is hereby granted, free of charge, to any person obtaining a copy \nof this software and associated documentation files (the \"Software\"), to deal \nin the Software without restriction, including without limitation the rights \nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell \ncopies of the Software, and to permit persons to whom the Software is \nfurnished to do so, subject to the following conditions: \n\nThe above copyright notice and this permission notice shall be included in all \ncopies or substantial portions of the Software. \n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR \nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, \nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE \nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER \nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, \nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE \nSOFTWARE.\n\nAvailable at https://github.com/microsoft/referencesource/blob/master/LICENSE.txt\n\n\nLicense notice for Azure SDK for .NET\n-------------------------------\n\nThe MIT License (MIT)\n\nCopyright (c) 2015 Microsoft\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all\ncopies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\nSOFTWARE.\n\nAvailable at https://github.com/Azure/azure-sdk-for-net/blob/main/LICENSE.txt\n\n\nLicense notice for FiddlerCert\n-------------------------------\n\nThe MIT License (MIT)\n\nCopyright (c) 2015 Kevin Jones\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all\ncopies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\nSOFTWARE.\n\nAvailable at https://github.com/vcsjones/FiddlerCert/blob/main/license.txt\n\n\nLicense notice for Wyam\n-------------------------------\n\nThe MIT License (MIT)\n\nCopyright (c) 2014 Dave Glick\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all\ncopies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\nSOFTWARE.\n\nAvailable at https://github.com/Wyamio/Wyam/blob/develop/LICENSE\n\n\nLicense notice for OpenOpcSignTool\n-------------------------------\n\nMIT License\n\nCopyright (c) 2017 Kevin Jones\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all\ncopies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\nSOFTWARE.\n\nAvailable at https://github.com/vcsjones/OpenOpcSignTool/blob/main/LICENSE\n\n\nLicense notice for NuGetKeyVaultSignTool\n-------------------------------\n\nThe MIT License (MIT)\n\nCopyright (c) Claire Novotny\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in\nall copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN\nTHE SOFTWARE.\n\nAvailable at https://github.com/novotnyllc/NuGetKeyVaultSignTool/blob/main/LICENSE\n"
},
{
"path": "docs/artifact-signing-integration.md",
"content": "# Artifact Signing integration for Sign CLI\n\nThis document explains how to use the Sign CLI with a Artifact Signing account to perform code signing using the Artifact Signing provider. See `docs/signing-tool-spec.md` for higher-level background of this tool and the implementation at `src/Sign.SignatureProviders.TrustedSigning` for details.\n\n## Overview\n\nThe Sign CLI includes a `artifact-signing` provider that invokes the Artifact Signing service to obtain certificates and perform remote sign operations. The CLI uses the Azure SDK (`Azure.Identity`) for authentication.\n\nKey concepts for this provider:\n- Endpoint: the service URL for the Artifact Signing account.\n- Account name: the account within the Artifact Signing service.\n- Certificate profile: the certificate profile configured in the account that will be used to sign.\n\nFor more information, see the Artifact Signing [setup documentation](https://learn.microsoft.com/azure/artifact-signing/quickstart).\n\n## Prerequisites\n\n- An Azure subscription and a Artifact Signing account with at least one active certificate profile.\n- An identity (user, service principal, or managed identity) that has the `Artifact Signing Certificate Profile Signer` permission to perform signing.\n\n## How the CLI authenticates\n\nSign CLI uses Azure.Identity's credential chain by default (DefaultAzureCredential). This means the CLI will try an authentication flow automatically (Azure CLI login, environment variables for a service principal, managed identity, etc.). You may also explicitly choose a credential type with `--azure-credential-type`.\n\n## CLI options for Artifact Signing\n\nThe Artifact Signing subcommand is `sign code artifact-signing` and it requires the following options (short forms shown):\n\n- `--artifact-signing-endpoint`, `-ase` : the Artifact Signing service endpoint (URL).\n- `--artifact-signing-account`, `-asa` : the account name in the Artifact Signing service.\n- `--artifact-signing-certificate-profile`, `-ascp` : the certificate profile name to use for signing.\n\nThe Azure authentication options are available on the same command and include `--azure-credential-type` (`-act`) and managed identity options such as `--managed-identity-client-id` (`-mici`). By default, the CLI uses DefaultAzureCredential.\n\n## Examples\n\nReplace placeholders with your values.\n\nExample — sign a file using your current Azure CLI login (DefaultAzureCredential):\n\n```powershell\n# Ensure you're signed into Azure CLI\naz login\n\n# Sign a file using Artifact Signing\nsign code artifact-signing `\n -ase https:// `\n -asa `\n -ascp `\n C:\\path\\to\\artifact.dll\n```\n\nExample — service principal (PowerShell session variables; prefer secrets or pipeline variables in CI):\n\n```powershell\n$env:AZURE_CLIENT_ID = 'your-client-id'\n$env:AZURE_TENANT_ID = 'your-tenant-id'\n\nsign code artifact-signing `\n -ase https:// `\n -asa `\n -ascp `\n C:\\path\\to\\artifact.dll\n```\n\nExample — managed identity (useful for Azure-hosted agents):\n\n```powershell\n# Use managed identity by selecting the credential type explicitly and, if needed, the client id\nsign code artifact-signing `\n -ase https:// `\n -asa `\n -ascp `\n -act managed-identity `\n -mici `\n C:\\path\\to\\artifact.dll\n```\n\nNotes:\n- If you omit `-act`, the CLI uses DefaultAzureCredential, which already supports Azure CLI, environment variables for service principals, managed identities, and workload identity flows.\n- The endpoint URL and exact account/profile names are provided by your Artifact Signing onboarding or Azure portal.\n\n## CI/CD integration tips\n\n- Prefer federated identity (OIDC) or managed identities for CI agents to avoid long-lived secrets. Sign CLI supports workload and managed identity credential flows.\n- Store any required values (endpoint, account, certificate profile) as pipeline secrets or protected variables.\n\n## Troubleshooting\n\n- Authentication errors: verify the authentication method (Azure CLI login, environment variables, or managed identity) and that the identity has permission to the Artifact Signing account.\n- Permission errors: ensure your principal has the necessary rights on the Artifact Signing account and certificate profile. If unsure, contact your Azure admin or the team that provisioned the Artifact Signing account.\n- Endpoint/profile not found: confirm the exact endpoint URL, account name, and certificate profile name from your Artifact Signing account metadata or onboarding docs.\n- See the [Artifact Signing FAQ](https://learn.microsoft.com/azure/artifact-signing/faq) for more information.\n\n## Where to look in this repository\n\n- Implementation of the provider: `src/Sign.SignatureProviders.ArtifactSigning` (see `ArtifactSigningService.cs`, `RSAArtifactSigning.cs` and `ArtifactSigningServiceProvider.cs`).\n- CLI wiring: `src/Sign.Cli/ArtifactSigningCommand.cs` (shows required flags and how Azure credentials are constructed).\n"
},
{
"path": "docs/azdo-build-and-sign.yml",
"content": "trigger:\n- main\n- rel/*\n\npr:\n- main\n- rel/*\n\nstages:\n- stage: Build\n jobs:\n - job: Build\n pool:\n vmImage: ubuntu-latest\n variables:\n BuildConfiguration: Release\n\n steps:\n\n # Build steps \n - task: UseDotNet@2\n displayName: 'Use .NET SDK 6.x'\n inputs:\n version: 6.x\n - task: DotNetCoreCLI@2\n inputs:\n command: pack\n packagesToPack: src/AClassLibrary/AClassLibrary.csproj\n configuration: $(BuildConfiguration)\n packDirectory: $(Build.ArtifactStagingDirectory)/Packages \n verbosityPack: Minimal\n displayName: Build Package\n\n # Publish the artifacts to sign and the file list, if any, as artifacts for the signing stage\n - publish: $(Build.ArtifactStagingDirectory)/Packages \n displayName: Publish Build Artifacts \n artifact: BuildPackages\n\n - publish: config\n displayName: Publish signing file list\n artifact: config\n\n- stage: CodeSign\n dependsOn: Build\n condition: and(succeeded('Build'), not(eq(variables['build.reason'], 'PullRequest'))) # Only run this stage on pushes to the main branch\n jobs:\n - job: CodeSign\n displayName: Code Signing\n pool:\n vmImage: windows-latest # Code signing must run on a Windows agent for Authenticode signing (dll/exe)\n variables:\n - group: Sign Client Credentials # This is a variable group with secrets in it \n\n steps:\n\n # Retreive unsigned artifacts and file list\n - download: current\n artifact: config\n displayName: Download signing file list\n\n - download: current\n artifact: BuildPackages\n displayName: Download build artifacts\n\n - task: UseDotNet@2\n displayName: 'Use .NET SDK 6.x'\n inputs:\n version: 6.x\n\n # Install the code signing tool\n - task: DotNetCoreCLI@2\n inputs:\n command: custom\n custom: tool\n arguments: install --tool-path . sign --version 0.9.0-beta.23127.3\n displayName: Install SignTool tool\n\n # Run the signing command\n - pwsh: |\n .\\sign code azure-key-vault `\n \"**/*.nupkg\" `\n --base-directory \"$(Pipeline.Workspace)\\BuildPackages\" `\n --file-list \"$(Pipeline.Workspace)\\config\\filelist.txt\" `\n --publisher-name \"Contoso\" `\n --description \"One Sign CLI demo\" `\n --description-url \"https://github.com/dotnet/sign\" `\n --azure-key-vault-tenant-id \"$(SignTenantId)\" `\n --azure-key-vault-client-id \"$(SignClientId)\" `\n --azure-key-vault-client-secret '$(SignClientSecret)' `\n --azure-key-vault-certificate \"$(SignKeyVaultCertificate)\" `\n --azure-key-vault-url \"$(SignKeyVaultUrl)\"\n displayName: Sign packages\n \n # Publish the signed packages\n - publish: $(Pipeline.Workspace)/BuildPackages\n displayName: Publish Signed Packages\n artifact: SignedPackages\n"
},
{
"path": "docs/comparisons.md",
"content": "# Signing Comparisons\n\n## NuGet\n\nThe following tables summarize differences between NuGet, dotnet, and Sign CLI's. \n\n### Features\n\nFeature | NuGet CLI | dotnet CLI | Sign CLI\n-- | -- | -- | --\nUse signing certificate from the file system | ✔️ | ✔️ | ❌\nUse signing certificate from a local store | ✔️ | ✔️ | ❌\nUse signing certificate from Azure Key Vault | ❌ | ❌ | ✔️\nIdentify signing certificate by fingerprint | ✔️ | ✔️ | ❌\nIdentify signing certificate by subject name | ✔️ | ✔️ | ❌\nIdentify signing certificate by name (user-defined) | ❌ | ❌ | ✔️\nCan skip timestamping | ✔️ | ✔️ | ❌\nOpt-in required to overwrite already signed package | ✔️ | ✔️ | ❌\nCan sign files (e.g.: *.dll) inside package | ❌ | ❌ | ✔️\nCan verify signed package | ✔️ | ✔️ | ❌\n\n### Platform support\n\nPlatform | NuGet CLI | dotnet CLI | Sign CLI\n-- | -- | -- | --\nWindows x86 | ✔️ | ✔️ | ❌\nWindows x64 | ✔️ | ✔️ | ✔️\nWindows ARM64 | ❌ | ✔️ | ❌\nLinux | ❌ | ✔️* | ❌\nmacOS | ❌ | ✔️* | ❌\n\n\\* NuGet signs packages not files within a package (e.g.: DLL's). On every platform where signing is supported, it is possible to sign a package that contains signable files which are unsigned. Because Authenticode signing is only available on Windows, signing a NuGet package on Linux or macOS can more easily result in a signed package with unsigned files inside. See https://github.com/NuGet/Home/issues/12362.\n\n### Requirements\n\nRequirement | NuGet CLI | dotnet CLI | Sign CLI\n-- | -- | -- | --\n.NET Framework | ✔️ (>= 4.7.2) | ❌ | ❌\n.NET SDK | ❌ | ✔️ (>= 5 on Windows, >= 7 on Linux, N/A on macOS) | ❌\n.NET Runtime | ❌ | ❌ | ✔️ (>= 6)\n\n## References\n* [sign command (NuGet CLI)](https://learn.microsoft.com/en-us/nuget/reference/cli-reference/cli-ref-sign)\n* [dotnet nuget sign](https://learn.microsoft.com/en-us/dotnet/core/tools/dotnet-nuget-sign)"
},
{
"path": "docs/file-globbing.md",
"content": "# File List Filtering and Globbing\n\nThe `code` signing command supports the `--file-list` or `-fl` option. This option specifies a file that contains paths of files to sign or to exclude from signing.\n\nWhen using the file list option you must use a path relative to the working directory (or base directory, if used). You can change the base directory using `--base-directory` or `-b`.\n\nExample:\n\n`sign.exe code certificate-store -cf test.pfx -fl F:\\Sign\\file_sign_list.txt *`\n\n\n## File List Format\n\nYou can provide a list of string patterns (one pattern per line) which describe files to include or exclude, or literal file paths. Filtering uses globbing, and supports advanced features such as brace expansion and negation.\n\nThe following is supported:\n\n* Standard globbing: `*`, `?`, `**` wildcards.\n* Brace expansion: `{a,b}` expands to both `a` and `b`.\n - Nested braces also work: `a{b,c{d,e}f}g` expands to `abg` `acdfg` `acefg`\n* Numeric ranges: `{1..3}` expands to `1`, `2`, `3`.\n* Negation: Patterns starting with `!` exclude files matching that pattern.\n* Escaping: Use `\\{`, `\\}`, or `\\!` to treat these characters literally.\n\n\n## Pattern Examples\n\n| Pattern | Description | Matches Example(s) |\n|------------------------|------------------------------------------|------------------------------|\n|`File.appx` | Include `File.appx` | `File.appx` |\n|`!Installer.msix` | Exclude `Installer.msix` | excludes `Installer.msix` |\n|`*.txt` | All `.txt` files in the current directory | `file.txt`, `notes.txt` |\n|`**/*.cs` | All `.cs` files in all subdirectories | `src/Program.cs` |\n|`docs/{README,HELP}.md` | `docs/README.md` and `docs/HELP.md` | `docs/README.md`, `docs/HELP.md` |\n|`images/*.{png,jpg}` | All `.png` and `.jpg` files in images | `images/a.png`, `images/b.jpg` |\n|`file{1..3}.log` | `file1.log`, `file2.log`, `file3.log` | `file2.log` |\n|`!bin/**` | Exclude everything under `bin` directory | excludes `bin/Debug/app.exe` |\n|`foo/\\{bar\\}.txt` | Matches the literal file `foo/{bar}.txt` | `foo/{bar}.txt` |\n|`!**/obj/**` | Exclude all files in any `obj` directory | excludes `foo/obj/out.log` |\n"
},
{
"path": "docs/gh-build-and-sign.yml",
"content": "name: Build and Sign\n\non:\n push:\n branches: [ \"main\" ]\n pull_request:\n branches: [ \"main\" ]\n\njobs:\n build: \n runs-on: ubuntu-latest\n steps:\n - uses: actions/checkout@v3\n \n # Build steps \n - name: Setup .NET\n uses: actions/setup-dotnet@v3\n with:\n dotnet-version: 6.x\n \n - name: Build Package\n run: dotnet pack --configuration Release src/AClassLibrary/AClassLibrary.csproj\n \n # Publish the artifacts to sign and the file list, if any, as artifacts for the signing stage\n - name: Upload signing file list\n uses: actions/upload-artifact@v3\n with:\n name: config\n path: config\n \n - name: Upload build artifacts\n uses: actions/upload-artifact@v3\n with:\n name: BuildArtifacts\n path: src/AClassLibrary/bin/Release/**/*.nupkg\n \n sign:\n needs: build\n runs-on: windows-latest # Code signing must run on a Windows agent for Authenticode signing (dll/exe)\n if: ${{ github.ref == 'refs/heads/main' }} # Only run this job on pushes to the main branch\n permissions:\n id-token: write # Required for requesting the JWT\n \n steps:\n\n # Download signing configuration and artifacts\n - name: Download signing config\n uses: actions/download-artifact@v3\n with:\n name: config\n path: config\n \n - name: Download build artifacts\n uses: actions/download-artifact@v3\n with:\n name: BuildArtifacts\n path: BuildArtifacts\n \n # .NET is required on the agent for the tool to run\n - name: Setup .NET\n uses: actions/setup-dotnet@v3\n with:\n dotnet-version: '9.x'\n\n # Install the code signing tool \n - name: Install Sign CLI tool\n run: dotnet tool install --tool-path . --prerelease sign\n \n # Login to Azure using a ServicePrincipal configured to authenticate agaist a GitHub Action\n - name: 'Az CLI login'\n uses: azure/login@v1\n with:\n allow-no-subscriptions: true\n client-id: ${{ secrets.AZURE_CLIENT_ID }} # This does not need to be a secret and is just a placeholder\n tenant-id: ${{ secrets.AZURE_TENANT_ID }} # This does not need to be a secret and is just a placeholder\n\n # Run the signing command\n - name: Sign artifacts\n shell: pwsh\n run: >\n ./sign code azure-key-vault\n **/*.nupkg\n --base-directory \"${{ github.workspace }}/BuildArtifacts\"\n --file-list \"${{ github.workspace }}/config/filelist.txt\"\n --publisher-name \"Contoso\"\n --description \"One Sign CLI demo\"\n --description-url \"https://github.com/dotnet/sign\"\n --azure-credential-type \"azure-cli\"\n --azure-key-vault-url \"${{ secrets.KEY_VAULT_URL }}\" # This does not need to be a secret and is just a placeholder\n --azure-key-vault-certificate \"${{ secrets.KEY_VAULT_CERTIFICATE_ID }}\" # This does not need to be a secret and is just a placeholder\n \n # Publish the signed packages\n - name: Upload build artifacts\n uses: actions/upload-artifact@v3\n with:\n name: SignedArtifacts\n path: BuildArtifacts\n"
},
{
"path": "docs/signing-tool-spec.md",
"content": "# Signing CLI tool\n\n## Background\n\nCode signing is a way to provide tamper detection to binary files and provide a way of establishing identity. There are different code signing mechanisms, but the most common on Windows and .NET are based on X.509 certificates.\n\nThere are several technology areas within the Windows and .NET ecosystem that support code signing:\n\n- PE files & certain scripts via Authenticode (dll, exe, ps1, sys)\n- MSIX via Authenticode (msix, msixbundle) & related manifests\n- Visual Studio Extensions (VSIX) via Open Packaging Convention\n- ClickOnce & VSTO via Mage (XML Digital Signatures)\n- NuGet Packages\n\nToday each of these areas has their own tools (SignTool, VISXSignTool, Mage, NuGet) to create signatures. Each tool has its own set of parameters and are written to assume use of the local certificate store API's by default. Without a shared implementation, a new code signing requirement can require individual updates to each tool. In May 2022, the CA/Browser Forum updated its [baseline requirements for publicly trusted code signing certificates](https://cabforum.org/wp-content/uploads/Baseline-Requirements-for-the-Issuance-and-Management-of-Code-Signing.v3.2.pdf) to require that all new code signing certificates issued after June 2023 use hardware security modules (HSM's) to prevent private key theft. While some HSM's contain CSP/KSP support to expose certificates through Windows' certificate store API's, they frequently contain significant limitations, such as requiring an interactive session to authenticate to the device. This makes signing code in the cloud and on build agents extremely difficult for mainline scenarios.\n\nThere are many HSM cloud services, including Azure Key Vault, that meet the updated key storage requirements, however we do not have first-party support for signing code with those services. There are open source community solutions to fill this gap, such as:\n\n* [AzureSignTool](https://github.com/vcsjones/AzureSignTool)\n* [NuGetKeyVaultSignTool](https://github.com/novotnyllc/NuGetKeyVaultSignTool)\n* [OpenOpcSignTool](https://github.com/vcsjones/OpenOpcSignTool)\n\nThe [.NET Foundation Signing Service](https://github.com/dotnet/sign/tree/legacy-service/servicing) builds on these solutions, adds additional supported file formats, and orchestrates signing the various file types in the right order.\n\nWhile existing community solutions help, they leave the complicated work of signing the files in the right order to each user and support only Azure Key Vault. With the [announcement](https://techcommunity.microsoft.com/t5/security-compliance-and-identity/azure-code-signing-democratizing-trust-for-developers-and/ba-p/3604669) of Azure Code Signing and the move towards HSM's, there's a need to support multiple code signing providers in our signing tools.\n\n## Challenges\n\nThere are a few challenges around code signing:\n\n### Local Certificates\n\nToday the code signing tooling in the Windows and .NET SDK uses PFX (public/private certificate key pair files or the local certificate store for obtaining certificates). There risks to this approach:\n\n- PFX files are targets in data breaches; their passwords can be cracked\n- Certificates in a local store can be used by any app/malware\n- There’s no revocation mechanism for a user's access to the certificate; they always have it\n- No auditing of signing operations possible\n- EV code signing certificates aren’t easily supported as they require FIPS 140-2 hardware devices with drivers\n\nIn May 2022, the CA/Browser Forum updated its baseline requirements to require HSM's so local certificates will no longer be issued for publicly trusted code signing certificates. The only support the current signing tools have for this scenario is via CSP/KSP drivers provided by some HSM vendors, and those do not work well for cloud-based build agents. The current tools would need new investment to support different backends.\n\n### Orchestration\n\nAn application/library package typically contains multiple assets that need to be signed. For example, a NuGet package (`.nupkg` file) contains `.dll` files that also must be signed. A ClickOnce or MSIX package also contains `.dll` or `.exe` files that need to be signed. A `.vsix` file can contain `.dll` files and `.nupkg` file that must be signed. These files need to be signed \"inside out\" to ensure the proper sequence. That is, a `.vsix` containing a `.nupkg` needs to extract the inner `.nupkg` to sign the contained `.dll` files, then sign the `.nupkg` and any other `.dll` files, then repack and sign the `.vsix`. Other types, like ClickOnce and MSIX may contain manifest files that also must be updated during these operations.\n\nTo properly sign all assets, multiple signing tools must be used, and each tool has its own command line syntax, options, and default. The process of code signing is error-prone and hard to get right. The signing tool addresses these challenges by unifying the interface into a single set of options.\n\n## Proposal\n\nCreate a modern signing tool to eventually replace the existing tools. The tool will handle all of our first party signing formats, orchestrate signing files in the right order, and have extensibility to support multiple raw signature providers. As our customers use a variety of clouds and HSM's, the extensibility will enable us to meet our customers' needs wherever they store their certificates.\n\nWhile some of this could be done via an MSBuild task, a CLI tool is preferable to MSBuild tasks for a couple reasons:\n\n- **Performance:** During a build, many binary artifacts are created that need to be signed. A multi-targeted NuGet package may contain several `.dll` files. An application will likely contain more than one file that needs to be signed. It's much more efficient to pass them all to a signing tool where parallelism is possible than to sign during the inner-loop.\n- **Security:** Code signing is a sensitive operation that requires credentials/secrets. Use of these secrets should be as limited as possible to prevent leakage into the rest of a build pipeline, such as log files or unrelated build tasks. Ideally, a CI pipeline should contain a separate stage for code signing to ensure that credentials are never unintentionally exposed to a build stage.\n- **Platform:** Authenticode is currently limited to Windows. Thus, while it's possible to sign a NuGet or VSIX cross-platform, the DLL's inside can't be signed unless running on Windows. With the NuGet packages being developer-only artifacts--they're not shipped with the apps--it's critical that the DLL's inside are also signed. Builds for binaries may run on any platform, but as signing is a discreet step in most CI pipelines, it's reasonable to require a Windows build agent for this task.\n\n### Roadmap\n\nThe scope of the preview release will be limited to the existing funtionality currently in the service. The remaining functionality in this spec will be delivered in a later 1.0 release. The .NET Foundation has a dependency on this tool being delivered by [June 30, 2023](https://learn.microsoft.com/en-us/answers/questions/768833/when-is-adal-and-azure-ad-graph-reaching-end-of-li.html).\n\n#### Preview\n\n**Goals**\n\n- Support for Authenticode, VSIX, NuGet (author signature), ClickOnce\n- Only run on Windows x64.\n- Support a single certificate for all files in the operation.\n\n**Non-Goals**\n\n- Strong Name signing won't be in v1; guidance is to use an snk not based on a cert. If easy, perhaps can revisit.\n- Containers, including Notary v2 support.\n- Extensibility. v1 will support different signing providers.\n- Support Authenticode on platforms other than Windows x64. Future work will be required to support ARM64 and non-Windows hosts. Support for certain file types may be limited due to platform support.\n- Offline distribution.\n\n#### v1\n\n**Goals**\n\n- Extensibility mechanism to support different code signing providers with a dynamic lookup so the core client remains agnostic of the backend\n- Offline distribution for core plus backend provider\n- Three providers: Certificate Store, Azure Key Vault, Azure Code Signing\n- Support for additional formats: [.HLKX](https://github.com/dotnet/sign/issues/422), [VBA](https://github.com/dotnet/sign/issues/364)\n- Verification of signatures\n\n\n"
},
{
"path": "eng/PoliCheckExclusions.xml",
"content": "\n\n \n \n \n \n \n \n \n \n \n .DOTNET\n"
},
{
"path": "eng/Signing.props",
"content": "\n\n \n true\n \n\n \n \n \n \n\n \n \n \n \n \n \n \n"
},
{
"path": "eng/Version.Details.xml",
"content": "\n\n \n \n \n \n \n https://github.com/dotnet/arcade\n 58713cb9a664ed67642127fcaf70b8c0c3b55ef2\n \n \n\n"
},
{
"path": "eng/Versions.props",
"content": "\n \n \n \n 0.9.1\n beta\n \n true\n \n \n \n 6.0.0\n 4.6.3\n 6.1.3\n \n \n 1.1.1\n 4.5.5\n 6.0.1\n \n \n \n 9.0.0-beta.24223.1\n \n 4.3.0\n \n 2.0.3\n \n \n 6.13.2\n 6.13.2\n 6.13.2\n 6.13.2\n 6.13.2\n \n 5.0.0\n 6.0.4\n 6.0.4\n 6.0.4\n 9.0.100-baseline.1.23464.1\n 6.0.4\n 8.0.0-preview.6.23326.2\n 6.0.3\n 6.0.4\n 6.0.21\n 6.0.22\n 15.2.302-preview.14.122\n 16.0.527\n 9.0.0-preview.6.24327.7\n \n 17.5.0\n \n\n"
},
{
"path": "eng/common/BuildConfiguration/build-configuration.json",
"content": "{\n \"RetryCountLimit\": 1,\n \"RetryByAnyError\": false\n}\n"
},
{
"path": "eng/common/CIBuild.cmd",
"content": "@echo off\npowershell -ExecutionPolicy ByPass -NoProfile -command \"& \"\"\"%~dp0Build.ps1\"\"\" -restore -build -test -sign -pack -publish -ci %*\"\n"
},
{
"path": "eng/common/PSScriptAnalyzerSettings.psd1",
"content": "@{\n IncludeRules=@('PSAvoidUsingCmdletAliases',\n 'PSAvoidUsingWMICmdlet',\n 'PSAvoidUsingPositionalParameters',\n 'PSAvoidUsingInvokeExpression',\n 'PSUseDeclaredVarsMoreThanAssignments',\n 'PSUseCmdletCorrectly',\n 'PSStandardDSCFunctionsInResource',\n 'PSUseIdenticalMandatoryParametersForDSC',\n 'PSUseIdenticalParametersForDSC')\n}"
},
{
"path": "eng/common/README.md",
"content": "# Don't touch this folder\n\n uuuuuuuuuuuuuuuuuuuu\n u\" uuuuuuuuuuuuuuuuuu \"u\n u\" u$$$$$$$$$$$$$$$$$$$$u \"u\n u\" u$$$$$$$$$$$$$$$$$$$$$$$$u \"u\n u\" u$$$$$$$$$$$$$$$$$$$$$$$$$$$$u \"u\n u\" u$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$u \"u\n u\" u$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$u \"u\n $ $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ $\n $ $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ $\n $ $$$\" ... \"$... ...$\" ... \"$$$ ... \"$$$ $\n $ $$$u `\"$$$$$$$ $$$ $$$$$ $$ $$$ $$$ $\n $ $$$$$$uu \"$$$$ $$$ $$$$$ $$ \"\"\" u$$$ $\n $ $$$\"\"$$$ $$$$ $$$u \"$$$\" u$$ $$$$$$$$ $\n $ $$$$....,$$$$$..$$$$$....,$$$$..$$$$$$$$ $\n $ $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ $\n \"u \"$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$\" u\"\n \"u \"$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$\" u\"\n \"u \"$$$$$$$$$$$$$$$$$$$$$$$$$$$$\" u\"\n \"u \"$$$$$$$$$$$$$$$$$$$$$$$$\" u\"\n \"u \"$$$$$$$$$$$$$$$$$$$$\" u\"\n \"u \"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\" u\"\n \"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\n\n!!! Changes made in this directory are subject to being overwritten by automation !!!\n\nThe files in this directory are shared by all Arcade repos and managed by automation. If you need to make changes to these files, open an issue or submit a pull request to https://github.com/dotnet/arcade first.\n"
},
{
"path": "eng/common/SetupNugetSources.ps1",
"content": "# This script adds internal feeds required to build commits that depend on internal package sources. For instance,\n# dotnet6-internal would be added automatically if dotnet6 was found in the nuget.config file. Similarly,\n# dotnet-eng-internal and dotnet-tools-internal are added if dotnet-eng and dotnet-tools are present.\n# In addition, this script also enables disabled internal Maestro (darc-int*) feeds.\n#\n# Optionally, this script also adds a credential entry for each of the internal feeds if supplied.\n#\n# See example call for this script below.\n#\n# - task: PowerShell@2\n# displayName: Setup internal Feeds Credentials\n# condition: eq(variables['Agent.OS'], 'Windows_NT')\n# inputs:\n# filePath: $(System.DefaultWorkingDirectory)/eng/common/SetupNugetSources.ps1\n# arguments: -ConfigFile $(System.DefaultWorkingDirectory)/NuGet.config -Password $Env:Token\n# env:\n# Token: $(dn-bot-dnceng-artifact-feeds-rw)\n#\n# Note that the NuGetAuthenticate task should be called after SetupNugetSources.\n# This ensures that:\n# - Appropriate creds are set for the added internal feeds (if not supplied to the scrupt)\n# - The credential provider is installed.\n#\n# This logic is also abstracted into enable-internal-sources.yml.\n\n[CmdletBinding()]\nparam (\n [Parameter(Mandatory = $true)][string]$ConfigFile,\n $Password\n)\n\n$ErrorActionPreference = \"Stop\"\nSet-StrictMode -Version 2.0\n[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12\n\n. $PSScriptRoot\\tools.ps1\n\n# Adds or enables the package source with the given name\nfunction AddOrEnablePackageSource($sources, $disabledPackageSources, $SourceName, $SourceEndPoint, $creds, $Username, $pwd) {\n if ($disabledPackageSources -eq $null -or -not (EnableInternalPackageSource -DisabledPackageSources $disabledPackageSources -Creds $creds -PackageSourceName $SourceName)) {\n AddPackageSource -Sources $sources -SourceName $SourceName -SourceEndPoint $SourceEndPoint -Creds $creds -Username $userName -pwd $Password\n }\n}\n\n# Add source entry to PackageSources\nfunction AddPackageSource($sources, $SourceName, $SourceEndPoint, $creds, $Username, $pwd) {\n $packageSource = $sources.SelectSingleNode(\"add[@key='$SourceName']\")\n \n if ($packageSource -eq $null)\n {\n Write-Host \"Adding package source $SourceName\"\n\n $packageSource = $doc.CreateElement(\"add\")\n $packageSource.SetAttribute(\"key\", $SourceName)\n $packageSource.SetAttribute(\"value\", $SourceEndPoint)\n $sources.AppendChild($packageSource) | Out-Null\n }\n else {\n Write-Host \"Package source $SourceName already present and enabled.\"\n }\n\n AddCredential -Creds $creds -Source $SourceName -Username $Username -pwd $pwd\n}\n\n# Add a credential node for the specified source\nfunction AddCredential($creds, $source, $username, $pwd) {\n # If no cred supplied, don't do anything.\n if (!$pwd) {\n return;\n }\n\n Write-Host \"Inserting credential for feed: \" $source\n\n # Looks for credential configuration for the given SourceName. Create it if none is found.\n $sourceElement = $creds.SelectSingleNode($Source)\n if ($sourceElement -eq $null)\n {\n $sourceElement = $doc.CreateElement($Source)\n $creds.AppendChild($sourceElement) | Out-Null\n }\n\n # Add the node to the credential if none is found.\n $usernameElement = $sourceElement.SelectSingleNode(\"add[@key='Username']\")\n if ($usernameElement -eq $null)\n {\n $usernameElement = $doc.CreateElement(\"add\")\n $usernameElement.SetAttribute(\"key\", \"Username\")\n $sourceElement.AppendChild($usernameElement) | Out-Null\n }\n $usernameElement.SetAttribute(\"value\", $Username)\n\n # Add the to the credential if none is found.\n # Add it as a clear text because there is no support for encrypted ones in non-windows .Net SDKs.\n # -> https://github.com/NuGet/Home/issues/5526\n $passwordElement = $sourceElement.SelectSingleNode(\"add[@key='ClearTextPassword']\")\n if ($passwordElement -eq $null)\n {\n $passwordElement = $doc.CreateElement(\"add\")\n $passwordElement.SetAttribute(\"key\", \"ClearTextPassword\")\n $sourceElement.AppendChild($passwordElement) | Out-Null\n }\n \n $passwordElement.SetAttribute(\"value\", $pwd)\n}\n\n# Enable all darc-int package sources.\nfunction EnableMaestroInternalPackageSources($DisabledPackageSources, $Creds) {\n $maestroInternalSources = $DisabledPackageSources.SelectNodes(\"add[contains(@key,'darc-int')]\")\n ForEach ($DisabledPackageSource in $maestroInternalSources) {\n EnableInternalPackageSource -DisabledPackageSources $DisabledPackageSources -Creds $Creds -PackageSourceName $DisabledPackageSource.key\n }\n}\n\n# Enables an internal package source by name, if found. Returns true if the package source was found and enabled, false otherwise.\nfunction EnableInternalPackageSource($DisabledPackageSources, $Creds, $PackageSourceName) {\n $DisabledPackageSource = $DisabledPackageSources.SelectSingleNode(\"add[@key='$PackageSourceName']\")\n if ($DisabledPackageSource) {\n Write-Host \"Enabling internal source '$($DisabledPackageSource.key)'.\"\n \n # Due to https://github.com/NuGet/Home/issues/10291, we must actually remove the disabled entries\n $DisabledPackageSources.RemoveChild($DisabledPackageSource)\n\n AddCredential -Creds $creds -Source $DisabledPackageSource.Key -Username $userName -pwd $Password\n return $true\n }\n return $false\n}\n\nif (!(Test-Path $ConfigFile -PathType Leaf)) {\n Write-PipelineTelemetryError -Category 'Build' -Message \"Eng/common/SetupNugetSources.ps1 returned a non-zero exit code. Couldn't find the NuGet config file: $ConfigFile\"\n ExitWithExitCode 1\n}\n\n# Load NuGet.config\n$doc = New-Object System.Xml.XmlDocument\n$filename = (Get-Item $ConfigFile).FullName\n$doc.Load($filename)\n\n# Get reference to - fail if none exist\n$sources = $doc.DocumentElement.SelectSingleNode(\"packageSources\")\nif ($sources -eq $null) {\n Write-PipelineTelemetryError -Category 'Build' -Message \"Eng/common/SetupNugetSources.ps1 returned a non-zero exit code. NuGet config file must contain a packageSources section: $ConfigFile\"\n ExitWithExitCode 1\n}\n\n$creds = $null\n$feedSuffix = \"v3/index.json\"\nif ($Password) {\n $feedSuffix = \"v2\"\n # Looks for a node. Create it if none is found.\n $creds = $doc.DocumentElement.SelectSingleNode(\"packageSourceCredentials\")\n if ($creds -eq $null) {\n $creds = $doc.CreateElement(\"packageSourceCredentials\")\n $doc.DocumentElement.AppendChild($creds) | Out-Null\n }\n}\n\n$userName = \"dn-bot\"\n\n# Check for disabledPackageSources; we'll enable any darc-int ones we find there\n$disabledSources = $doc.DocumentElement.SelectSingleNode(\"disabledPackageSources\")\nif ($disabledSources -ne $null) {\n Write-Host \"Checking for any darc-int disabled package sources in the disabledPackageSources node\"\n EnableMaestroInternalPackageSources -DisabledPackageSources $disabledSources -Creds $creds\n}\n$dotnetVersions = @('5','6','7','8','9','10')\n\nforeach ($dotnetVersion in $dotnetVersions) {\n $feedPrefix = \"dotnet\" + $dotnetVersion;\n $dotnetSource = $sources.SelectSingleNode(\"add[@key='$feedPrefix']\")\n if ($dotnetSource -ne $null) {\n AddOrEnablePackageSource -Sources $sources -DisabledPackageSources $disabledSources -SourceName \"$feedPrefix-internal\" -SourceEndPoint \"https://pkgs.dev.azure.com/dnceng/internal/_packaging/$feedPrefix-internal/nuget/$feedSuffix\" -Creds $creds -Username $userName -pwd $Password\n AddOrEnablePackageSource -Sources $sources -DisabledPackageSources $disabledSources -SourceName \"$feedPrefix-internal-transport\" -SourceEndPoint \"https://pkgs.dev.azure.com/dnceng/internal/_packaging/$feedPrefix-internal-transport/nuget/$feedSuffix\" -Creds $creds -Username $userName -pwd $Password\n }\n}\n\n# Check for dotnet-eng and add dotnet-eng-internal if present\n$dotnetEngSource = $sources.SelectSingleNode(\"add[@key='dotnet-eng']\")\nif ($dotnetEngSource -ne $null) {\n AddOrEnablePackageSource -Sources $sources -DisabledPackageSources $disabledSources -SourceName \"dotnet-eng-internal\" -SourceEndPoint \"https://pkgs.dev.azure.com/dnceng/internal/_packaging/dotnet-eng-internal/nuget/$feedSuffix\" -Creds $creds -Username $userName -pwd $Password\n}\n\n# Check for dotnet-tools and add dotnet-tools-internal if present\n$dotnetToolsSource = $sources.SelectSingleNode(\"add[@key='dotnet-tools']\")\nif ($dotnetToolsSource -ne $null) {\n AddOrEnablePackageSource -Sources $sources -DisabledPackageSources $disabledSources -SourceName \"dotnet-tools-internal\" -SourceEndPoint \"https://pkgs.dev.azure.com/dnceng/internal/_packaging/dotnet-tools-internal/nuget/$feedSuffix\" -Creds $creds -Username $userName -pwd $Password\n}\n\n$doc.Save($filename)\n"
},
{
"path": "eng/common/SetupNugetSources.sh",
"content": "#!/usr/bin/env bash\n\n# This script adds internal feeds required to build commits that depend on internal package sources. For instance,\n# dotnet6-internal would be added automatically if dotnet6 was found in the nuget.config file. Similarly,\n# dotnet-eng-internal and dotnet-tools-internal are added if dotnet-eng and dotnet-tools are present.\n# In addition, this script also enables disabled internal Maestro (darc-int*) feeds.\n# \n# Optionally, this script also adds a credential entry for each of the internal feeds if supplied.\n#\n# See example call for this script below.\n#\n# - task: Bash@3\n# displayName: Setup Internal Feeds\n# inputs:\n# filePath: $(System.DefaultWorkingDirectory)/eng/common/SetupNugetSources.sh\n# arguments: $(System.DefaultWorkingDirectory)/NuGet.config\n# condition: ne(variables['Agent.OS'], 'Windows_NT')\n# - task: NuGetAuthenticate@1\n#\n# Note that the NuGetAuthenticate task should be called after SetupNugetSources.\n# This ensures that:\n# - Appropriate creds are set for the added internal feeds (if not supplied to the scrupt)\n# - The credential provider is installed.\n#\n# This logic is also abstracted into enable-internal-sources.yml.\n\nConfigFile=$1\nCredToken=$2\nNL='\\n'\nTB=' '\n\nsource=\"${BASH_SOURCE[0]}\"\n\n# resolve $source until the file is no longer a symlink\nwhile [[ -h \"$source\" ]]; do\n scriptroot=\"$( cd -P \"$( dirname \"$source\" )\" && pwd )\"\n source=\"$(readlink \"$source\")\"\n # if $source was a relative symlink, we need to resolve it relative to the path where the\n # symlink file was located\n [[ $source != /* ]] && source=\"$scriptroot/$source\"\ndone\nscriptroot=\"$( cd -P \"$( dirname \"$source\" )\" && pwd )\"\n\n. \"$scriptroot/tools.sh\"\n\nif [ ! -f \"$ConfigFile\" ]; then\n Write-PipelineTelemetryError -Category 'Build' \"Error: Eng/common/SetupNugetSources.sh returned a non-zero exit code. Couldn't find the NuGet config file: $ConfigFile\"\n ExitWithExitCode 1\nfi\n\nif [[ `uname -s` == \"Darwin\" ]]; then\n NL=$'\\\\\\n'\n TB=''\nfi\n\n# Enables an internal package source by name, if found. Returns 0 if found and enabled, 1 if not found.\nEnableInternalPackageSource() {\n local PackageSourceName=\"$1\"\n \n # Check if disabledPackageSources section exists\n grep -i \"\" \"$ConfigFile\" > /dev/null\n if [ \"$?\" != \"0\" ]; then\n return 1 # No disabled sources section\n fi\n \n # Check if this source name is disabled\n grep -i \" /dev/null\n if [ \"$?\" == \"0\" ]; then\n echo \"Enabling internal source '$PackageSourceName'.\"\n # Remove the disabled entry (including any surrounding comments or whitespace on the same line)\n sed -i.bak \"//d\" \"$ConfigFile\"\n \n # Add the source name to PackageSources for credential handling\n PackageSources+=(\"$PackageSourceName\")\n return 0 # Found and enabled\n fi\n \n return 1 # Not found in disabled sources\n}\n\n# Add source entry to PackageSources\nAddPackageSource() {\n local SourceName=\"$1\"\n local SourceEndPoint=\"$2\"\n \n # Check if source already exists\n grep -i \" /dev/null\n if [ \"$?\" == \"0\" ]; then\n echo \"Package source $SourceName already present and enabled.\"\n PackageSources+=(\"$SourceName\")\n return\n fi\n \n echo \"Adding package source $SourceName\"\n PackageSourcesNodeFooter=\"\"\n PackageSourceTemplate=\"${TB}\"\n \n sed -i.bak \"s|$PackageSourcesNodeFooter|$PackageSourceTemplate${NL}$PackageSourcesNodeFooter|\" \"$ConfigFile\"\n PackageSources+=(\"$SourceName\")\n}\n\n# Adds or enables the package source with the given name\nAddOrEnablePackageSource() {\n local SourceName=\"$1\"\n local SourceEndPoint=\"$2\"\n \n # Try to enable if disabled, if not found then add new source\n EnableInternalPackageSource \"$SourceName\"\n if [ \"$?\" != \"0\" ]; then\n AddPackageSource \"$SourceName\" \"$SourceEndPoint\"\n fi\n}\n\n# Enable all darc-int package sources\nEnableMaestroInternalPackageSources() {\n # Check if disabledPackageSources section exists\n grep -i \"\" \"$ConfigFile\" > /dev/null\n if [ \"$?\" != \"0\" ]; then\n return # No disabled sources section\n fi\n \n # Find all darc-int disabled sources\n local DisabledDarcIntSources=()\n DisabledDarcIntSources+=$(grep -oh '\"darc-int-[^\"]*\" value=\"true\"' \"$ConfigFile\" | tr -d '\"')\n \n for DisabledSourceName in ${DisabledDarcIntSources[@]} ; do\n if [[ $DisabledSourceName == darc-int* ]]; then\n EnableInternalPackageSource \"$DisabledSourceName\"\n fi\n done\n}\n\n# Ensure there is a ... section.\ngrep -i \"\" $ConfigFile\nif [ \"$?\" != \"0\" ]; then\n Write-PipelineTelemetryError -Category 'Build' \"Error: Eng/common/SetupNugetSources.sh returned a non-zero exit code. NuGet config file must contain a packageSources section: $ConfigFile\"\n ExitWithExitCode 1\nfi\n\nPackageSources=()\n\n# Set feed suffix based on whether credentials are provided\nFeedSuffix=\"v3/index.json\"\nif [ -n \"$CredToken\" ]; then\n FeedSuffix=\"v2\"\n \n # Ensure there is a ... section.\n grep -i \"\" $ConfigFile\n if [ \"$?\" != \"0\" ]; then\n echo \"Adding ... section.\"\n\n PackageSourcesNodeFooter=\"\"\n PackageSourceCredentialsTemplate=\"${TB}${NL}${TB}\"\n\n sed -i.bak \"s|$PackageSourcesNodeFooter|$PackageSourcesNodeFooter${NL}$PackageSourceCredentialsTemplate|\" $ConfigFile\n fi\nfi\n\n# Check for disabledPackageSources; we'll enable any darc-int ones we find there\ngrep -i \"\" $ConfigFile > /dev/null\nif [ \"$?\" == \"0\" ]; then\n echo \"Checking for any darc-int disabled package sources in the disabledPackageSources node\"\n EnableMaestroInternalPackageSources\nfi\n\nDotNetVersions=('5' '6' '7' '8' '9' '10')\n\nfor DotNetVersion in ${DotNetVersions[@]} ; do\n FeedPrefix=\"dotnet${DotNetVersion}\";\n grep -i \" /dev/null\n if [ \"$?\" == \"0\" ]; then\n AddOrEnablePackageSource \"$FeedPrefix-internal\" \"https://pkgs.dev.azure.com/dnceng/internal/_packaging/$FeedPrefix-internal/nuget/$FeedSuffix\"\n AddOrEnablePackageSource \"$FeedPrefix-internal-transport\" \"https://pkgs.dev.azure.com/dnceng/internal/_packaging/$FeedPrefix-internal-transport/nuget/$FeedSuffix\"\n fi\ndone\n\n# Check for dotnet-eng and add dotnet-eng-internal if present\ngrep -i \" /dev/null\nif [ \"$?\" == \"0\" ]; then\n AddOrEnablePackageSource \"dotnet-eng-internal\" \"https://pkgs.dev.azure.com/dnceng/internal/_packaging/dotnet-eng-internal/nuget/$FeedSuffix\"\nfi\n\n# Check for dotnet-tools and add dotnet-tools-internal if present\ngrep -i \" /dev/null\nif [ \"$?\" == \"0\" ]; then\n AddOrEnablePackageSource \"dotnet-tools-internal\" \"https://pkgs.dev.azure.com/dnceng/internal/_packaging/dotnet-tools-internal/nuget/$FeedSuffix\"\nfi\n\n# I want things split line by line\nPrevIFS=$IFS\nIFS=$'\\n'\nPackageSources+=\"$IFS\"\nPackageSources+=$(grep -oh '\"darc-int-[^\"]*\"' $ConfigFile | tr -d '\"')\nIFS=$PrevIFS\n\nif [ \"$CredToken\" ]; then\n for FeedName in ${PackageSources[@]} ; do\n # Check if there is no existing credential for this FeedName\n grep -i \"<$FeedName>\" $ConfigFile \n if [ \"$?\" != \"0\" ]; then\n echo \"\tInserting credential for feed: $FeedName\"\n\n PackageSourceCredentialsNodeFooter=\"\"\n NewCredential=\"${TB}${TB}<$FeedName>${NL}${TB}${NL}${TB}${TB}${NL}${TB}${TB}\"\n\n sed -i.bak \"s|$PackageSourceCredentialsNodeFooter|$NewCredential${NL}$PackageSourceCredentialsNodeFooter|\" $ConfigFile\n fi\n done\nfi\n"
},
{
"path": "eng/common/build.cmd",
"content": "@echo off\npowershell -ExecutionPolicy ByPass -NoProfile -command \"& \"\"\"%~dp0build.ps1\"\"\" %*\"\nexit /b %ErrorLevel%\n"
},
{
"path": "eng/common/build.ps1",
"content": "[CmdletBinding(PositionalBinding=$false)]\nParam(\n [string][Alias('c')]$configuration = \"Debug\",\n [string]$platform = $null,\n [string] $projects,\n [string][Alias('v')]$verbosity = \"minimal\",\n [string] $msbuildEngine = $null,\n [bool] $warnAsError = $true,\n [bool] $nodeReuse = $true,\n [switch] $buildCheck = $false,\n [switch][Alias('r')]$restore,\n [switch] $deployDeps,\n [switch][Alias('b')]$build,\n [switch] $rebuild,\n [switch] $deploy,\n [switch][Alias('t')]$test,\n [switch] $integrationTest,\n [switch] $performanceTest,\n [switch] $sign,\n [switch] $pack,\n [switch] $publish,\n [switch] $clean,\n [switch][Alias('pb')]$productBuild,\n [switch]$fromVMR,\n [switch][Alias('bl')]$binaryLog,\n [switch][Alias('nobl')]$excludeCIBinarylog,\n [switch] $ci,\n [switch] $prepareMachine,\n [string] $runtimeSourceFeed = '',\n [string] $runtimeSourceFeedKey = '',\n [switch] $excludePrereleaseVS,\n [switch] $nativeToolsOnMachine,\n [switch] $help,\n [Parameter(ValueFromRemainingArguments=$true)][String[]]$properties\n)\n\n# Unset 'Platform' environment variable to avoid unwanted collision in InstallDotNetCore.targets file\n# some computer has this env var defined (e.g. Some HP)\nif($env:Platform) {\n $env:Platform=\"\" \n}\nfunction Print-Usage() {\n Write-Host \"Common settings:\"\n Write-Host \" -configuration Build configuration: 'Debug' or 'Release' (short: -c)\"\n Write-Host \" -platform Platform configuration: 'x86', 'x64' or any valid Platform value to pass to msbuild\"\n Write-Host \" -verbosity Msbuild verbosity: q[uiet], m[inimal], n[ormal], d[etailed], and diag[nostic] (short: -v)\"\n Write-Host \" -binaryLog Output binary log (short: -bl)\"\n Write-Host \" -help Print help and exit\"\n Write-Host \"\"\n\n Write-Host \"Actions:\"\n Write-Host \" -restore Restore dependencies (short: -r)\"\n Write-Host \" -build Build solution (short: -b)\"\n Write-Host \" -rebuild Rebuild solution\"\n Write-Host \" -deploy Deploy built VSIXes\"\n Write-Host \" -deployDeps Deploy dependencies (e.g. VSIXes for integration tests)\"\n Write-Host \" -test Run all unit tests in the solution (short: -t)\"\n Write-Host \" -integrationTest Run all integration tests in the solution\"\n Write-Host \" -performanceTest Run all performance tests in the solution\"\n Write-Host \" -pack Package build outputs into NuGet packages and Willow components\"\n Write-Host \" -sign Sign build outputs\"\n Write-Host \" -publish Publish artifacts (e.g. symbols)\"\n Write-Host \" -clean Clean the solution\"\n Write-Host \" -productBuild Build the solution in the way it will be built in the full .NET product (VMR) build (short: -pb)\"\n Write-Host \"\"\n\n Write-Host \"Advanced settings:\"\n Write-Host \" -projects Semi-colon delimited list of sln/proj's to build. Globbing is supported (*.sln)\"\n Write-Host \" -ci Set when running on CI server\"\n Write-Host \" -excludeCIBinarylog Don't output binary log (short: -nobl)\"\n Write-Host \" -prepareMachine Prepare machine for CI run, clean up processes after build\"\n Write-Host \" -warnAsError Sets warnaserror msbuild parameter ('true' or 'false')\"\n Write-Host \" -msbuildEngine Msbuild engine to use to run build ('dotnet', 'vs', or unspecified).\"\n Write-Host \" -excludePrereleaseVS Set to exclude build engines in prerelease versions of Visual Studio\"\n Write-Host \" -nativeToolsOnMachine Sets the native tools on machine environment variable (indicating that the script should use native tools on machine)\"\n Write-Host \" -nodeReuse Sets nodereuse msbuild parameter ('true' or 'false')\"\n Write-Host \" -buildCheck Sets /check msbuild parameter\"\n Write-Host \" -fromVMR Set when building from within the VMR\"\n Write-Host \"\"\n\n Write-Host \"Command line arguments not listed above are passed thru to msbuild.\"\n Write-Host \"The above arguments can be shortened as much as to be unambiguous (e.g. -co for configuration, -t for test, etc.).\"\n}\n\n. $PSScriptRoot\\tools.ps1\n\nfunction InitializeCustomToolset {\n if (-not $restore) {\n return\n }\n\n $script = Join-Path $EngRoot 'restore-toolset.ps1'\n\n if (Test-Path $script) {\n . $script\n }\n}\n\nfunction Build {\n $toolsetBuildProj = InitializeToolset\n InitializeCustomToolset\n\n $bl = if ($binaryLog) { '/bl:' + (Join-Path $LogDir 'Build.binlog') } else { '' }\n $platformArg = if ($platform) { \"/p:Platform=$platform\" } else { '' }\n $check = if ($buildCheck) { '/check' } else { '' }\n\n if ($projects) {\n # Re-assign properties to a new variable because PowerShell doesn't let us append properties directly for unclear reasons.\n # Explicitly set the type as string[] because otherwise PowerShell would make this char[] if $properties is empty.\n [string[]] $msbuildArgs = $properties\n \n # Resolve relative project paths into full paths \n $projects = ($projects.Split(';').ForEach({Resolve-Path $_}) -join ';')\n \n $msbuildArgs += \"/p:Projects=$projects\"\n $properties = $msbuildArgs\n }\n\n MSBuild $toolsetBuildProj `\n $bl `\n $platformArg `\n $check `\n /p:Configuration=$configuration `\n /p:RepoRoot=$RepoRoot `\n /p:Restore=$restore `\n /p:DeployDeps=$deployDeps `\n /p:Build=$build `\n /p:Rebuild=$rebuild `\n /p:Deploy=$deploy `\n /p:Test=$test `\n /p:Pack=$pack `\n /p:DotNetBuild=$productBuild `\n /p:DotNetBuildFromVMR=$fromVMR `\n /p:IntegrationTest=$integrationTest `\n /p:PerformanceTest=$performanceTest `\n /p:Sign=$sign `\n /p:Publish=$publish `\n /p:RestoreStaticGraphEnableBinaryLogger=$binaryLog `\n @properties\n}\n\ntry {\n if ($clean) {\n if (Test-Path $ArtifactsDir) {\n Remove-Item -Recurse -Force $ArtifactsDir\n Write-Host 'Artifacts directory deleted.'\n }\n exit 0\n }\n\n if ($help -or (($null -ne $properties) -and ($properties.Contains('/help') -or $properties.Contains('/?')))) {\n Print-Usage\n exit 0\n }\n\n if ($ci) {\n if (-not $excludeCIBinarylog) {\n $binaryLog = $true\n }\n $nodeReuse = $false\n }\n\n if ($nativeToolsOnMachine) {\n $env:NativeToolsOnMachine = $true\n }\n if ($restore) {\n InitializeNativeTools\n }\n\n Build\n}\ncatch {\n Write-Host $_.ScriptStackTrace\n Write-PipelineTelemetryError -Category 'InitializeToolset' -Message $_\n ExitWithExitCode 1\n}\n\nExitWithExitCode 0\n"
},
{
"path": "eng/common/build.sh",
"content": "#!/usr/bin/env bash\n\n# Stop script if unbound variable found (use ${var:-} if intentional)\nset -u\n\n# Stop script if command returns non-zero exit code.\n# Prevents hidden errors caused by missing error code propagation.\nset -e\n\nusage()\n{\n echo \"Common settings:\"\n echo \" --configuration Build configuration: 'Debug' or 'Release' (short: -c)\"\n echo \" --verbosity Msbuild verbosity: q[uiet], m[inimal], n[ormal], d[etailed], and diag[nostic] (short: -v)\"\n echo \" --binaryLog Create MSBuild binary log (short: -bl)\"\n echo \" --help Print help and exit (short: -h)\"\n echo \"\"\n\n echo \"Actions:\"\n echo \" --restore Restore dependencies (short: -r)\"\n echo \" --build Build solution (short: -b)\"\n echo \" --sourceBuild Source-build the solution (short: -sb)\"\n echo \" Will additionally trigger the following actions: --restore, --build, --pack\"\n echo \" If --configuration is not set explicitly, will also set it to 'Release'\"\n echo \" --productBuild Build the solution in the way it will be built in the full .NET product (VMR) build (short: -pb)\"\n echo \" Will additionally trigger the following actions: --restore, --build, --pack\"\n echo \" If --configuration is not set explicitly, will also set it to 'Release'\"\n echo \" --rebuild Rebuild solution\"\n echo \" --test Run all unit tests in the solution (short: -t)\"\n echo \" --integrationTest Run all integration tests in the solution\"\n echo \" --performanceTest Run all performance tests in the solution\"\n echo \" --pack Package build outputs into NuGet packages and Willow components\"\n echo \" --sign Sign build outputs\"\n echo \" --publish Publish artifacts (e.g. symbols)\"\n echo \" --clean Clean the solution\"\n echo \"\"\n\n echo \"Advanced settings:\"\n echo \" --projects Project or solution file(s) to build\"\n echo \" --ci Set when running on CI server\"\n echo \" --excludeCIBinarylog Don't output binary log (short: -nobl)\"\n echo \" --prepareMachine Prepare machine for CI run, clean up processes after build\"\n echo \" --nodeReuse Sets nodereuse msbuild parameter ('true' or 'false')\"\n echo \" --warnAsError Sets warnaserror msbuild parameter ('true' or 'false')\"\n echo \" --buildCheck Sets /check msbuild parameter\"\n echo \" --fromVMR Set when building from within the VMR\"\n echo \"\"\n echo \"Command line arguments not listed above are passed thru to msbuild.\"\n echo \"Arguments can also be passed in with a single hyphen.\"\n}\n\nsource=\"${BASH_SOURCE[0]}\"\n\n# resolve $source until the file is no longer a symlink\nwhile [[ -h \"$source\" ]]; do\n scriptroot=\"$( cd -P \"$( dirname \"$source\" )\" && pwd )\"\n source=\"$(readlink \"$source\")\"\n # if $source was a relative symlink, we need to resolve it relative to the path where the\n # symlink file was located\n [[ $source != /* ]] && source=\"$scriptroot/$source\"\ndone\nscriptroot=\"$( cd -P \"$( dirname \"$source\" )\" && pwd )\"\n\nrestore=false\nbuild=false\nsource_build=false\nproduct_build=false\nfrom_vmr=false\nrebuild=false\ntest=false\nintegration_test=false\nperformance_test=false\npack=false\npublish=false\nsign=false\npublic=false\nci=false\nclean=false\n\nwarn_as_error=true\nnode_reuse=true\nbuild_check=false\nbinary_log=false\nexclude_ci_binary_log=false\npipelines_log=false\n\nprojects=''\nconfiguration=''\nprepare_machine=false\nverbosity='minimal'\nruntime_source_feed=''\nruntime_source_feed_key=''\n\nproperties=()\nwhile [[ $# > 0 ]]; do\n opt=\"$(echo \"${1/#--/-}\" | tr \"[:upper:]\" \"[:lower:]\")\"\n case \"$opt\" in\n -help|-h)\n usage\n exit 0\n ;;\n -clean)\n clean=true\n ;;\n -configuration|-c)\n configuration=$2\n shift\n ;;\n -verbosity|-v)\n verbosity=$2\n shift\n ;;\n -binarylog|-bl)\n binary_log=true\n ;;\n -excludecibinarylog|-nobl)\n exclude_ci_binary_log=true\n ;;\n -pipelineslog|-pl)\n pipelines_log=true\n ;;\n -restore|-r)\n restore=true\n ;;\n -build|-b)\n build=true\n ;;\n -rebuild)\n rebuild=true\n ;;\n -pack)\n pack=true\n ;;\n -sourcebuild|-source-build|-sb)\n build=true\n source_build=true\n product_build=true\n restore=true\n pack=true\n ;;\n -productbuild|-product-build|-pb)\n build=true\n product_build=true\n restore=true\n pack=true\n ;;\n -fromvmr|-from-vmr)\n from_vmr=true\n ;;\n -test|-t)\n test=true\n ;;\n -integrationtest)\n integration_test=true\n ;;\n -performancetest)\n performance_test=true\n ;;\n -sign)\n sign=true\n ;;\n -publish)\n publish=true\n ;;\n -preparemachine)\n prepare_machine=true\n ;;\n -projects)\n projects=$2\n shift\n ;;\n -ci)\n ci=true\n ;;\n -warnaserror)\n warn_as_error=$2\n shift\n ;;\n -nodereuse)\n node_reuse=$2\n shift\n ;;\n -buildcheck)\n build_check=true\n ;;\n -runtimesourcefeed)\n runtime_source_feed=$2\n shift\n ;;\n -runtimesourcefeedkey)\n runtime_source_feed_key=$2\n shift\n ;;\n *)\n properties+=(\"$1\")\n ;;\n esac\n\n shift\ndone\n\nif [[ -z \"$configuration\" ]]; then\n if [[ \"$source_build\" = true ]]; then configuration=\"Release\"; else configuration=\"Debug\"; fi\nfi\n\nif [[ \"$ci\" == true ]]; then\n pipelines_log=true\n node_reuse=false\n if [[ \"$exclude_ci_binary_log\" == false ]]; then\n binary_log=true\n fi\nfi\n\n. \"$scriptroot/tools.sh\"\n\nfunction InitializeCustomToolset {\n local script=\"$eng_root/restore-toolset.sh\"\n\n if [[ -a \"$script\" ]]; then\n . \"$script\"\n fi\n}\n\nfunction Build {\n InitializeToolset\n InitializeCustomToolset\n\n if [[ ! -z \"$projects\" ]]; then\n properties+=(\"/p:Projects=$projects\")\n fi\n\n local bl=\"\"\n if [[ \"$binary_log\" == true ]]; then\n bl=\"/bl:\\\"$log_dir/Build.binlog\\\"\"\n fi\n\n local check=\"\"\n if [[ \"$build_check\" == true ]]; then\n check=\"/check\"\n fi\n\n MSBuild $_InitializeToolset \\\n $bl \\\n $check \\\n /p:Configuration=$configuration \\\n /p:RepoRoot=\"$repo_root\" \\\n /p:Restore=$restore \\\n /p:Build=$build \\\n /p:DotNetBuild=$product_build \\\n /p:DotNetBuildSourceOnly=$source_build \\\n /p:DotNetBuildFromVMR=$from_vmr \\\n /p:Rebuild=$rebuild \\\n /p:Test=$test \\\n /p:Pack=$pack \\\n /p:IntegrationTest=$integration_test \\\n /p:PerformanceTest=$performance_test \\\n /p:Sign=$sign \\\n /p:Publish=$publish \\\n /p:RestoreStaticGraphEnableBinaryLogger=$binary_log \\\n ${properties[@]+\"${properties[@]}\"}\n\n ExitWithExitCode 0\n}\n\nif [[ \"$clean\" == true ]]; then\n if [ -d \"$artifacts_dir\" ]; then\n rm -rf $artifacts_dir\n echo \"Artifacts directory deleted.\"\n fi\n exit 0\nfi\n\nif [[ \"$restore\" == true ]]; then\n InitializeNativeTools\nfi\n\nBuild\n"
},
{
"path": "eng/common/cibuild.sh",
"content": "#!/usr/bin/env bash\n\nsource=\"${BASH_SOURCE[0]}\"\n\n# resolve $SOURCE until the file is no longer a symlink\nwhile [[ -h $source ]]; do\n scriptroot=\"$( cd -P \"$( dirname \"$source\" )\" && pwd )\"\n source=\"$(readlink \"$source\")\"\n\n # if $source was a relative symlink, we need to resolve it relative to the path where \n # the symlink file was located\n [[ $source != /* ]] && source=\"$scriptroot/$source\"\ndone\nscriptroot=\"$( cd -P \"$( dirname \"$source\" )\" && pwd )\"\n\n. \"$scriptroot/build.sh\" --restore --build --test --pack --publish --ci $@\n"
},
{
"path": "eng/common/core-templates/job/job.yml",
"content": "parameters:\n# Job schema parameters - https://docs.microsoft.com/en-us/azure/devops/pipelines/yaml-schema?view=vsts&tabs=schema#job\n cancelTimeoutInMinutes: ''\n condition: ''\n container: ''\n continueOnError: false\n dependsOn: ''\n displayName: ''\n pool: ''\n steps: []\n strategy: ''\n timeoutInMinutes: ''\n variables: []\n workspace: ''\n templateContext: {}\n\n# Job base template specific parameters\n # See schema documentation - https://github.com/dotnet/arcade/blob/master/Documentation/AzureDevOps/TemplateSchema.md\n # publishing defaults\n artifacts: ''\n enableMicrobuild: false\n enableMicrobuildForMacAndLinux: false\n microbuildUseESRP: true\n enablePublishBuildArtifacts: false\n enablePublishBuildAssets: false\n enablePublishTestResults: false\n enablePublishing: false\n enableBuildRetry: false\n mergeTestResults: false\n testRunTitle: ''\n testResultsFormat: ''\n name: ''\n preSteps: []\n artifactPublishSteps: []\n runAsPublic: false\n\n# 1es specific parameters\n is1ESPipeline: ''\n\njobs:\n- job: ${{ parameters.name }}\n\n ${{ if ne(parameters.cancelTimeoutInMinutes, '') }}:\n cancelTimeoutInMinutes: ${{ parameters.cancelTimeoutInMinutes }}\n\n ${{ if ne(parameters.condition, '') }}:\n condition: ${{ parameters.condition }}\n\n ${{ if ne(parameters.container, '') }}:\n container: ${{ parameters.container }}\n\n ${{ if ne(parameters.continueOnError, '') }}:\n continueOnError: ${{ parameters.continueOnError }}\n\n ${{ if ne(parameters.dependsOn, '') }}:\n dependsOn: ${{ parameters.dependsOn }}\n\n ${{ if ne(parameters.displayName, '') }}:\n displayName: ${{ parameters.displayName }}\n\n ${{ if ne(parameters.pool, '') }}:\n pool: ${{ parameters.pool }}\n\n ${{ if ne(parameters.strategy, '') }}:\n strategy: ${{ parameters.strategy }}\n\n ${{ if ne(parameters.timeoutInMinutes, '') }}:\n timeoutInMinutes: ${{ parameters.timeoutInMinutes }}\n\n ${{ if ne(parameters.templateContext, '') }}:\n templateContext: ${{ parameters.templateContext }}\n\n variables:\n - ${{ if ne(parameters.enableTelemetry, 'false') }}:\n - name: DOTNET_CLI_TELEMETRY_PROFILE\n value: '$(Build.Repository.Uri)'\n # Retry signature validation up to three times, waiting 2 seconds between attempts.\n # See https://learn.microsoft.com/en-us/nuget/reference/errors-and-warnings/nu3028#retry-untrusted-root-failures\n - name: NUGET_EXPERIMENTAL_CHAIN_BUILD_RETRY_POLICY\n value: 3,2000\n - ${{ each variable in parameters.variables }}:\n # handle name-value variable syntax\n # example:\n # - name: [key]\n # value: [value]\n - ${{ if ne(variable.name, '') }}:\n - name: ${{ variable.name }}\n value: ${{ variable.value }}\n\n # handle variable groups\n - ${{ if ne(variable.group, '') }}:\n - group: ${{ variable.group }}\n\n # handle template variable syntax\n # example:\n # - template: path/to/template.yml\n # parameters:\n # [key]: [value]\n - ${{ if ne(variable.template, '') }}:\n - template: ${{ variable.template }}\n ${{ if ne(variable.parameters, '') }}:\n parameters: ${{ variable.parameters }}\n\n # handle key-value variable syntax.\n # example:\n # - [key]: [value]\n - ${{ if and(eq(variable.name, ''), eq(variable.group, ''), eq(variable.template, '')) }}:\n - ${{ each pair in variable }}:\n - name: ${{ pair.key }}\n value: ${{ pair.value }}\n\n # DotNet-HelixApi-Access provides 'HelixApiAccessToken' for internal builds\n - ${{ if and(eq(parameters.enableTelemetry, 'true'), eq(parameters.runAsPublic, 'false'), ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}:\n - group: DotNet-HelixApi-Access\n\n ${{ if ne(parameters.workspace, '') }}:\n workspace: ${{ parameters.workspace }}\n\n steps:\n - ${{ if eq(parameters.is1ESPipeline, '') }}:\n - 'Illegal entry point, is1ESPipeline is not defined. Repository yaml should not directly reference templates in core-templates folder.': error\n\n - ${{ if ne(parameters.preSteps, '') }}:\n - ${{ each preStep in parameters.preSteps }}:\n - ${{ preStep }}\n\n - ${{ if and(eq(parameters.runAsPublic, 'false'), ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}:\n - template: /eng/common/core-templates/steps/install-microbuild.yml\n parameters:\n enableMicrobuild: ${{ parameters.enableMicrobuild }}\n enableMicrobuildForMacAndLinux: ${{ parameters.enableMicrobuildForMacAndLinux }}\n microbuildUseESRP: ${{ parameters.microbuildUseESRP }}\n continueOnError: ${{ parameters.continueOnError }}\n\n - ${{ if and(eq(parameters.runAsPublic, 'false'), eq(variables['System.TeamProject'], 'internal')) }}:\n - task: NuGetAuthenticate@1\n\n - ${{ if and(ne(parameters.artifacts.download, 'false'), ne(parameters.artifacts.download, '')) }}:\n - task: DownloadPipelineArtifact@2\n inputs:\n buildType: current\n artifactName: ${{ coalesce(parameters.artifacts.download.name, 'Artifacts_$(Agent.OS)_$(_BuildConfig)') }}\n targetPath: ${{ coalesce(parameters.artifacts.download.path, 'artifacts') }}\n itemPattern: ${{ coalesce(parameters.artifacts.download.pattern, '**') }}\n\n - ${{ each step in parameters.steps }}:\n - ${{ step }}\n\n - ${{ if and(eq(parameters.runAsPublic, 'false'), ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}:\n - template: /eng/common/core-templates/steps/cleanup-microbuild.yml\n parameters:\n enableMicrobuild: ${{ parameters.enableMicrobuild }}\n enableMicrobuildForMacAndLinux: ${{ parameters.enableMicrobuildForMacAndLinux }}\n continueOnError: ${{ parameters.continueOnError }}\n\n # Publish test results\n - ${{ if or(and(eq(parameters.enablePublishTestResults, 'true'), eq(parameters.testResultsFormat, '')), eq(parameters.testResultsFormat, 'xunit')) }}:\n - task: PublishTestResults@2\n displayName: Publish XUnit Test Results\n inputs:\n testResultsFormat: 'xUnit'\n testResultsFiles: '*.xml'\n searchFolder: '$(System.DefaultWorkingDirectory)/artifacts/TestResults/$(_BuildConfig)'\n testRunTitle: ${{ coalesce(parameters.testRunTitle, parameters.name, '$(System.JobName)') }}-xunit\n mergeTestResults: ${{ parameters.mergeTestResults }}\n continueOnError: true\n condition: always()\n - ${{ if or(and(eq(parameters.enablePublishTestResults, 'true'), eq(parameters.testResultsFormat, '')), eq(parameters.testResultsFormat, 'vstest')) }}:\n - task: PublishTestResults@2\n displayName: Publish TRX Test Results\n inputs:\n testResultsFormat: 'VSTest'\n testResultsFiles: '*.trx'\n searchFolder: '$(System.DefaultWorkingDirectory)/artifacts/TestResults/$(_BuildConfig)'\n testRunTitle: ${{ coalesce(parameters.testRunTitle, parameters.name, '$(System.JobName)') }}-trx\n mergeTestResults: ${{ parameters.mergeTestResults }}\n continueOnError: true\n condition: always()\n\n # gather artifacts\n - ${{ if ne(parameters.artifacts.publish, '') }}:\n - ${{ if and(ne(parameters.artifacts.publish.artifacts, 'false'), ne(parameters.artifacts.publish.artifacts, '')) }}:\n - task: CopyFiles@2\n displayName: Gather binaries for publish to artifacts\n inputs:\n SourceFolder: 'artifacts/bin'\n Contents: '**'\n TargetFolder: '$(Build.ArtifactStagingDirectory)/artifacts/bin'\n - task: CopyFiles@2\n displayName: Gather packages for publish to artifacts\n inputs:\n SourceFolder: 'artifacts/packages'\n Contents: '**'\n TargetFolder: '$(Build.ArtifactStagingDirectory)/artifacts/packages'\n - ${{ if and(ne(parameters.artifacts.publish.logs, 'false'), ne(parameters.artifacts.publish.logs, '')) }}:\n - task: CopyFiles@2\n displayName: Gather logs for publish to artifacts\n inputs:\n SourceFolder: 'artifacts/log'\n Contents: '**'\n TargetFolder: '$(Build.ArtifactStagingDirectory)/artifacts/log'\n continueOnError: true\n condition: always()\n \n - ${{ if eq(parameters.enablePublishBuildArtifacts, 'true') }}:\n - task: CopyFiles@2\n displayName: Gather logs for publish to artifacts\n inputs:\n SourceFolder: 'artifacts/log/$(_BuildConfig)'\n Contents: '**'\n TargetFolder: '$(Build.ArtifactStagingDirectory)/artifacts/log/$(_BuildConfig)'\n continueOnError: true\n condition: always()\n - ${{ if eq(parameters.enableBuildRetry, 'true') }}:\n - task: CopyFiles@2\n displayName: Gather buildconfiguration for build retry\n inputs:\n SourceFolder: '$(System.DefaultWorkingDirectory)/eng/common/BuildConfiguration'\n Contents: '**'\n TargetFolder: '$(Build.ArtifactStagingDirectory)/eng/common/BuildConfiguration'\n continueOnError: true\n condition: always()\n - ${{ each step in parameters.artifactPublishSteps }}:\n - ${{ step }}\n"
},
{
"path": "eng/common/core-templates/job/onelocbuild.yml",
"content": "parameters:\n # Optional: dependencies of the job\n dependsOn: ''\n\n # Optional: A defined YAML pool - https://docs.microsoft.com/en-us/azure/devops/pipelines/yaml-schema?view=vsts&tabs=schema#pool\n pool: ''\n\n CeapexPat: $(dn-bot-ceapex-package-r) # PAT for the loc AzDO instance https://dev.azure.com/ceapex\n GithubPat: $(BotAccount-dotnet-bot-repo-PAT)\n\n SourcesDirectory: $(System.DefaultWorkingDirectory)\n CreatePr: true\n AutoCompletePr: false\n ReusePr: true\n UseLfLineEndings: true\n UseCheckedInLocProjectJson: false\n SkipLocProjectJsonGeneration: false\n LanguageSet: VS_Main_Languages\n LclSource: lclFilesInRepo\n LclPackageId: ''\n RepoType: gitHub\n GitHubOrg: dotnet\n MirrorRepo: ''\n MirrorBranch: main\n condition: ''\n JobNameSuffix: ''\n is1ESPipeline: ''\njobs:\n- job: OneLocBuild${{ parameters.JobNameSuffix }}\n\n dependsOn: ${{ parameters.dependsOn }}\n\n displayName: OneLocBuild${{ parameters.JobNameSuffix }}\n\n variables:\n - group: OneLocBuildVariables # Contains the CeapexPat and GithubPat\n - name: _GenerateLocProjectArguments\n value: -SourcesDirectory ${{ parameters.SourcesDirectory }}\n -LanguageSet \"${{ parameters.LanguageSet }}\"\n -CreateNeutralXlfs\n - ${{ if eq(parameters.UseCheckedInLocProjectJson, 'true') }}:\n - name: _GenerateLocProjectArguments\n value: ${{ variables._GenerateLocProjectArguments }} -UseCheckedInLocProjectJson\n - template: /eng/common/core-templates/variables/pool-providers.yml\n parameters:\n is1ESPipeline: ${{ parameters.is1ESPipeline }}\n\n ${{ if ne(parameters.pool, '') }}:\n pool: ${{ parameters.pool }}\n ${{ if eq(parameters.pool, '') }}:\n pool:\n # We don't use the collection uri here because it might vary (.visualstudio.com vs. dev.azure.com)\n ${{ if eq(variables['System.TeamProject'], 'DevDiv') }}:\n name: AzurePipelines-EO\n image: 1ESPT-Windows2025\n demands: Cmd\n os: windows\n # If it's not devdiv, it's dnceng\n ${{ if ne(variables['System.TeamProject'], 'DevDiv') }}:\n name: $(DncEngInternalBuildPool)\n image: windows.vs2026.amd64\n os: windows\n\n steps:\n - ${{ if eq(parameters.is1ESPipeline, '') }}:\n - 'Illegal entry point, is1ESPipeline is not defined. Repository yaml should not directly reference templates in core-templates folder.': error\n\n - ${{ if ne(parameters.SkipLocProjectJsonGeneration, 'true') }}:\n - task: Powershell@2\n inputs:\n filePath: $(System.DefaultWorkingDirectory)/eng/common/generate-locproject.ps1\n arguments: $(_GenerateLocProjectArguments)\n displayName: Generate LocProject.json\n condition: ${{ parameters.condition }}\n\n - task: OneLocBuild@2\n displayName: OneLocBuild\n env:\n SYSTEM_ACCESSTOKEN: $(System.AccessToken)\n inputs:\n locProj: eng/Localize/LocProject.json\n outDir: $(Build.ArtifactStagingDirectory)\n lclSource: ${{ parameters.LclSource }}\n lclPackageId: ${{ parameters.LclPackageId }}\n isCreatePrSelected: ${{ parameters.CreatePr }}\n isAutoCompletePrSelected: ${{ parameters.AutoCompletePr }}\n ${{ if eq(parameters.CreatePr, true) }}:\n isUseLfLineEndingsSelected: ${{ parameters.UseLfLineEndings }}\n isShouldReusePrSelected: ${{ parameters.ReusePr }}\n packageSourceAuth: patAuth\n patVariable: ${{ parameters.CeapexPat }}\n ${{ if eq(parameters.RepoType, 'gitHub') }}:\n repoType: ${{ parameters.RepoType }}\n gitHubPatVariable: \"${{ parameters.GithubPat }}\"\n ${{ if ne(parameters.MirrorRepo, '') }}:\n isMirrorRepoSelected: true\n gitHubOrganization: ${{ parameters.GitHubOrg }}\n mirrorRepo: ${{ parameters.MirrorRepo }}\n mirrorBranch: ${{ parameters.MirrorBranch }}\n condition: ${{ parameters.condition }}\n\n # Copy the locProject.json to the root of the Loc directory, then publish a pipeline artifact\n - task: CopyFiles@2\n displayName: Copy LocProject.json\n inputs:\n SourceFolder: '$(System.DefaultWorkingDirectory)/eng/Localize/'\n Contents: 'LocProject.json'\n TargetFolder: '$(Build.ArtifactStagingDirectory)/loc'\n condition: ${{ parameters.condition }}\n\n - template: /eng/common/core-templates/steps/publish-pipeline-artifacts.yml\n parameters:\n is1ESPipeline: ${{ parameters.is1ESPipeline }}\n args:\n targetPath: '$(Build.ArtifactStagingDirectory)/loc'\n artifactName: 'Loc'\n displayName: 'Publish Localization Files'\n condition: ${{ parameters.condition }}\n"
},
{
"path": "eng/common/core-templates/job/publish-build-assets.yml",
"content": "parameters:\n configuration: 'Debug'\n\n # Optional: condition for the job to run\n condition: ''\n\n # Optional: 'true' if future jobs should run even if this job fails\n continueOnError: false\n\n # Optional: dependencies of the job\n dependsOn: ''\n\n # Optional: Include PublishBuildArtifacts task\n enablePublishBuildArtifacts: false\n\n # Optional: A defined YAML pool - https://docs.microsoft.com/en-us/azure/devops/pipelines/yaml-schema?view=vsts&tabs=schema#pool\n pool: {}\n\n # Optional: should run as a public build even in the internal project\n # if 'true', the build won't run any of the internal only steps, even if it is running in non-public projects.\n runAsPublic: false\n\n # Optional: whether the build's artifacts will be published using release pipelines or direct feed publishing\n publishAssetsImmediately: false\n\n artifactsPublishingAdditionalParameters: ''\n\n signingValidationAdditionalParameters: ''\n\n is1ESPipeline: ''\n\n # Optional: 🌤️ or not the build has assets it wants to publish to BAR\n isAssetlessBuild: false\n\n # Optional, publishing version\n publishingVersion: 3\n\n # Optional: A minimatch pattern for the asset manifests to publish to BAR\n assetManifestsPattern: '*/manifests/**/*.xml'\n\n repositoryAlias: self\n\n officialBuildId: ''\n\njobs:\n- job: Asset_Registry_Publish\n\n dependsOn: ${{ parameters.dependsOn }}\n timeoutInMinutes: 150\n\n ${{ if eq(parameters.publishAssetsImmediately, 'true') }}:\n displayName: Publish Assets\n ${{ else }}:\n displayName: Publish to Build Asset Registry\n\n variables:\n - template: /eng/common/core-templates/variables/pool-providers.yml\n parameters:\n is1ESPipeline: ${{ parameters.is1ESPipeline }}\n - ${{ if and(eq(parameters.runAsPublic, 'false'), ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}:\n - group: Publish-Build-Assets\n - group: AzureDevOps-Artifact-Feeds-Pats\n - name: runCodesignValidationInjection\n value: false\n # unconditional - needed for logs publishing (redactor tool version)\n - template: /eng/common/core-templates/post-build/common-variables.yml\n - name: OfficialBuildId\n ${{ if ne(parameters.officialBuildId, '') }}:\n value: ${{ parameters.officialBuildId }}\n ${{ else }}:\n value: $(Build.BuildNumber)\n\n pool:\n # We don't use the collection uri here because it might vary (.visualstudio.com vs. dev.azure.com)\n ${{ if eq(variables['System.TeamProject'], 'DevDiv') }}:\n name: AzurePipelines-EO\n image: 1ESPT-Windows2025\n demands: Cmd\n os: windows\n # If it's not devdiv, it's dnceng\n ${{ if ne(variables['System.TeamProject'], 'DevDiv') }}:\n name: NetCore1ESPool-Publishing-Internal\n image: windows.vs2026.amd64\n os: windows\n steps:\n - ${{ if eq(parameters.is1ESPipeline, '') }}:\n - 'Illegal entry point, is1ESPipeline is not defined. Repository yaml should not directly reference templates in core-templates folder.': error\n\n - ${{ if and(eq(parameters.runAsPublic, 'false'), ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}:\n - checkout: ${{ parameters.repositoryAlias }}\n fetchDepth: 3\n clean: true\n\n - ${{ if eq(parameters.isAssetlessBuild, 'false') }}: \n - ${{ if eq(parameters.publishingVersion, 3) }}: \n - task: DownloadPipelineArtifact@2\n displayName: Download Asset Manifests\n inputs:\n artifactName: AssetManifests\n targetPath: '$(Build.StagingDirectory)/AssetManifests'\n condition: ${{ parameters.condition }}\n continueOnError: ${{ parameters.continueOnError }}\n - ${{ if eq(parameters.publishingVersion, 4) }}:\n - task: DownloadPipelineArtifact@2\n displayName: Download V4 asset manifests\n inputs:\n itemPattern: '*/manifests/**/*.xml'\n targetPath: '$(Build.StagingDirectory)/AllAssetManifests'\n condition: ${{ parameters.condition }}\n continueOnError: ${{ parameters.continueOnError }}\n - task: CopyFiles@2\n displayName: Copy V4 asset manifests to AssetManifests\n inputs:\n SourceFolder: '$(Build.StagingDirectory)/AllAssetManifests'\n Contents: ${{ parameters.assetManifestsPattern }}\n TargetFolder: '$(Build.StagingDirectory)/AssetManifests'\n flattenFolders: true\n condition: ${{ parameters.condition }}\n continueOnError: ${{ parameters.continueOnError }}\n \n - task: NuGetAuthenticate@1\n\n # Populate internal runtime variables.\n - template: /eng/common/templates/steps/enable-internal-sources.yml\n ${{ if eq(variables['System.TeamProject'], 'DevDiv') }}:\n parameters:\n legacyCredential: $(dn-bot-dnceng-artifact-feeds-rw)\n \n - template: /eng/common/templates/steps/enable-internal-runtimes.yml\n\n - task: AzureCLI@2\n displayName: Publish Build Assets\n inputs:\n azureSubscription: \"Darc: Maestro Production\"\n scriptType: ps\n scriptLocation: scriptPath\n scriptPath: $(System.DefaultWorkingDirectory)/eng/common/sdk-task.ps1\n arguments: -task PublishBuildAssets -restore -msbuildEngine dotnet\n /p:ManifestsPath='$(Build.StagingDirectory)/AssetManifests'\n /p:IsAssetlessBuild=${{ parameters.isAssetlessBuild }}\n /p:MaestroApiEndpoint=https://maestro.dot.net\n /p:OfficialBuildId=$(OfficialBuildId)\n -runtimeSourceFeed https://ci.dot.net/internal\n -runtimeSourceFeedKey '$(dotnetbuilds-internal-container-read-token-base64)'\n\n condition: ${{ parameters.condition }}\n continueOnError: ${{ parameters.continueOnError }}\n \n - task: powershell@2\n displayName: Create ReleaseConfigs Artifact\n inputs:\n targetType: inline\n script: |\n New-Item -Path \"$(Build.StagingDirectory)/ReleaseConfigs\" -ItemType Directory -Force\n $filePath = \"$(Build.StagingDirectory)/ReleaseConfigs/ReleaseConfigs.txt\"\n Add-Content -Path $filePath -Value $(BARBuildId)\n Add-Content -Path $filePath -Value \"$(DefaultChannels)\"\n Add-Content -Path $filePath -Value $(IsStableBuild)\n\n $symbolExclusionfile = \"$(System.DefaultWorkingDirectory)/eng/SymbolPublishingExclusionsFile.txt\"\n if (Test-Path -Path $symbolExclusionfile)\n {\n Write-Host \"SymbolExclusionFile exists\"\n Copy-Item -Path $symbolExclusionfile -Destination \"$(Build.StagingDirectory)/ReleaseConfigs\"\n }\n\n - ${{ if eq(parameters.publishingVersion, 4) }}:\n - template: /eng/common/core-templates/steps/publish-pipeline-artifacts.yml\n parameters:\n is1ESPipeline: ${{ parameters.is1ESPipeline }}\n args:\n targetPath: '$(Build.ArtifactStagingDirectory)/MergedManifest.xml'\n artifactName: AssetManifests\n displayName: 'Publish Merged Manifest'\n retryCountOnTaskFailure: 10 # for any files being locked\n isProduction: false # just metadata for publishing\n\n - template: /eng/common/core-templates/steps/publish-pipeline-artifacts.yml\n parameters:\n is1ESPipeline: ${{ parameters.is1ESPipeline }}\n args:\n displayName: Publish ReleaseConfigs Artifact\n targetPath: '$(Build.StagingDirectory)/ReleaseConfigs'\n artifactName: ReleaseConfigs\n retryCountOnTaskFailure: 10 # for any files being locked\n isProduction: false # just metadata for publishing\n\n - ${{ if or(eq(parameters.publishAssetsImmediately, 'true'), eq(parameters.isAssetlessBuild, 'true')) }}:\n - template: /eng/common/core-templates/post-build/setup-maestro-vars.yml\n parameters:\n BARBuildId: ${{ parameters.BARBuildId }}\n PromoteToChannelIds: ${{ parameters.PromoteToChannelIds }}\n is1ESPipeline: ${{ parameters.is1ESPipeline }}\n\n # Darc is targeting 8.0, so make sure it's installed\n - task: UseDotNet@2\n inputs:\n version: 8.0.x\n\n - task: AzureCLI@2\n displayName: Publish Using Darc\n inputs:\n azureSubscription: \"Darc: Maestro Production\"\n scriptType: ps\n scriptLocation: scriptPath\n scriptPath: $(System.DefaultWorkingDirectory)/eng/common/post-build/publish-using-darc.ps1\n arguments: >\n -BuildId $(BARBuildId)\n -PublishingInfraVersion 3\n -AzdoToken '$(System.AccessToken)'\n -WaitPublishingFinish true\n -ArtifactsPublishingAdditionalParameters '${{ parameters.artifactsPublishingAdditionalParameters }}'\n -SymbolPublishingAdditionalParameters '${{ parameters.symbolPublishingAdditionalParameters }}'\n -SkipAssetsPublishing '${{ parameters.isAssetlessBuild }}'\n -runtimeSourceFeed https://ci.dot.net/internal\n -runtimeSourceFeedKey '$(dotnetbuilds-internal-container-read-token-base64)'\n\n - ${{ if eq(parameters.enablePublishBuildArtifacts, 'true') }}:\n - template: /eng/common/core-templates/steps/publish-logs.yml\n parameters:\n is1ESPipeline: ${{ parameters.is1ESPipeline }}\n StageLabel: 'BuildAssetRegistry'\n JobLabel: 'Publish_Artifacts_Logs'\n"
},
{
"path": "eng/common/core-templates/job/source-build.yml",
"content": "parameters:\n # This template adds arcade-powered source-build to CI. The template produces a server job with a\n # default ID 'Source_Build_Complete' to put in a dependency list if necessary.\n\n # Specifies the prefix for source-build jobs added to pipeline. Use this if disambiguation needed.\n jobNamePrefix: 'Source_Build'\n\n # Defines the platform on which to run the job. By default, a linux-x64 machine, suitable for\n # managed-only repositories. This is an object with these properties:\n #\n # name: ''\n # The name of the job. This is included in the job ID.\n # targetRID: ''\n # The name of the target RID to use, instead of the one auto-detected by Arcade.\n # portableBuild: false\n # Enables non-portable mode. This means a more specific RID (e.g. fedora.32-x64 rather than\n # linux-x64), and compiling against distro-provided packages rather than portable ones. The\n # default is portable mode.\n # skipPublishValidation: false\n # Disables publishing validation. By default, a check is performed to ensure no packages are\n # published by source-build.\n # container: ''\n # A container to use. Runs in docker.\n # pool: {}\n # A pool to use. Runs directly on an agent.\n # buildScript: ''\n # Specifies the build script to invoke to perform the build in the repo. The default\n # './build.sh' should work for typical Arcade repositories, but this is customizable for\n # difficult situations.\n # buildArguments: ''\n # Specifies additional build arguments to pass to the build script.\n # jobProperties: {}\n # A list of job properties to inject at the top level, for potential extensibility beyond\n # container and pool.\n platform: {}\n\n is1ESPipeline: ''\n\n # If set to true and running on a non-public project,\n # Internal nuget and blob storage locations will be enabled.\n # This is not enabled by default because many repositories do not need internal sources\n # and do not need to have the required service connections approved in the pipeline.\n enableInternalSources: false\n\njobs:\n- job: ${{ parameters.jobNamePrefix }}_${{ parameters.platform.name }}\n displayName: Source-Build (${{ parameters.platform.name }})\n\n ${{ each property in parameters.platform.jobProperties }}:\n ${{ property.key }}: ${{ property.value }}\n\n ${{ if ne(parameters.platform.container, '') }}:\n container: ${{ parameters.platform.container }}\n\n ${{ if eq(parameters.platform.pool, '') }}:\n # The default VM host AzDO pool. This should be capable of running Docker containers: almost all\n # source-build builds run in Docker, including the default managed platform.\n # /eng/common/core-templates/variables/pool-providers.yml can't be used here (some customers declare variables already), so duplicate its logic\n ${{ if eq(parameters.is1ESPipeline, 'true') }}:\n pool:\n ${{ if eq(variables['System.TeamProject'], 'public') }}:\n name: $[replace(replace(eq(contains(coalesce(variables['System.PullRequest.TargetBranch'], variables['Build.SourceBranch'], 'refs/heads/main'), 'release'), 'true'), True, 'NetCore-Svc-Public' ), False, 'NetCore-Public')]\n demands: ImageOverride -equals build.azurelinux.3.amd64.open\n ${{ if eq(variables['System.TeamProject'], 'internal') }}:\n name: $[replace(replace(eq(contains(coalesce(variables['System.PullRequest.TargetBranch'], variables['Build.SourceBranch'], 'refs/heads/main'), 'release'), 'true'), True, 'NetCore1ESPool-Svc-Internal'), False, 'NetCore1ESPool-Internal')]\n image: build.azurelinux.3.amd64\n os: linux\n ${{ else }}:\n pool:\n ${{ if eq(variables['System.TeamProject'], 'public') }}:\n name: $[replace(replace(eq(contains(coalesce(variables['System.PullRequest.TargetBranch'], variables['Build.SourceBranch'], 'refs/heads/main'), 'release'), 'true'), True, 'NetCore-Svc-Public' ), False, 'NetCore-Public')]\n demands: ImageOverride -equals build.azurelinux.3.amd64.open\n ${{ if eq(variables['System.TeamProject'], 'internal') }}:\n name: $[replace(replace(eq(contains(coalesce(variables['System.PullRequest.TargetBranch'], variables['Build.SourceBranch'], 'refs/heads/main'), 'release'), 'true'), True, 'NetCore1ESPool-Svc-Internal'), False, 'NetCore1ESPool-Internal')]\n demands: ImageOverride -equals build.azurelinux.3.amd64\n ${{ if ne(parameters.platform.pool, '') }}:\n pool: ${{ parameters.platform.pool }}\n\n workspace:\n clean: all\n\n steps:\n - ${{ if eq(parameters.is1ESPipeline, '') }}:\n - 'Illegal entry point, is1ESPipeline is not defined. Repository yaml should not directly reference templates in core-templates folder.': error\n\n - ${{ if eq(parameters.enableInternalSources, true) }}:\n - template: /eng/common/core-templates/steps/enable-internal-sources.yml\n parameters:\n is1ESPipeline: ${{ parameters.is1ESPipeline }}\n - template: /eng/common/core-templates/steps/enable-internal-runtimes.yml\n parameters:\n is1ESPipeline: ${{ parameters.is1ESPipeline }}\n - template: /eng/common/core-templates/steps/source-build.yml\n parameters:\n is1ESPipeline: ${{ parameters.is1ESPipeline }}\n platform: ${{ parameters.platform }}\n"
},
{
"path": "eng/common/core-templates/job/source-index-stage1.yml",
"content": "parameters:\n runAsPublic: false\n sourceIndexBuildCommand: powershell -NoLogo -NoProfile -ExecutionPolicy Bypass -Command \"eng/common/build.ps1 -restore -build -binarylog -ci\"\n preSteps: []\n binlogPath: artifacts/log/Debug/Build.binlog\n condition: eq(variables['Build.SourceBranch'], 'refs/heads/main')\n dependsOn: ''\n pool: ''\n is1ESPipeline: ''\n\njobs:\n- job: SourceIndexStage1\n dependsOn: ${{ parameters.dependsOn }}\n condition: ${{ parameters.condition }}\n variables:\n - name: BinlogPath\n value: ${{ parameters.binlogPath }}\n - template: /eng/common/core-templates/variables/pool-providers.yml\n parameters:\n is1ESPipeline: ${{ parameters.is1ESPipeline }}\n\n ${{ if ne(parameters.pool, '') }}:\n pool: ${{ parameters.pool }}\n ${{ if eq(parameters.pool, '') }}:\n pool:\n ${{ if eq(variables['System.TeamProject'], 'public') }}:\n name: $(DncEngPublicBuildPool)\n image: windows.vs2026preview.scout.amd64.open\n ${{ if eq(variables['System.TeamProject'], 'internal') }}:\n name: $(DncEngInternalBuildPool)\n image: windows.vs2026preview.scout.amd64\n\n steps:\n - ${{ if eq(parameters.is1ESPipeline, '') }}:\n - 'Illegal entry point, is1ESPipeline is not defined. Repository yaml should not directly reference templates in core-templates folder.': error\n\n - ${{ each preStep in parameters.preSteps }}:\n - ${{ preStep }}\n - script: ${{ parameters.sourceIndexBuildCommand }}\n displayName: Build Repository\n\n - template: /eng/common/core-templates/steps/source-index-stage1-publish.yml\n parameters:\n binLogPath: ${{ parameters.binLogPath }}\n"
},
{
"path": "eng/common/core-templates/jobs/codeql-build.yml",
"content": "parameters:\n # See schema documentation in /Documentation/AzureDevOps/TemplateSchema.md\n continueOnError: false\n # Required: A collection of jobs to run - https://docs.microsoft.com/en-us/azure/devops/pipelines/yaml-schema?view=vsts&tabs=schema#job\n jobs: []\n # Optional: if specified, restore and use this version of Guardian instead of the default.\n overrideGuardianVersion: ''\n is1ESPipeline: ''\n\njobs:\n- template: /eng/common/core-templates/jobs/jobs.yml\n parameters:\n is1ESPipeline: ${{ parameters.is1ESPipeline }}\n enableMicrobuild: false\n enablePublishBuildArtifacts: false\n enablePublishTestResults: false\n enablePublishBuildAssets: false\n enableTelemetry: true\n\n variables:\n - group: Publish-Build-Assets\n # The Guardian version specified in 'eng/common/sdl/packages.config'. This value must be kept in\n # sync with the packages.config file.\n - name: DefaultGuardianVersion\n value: 0.109.0\n - name: GuardianPackagesConfigFile\n value: $(System.DefaultWorkingDirectory)\\eng\\common\\sdl\\packages.config\n - name: GuardianVersion\n value: ${{ coalesce(parameters.overrideGuardianVersion, '$(DefaultGuardianVersion)') }}\n \n jobs: ${{ parameters.jobs }}\n \n"
},
{
"path": "eng/common/core-templates/jobs/jobs.yml",
"content": "parameters:\n # See schema documentation in /Documentation/AzureDevOps/TemplateSchema.md\n continueOnError: false\n\n # Optional: Include PublishBuildArtifacts task\n enablePublishBuildArtifacts: false\n\n # Optional: Enable running the source-build jobs to build repo from source\n enableSourceBuild: false\n\n # Optional: Parameters for source-build template.\n # See /eng/common/core-templates/jobs/source-build.yml for options\n sourceBuildParameters: []\n\n graphFileGeneration:\n # Optional: Enable generating the graph files at the end of the build\n enabled: false\n # Optional: Include toolset dependencies in the generated graph files\n includeToolset: false\n \n # Required: A collection of jobs to run - https://docs.microsoft.com/en-us/azure/devops/pipelines/yaml-schema?view=vsts&tabs=schema#job\n jobs: []\n\n # Optional: Override automatically derived dependsOn value for \"publish build assets\" job\n publishBuildAssetsDependsOn: ''\n\n # Optional: Publish the assets as soon as the publish to BAR stage is complete, rather doing so in a separate stage.\n publishAssetsImmediately: false\n\n # Optional: 🌤️ or not the build has assets it wants to publish to BAR\n isAssetlessBuild: false\n\n # Optional: If using publishAssetsImmediately and additional parameters are needed, can be used to send along additional parameters (normally sent to post-build.yml)\n artifactsPublishingAdditionalParameters: ''\n signingValidationAdditionalParameters: ''\n\n # Optional: should run as a public build even in the internal project\n # if 'true', the build won't run any of the internal only steps, even if it is running in non-public projects.\n runAsPublic: false\n\n enableSourceIndex: false\n sourceIndexParams: {}\n\n artifacts: {}\n is1ESPipeline: ''\n\n # Publishing version w/default.\n publishingVersion: 3\n\n repositoryAlias: self\n officialBuildId: ''\n\n# Internal resources (telemetry, microbuild) can only be accessed from non-public projects,\n# and some (Microbuild) should only be applied to non-PR cases for internal builds.\n\njobs:\n- ${{ each job in parameters.jobs }}:\n - ${{ if eq(parameters.is1ESPipeline, 'true') }}:\n - template: /eng/common/templates-official/job/job.yml\n parameters: \n # pass along parameters\n ${{ each parameter in parameters }}:\n ${{ if ne(parameter.key, 'jobs') }}:\n ${{ parameter.key }}: ${{ parameter.value }}\n\n # pass along job properties\n ${{ each property in job }}:\n ${{ if ne(property.key, 'job') }}:\n ${{ property.key }}: ${{ property.value }}\n\n name: ${{ job.job }}\n\n - ${{ else }}:\n - template: /eng/common/templates/job/job.yml\n parameters: \n # pass along parameters\n ${{ each parameter in parameters }}:\n ${{ if ne(parameter.key, 'jobs') }}:\n ${{ parameter.key }}: ${{ parameter.value }}\n\n # pass along job properties\n ${{ each property in job }}:\n ${{ if ne(property.key, 'job') }}:\n ${{ property.key }}: ${{ property.value }}\n\n name: ${{ job.job }}\n\n- ${{ if eq(parameters.enableSourceBuild, true) }}:\n - template: /eng/common/core-templates/jobs/source-build.yml\n parameters:\n is1ESPipeline: ${{ parameters.is1ESPipeline }}\n ${{ each parameter in parameters.sourceBuildParameters }}:\n ${{ parameter.key }}: ${{ parameter.value }}\n\n- ${{ if eq(parameters.enableSourceIndex, 'true') }}:\n - template: ../job/source-index-stage1.yml\n parameters:\n is1ESPipeline: ${{ parameters.is1ESPipeline }}\n runAsPublic: ${{ parameters.runAsPublic }}\n ${{ each parameter in parameters.sourceIndexParams }}:\n ${{ parameter.key }}: ${{ parameter.value }}\n\n- ${{ if and(eq(parameters.runAsPublic, 'false'), ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}:\n - ${{ if or(eq(parameters.enablePublishBuildAssets, true), eq(parameters.artifacts.publish.manifests, 'true'), ne(parameters.artifacts.publish.manifests, ''), eq(parameters.isAssetlessBuild, true)) }}:\n - template: ../job/publish-build-assets.yml\n parameters:\n is1ESPipeline: ${{ parameters.is1ESPipeline }}\n continueOnError: ${{ parameters.continueOnError }}\n publishingVersion: ${{ parameters.publishingVersion }}\n dependsOn:\n - ${{ if ne(parameters.publishBuildAssetsDependsOn, '') }}:\n - ${{ each job in parameters.publishBuildAssetsDependsOn }}:\n - ${{ job.job }}\n - ${{ if eq(parameters.publishBuildAssetsDependsOn, '') }}:\n - ${{ each job in parameters.jobs }}:\n - ${{ job.job }}\n\n runAsPublic: ${{ parameters.runAsPublic }}\n publishAssetsImmediately: ${{ or(parameters.publishAssetsImmediately, parameters.isAssetlessBuild) }}\n isAssetlessBuild: ${{ parameters.isAssetlessBuild }}\n enablePublishBuildArtifacts: ${{ parameters.enablePublishBuildArtifacts }}\n artifactsPublishingAdditionalParameters: ${{ parameters.artifactsPublishingAdditionalParameters }}\n signingValidationAdditionalParameters: ${{ parameters.signingValidationAdditionalParameters }}\n repositoryAlias: ${{ parameters.repositoryAlias }}\n officialBuildId: ${{ parameters.officialBuildId }}\n"
},
{
"path": "eng/common/core-templates/jobs/source-build.yml",
"content": "parameters:\n # This template adds arcade-powered source-build to CI. A job is created for each platform, as\n # well as an optional server job that completes when all platform jobs complete.\n\n # See /eng/common/core-templates/job/source-build.yml\n jobNamePrefix: 'Source_Build'\n\n # This is the default platform provided by Arcade, intended for use by a managed-only repo.\n defaultManagedPlatform:\n name: 'Managed'\n container: 'mcr.microsoft.com/dotnet-buildtools/prereqs:centos-stream-10-amd64'\n\n # Defines the platforms on which to run build jobs. One job is created for each platform, and the\n # object in this array is sent to the job template as 'platform'. If no platforms are specified,\n # one job runs on 'defaultManagedPlatform'.\n platforms: []\n\n is1ESPipeline: ''\n\n # If set to true and running on a non-public project,\n # Internal nuget and blob storage locations will be enabled.\n # This is not enabled by default because many repositories do not need internal sources\n # and do not need to have the required service connections approved in the pipeline.\n enableInternalSources: false\n\njobs:\n\n- ${{ each platform in parameters.platforms }}:\n - template: /eng/common/core-templates/job/source-build.yml\n parameters:\n is1ESPipeline: ${{ parameters.is1ESPipeline }}\n jobNamePrefix: ${{ parameters.jobNamePrefix }}\n platform: ${{ platform }}\n enableInternalSources: ${{ parameters.enableInternalSources }}\n\n- ${{ if eq(length(parameters.platforms), 0) }}:\n - template: /eng/common/core-templates/job/source-build.yml\n parameters:\n is1ESPipeline: ${{ parameters.is1ESPipeline }}\n jobNamePrefix: ${{ parameters.jobNamePrefix }}\n platform: ${{ parameters.defaultManagedPlatform }}\n enableInternalSources: ${{ parameters.enableInternalSources }}\n"
},
{
"path": "eng/common/core-templates/post-build/common-variables.yml",
"content": "variables:\n - group: Publish-Build-Assets\n\n # Whether the build is internal or not\n - name: IsInternalBuild\n value: ${{ and(ne(variables['System.TeamProject'], 'public'), contains(variables['Build.SourceBranch'], 'internal')) }}\n\n # Default Maestro++ API Endpoint and API Version\n - name: MaestroApiEndPoint\n value: \"https://maestro.dot.net\"\n - name: MaestroApiVersion\n value: \"2020-02-20\"\n\n - name: SourceLinkCLIVersion\n value: 3.0.0\n - name: SymbolToolVersion\n value: 1.0.1\n - name: BinlogToolVersion\n value: 1.0.11\n\n - name: runCodesignValidationInjection\n value: false\n"
},
{
"path": "eng/common/core-templates/post-build/post-build.yml",
"content": "parameters:\n # Which publishing infra should be used. THIS SHOULD MATCH THE VERSION ON THE BUILD MANIFEST.\n # Publishing V1 is no longer supported\n # Publishing V2 is no longer supported\n # Publishing V3 is the default\n - name: publishingInfraVersion\n displayName: Which version of publishing should be used to promote the build definition?\n type: number\n default: 3\n values:\n - 3\n - 4\n\n - name: BARBuildId\n displayName: BAR Build Id\n type: number\n default: 0\n\n - name: PromoteToChannelIds\n displayName: Channel to promote BARBuildId to\n type: string\n default: ''\n\n - name: enableSourceLinkValidation\n displayName: Enable SourceLink validation\n type: boolean\n default: false\n\n - name: enableSigningValidation\n displayName: Enable signing validation\n type: boolean\n default: true\n\n - name: enableSymbolValidation\n displayName: Enable symbol validation\n type: boolean\n default: false\n\n - name: enableNugetValidation\n displayName: Enable NuGet validation\n type: boolean\n default: true\n \n - name: publishInstallersAndChecksums\n displayName: Publish installers and checksums\n type: boolean\n default: true\n \n - name: requireDefaultChannels\n displayName: Fail the build if there are no default channel(s) registrations for the current build\n type: boolean\n default: false\n\n - name: SDLValidationParameters\n type: object\n default:\n enable: false\n publishGdn: false\n continueOnError: false\n params: ''\n artifactNames: ''\n downloadArtifacts: true\n\n - name: isAssetlessBuild\n type: boolean\n displayName: Is Assetless Build\n default: false\n\n # These parameters let the user customize the call to sdk-task.ps1 for publishing\n # symbols & general artifacts as well as for signing validation\n - name: symbolPublishingAdditionalParameters\n displayName: Symbol publishing additional parameters\n type: string\n default: ''\n\n - name: artifactsPublishingAdditionalParameters\n displayName: Artifact publishing additional parameters\n type: string\n default: ''\n\n - name: signingValidationAdditionalParameters\n displayName: Signing validation additional parameters\n type: string\n default: ''\n\n # Which stages should finish execution before post-build stages start\n - name: validateDependsOn\n type: object\n default:\n - build\n\n - name: publishDependsOn\n type: object\n default:\n - Validate\n\n # Optional: Call asset publishing rather than running in a separate stage\n - name: publishAssetsImmediately\n type: boolean\n default: false\n\n - name: is1ESPipeline\n type: boolean\n default: false\n\nstages:\n- ${{ if or(eq( parameters.enableNugetValidation, 'true'), eq(parameters.enableSigningValidation, 'true'), eq(parameters.enableSourceLinkValidation, 'true'), eq(parameters.SDLValidationParameters.enable, 'true')) }}:\n - stage: Validate\n dependsOn: ${{ parameters.validateDependsOn }}\n displayName: Validate Build Assets\n variables:\n - template: /eng/common/core-templates/post-build/common-variables.yml\n - template: /eng/common/core-templates/variables/pool-providers.yml\n parameters:\n is1ESPipeline: ${{ parameters.is1ESPipeline }}\n jobs:\n - job:\n displayName: NuGet Validation\n condition: and(succeededOrFailed(), eq( ${{ parameters.enableNugetValidation }}, 'true'))\n pool:\n # We don't use the collection uri here because it might vary (.visualstudio.com vs. dev.azure.com)\n ${{ if eq(variables['System.TeamProject'], 'DevDiv') }}:\n name: AzurePipelines-EO\n image: 1ESPT-Windows2025\n demands: Cmd\n os: windows\n # If it's not devdiv, it's dnceng\n ${{ else }}:\n ${{ if eq(parameters.is1ESPipeline, true) }}:\n name: $(DncEngInternalBuildPool)\n image: windows.vs2026preview.scout.amd64\n os: windows\n ${{ else }}:\n name: $(DncEngInternalBuildPool)\n demands: ImageOverride -equals windows.vs2026preview.scout.amd64\n\n steps:\n - template: /eng/common/core-templates/post-build/setup-maestro-vars.yml\n parameters:\n BARBuildId: ${{ parameters.BARBuildId }}\n PromoteToChannelIds: ${{ parameters.PromoteToChannelIds }}\n is1ESPipeline: ${{ parameters.is1ESPipeline }}\n\n - ${{ if ne(parameters.publishingInfraVersion, 4) }}:\n - task: DownloadBuildArtifacts@0\n displayName: Download Package Artifacts\n inputs:\n buildType: specific\n buildVersionToDownload: specific\n project: $(AzDOProjectName)\n pipeline: $(AzDOPipelineId)\n buildId: $(AzDOBuildId)\n artifactName: PackageArtifacts\n checkDownloadedFiles: true\n - ${{ if eq(parameters.publishingInfraVersion, 4) }}:\n - task: DownloadPipelineArtifact@2\n displayName: Download Pipeline Artifacts (V4)\n inputs:\n itemPattern: '*/packages/**/*.nupkg'\n targetPath: '$(Build.ArtifactStagingDirectory)/PipelineArtifactsDownload'\n - task: CopyFiles@2\n displayName: Flatten packages to PackageArtifacts\n inputs:\n SourceFolder: '$(Build.ArtifactStagingDirectory)/PipelineArtifactsDownload'\n Contents: '**/*.nupkg'\n TargetFolder: '$(Build.ArtifactStagingDirectory)/PackageArtifacts'\n flattenFolders: true\n\n - task: PowerShell@2\n displayName: Validate\n inputs:\n filePath: $(System.DefaultWorkingDirectory)/eng/common/post-build/nuget-validation.ps1\n arguments: -PackagesPath $(Build.ArtifactStagingDirectory)/PackageArtifacts/\n\n - job:\n displayName: Signing Validation\n condition: and( eq( ${{ parameters.enableSigningValidation }}, 'true'), ne( variables['PostBuildSign'], 'true'))\n pool:\n # We don't use the collection uri here because it might vary (.visualstudio.com vs. dev.azure.com)\n ${{ if eq(variables['System.TeamProject'], 'DevDiv') }}:\n name: AzurePipelines-EO\n image: 1ESPT-Windows2025\n demands: Cmd\n os: windows\n # If it's not devdiv, it's dnceng\n ${{ else }}:\n ${{ if eq(parameters.is1ESPipeline, true) }}: \n name: $(DncEngInternalBuildPool)\n image: windows.vs2026.amd64\n os: windows\n ${{ else }}:\n name: $(DncEngInternalBuildPool)\n demands: ImageOverride -equals windows.vs2026preview.scout.amd64\n steps:\n - template: /eng/common/core-templates/post-build/setup-maestro-vars.yml\n parameters:\n BARBuildId: ${{ parameters.BARBuildId }}\n PromoteToChannelIds: ${{ parameters.PromoteToChannelIds }}\n is1ESPipeline: ${{ parameters.is1ESPipeline }}\n\n - ${{ if ne(parameters.publishingInfraVersion, 4) }}:\n - task: DownloadBuildArtifacts@0\n displayName: Download Package Artifacts\n inputs:\n buildType: specific\n buildVersionToDownload: specific\n project: $(AzDOProjectName)\n pipeline: $(AzDOPipelineId)\n buildId: $(AzDOBuildId)\n artifactName: PackageArtifacts\n checkDownloadedFiles: true\n - ${{ if eq(parameters.publishingInfraVersion, 4) }}:\n - task: DownloadPipelineArtifact@2\n displayName: Download Pipeline Artifacts (V4)\n inputs:\n itemPattern: '*/packages/**/*.nupkg'\n targetPath: '$(Build.ArtifactStagingDirectory)/PipelineArtifactsDownload'\n - task: CopyFiles@2\n displayName: Flatten packages to PackageArtifacts\n inputs:\n SourceFolder: '$(Build.ArtifactStagingDirectory)/PipelineArtifactsDownload'\n Contents: '**/*.nupkg'\n TargetFolder: '$(Build.ArtifactStagingDirectory)/PackageArtifacts'\n flattenFolders: true\n\n # This is necessary whenever we want to publish/restore to an AzDO private feed\n # Since sdk-task.ps1 tries to restore packages we need to do this authentication here\n # otherwise it'll complain about accessing a private feed.\n - task: NuGetAuthenticate@1\n displayName: 'Authenticate to AzDO Feeds'\n\n # Signing validation will optionally work with the buildmanifest file which is downloaded from\n # Azure DevOps above.\n - task: PowerShell@2\n displayName: Validate\n inputs:\n filePath: eng\\common\\sdk-task.ps1\n arguments: -task SigningValidation -restore -msbuildEngine vs\n /p:PackageBasePath='$(Build.ArtifactStagingDirectory)/PackageArtifacts'\n /p:SignCheckExclusionsFile='$(System.DefaultWorkingDirectory)/eng/SignCheckExclusionsFile.txt'\n ${{ parameters.signingValidationAdditionalParameters }}\n\n - template: /eng/common/core-templates/steps/publish-logs.yml\n parameters:\n is1ESPipeline: ${{ parameters.is1ESPipeline }}\n StageLabel: 'Validation'\n JobLabel: 'Signing'\n BinlogToolVersion: $(BinlogToolVersion)\n\n - job:\n displayName: SourceLink Validation\n condition: eq( ${{ parameters.enableSourceLinkValidation }}, 'true')\n pool:\n # We don't use the collection uri here because it might vary (.visualstudio.com vs. dev.azure.com)\n ${{ if eq(variables['System.TeamProject'], 'DevDiv') }}:\n name: AzurePipelines-EO\n image: 1ESPT-Windows2025\n demands: Cmd\n os: windows\n # If it's not devdiv, it's dnceng\n ${{ else }}:\n ${{ if eq(parameters.is1ESPipeline, true) }}: \n name: $(DncEngInternalBuildPool)\n image: windows.vs2026.amd64\n os: windows\n ${{ else }}:\n name: $(DncEngInternalBuildPool)\n demands: ImageOverride -equals windows.vs2026preview.scout.amd64\n steps:\n - template: /eng/common/core-templates/post-build/setup-maestro-vars.yml\n parameters:\n BARBuildId: ${{ parameters.BARBuildId }}\n PromoteToChannelIds: ${{ parameters.PromoteToChannelIds }}\n is1ESPipeline: ${{ parameters.is1ESPipeline }}\n\n - ${{ if ne(parameters.publishingInfraVersion, 4) }}:\n - task: DownloadBuildArtifacts@0\n displayName: Download Blob Artifacts\n inputs:\n buildType: specific\n buildVersionToDownload: specific\n project: $(AzDOProjectName)\n pipeline: $(AzDOPipelineId)\n buildId: $(AzDOBuildId)\n artifactName: BlobArtifacts\n checkDownloadedFiles: true\n - ${{ if eq(parameters.publishingInfraVersion, 4) }}:\n - task: DownloadPipelineArtifact@2\n displayName: Download Pipeline Artifacts (V4)\n inputs:\n itemPattern: '*/assets/**'\n targetPath: '$(Build.ArtifactStagingDirectory)/PipelineArtifactsDownload'\n - task: CopyFiles@2\n displayName: Flatten assets to BlobArtifacts\n inputs:\n SourceFolder: '$(Build.ArtifactStagingDirectory)/PipelineArtifactsDownload'\n Contents: '**/*'\n TargetFolder: '$(Build.ArtifactStagingDirectory)/BlobArtifacts'\n flattenFolders: true\n\n - task: PowerShell@2\n displayName: Validate\n inputs:\n filePath: $(System.DefaultWorkingDirectory)/eng/common/post-build/sourcelink-validation.ps1\n arguments: -InputPath $(Build.ArtifactStagingDirectory)/BlobArtifacts/ \n -ExtractPath $(Agent.BuildDirectory)/Extract/ \n -GHRepoName $(Build.Repository.Name) \n -GHCommit $(Build.SourceVersion)\n -SourcelinkCliVersion $(SourceLinkCLIVersion)\n continueOnError: true\n\n- ${{ if ne(parameters.publishAssetsImmediately, 'true') }}:\n - stage: publish_using_darc\n ${{ if or(eq(parameters.enableNugetValidation, 'true'), eq(parameters.enableSigningValidation, 'true'), eq(parameters.enableSourceLinkValidation, 'true'), eq(parameters.SDLValidationParameters.enable, 'true')) }}:\n dependsOn: ${{ parameters.publishDependsOn }}\n ${{ else }}:\n dependsOn: ${{ parameters.validateDependsOn }}\n displayName: Publish using Darc\n variables:\n - template: /eng/common/core-templates/post-build/common-variables.yml\n - template: /eng/common/core-templates/variables/pool-providers.yml\n parameters:\n is1ESPipeline: ${{ parameters.is1ESPipeline }}\n jobs:\n - job:\n displayName: Publish Using Darc\n timeoutInMinutes: 120\n pool:\n # We don't use the collection uri here because it might vary (.visualstudio.com vs. dev.azure.com)\n ${{ if eq(variables['System.TeamProject'], 'DevDiv') }}:\n name: AzurePipelines-EO\n image: 1ESPT-Windows2025\n demands: Cmd\n os: windows\n # If it's not devdiv, it's dnceng\n ${{ else }}:\n ${{ if eq(parameters.is1ESPipeline, true) }}: \n name: NetCore1ESPool-Publishing-Internal\n image: windows.vs2026.amd64\n os: windows\n ${{ else }}:\n name: NetCore1ESPool-Publishing-Internal\n demands: ImageOverride -equals windows.vs2026.amd64\n steps:\n - template: /eng/common/core-templates/post-build/setup-maestro-vars.yml\n parameters:\n BARBuildId: ${{ parameters.BARBuildId }}\n PromoteToChannelIds: ${{ parameters.PromoteToChannelIds }}\n is1ESPipeline: ${{ parameters.is1ESPipeline }}\n\n - task: NuGetAuthenticate@1\n\n # Populate internal runtime variables.\n - template: /eng/common/templates/steps/enable-internal-sources.yml\n parameters:\n legacyCredential: $(dn-bot-dnceng-artifact-feeds-rw)\n\n - template: /eng/common/templates/steps/enable-internal-runtimes.yml\n\n # Darc is targeting 8.0, so make sure it's installed\n - task: UseDotNet@2\n inputs:\n version: 8.0.x\n\n - task: AzureCLI@2\n displayName: Publish Using Darc\n inputs:\n azureSubscription: \"Darc: Maestro Production\"\n scriptType: ps\n scriptLocation: scriptPath\n scriptPath: $(System.DefaultWorkingDirectory)/eng/common/post-build/publish-using-darc.ps1\n arguments: >\n -BuildId $(BARBuildId)\n -PublishingInfraVersion 3\n -AzdoToken '$(System.AccessToken)'\n -WaitPublishingFinish true\n -RequireDefaultChannels ${{ parameters.requireDefaultChannels }}\n -ArtifactsPublishingAdditionalParameters '${{ parameters.artifactsPublishingAdditionalParameters }}'\n -SymbolPublishingAdditionalParameters '${{ parameters.symbolPublishingAdditionalParameters }}'\n -SkipAssetsPublishing '${{ parameters.isAssetlessBuild }}'\n -runtimeSourceFeed https://ci.dot.net/internal \n -runtimeSourceFeedKey '$(dotnetbuilds-internal-container-read-token-base64)'\n"
},
{
"path": "eng/common/core-templates/post-build/setup-maestro-vars.yml",
"content": "parameters:\n BARBuildId: ''\n PromoteToChannelIds: ''\n is1ESPipeline: ''\n\nsteps:\n - ${{ if eq(parameters.is1ESPipeline, '') }}:\n - 'Illegal entry point, is1ESPipeline is not defined. Repository yaml should not directly reference templates in core-templates folder.': error\n\n - ${{ if eq(coalesce(parameters.PromoteToChannelIds, 0), 0) }}:\n - task: DownloadPipelineArtifact@2\n displayName: Download Release Configs\n inputs:\n artifactName: ReleaseConfigs\n targetPath: '$(Build.StagingDirectory)/ReleaseConfigs'\n\n - task: AzureCLI@2\n name: setReleaseVars\n displayName: Set Release Configs Vars\n inputs:\n azureSubscription: \"Darc: Maestro Production\"\n scriptType: pscore\n scriptLocation: inlineScript\n inlineScript: |\n try {\n if (!$Env:PromoteToMaestroChannels -or $Env:PromoteToMaestroChannels.Trim() -eq '') {\n $Content = Get-Content $(Build.StagingDirectory)/ReleaseConfigs/ReleaseConfigs.txt\n\n $BarId = $Content | Select -Index 0\n $Channels = $Content | Select -Index 1\n $IsStableBuild = $Content | Select -Index 2\n\n $AzureDevOpsProject = $Env:System_TeamProject\n $AzureDevOpsBuildDefinitionId = $Env:System_DefinitionId\n $AzureDevOpsBuildId = $Env:Build_BuildId\n }\n else {\n . $(System.DefaultWorkingDirectory)\\eng\\common\\tools.ps1\n $darc = Get-Darc\n $buildInfo = & $darc get-build `\n --id ${{ parameters.BARBuildId }} `\n --extended `\n --output-format json `\n --ci `\n | convertFrom-Json\n\n $BarId = ${{ parameters.BARBuildId }}\n $Channels = $Env:PromoteToMaestroChannels -split \",\"\n $Channels = $Channels -join \"][\"\n $Channels = \"[$Channels]\"\n\n $IsStableBuild = $buildInfo.stable\n $AzureDevOpsProject = $buildInfo.azureDevOpsProject\n $AzureDevOpsBuildDefinitionId = $buildInfo.azureDevOpsBuildDefinitionId\n $AzureDevOpsBuildId = $buildInfo.azureDevOpsBuildId\n }\n\n Write-Host \"##vso[task.setvariable variable=BARBuildId]$BarId\"\n Write-Host \"##vso[task.setvariable variable=TargetChannels]$Channels\"\n Write-Host \"##vso[task.setvariable variable=IsStableBuild]$IsStableBuild\"\n\n Write-Host \"##vso[task.setvariable variable=AzDOProjectName]$AzureDevOpsProject\"\n Write-Host \"##vso[task.setvariable variable=AzDOPipelineId]$AzureDevOpsBuildDefinitionId\"\n Write-Host \"##vso[task.setvariable variable=AzDOBuildId]$AzureDevOpsBuildId\"\n }\n catch {\n Write-Host $_\n Write-Host $_.Exception\n Write-Host $_.ScriptStackTrace\n exit 1\n }\n env:\n PromoteToMaestroChannels: ${{ parameters.PromoteToChannelIds }}\n"
},
{
"path": "eng/common/core-templates/steps/cleanup-microbuild.yml",
"content": "parameters:\n # Enable cleanup tasks for MicroBuild\n enableMicrobuild: false\n # Enable cleanup tasks for MicroBuild on Mac and Linux\n # Will be ignored if 'enableMicrobuild' is false or 'Agent.Os' is 'Windows_NT'\n enableMicrobuildForMacAndLinux: false\n continueOnError: false\n\nsteps:\n - ${{ if eq(parameters.enableMicrobuild, 'true') }}:\n - task: MicroBuildCleanup@1\n displayName: Execute Microbuild cleanup tasks\n condition: and(\n always(),\n or(\n and(\n eq(variables['Agent.Os'], 'Windows_NT'),\n in(variables['_SignType'], 'real', 'test')\n ),\n and(\n ${{ eq(parameters.enableMicrobuildForMacAndLinux, true) }},\n ne(variables['Agent.Os'], 'Windows_NT'),\n eq(variables['_SignType'], 'real')\n )\n ))\n continueOnError: ${{ parameters.continueOnError }}\n env:\n TeamName: $(_TeamName)\n"
},
{
"path": "eng/common/core-templates/steps/enable-internal-runtimes.yml",
"content": "# Obtains internal runtime download credentials and populates the 'dotnetbuilds-internal-container-read-token-base64'\n# variable with the base64-encoded SAS token, by default\n\nparameters:\n- name: federatedServiceConnection\n type: string\n default: 'dotnetbuilds-internal-read'\n- name: outputVariableName\n type: string\n default: 'dotnetbuilds-internal-container-read-token-base64'\n- name: expiryInHours\n type: number\n default: 1\n- name: base64Encode\n type: boolean\n default: true\n- name: is1ESPipeline\n type: boolean\n default: false\n\nsteps:\n- ${{ if ne(variables['System.TeamProject'], 'public') }}:\n - template: /eng/common/core-templates/steps/get-delegation-sas.yml\n parameters:\n federatedServiceConnection: ${{ parameters.federatedServiceConnection }}\n outputVariableName: ${{ parameters.outputVariableName }}\n expiryInHours: ${{ parameters.expiryInHours }}\n base64Encode: ${{ parameters.base64Encode }}\n storageAccount: dotnetbuilds\n container: internal\n permissions: rl\n is1ESPipeline: ${{ parameters.is1ESPipeline }}"
},
{
"path": "eng/common/core-templates/steps/enable-internal-sources.yml",
"content": "parameters:\n# This is the Azure federated service connection that we log into to get an access token.\n- name: nugetFederatedServiceConnection\n type: string\n default: 'dnceng-artifacts-feeds-read'\n- name: is1ESPipeline\n type: boolean\n default: false\n# Legacy parameters to allow for PAT usage\n- name: legacyCredential\n type: string\n default: ''\n\nsteps:\n- ${{ if ne(variables['System.TeamProject'], 'public') }}:\n - ${{ if ne(parameters.legacyCredential, '') }}:\n - task: PowerShell@2\n displayName: Setup Internal Feeds\n inputs:\n filePath: $(System.DefaultWorkingDirectory)/eng/common/SetupNugetSources.ps1\n arguments: -ConfigFile $(System.DefaultWorkingDirectory)/NuGet.config -Password $Env:Token\n env:\n Token: ${{ parameters.legacyCredential }}\n # If running on dnceng (internal project), just use the default behavior for NuGetAuthenticate.\n # If running on DevDiv, NuGetAuthenticate is not really an option. It's scoped to a single feed, and we have many feeds that\n # may be added. Instead, we'll use the traditional approach (add cred to nuget.config), but use an account token.\n - ${{ else }}:\n - ${{ if eq(variables['System.TeamProject'], 'internal') }}:\n - task: PowerShell@2\n displayName: Setup Internal Feeds\n inputs:\n filePath: $(System.DefaultWorkingDirectory)/eng/common/SetupNugetSources.ps1\n arguments: -ConfigFile $(System.DefaultWorkingDirectory)/NuGet.config\n - ${{ else }}:\n - template: /eng/common/templates/steps/get-federated-access-token.yml\n parameters:\n federatedServiceConnection: ${{ parameters.nugetFederatedServiceConnection }}\n outputVariableName: 'dnceng-artifacts-feeds-read-access-token'\n - task: PowerShell@2\n displayName: Setup Internal Feeds\n inputs:\n filePath: $(System.DefaultWorkingDirectory)/eng/common/SetupNugetSources.ps1\n arguments: -ConfigFile $(System.DefaultWorkingDirectory)/NuGet.config -Password $(dnceng-artifacts-feeds-read-access-token)\n # This is required in certain scenarios to install the ADO credential provider.\n # It installed by default in some msbuild invocations (e.g. VS msbuild), but needs to be installed for others\n # (e.g. dotnet msbuild).\n - task: NuGetAuthenticate@1\n"
},
{
"path": "eng/common/core-templates/steps/generate-sbom.yml",
"content": "parameters:\n PackageVersion: unused\n BuildDropPath: unused\n PackageName: unused\n ManifestDirPath: unused\n IgnoreDirectories: unused\n sbomContinueOnError: unused\n is1ESPipeline: unused\n publishArtifacts: unused\n\nsteps:\n- script: |\n echo \"##vso[task.logissue type=warning]Including generate-sbom.yml is deprecated, SBOM generation is handled 1ES PT now. Remove this include.\"\n displayName: Issue generate-sbom.yml deprecation warning\n"
},
{
"path": "eng/common/core-templates/steps/get-delegation-sas.yml",
"content": "parameters:\n- name: federatedServiceConnection\n type: string\n- name: outputVariableName\n type: string\n- name: expiryInHours\n type: number\n default: 1\n- name: base64Encode\n type: boolean\n default: false\n- name: storageAccount\n type: string\n- name: container\n type: string\n- name: permissions\n type: string\n default: 'rl'\n- name: is1ESPipeline\n type: boolean\n default: false\n\nsteps:\n- task: AzureCLI@2\n displayName: 'Generate delegation SAS Token for ${{ parameters.storageAccount }}/${{ parameters.container }}'\n inputs:\n azureSubscription: ${{ parameters.federatedServiceConnection }}\n scriptType: 'pscore'\n scriptLocation: 'inlineScript'\n inlineScript: |\n # Calculate the expiration of the SAS token and convert to UTC\n $expiry = (Get-Date).AddHours(${{ parameters.expiryInHours }}).ToUniversalTime().ToString(\"yyyy-MM-ddTHH:mm:ssZ\")\n\n $sas = az storage container generate-sas --account-name ${{ parameters.storageAccount }} --name ${{ parameters.container }} --permissions ${{ parameters.permissions }} --expiry $expiry --auth-mode login --as-user -o tsv\n\n if ($LASTEXITCODE -ne 0) {\n Write-Error \"Failed to generate SAS token.\"\n exit 1\n }\n\n if ('${{ parameters.base64Encode }}' -eq 'true') {\n $sas = [Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($sas))\n }\n\n Write-Host \"Setting '${{ parameters.outputVariableName }}' with the access token value\"\n Write-Host \"##vso[task.setvariable variable=${{ parameters.outputVariableName }};issecret=true]$sas\"\n"
},
{
"path": "eng/common/core-templates/steps/get-federated-access-token.yml",
"content": "parameters:\n- name: federatedServiceConnection\n type: string\n- name: outputVariableName\n type: string\n- name: is1ESPipeline\n type: boolean\n- name: stepName\n type: string\n default: 'getFederatedAccessToken'\n- name: condition\n type: string\n default: ''\n# Resource to get a token for. Common values include:\n# - '499b84ac-1321-427f-aa17-267ca6975798' for Azure DevOps\n# - 'https://storage.azure.com/' for storage\n# Defaults to Azure DevOps\n- name: resource\n type: string\n default: '499b84ac-1321-427f-aa17-267ca6975798'\n- name: isStepOutputVariable\n type: boolean\n default: false\n\nsteps:\n- task: AzureCLI@2\n displayName: 'Getting federated access token for feeds'\n name: ${{ parameters.stepName }}\n ${{ if ne(parameters.condition, '') }}:\n condition: ${{ parameters.condition }}\n inputs:\n azureSubscription: ${{ parameters.federatedServiceConnection }}\n scriptType: 'pscore'\n scriptLocation: 'inlineScript'\n inlineScript: |\n $accessToken = az account get-access-token --query accessToken --resource ${{ parameters.resource }} --output tsv\n if ($LASTEXITCODE -ne 0) {\n Write-Error \"Failed to get access token for resource '${{ parameters.resource }}'\"\n exit 1\n }\n Write-Host \"Setting '${{ parameters.outputVariableName }}' with the access token value\"\n Write-Host \"##vso[task.setvariable variable=${{ parameters.outputVariableName }};issecret=true;isOutput=${{ parameters.isStepOutputVariable }}]$accessToken\""
},
{
"path": "eng/common/core-templates/steps/install-microbuild.yml",
"content": "parameters:\n # Enable install tasks for MicroBuild\n enableMicrobuild: false\n # Enable install tasks for MicroBuild on Mac and Linux\n # Will be ignored if 'enableMicrobuild' is false or 'Agent.Os' is 'Windows_NT'\n enableMicrobuildForMacAndLinux: false\n # Determines whether the ESRP service connection information should be passed to the signing plugin.\n # This overlaps with _SignType to some degree. We only need the service connection for real signing.\n # It's important that the service connection not be passed to the MicroBuildSigningPlugin task in this place.\n # Doing so will cause the service connection to be authorized for the pipeline, which isn't allowed and won't work for non-prod.\n # Unfortunately, _SignType can't be used to exclude the use of the service connection in non-real sign scenarios. The\n # variable is not available in template expression. _SignType has a very large proliferation across .NET, so replacing it is tough.\n microbuildUseESRP: true\n # Microbuild installation directory\n microBuildOutputFolder: $(Agent.TempDirectory)/MicroBuild\n\n continueOnError: false\n\nsteps:\n - ${{ if eq(parameters.enableMicrobuild, 'true') }}:\n - ${{ if eq(parameters.enableMicrobuildForMacAndLinux, 'true') }}:\n # Needed to download the MicroBuild plugin nupkgs on Mac and Linux when nuget.exe is unavailable\n - task: UseDotNet@2\n displayName: Install .NET 8.0 SDK for MicroBuild Plugin\n inputs:\n packageType: sdk\n version: 8.0.x\n installationPath: ${{ parameters.microBuildOutputFolder }}/.dotnet-microbuild\n condition: and(succeeded(), ne(variables['Agent.Os'], 'Windows_NT'))\n\n - script: |\n set -euo pipefail\n\n # UseDotNet@2 prepends the dotnet executable path to the PATH variable, so we can call dotnet directly\n version=$(dotnet --version)\n cat << 'EOF' > ${{ parameters.microBuildOutputFolder }}/global.json\n {\n \"sdk\": {\n \"version\": \"$version\",\n \"paths\": [\n \"${{ parameters.microBuildOutputFolder }}/.dotnet-microbuild\"\n ],\n \"errorMessage\": \"The .NET SDK version $version is required to install the MicroBuild signing plugin.\"\n }\n }\n EOF\n displayName: 'Add global.json to MicroBuild Installation path'\n workingDirectory: ${{ parameters.microBuildOutputFolder }}\n condition: and(succeeded(), ne(variables['Agent.Os'], 'Windows_NT'))\n\n - script: |\n REM Check if ESRP is disabled while SignType is real\n if /I \"${{ parameters.microbuildUseESRP }}\"==\"false\" if /I \"$(_SignType)\"==\"real\" (\n echo Error: ESRP must be enabled when SignType is real.\n exit /b 1\n )\n displayName: 'Validate ESRP usage (Windows)'\n condition: and(succeeded(), eq(variables['Agent.Os'], 'Windows_NT'))\n - script: |\n # Check if ESRP is disabled while SignType is real\n if [ \"${{ parameters.microbuildUseESRP }}\" = \"false\" ] && [ \"$(_SignType)\" = \"real\" ]; then\n echo \"Error: ESRP must be enabled when SignType is real.\"\n exit 1\n fi\n displayName: 'Validate ESRP usage (Non-Windows)'\n condition: and(succeeded(), ne(variables['Agent.Os'], 'Windows_NT'))\n\n # Two different MB install steps. This is due to not being able to use the agent OS during\n # YAML expansion, and Windows vs. Linux/Mac uses different service connections. However,\n # we can avoid including the MB install step if not enabled at all. This avoids a bunch of\n # extra pipeline authorizations, since most pipelines do not sign on non-Windows.\n - task: MicroBuildSigningPlugin@4\n displayName: Install MicroBuild plugin (Windows)\n inputs:\n signType: $(_SignType)\n zipSources: false\n feedSource: https://dnceng.pkgs.visualstudio.com/_packaging/MicroBuildToolset/nuget/v3/index.json\n ${{ if eq(parameters.microbuildUseESRP, true) }}:\n ConnectedServiceName: 'MicroBuild Signing Task (DevDiv)'\n ${{ if eq(variables['System.TeamProject'], 'DevDiv') }}:\n ConnectedPMEServiceName: 6cc74545-d7b9-4050-9dfa-ebefcc8961ea\n ${{ else }}:\n ConnectedPMEServiceName: 248d384a-b39b-46e3-8ad5-c2c210d5e7ca\n env:\n TeamName: $(_TeamName)\n MicroBuildOutputFolderOverride: ${{ parameters.microBuildOutputFolder }}\n SYSTEM_ACCESSTOKEN: $(System.AccessToken)\n continueOnError: ${{ parameters.continueOnError }}\n condition: and(succeeded(), eq(variables['Agent.Os'], 'Windows_NT'), in(variables['_SignType'], 'real', 'test'))\n\n - ${{ if eq(parameters.enableMicrobuildForMacAndLinux, true) }}:\n - task: MicroBuildSigningPlugin@4\n displayName: Install MicroBuild plugin (non-Windows)\n inputs:\n signType: $(_SignType)\n zipSources: false\n feedSource: https://dnceng.pkgs.visualstudio.com/_packaging/MicroBuildToolset/nuget/v3/index.json\n workingDirectory: ${{ parameters.microBuildOutputFolder }}\n ${{ if eq(parameters.microbuildUseESRP, true) }}:\n ConnectedServiceName: 'MicroBuild Signing Task (DevDiv)'\n ${{ if eq(variables['System.TeamProject'], 'DevDiv') }}:\n ConnectedPMEServiceName: beb8cb23-b303-4c95-ab26-9e44bc958d39\n ${{ else }}:\n ConnectedPMEServiceName: c24de2a5-cc7a-493d-95e4-8e5ff5cad2bc\n env:\n TeamName: $(_TeamName)\n MicroBuildOutputFolderOverride: ${{ parameters.microBuildOutputFolder }}\n SYSTEM_ACCESSTOKEN: $(System.AccessToken)\n continueOnError: ${{ parameters.continueOnError }}\n condition: and(succeeded(), ne(variables['Agent.Os'], 'Windows_NT'), eq(variables['_SignType'], 'real'))\n"
},
{
"path": "eng/common/core-templates/steps/publish-build-artifacts.yml",
"content": "parameters:\n- name: is1ESPipeline\n type: boolean\n default: false\n- name: args\n type: object\n default: {}\nsteps:\n- ${{ if ne(parameters.is1ESPipeline, true) }}:\n - template: /eng/common/templates/steps/publish-build-artifacts.yml\n parameters:\n is1ESPipeline: ${{ parameters.is1ESPipeline }}\n ${{ each parameter in parameters.args }}:\n ${{ parameter.key }}: ${{ parameter.value }}\n- ${{ else }}:\n - template: /eng/common/templates-official/steps/publish-build-artifacts.yml\n parameters:\n is1ESPipeline: ${{ parameters.is1ESPipeline }}\n ${{ each parameter in parameters.args }}:\n ${{ parameter.key }}: ${{ parameter.value }}"
},
{
"path": "eng/common/core-templates/steps/publish-logs.yml",
"content": "parameters:\n StageLabel: ''\n JobLabel: ''\n CustomSensitiveDataList: ''\n # A default - in case value from eng/common/core-templates/post-build/common-variables.yml is not passed\n BinlogToolVersion: '1.0.11'\n is1ESPipeline: false\n\nsteps:\n- task: Powershell@2\n displayName: Prepare Binlogs to Upload\n inputs:\n targetType: inline\n script: |\n New-Item -ItemType Directory $(System.DefaultWorkingDirectory)/PostBuildLogs/${{parameters.StageLabel}}/${{parameters.JobLabel}}/\n Move-Item -Path $(System.DefaultWorkingDirectory)/artifacts/log/Debug/* $(System.DefaultWorkingDirectory)/PostBuildLogs/${{parameters.StageLabel}}/${{parameters.JobLabel}}/\n continueOnError: true\n condition: always()\n \n- task: PowerShell@2\n displayName: Redact Logs\n inputs:\n filePath: $(System.DefaultWorkingDirectory)/eng/common/post-build/redact-logs.ps1\n # For now this needs to have explicit list of all sensitive data. Taken from eng/publishing/v3/publish.yml\n # Sensitive data can as well be added to $(System.DefaultWorkingDirectory)/eng/BinlogSecretsRedactionFile.txt'\n # If the file exists - sensitive data for redaction will be sourced from it\n # (single entry per line, lines starting with '# ' are considered comments and skipped)\n arguments: -InputPath '$(System.DefaultWorkingDirectory)/PostBuildLogs' \n -BinlogToolVersion '${{parameters.BinlogToolVersion}}'\n -TokensFilePath '$(System.DefaultWorkingDirectory)/eng/BinlogSecretsRedactionFile.txt'\n -runtimeSourceFeed https://ci.dot.net/internal \n -runtimeSourceFeedKey '$(dotnetbuilds-internal-container-read-token-base64)'\n '$(publishing-dnceng-devdiv-code-r-build-re)'\n '$(dn-bot-all-orgs-artifact-feeds-rw)'\n '$(akams-client-id)'\n '$(microsoft-symbol-server-pat)'\n '$(symweb-symbol-server-pat)'\n '$(dnceng-symbol-server-pat)'\n '$(dn-bot-all-orgs-build-rw-code-rw)'\n '$(System.AccessToken)'\n ${{parameters.CustomSensitiveDataList}}\n continueOnError: true\n condition: always()\n\n- task: CopyFiles@2\n displayName: Gather post build logs\n inputs:\n SourceFolder: '$(System.DefaultWorkingDirectory)/PostBuildLogs'\n Contents: '**'\n TargetFolder: '$(Build.ArtifactStagingDirectory)/PostBuildLogs'\n condition: always()\n\n- template: /eng/common/core-templates/steps/publish-pipeline-artifacts.yml\n parameters:\n is1ESPipeline: ${{ parameters.is1ESPipeline }}\n args:\n displayName: Publish Logs\n targetPath: '$(Build.ArtifactStagingDirectory)/PostBuildLogs'\n artifactName: PostBuildLogs_${{ parameters.StageLabel }}_${{ parameters.JobLabel }}_Attempt$(System.JobAttempt)\n continueOnError: true\n condition: always()\n retryCountOnTaskFailure: 10 # for any files being locked\n isProduction: false # logs are non-production artifacts\n"
},
{
"path": "eng/common/core-templates/steps/publish-pipeline-artifacts.yml",
"content": "parameters:\n- name: is1ESPipeline\n type: boolean\n default: false\n\n- name: args\n type: object\n default: {} \n\nsteps:\n- ${{ if ne(parameters.is1ESPipeline, true) }}:\n - template: /eng/common/templates/steps/publish-pipeline-artifacts.yml\n parameters:\n ${{ each parameter in parameters }}:\n ${{ parameter.key }}: ${{ parameter.value }}\n- ${{ else }}:\n - template: /eng/common/templates-official/steps/publish-pipeline-artifacts.yml\n parameters:\n ${{ each parameter in parameters }}:\n ${{ parameter.key }}: ${{ parameter.value }}\n"
},
{
"path": "eng/common/core-templates/steps/retain-build.yml",
"content": "parameters:\n # Optional azure devops PAT with build execute permissions for the build's organization,\n # only needed if the build that should be retained ran on a different organization than \n # the pipeline where this template is executing from\n Token: ''\n # Optional BuildId to retain, defaults to the current running build\n BuildId: ''\n # Azure devops Organization URI for the build in the https://dev.azure.com/ format.\n # Defaults to the organization the current pipeline is running on\n AzdoOrgUri: '$(System.CollectionUri)'\n # Azure devops project for the build. Defaults to the project the current pipeline is running on\n AzdoProject: '$(System.TeamProject)'\n\nsteps:\n - task: powershell@2\n inputs:\n targetType: 'filePath'\n filePath: eng/common/retain-build.ps1\n pwsh: true\n arguments: >\n -AzdoOrgUri: ${{parameters.AzdoOrgUri}}\n -AzdoProject ${{parameters.AzdoProject}}\n -Token ${{coalesce(parameters.Token, '$env:SYSTEM_ACCESSTOKEN') }}\n -BuildId ${{coalesce(parameters.BuildId, '$env:BUILD_ID')}}\n displayName: Enable permanent build retention\n env:\n SYSTEM_ACCESSTOKEN: $(System.AccessToken)\n BUILD_ID: $(Build.BuildId)"
},
{
"path": "eng/common/core-templates/steps/send-to-helix.yml",
"content": "# Please remember to update the documentation if you make changes to these parameters!\nparameters:\n HelixSource: 'pr/default' # required -- sources must start with pr/, official/, prodcon/, or agent/\n HelixType: 'tests/default/' # required -- Helix telemetry which identifies what type of data this is; should include \"test\" for clarity and must end in '/'\n HelixBuild: $(Build.BuildNumber) # required -- the build number Helix will use to identify this -- automatically set to the AzDO build number\n HelixTargetQueues: '' # required -- semicolon-delimited list of Helix queues to test on; see https://helix.dot.net/ for a list of queues\n HelixAccessToken: '' # required -- access token to make Helix API requests; should be provided by the appropriate variable group\n HelixProjectPath: 'eng/common/helixpublish.proj' # optional -- path to the project file to build relative to BUILD_SOURCESDIRECTORY\n HelixProjectArguments: '' # optional -- arguments passed to the build command\n HelixConfiguration: '' # optional -- additional property attached to a job\n HelixPreCommands: '' # optional -- commands to run before Helix work item execution\n HelixPostCommands: '' # optional -- commands to run after Helix work item execution\n WorkItemDirectory: '' # optional -- a payload directory to zip up and send to Helix; requires WorkItemCommand; incompatible with XUnitProjects\n WorkItemCommand: '' # optional -- a command to execute on the payload; requires WorkItemDirectory; incompatible with XUnitProjects\n WorkItemTimeout: '' # optional -- a timeout in TimeSpan.Parse-ready value (e.g. 00:02:00) for the work item command; requires WorkItemDirectory; incompatible with XUnitProjects\n CorrelationPayloadDirectory: '' # optional -- a directory to zip up and send to Helix as a correlation payload\n XUnitProjects: '' # optional -- semicolon-delimited list of XUnitProjects to parse and send to Helix; requires XUnitRuntimeTargetFramework, XUnitPublishTargetFramework, XUnitRunnerVersion, and IncludeDotNetCli=true\n XUnitWorkItemTimeout: '' # optional -- the workitem timeout in seconds for all workitems created from the xUnit projects specified by XUnitProjects\n XUnitPublishTargetFramework: '' # optional -- framework to use to publish your xUnit projects\n XUnitRuntimeTargetFramework: '' # optional -- framework to use for the xUnit console runner\n XUnitRunnerVersion: '' # optional -- version of the xUnit nuget package you wish to use on Helix; required for XUnitProjects\n IncludeDotNetCli: false # optional -- true will download a version of the .NET CLI onto the Helix machine as a correlation payload; requires DotNetCliPackageType and DotNetCliVersion\n DotNetCliPackageType: '' # optional -- either 'sdk', 'runtime' or 'aspnetcore-runtime'; determines whether the sdk or runtime will be sent to Helix; see https://raw.githubusercontent.com/dotnet/core/main/release-notes/releases-index.json\n DotNetCliVersion: '' # optional -- version of the CLI to send to Helix; based on this: https://raw.githubusercontent.com/dotnet/core/main/release-notes/releases-index.json\n WaitForWorkItemCompletion: true # optional -- true will make the task wait until work items have been completed and fail the build if work items fail. False is \"fire and forget.\"\n IsExternal: false # [DEPRECATED] -- doesn't do anything, jobs are external if HelixAccessToken is empty and Creator is set\n HelixBaseUri: 'https://helix.dot.net/' # optional -- sets the Helix API base URI (allows targeting https://helix.int-dot.net )\n Creator: '' # optional -- if the build is external, use this to specify who is sending the job\n DisplayNamePrefix: 'Run Tests' # optional -- rename the beginning of the displayName of the steps in AzDO \n condition: succeeded() # optional -- condition for step to execute; defaults to succeeded()\n continueOnError: false # optional -- determines whether to continue the build if the step errors; defaults to false\n\nsteps:\n - powershell: 'powershell \"$env:BUILD_SOURCESDIRECTORY\\eng\\common\\msbuild.ps1 $env:BUILD_SOURCESDIRECTORY/${{ parameters.HelixProjectPath }} /restore /p:TreatWarningsAsErrors=false ${{ parameters.HelixProjectArguments }} /t:Test /bl:$env:BUILD_SOURCESDIRECTORY\\artifacts\\log\\$env:BuildConfig\\SendToHelix.binlog\"'\n displayName: ${{ parameters.DisplayNamePrefix }} (Windows)\n env:\n BuildConfig: $(_BuildConfig)\n HelixSource: ${{ parameters.HelixSource }}\n HelixType: ${{ parameters.HelixType }}\n HelixBuild: ${{ parameters.HelixBuild }}\n HelixConfiguration: ${{ parameters.HelixConfiguration }}\n HelixTargetQueues: ${{ parameters.HelixTargetQueues }}\n HelixAccessToken: ${{ parameters.HelixAccessToken }}\n HelixPreCommands: ${{ parameters.HelixPreCommands }}\n HelixPostCommands: ${{ parameters.HelixPostCommands }}\n WorkItemDirectory: ${{ parameters.WorkItemDirectory }}\n WorkItemCommand: ${{ parameters.WorkItemCommand }}\n WorkItemTimeout: ${{ parameters.WorkItemTimeout }}\n CorrelationPayloadDirectory: ${{ parameters.CorrelationPayloadDirectory }}\n XUnitProjects: ${{ parameters.XUnitProjects }}\n XUnitWorkItemTimeout: ${{ parameters.XUnitWorkItemTimeout }}\n XUnitPublishTargetFramework: ${{ parameters.XUnitPublishTargetFramework }}\n XUnitRuntimeTargetFramework: ${{ parameters.XUnitRuntimeTargetFramework }}\n XUnitRunnerVersion: ${{ parameters.XUnitRunnerVersion }}\n IncludeDotNetCli: ${{ parameters.IncludeDotNetCli }}\n DotNetCliPackageType: ${{ parameters.DotNetCliPackageType }}\n DotNetCliVersion: ${{ parameters.DotNetCliVersion }}\n WaitForWorkItemCompletion: ${{ parameters.WaitForWorkItemCompletion }}\n HelixBaseUri: ${{ parameters.HelixBaseUri }}\n Creator: ${{ parameters.Creator }}\n SYSTEM_ACCESSTOKEN: $(System.AccessToken)\n condition: and(${{ parameters.condition }}, eq(variables['Agent.Os'], 'Windows_NT'))\n continueOnError: ${{ parameters.continueOnError }}\n - script: $BUILD_SOURCESDIRECTORY/eng/common/msbuild.sh $BUILD_SOURCESDIRECTORY/${{ parameters.HelixProjectPath }} /restore /p:TreatWarningsAsErrors=false ${{ parameters.HelixProjectArguments }} /t:Test /bl:$BUILD_SOURCESDIRECTORY/artifacts/log/$BuildConfig/SendToHelix.binlog\n displayName: ${{ parameters.DisplayNamePrefix }} (Unix)\n env:\n BuildConfig: $(_BuildConfig)\n HelixSource: ${{ parameters.HelixSource }}\n HelixType: ${{ parameters.HelixType }}\n HelixBuild: ${{ parameters.HelixBuild }}\n HelixConfiguration: ${{ parameters.HelixConfiguration }}\n HelixTargetQueues: ${{ parameters.HelixTargetQueues }}\n HelixAccessToken: ${{ parameters.HelixAccessToken }}\n HelixPreCommands: ${{ parameters.HelixPreCommands }}\n HelixPostCommands: ${{ parameters.HelixPostCommands }}\n WorkItemDirectory: ${{ parameters.WorkItemDirectory }}\n WorkItemCommand: ${{ parameters.WorkItemCommand }}\n WorkItemTimeout: ${{ parameters.WorkItemTimeout }}\n CorrelationPayloadDirectory: ${{ parameters.CorrelationPayloadDirectory }}\n XUnitProjects: ${{ parameters.XUnitProjects }}\n XUnitWorkItemTimeout: ${{ parameters.XUnitWorkItemTimeout }}\n XUnitPublishTargetFramework: ${{ parameters.XUnitPublishTargetFramework }}\n XUnitRuntimeTargetFramework: ${{ parameters.XUnitRuntimeTargetFramework }}\n XUnitRunnerVersion: ${{ parameters.XUnitRunnerVersion }}\n IncludeDotNetCli: ${{ parameters.IncludeDotNetCli }}\n DotNetCliPackageType: ${{ parameters.DotNetCliPackageType }}\n DotNetCliVersion: ${{ parameters.DotNetCliVersion }}\n WaitForWorkItemCompletion: ${{ parameters.WaitForWorkItemCompletion }}\n HelixBaseUri: ${{ parameters.HelixBaseUri }}\n Creator: ${{ parameters.Creator }}\n SYSTEM_ACCESSTOKEN: $(System.AccessToken)\n condition: and(${{ parameters.condition }}, ne(variables['Agent.Os'], 'Windows_NT'))\n continueOnError: ${{ parameters.continueOnError }}\n"
},
{
"path": "eng/common/core-templates/steps/source-build.yml",
"content": "parameters:\n # This template adds arcade-powered source-build to CI.\n\n # This is a 'steps' template, and is intended for advanced scenarios where the existing build\n # infra has a careful build methodology that must be followed. For example, a repo\n # (dotnet/runtime) might choose to clone the GitHub repo only once and store it as a pipeline\n # artifact for all subsequent jobs to use, to reduce dependence on a strong network connection to\n # GitHub. Using this steps template leaves room for that infra to be included.\n\n # Defines the platform on which to run the steps. See 'eng/common/core-templates/job/source-build.yml'\n # for details. The entire object is described in the 'job' template for simplicity, even though\n # the usage of the properties on this object is split between the 'job' and 'steps' templates.\n platform: {}\n is1ESPipeline: false\n\nsteps:\n# Build. Keep it self-contained for simple reusability. (No source-build-specific job variables.)\n- script: |\n set -x\n df -h\n\n # If building on the internal project, the internal storage variable may be available (usually only if needed)\n # In that case, add variables to allow the download of internal runtimes if the specified versions are not found\n # in the default public locations.\n internalRuntimeDownloadArgs=\n if [ '$(dotnetbuilds-internal-container-read-token-base64)' != '$''(dotnetbuilds-internal-container-read-token-base64)' ]; then\n internalRuntimeDownloadArgs='/p:DotNetRuntimeSourceFeed=https://ci.dot.net/internal /p:DotNetRuntimeSourceFeedKey=$(dotnetbuilds-internal-container-read-token-base64) --runtimesourcefeed https://ci.dot.net/internal --runtimesourcefeedkey '$(dotnetbuilds-internal-container-read-token-base64)''\n fi\n\n buildConfig=Release\n # Check if AzDO substitutes in a build config from a variable, and use it if so.\n if [ '$(_BuildConfig)' != '$''(_BuildConfig)' ]; then\n buildConfig='$(_BuildConfig)'\n fi\n\n targetRidArgs=\n if [ '${{ parameters.platform.targetRID }}' != '' ]; then\n targetRidArgs='/p:TargetRid=${{ parameters.platform.targetRID }}'\n fi\n\n portableBuildArgs=\n if [ '${{ parameters.platform.portableBuild }}' != '' ]; then\n portableBuildArgs='/p:PortableBuild=${{ parameters.platform.portableBuild }}'\n fi\n\n ${{ coalesce(parameters.platform.buildScript, './build.sh') }} --ci \\\n --configuration $buildConfig \\\n --restore --build --pack -bl \\\n --source-build \\\n ${{ parameters.platform.buildArguments }} \\\n $internalRuntimeDownloadArgs \\\n $targetRidArgs \\\n $portableBuildArgs \\\n displayName: Build\n\n- template: /eng/common/core-templates/steps/publish-pipeline-artifacts.yml\n parameters:\n is1ESPipeline: ${{ parameters.is1ESPipeline }}\n args:\n displayName: Publish BuildLogs\n targetPath: artifacts/log/${{ coalesce(variables._BuildConfig, 'Release') }}\n artifactName: BuildLogs_SourceBuild_${{ parameters.platform.name }}_Attempt$(System.JobAttempt)\n continueOnError: true\n condition: succeededOrFailed()\n isProduction: false # logs are non-production artifacts\n"
},
{
"path": "eng/common/core-templates/steps/source-index-stage1-publish.yml",
"content": "parameters:\n sourceIndexUploadPackageVersion: 2.0.0-20250818.1\n sourceIndexProcessBinlogPackageVersion: 1.0.1-20250818.1\n sourceIndexPackageSource: https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-tools/nuget/v3/index.json\n binlogPath: artifacts/log/Debug/Build.binlog\n\nsteps:\n- task: UseDotNet@2\n displayName: \"Source Index: Use .NET 9 SDK\"\n inputs:\n packageType: sdk\n version: 9.0.x\n installationPath: $(Agent.TempDirectory)/dotnet\n workingDirectory: $(Agent.TempDirectory)\n\n- script: |\n $(Agent.TempDirectory)/dotnet/dotnet tool install BinLogToSln --version ${{parameters.sourceIndexProcessBinlogPackageVersion}} --add-source ${{parameters.SourceIndexPackageSource}} --tool-path $(Agent.TempDirectory)/.source-index/tools\n $(Agent.TempDirectory)/dotnet/dotnet tool install UploadIndexStage1 --version ${{parameters.sourceIndexUploadPackageVersion}} --add-source ${{parameters.SourceIndexPackageSource}} --tool-path $(Agent.TempDirectory)/.source-index/tools\n displayName: \"Source Index: Download netsourceindex Tools\"\n # Set working directory to temp directory so 'dotnet' doesn't try to use global.json and use the repo's sdk.\n workingDirectory: $(Agent.TempDirectory)\n\n- script: $(Agent.TempDirectory)/.source-index/tools/BinLogToSln -i ${{parameters.BinlogPath}} -r $(System.DefaultWorkingDirectory) -n $(Build.Repository.Name) -o .source-index/stage1output\n displayName: \"Source Index: Process Binlog into indexable sln\"\n\n- ${{ if and(ne(parameters.runAsPublic, 'true'), ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}:\n - task: AzureCLI@2\n displayName: \"Source Index: Upload Source Index stage1 artifacts to Azure\"\n inputs:\n azureSubscription: 'SourceDotNet Stage1 Publish'\n addSpnToEnvironment: true\n scriptType: 'ps'\n scriptLocation: 'inlineScript'\n inlineScript: |\n $(Agent.TempDirectory)/.source-index/tools/UploadIndexStage1 -i .source-index/stage1output -n $(Build.Repository.Name) -s netsourceindexstage1 -b stage1\n"
},
{
"path": "eng/common/core-templates/variables/pool-providers.yml",
"content": "parameters:\n is1ESPipeline: false\n\nvariables:\n - ${{ if eq(parameters.is1ESPipeline, 'true') }}:\n - template: /eng/common/templates-official/variables/pool-providers.yml\n - ${{ else }}:\n - template: /eng/common/templates/variables/pool-providers.yml"
},
{
"path": "eng/common/cross/arm/tizen/tizen.patch",
"content": "diff -u -r a/usr/lib/libc.so b/usr/lib/libc.so\n--- a/usr/lib/libc.so\t2016-12-30 23:00:08.284951863 +0900\n+++ b/usr/lib/libc.so\t2016-12-30 23:00:32.140951815 +0900\n@@ -2,4 +2,4 @@\n Use the shared library, but some functions are only in\n the static library, so try that secondarily. */\n OUTPUT_FORMAT(elf32-littlearm)\n-GROUP ( /lib/libc.so.6 /usr/lib/libc_nonshared.a AS_NEEDED ( /lib/ld-linux-armhf.so.3 ) )\n+GROUP ( libc.so.6 libc_nonshared.a AS_NEEDED ( ld-linux-armhf.so.3 ) )\n"
},
{
"path": "eng/common/cross/arm64/tizen/tizen.patch",
"content": "diff -u -r a/usr/lib/libc.so b/usr/lib/libc.so\n--- a/usr/lib64/libc.so\t2016-12-30 23:00:08.284951863 +0900\n+++ b/usr/lib64/libc.so\t2016-12-30 23:00:32.140951815 +0900\n@@ -2,4 +2,4 @@\n Use the shared library, but some functions are only in\n the static library, so try that secondarily. */\n OUTPUT_FORMAT(elf64-littleaarch64)\n-GROUP ( /lib64/libc.so.6 /usr/lib64/libc_nonshared.a AS_NEEDED ( /lib64/ld-linux-aarch64.so.1 ) )\n+GROUP ( libc.so.6 libc_nonshared.a AS_NEEDED ( ld-linux-aarch64.so.1 ) )\n"
},
{
"path": "eng/common/cross/armel/tizen/tizen.patch",
"content": "diff -u -r a/usr/lib/libc.so b/usr/lib/libc.so\n--- a/usr/lib/libc.so\t2016-12-30 23:00:08.284951863 +0900\n+++ b/usr/lib/libc.so\t2016-12-30 23:00:32.140951815 +0900\n@@ -2,4 +2,4 @@\n Use the shared library, but some functions are only in\n the static library, so try that secondarily. */\n OUTPUT_FORMAT(elf32-littlearm)\n-GROUP ( /lib/libc.so.6 /usr/lib/libc_nonshared.a AS_NEEDED ( /lib/ld-linux.so.3 ) )\n+GROUP ( libc.so.6 libc_nonshared.a AS_NEEDED ( ld-linux.so.3 ) )\n"
},
{
"path": "eng/common/cross/build-android-rootfs.sh",
"content": "#!/usr/bin/env bash\nset -e\n__NDK_Version=r21\n\nusage()\n{\n echo \"Creates a toolchain and sysroot used for cross-compiling for Android.\"\n echo\n echo \"Usage: $0 [BuildArch] [ApiLevel] [--ndk NDKVersion]\"\n echo\n echo \"BuildArch is the target architecture of Android. Currently only arm64 is supported.\"\n echo \"ApiLevel is the target Android API level. API levels usually match to Android releases. See https://source.android.com/source/build-numbers.html\"\n echo \"NDKVersion is the version of Android NDK. The default is r21. See https://developer.android.com/ndk/downloads/revision_history\"\n echo\n echo \"By default, the toolchain and sysroot will be generated in cross/android-rootfs/toolchain/[BuildArch]. You can change this behavior\"\n echo \"by setting the TOOLCHAIN_DIR environment variable\"\n echo\n echo \"By default, the NDK will be downloaded into the cross/android-rootfs/android-ndk-$__NDK_Version directory. If you already have an NDK installation,\"\n echo \"you can set the NDK_DIR environment variable to have this script use that installation of the NDK.\"\n echo \"By default, this script will generate a file, android_platform, in the root of the ROOTFS_DIR directory that contains the RID for the supported and tested Android build: android.28-arm64. This file is to replace '/etc/os-release', which is not available for Android.\"\n exit 1\n}\n\n__ApiLevel=28 # The minimum platform for arm64 is API level 21 but the minimum version that support glob(3) is 28. See $ANDROID_NDK/toolchains/llvm/prebuilt/linux-x86_64/sysroot/usr/include/glob.h\n__BuildArch=arm64\n__AndroidArch=aarch64\n__AndroidToolchain=aarch64-linux-android\n\nwhile :; do\n if [[ \"$#\" -le 0 ]]; then\n break\n fi\n\n i=$1\n\n lowerI=\"$(echo $i | tr \"[:upper:]\" \"[:lower:]\")\"\n case $lowerI in\n -?|-h|--help)\n usage\n exit 1\n ;;\n arm64)\n __BuildArch=arm64\n __AndroidArch=aarch64\n __AndroidToolchain=aarch64-linux-android\n ;;\n arm)\n __BuildArch=arm\n __AndroidArch=arm\n __AndroidToolchain=arm-linux-androideabi\n ;;\n --ndk)\n shift\n __NDK_Version=$1\n ;;\n *[0-9])\n __ApiLevel=$i\n ;;\n *)\n __UnprocessedBuildArgs=\"$__UnprocessedBuildArgs $i\"\n ;;\n esac\n shift\ndone\n\nif [[ \"$__NDK_Version\" == \"r21\" ]] || [[ \"$__NDK_Version\" == \"r22\" ]]; then\n __NDK_File_Arch_Spec=-x86_64\n __SysRoot=sysroot\nelse\n __NDK_File_Arch_Spec=\n __SysRoot=toolchains/llvm/prebuilt/linux-x86_64/sysroot\nfi\n\n# Obtain the location of the bash script to figure out where the root of the repo is.\n__ScriptBaseDir=\"$( cd \"$( dirname \"${BASH_SOURCE[0]}\" )\" && pwd )\"\n\n__CrossDir=\"$__ScriptBaseDir/../../../.tools/android-rootfs\"\n\nif [[ ! -f \"$__CrossDir\" ]]; then\n mkdir -p \"$__CrossDir\"\nfi\n\n# Resolve absolute path to avoid `../` in build logs\n__CrossDir=\"$( cd \"$__CrossDir\" && pwd )\"\n\n__NDK_Dir=\"$__CrossDir/android-ndk-$__NDK_Version\"\n__lldb_Dir=\"$__CrossDir/lldb\"\n__ToolchainDir=\"$__CrossDir/android-ndk-$__NDK_Version\"\n\nif [[ -n \"$TOOLCHAIN_DIR\" ]]; then\n __ToolchainDir=$TOOLCHAIN_DIR\nfi\n\nif [[ -n \"$NDK_DIR\" ]]; then\n __NDK_Dir=$NDK_DIR\nfi\n\necho \"Target API level: $__ApiLevel\"\necho \"Target architecture: $__BuildArch\"\necho \"NDK version: $__NDK_Version\"\necho \"NDK location: $__NDK_Dir\"\necho \"Target Toolchain location: $__ToolchainDir\"\n\n# Download the NDK if required\nif [ ! -d $__NDK_Dir ]; then\n echo Downloading the NDK into $__NDK_Dir\n mkdir -p $__NDK_Dir\n wget -q --progress=bar:force:noscroll --show-progress https://dl.google.com/android/repository/android-ndk-$__NDK_Version-linux$__NDK_File_Arch_Spec.zip -O $__CrossDir/android-ndk-$__NDK_Version-linux.zip\n unzip -q $__CrossDir/android-ndk-$__NDK_Version-linux.zip -d $__CrossDir\nfi\n\nif [ ! -d $__lldb_Dir ]; then\n mkdir -p $__lldb_Dir\n echo Downloading LLDB into $__lldb_Dir\n wget -q --progress=bar:force:noscroll --show-progress https://dl.google.com/android/repository/lldb-2.3.3614996-linux-x86_64.zip -O $__CrossDir/lldb-2.3.3614996-linux-x86_64.zip\n unzip -q $__CrossDir/lldb-2.3.3614996-linux-x86_64.zip -d $__lldb_Dir\nfi\n\necho \"Download dependencies...\"\n__TmpDir=$__CrossDir/tmp/$__BuildArch/\nmkdir -p \"$__TmpDir\"\n\n# combined dependencies for coreclr, installer and libraries\n__AndroidPackages=\"libicu\"\n__AndroidPackages+=\" libandroid-glob\"\n__AndroidPackages+=\" liblzma\"\n__AndroidPackages+=\" krb5\"\n__AndroidPackages+=\" openssl\"\n\nfor path in $(wget -qO- https://packages.termux.dev/termux-main-21/dists/stable/main/binary-$__AndroidArch/Packages |\\\n grep -A15 \"Package: \\(${__AndroidPackages// /\\\\|}\\)\" | grep -v \"static\\|tool\" | grep Filename); do\n\n if [[ \"$path\" != \"Filename:\" ]]; then\n echo \"Working on: $path\"\n wget -qO- https://packages.termux.dev/termux-main-21/$path | dpkg -x - \"$__TmpDir\"\n fi\ndone\n\ncp -R \"$__TmpDir/data/data/com.termux/files/usr/\"* \"$__ToolchainDir/$__SysRoot/usr/\"\n\n# Generate platform file for build.sh script to assign to __DistroRid\necho \"Generating platform file...\"\necho \"RID=android.${__ApiLevel}-${__BuildArch}\" > $__ToolchainDir/$__SysRoot/android_platform\n\necho \"Now to build coreclr, libraries and host; run:\"\necho ROOTFS_DIR=$(realpath $__ToolchainDir/$__SysRoot) ./build.sh clr+libs+host --cross --arch $__BuildArch\n"
},
{
"path": "eng/common/cross/build-rootfs.sh",
"content": "#!/usr/bin/env bash\n\nset -e\n\nusage()\n{\n echo \"Usage: $0 [BuildArch] [CodeName] [lldbx.y] [llvmx[.y]] [--skipunmount] --rootfsdir ]\"\n echo \"BuildArch can be: arm(default), arm64, armel, armv6, loongarch64, ppc64le, riscv64, s390x, x64, x86\"\n echo \"CodeName - optional, Code name for Linux, can be: xenial(default), zesty, bionic, alpine\"\n echo \" for alpine can be specified with version: alpineX.YY or alpineedge\"\n echo \" for FreeBSD can be: freebsd13, freebsd14\"\n echo \" for illumos can be: illumos\"\n echo \" for Haiku can be: haiku.\"\n echo \"lldbx.y - optional, LLDB version, can be: lldb3.9(default), lldb4.0, lldb5.0, lldb6.0 no-lldb. Ignored for alpine and FreeBSD\"\n echo \"llvmx[.y] - optional, LLVM version for LLVM related packages.\"\n echo \"--skipunmount - optional, will skip the unmount of rootfs folder.\"\n echo \"--skipsigcheck - optional, will skip package signature checks (allowing untrusted packages).\"\n echo \"--skipemulation - optional, will skip qemu and debootstrap requirement when building environment for debian based systems.\"\n echo \"--use-mirror - optional, use mirror URL to fetch resources, when available.\"\n echo \"--jobs N - optional, restrict to N jobs.\"\n exit 1\n}\n\n__CodeName=xenial\n__CrossDir=$( cd \"$( dirname \"${BASH_SOURCE[0]}\" )\" && pwd )\n__BuildArch=arm\n__AlpineArch=armv7\n__FreeBSDArch=arm\n__FreeBSDMachineArch=armv7\n__IllumosArch=arm7\n__HaikuArch=arm\n__QEMUArch=arm\n__UbuntuArch=armhf\n__UbuntuRepo=\n__UbuntuSuites=\"updates security backports\"\n__LLDB_Package=\"liblldb-3.9-dev\"\n__SkipUnmount=0\n\n# base development support\n__UbuntuPackages=\"build-essential\"\n\n__AlpinePackages=\"alpine-base\"\n__AlpinePackages+=\" build-base\"\n__AlpinePackages+=\" linux-headers\"\n__AlpinePackages+=\" lldb-dev\"\n__AlpinePackages+=\" python3\"\n__AlpinePackages+=\" libedit\"\n\n# symlinks fixer\n__UbuntuPackages+=\" symlinks\"\n\n# runtime dependencies\n__UbuntuPackages+=\" libicu-dev\"\n__UbuntuPackages+=\" liblttng-ust-dev\"\n__UbuntuPackages+=\" libunwind8-dev\"\n\n__AlpinePackages+=\" gettext-dev\"\n__AlpinePackages+=\" icu-dev\"\n__AlpinePackages+=\" libunwind-dev\"\n__AlpinePackages+=\" lttng-ust-dev\"\n__AlpinePackages+=\" compiler-rt\"\n\n# runtime libraries' dependencies\n__UbuntuPackages+=\" libcurl4-openssl-dev\"\n__UbuntuPackages+=\" libkrb5-dev\"\n__UbuntuPackages+=\" libssl-dev\"\n__UbuntuPackages+=\" zlib1g-dev\"\n__UbuntuPackages+=\" libbrotli-dev\"\n\n__AlpinePackages+=\" curl-dev\"\n__AlpinePackages+=\" krb5-dev\"\n__AlpinePackages+=\" openssl-dev\"\n__AlpinePackages+=\" zlib-dev\"\n\n__FreeBSDBase=\"13.4-RELEASE\"\n__FreeBSDPkg=\"1.21.3\"\n__FreeBSDABI=\"13\"\n__FreeBSDPackages=\"libunwind\"\n__FreeBSDPackages+=\" icu\"\n__FreeBSDPackages+=\" libinotify\"\n__FreeBSDPackages+=\" openssl\"\n__FreeBSDPackages+=\" krb5\"\n__FreeBSDPackages+=\" terminfo-db\"\n\n__IllumosPackages=\"icu\"\n__IllumosPackages+=\" mit-krb5\"\n__IllumosPackages+=\" openssl\"\n__IllumosPackages+=\" zlib\"\n\n__HaikuPackages=\"gcc_syslibs\"\n__HaikuPackages+=\" gcc_syslibs_devel\"\n__HaikuPackages+=\" gmp\"\n__HaikuPackages+=\" gmp_devel\"\n__HaikuPackages+=\" icu[0-9]+\"\n__HaikuPackages+=\" icu[0-9]*_devel\"\n__HaikuPackages+=\" krb5\"\n__HaikuPackages+=\" krb5_devel\"\n__HaikuPackages+=\" libiconv\"\n__HaikuPackages+=\" libiconv_devel\"\n__HaikuPackages+=\" llvm[0-9]*_libunwind\"\n__HaikuPackages+=\" llvm[0-9]*_libunwind_devel\"\n__HaikuPackages+=\" mpfr\"\n__HaikuPackages+=\" mpfr_devel\"\n__HaikuPackages+=\" openssl3\"\n__HaikuPackages+=\" openssl3_devel\"\n__HaikuPackages+=\" zlib\"\n__HaikuPackages+=\" zlib_devel\"\n\n# ML.NET dependencies\n__UbuntuPackages+=\" libomp5\"\n__UbuntuPackages+=\" libomp-dev\"\n\n# Taken from https://github.com/alpinelinux/alpine-chroot-install/blob/6d08f12a8a70dd9b9dc7d997c88aa7789cc03c42/alpine-chroot-install#L85-L133\n__AlpineKeys='\n4a6a0840:MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1yHJxQgsHQREclQu4Ohe\\nqxTxd1tHcNnvnQTu/UrTky8wWvgXT+jpveroeWWnzmsYlDI93eLI2ORakxb3gA2O\\nQ0Ry4ws8vhaxLQGC74uQR5+/yYrLuTKydFzuPaS1dK19qJPXB8GMdmFOijnXX4SA\\njixuHLe1WW7kZVtjL7nufvpXkWBGjsfrvskdNA/5MfxAeBbqPgaq0QMEfxMAn6/R\\nL5kNepi/Vr4S39Xvf2DzWkTLEK8pcnjNkt9/aafhWqFVW7m3HCAII6h/qlQNQKSo\\nGuH34Q8GsFG30izUENV9avY7hSLq7nggsvknlNBZtFUcmGoQrtx3FmyYsIC8/R+B\\nywIDAQAB\n5243ef4b:MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvNijDxJ8kloskKQpJdx+\\nmTMVFFUGDoDCbulnhZMJoKNkSuZOzBoFC94omYPtxnIcBdWBGnrm6ncbKRlR+6oy\\nDO0W7c44uHKCFGFqBhDasdI4RCYP+fcIX/lyMh6MLbOxqS22TwSLhCVjTyJeeH7K\\naA7vqk+QSsF4TGbYzQDDpg7+6aAcNzg6InNePaywA6hbT0JXbxnDWsB+2/LLSF2G\\nmnhJlJrWB1WGjkz23ONIWk85W4S0XB/ewDefd4Ly/zyIciastA7Zqnh7p3Ody6Q0\\nsS2MJzo7p3os1smGjUF158s6m/JbVh4DN6YIsxwl2OjDOz9R0OycfJSDaBVIGZzg\\ncQIDAQAB\n524d27bb:MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr8s1q88XpuJWLCZALdKj\\nlN8wg2ePB2T9aIcaxryYE/Jkmtu+ZQ5zKq6BT3y/udt5jAsMrhHTwroOjIsF9DeG\\ne8Y3vjz+Hh4L8a7hZDaw8jy3CPag47L7nsZFwQOIo2Cl1SnzUc6/owoyjRU7ab0p\\niWG5HK8IfiybRbZxnEbNAfT4R53hyI6z5FhyXGS2Ld8zCoU/R4E1P0CUuXKEN4p0\\n64dyeUoOLXEWHjgKiU1mElIQj3k/IF02W89gDj285YgwqA49deLUM7QOd53QLnx+\\nxrIrPv3A+eyXMFgexNwCKQU9ZdmWa00MjjHlegSGK8Y2NPnRoXhzqSP9T9i2HiXL\\nVQIDAQAB\n5261cecb:MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwlzMkl7b5PBdfMzGdCT0\\ncGloRr5xGgVmsdq5EtJvFkFAiN8Ac9MCFy/vAFmS8/7ZaGOXoCDWbYVLTLOO2qtX\\nyHRl+7fJVh2N6qrDDFPmdgCi8NaE+3rITWXGrrQ1spJ0B6HIzTDNEjRKnD4xyg4j\\ng01FMcJTU6E+V2JBY45CKN9dWr1JDM/nei/Pf0byBJlMp/mSSfjodykmz4Oe13xB\\nCa1WTwgFykKYthoLGYrmo+LKIGpMoeEbY1kuUe04UiDe47l6Oggwnl+8XD1MeRWY\\nsWgj8sF4dTcSfCMavK4zHRFFQbGp/YFJ/Ww6U9lA3Vq0wyEI6MCMQnoSMFwrbgZw\\nwwIDAQAB\n58199dcc:MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3v8/ye/V/t5xf4JiXLXa\\nhWFRozsnmn3hobON20GdmkrzKzO/eUqPOKTpg2GtvBhK30fu5oY5uN2ORiv2Y2ht\\neLiZ9HVz3XP8Fm9frha60B7KNu66FO5P2o3i+E+DWTPqqPcCG6t4Znk2BypILcit\\nwiPKTsgbBQR2qo/cO01eLLdt6oOzAaF94NH0656kvRewdo6HG4urbO46tCAizvCR\\nCA7KGFMyad8WdKkTjxh8YLDLoOCtoZmXmQAiwfRe9pKXRH/XXGop8SYptLqyVVQ+\\ntegOD9wRs2tOlgcLx4F/uMzHN7uoho6okBPiifRX+Pf38Vx+ozXh056tjmdZkCaV\\naQIDAQAB\n58cbb476:MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoSPnuAGKtRIS5fEgYPXD\\n8pSGvKAmIv3A08LBViDUe+YwhilSHbYXUEAcSH1KZvOo1WT1x2FNEPBEFEFU1Eyc\\n+qGzbA03UFgBNvArurHQ5Z/GngGqE7IarSQFSoqewYRtFSfp+TL9CUNBvM0rT7vz\\n2eMu3/wWG+CBmb92lkmyWwC1WSWFKO3x8w+Br2IFWvAZqHRt8oiG5QtYvcZL6jym\\nY8T6sgdDlj+Y+wWaLHs9Fc+7vBuyK9C4O1ORdMPW15qVSl4Lc2Wu1QVwRiKnmA+c\\nDsH/m7kDNRHM7TjWnuj+nrBOKAHzYquiu5iB3Qmx+0gwnrSVf27Arc3ozUmmJbLj\\nzQIDAQAB\n58e4f17d:MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvBxJN9ErBgdRcPr5g4hV\\nqyUSGZEKuvQliq2Z9SRHLh2J43+EdB6A+yzVvLnzcHVpBJ+BZ9RV30EM9guck9sh\\nr+bryZcRHyjG2wiIEoduxF2a8KeWeQH7QlpwGhuobo1+gA8L0AGImiA6UP3LOirl\\nI0G2+iaKZowME8/tydww4jx5vG132JCOScMjTalRsYZYJcjFbebQQolpqRaGB4iG\\nWqhytWQGWuKiB1A22wjmIYf3t96l1Mp+FmM2URPxD1gk/BIBnX7ew+2gWppXOK9j\\n1BJpo0/HaX5XoZ/uMqISAAtgHZAqq+g3IUPouxTphgYQRTRYpz2COw3NF43VYQrR\\nbQIDAQAB\n60ac2099:MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwR4uJVtJOnOFGchnMW5Y\\nj5/waBdG1u5BTMlH+iQMcV5+VgWhmpZHJCBz3ocD+0IGk2I68S5TDOHec/GSC0lv\\n6R9o6F7h429GmgPgVKQsc8mPTPtbjJMuLLs4xKc+viCplXc0Nc0ZoHmCH4da6fCV\\ntdpHQjVe6F9zjdquZ4RjV6R6JTiN9v924dGMAkbW/xXmamtz51FzondKC52Gh8Mo\\n/oA0/T0KsCMCi7tb4QNQUYrf+Xcha9uus4ww1kWNZyfXJB87a2kORLiWMfs2IBBJ\\nTmZ2Fnk0JnHDb8Oknxd9PvJPT0mvyT8DA+KIAPqNvOjUXP4bnjEHJcoCP9S5HkGC\\nIQIDAQAB\n6165ee59:MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAutQkua2CAig4VFSJ7v54\\nALyu/J1WB3oni7qwCZD3veURw7HxpNAj9hR+S5N/pNeZgubQvJWyaPuQDm7PTs1+\\ntFGiYNfAsiibX6Rv0wci3M+z2XEVAeR9Vzg6v4qoofDyoTbovn2LztaNEjTkB+oK\\ntlvpNhg1zhou0jDVYFniEXvzjckxswHVb8cT0OMTKHALyLPrPOJzVtM9C1ew2Nnc\\n3848xLiApMu3NBk0JqfcS3Bo5Y2b1FRVBvdt+2gFoKZix1MnZdAEZ8xQzL/a0YS5\\nHd0wj5+EEKHfOd3A75uPa/WQmA+o0cBFfrzm69QDcSJSwGpzWrD1ScH3AK8nWvoj\\nv7e9gukK/9yl1b4fQQ00vttwJPSgm9EnfPHLAtgXkRloI27H6/PuLoNvSAMQwuCD\\nhQRlyGLPBETKkHeodfLoULjhDi1K2gKJTMhtbnUcAA7nEphkMhPWkBpgFdrH+5z4\\nLxy+3ek0cqcI7K68EtrffU8jtUj9LFTUC8dERaIBs7NgQ/LfDbDfGh9g6qVj1hZl\\nk9aaIPTm/xsi8v3u+0qaq7KzIBc9s59JOoA8TlpOaYdVgSQhHHLBaahOuAigH+VI\\nisbC9vmqsThF2QdDtQt37keuqoda2E6sL7PUvIyVXDRfwX7uMDjlzTxHTymvq2Ck\\nhtBqojBnThmjJQFgZXocHG8CAwEAAQ==\n61666e3f:MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAlEyxkHggKCXC2Wf5Mzx4\\nnZLFZvU2bgcA3exfNPO/g1YunKfQY+Jg4fr6tJUUTZ3XZUrhmLNWvpvSwDS19ZmC\\nIXOu0+V94aNgnhMsk9rr59I8qcbsQGIBoHzuAl8NzZCgdbEXkiY90w1skUw8J57z\\nqCsMBydAueMXuWqF5nGtYbi5vHwK42PffpiZ7G5Kjwn8nYMW5IZdL6ZnMEVJUWC9\\nI4waeKg0yskczYDmZUEAtrn3laX9677ToCpiKrvmZYjlGl0BaGp3cxggP2xaDbUq\\nqfFxWNgvUAb3pXD09JM6Mt6HSIJaFc9vQbrKB9KT515y763j5CC2KUsilszKi3mB\\nHYe5PoebdjS7D1Oh+tRqfegU2IImzSwW3iwA7PJvefFuc/kNIijfS/gH/cAqAK6z\\nbhdOtE/zc7TtqW2Wn5Y03jIZdtm12CxSxwgtCF1NPyEWyIxAQUX9ACb3M0FAZ61n\\nfpPrvwTaIIxxZ01L3IzPLpbc44x/DhJIEU+iDt6IMTrHOphD9MCG4631eIdB0H1b\\n6zbNX1CXTsafqHRFV9XmYYIeOMggmd90s3xIbEujA6HKNP/gwzO6CDJ+nHFDEqoF\\nSkxRdTkEqjTjVKieURW7Swv7zpfu5PrsrrkyGnsRrBJJzXlm2FOOxnbI2iSL1B5F\\nrO5kbUxFeZUIDq+7Yv4kLWcCAwEAAQ==\n616a9724:MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAnC+bR4bHf/L6QdU4puhQ\\ngl1MHePszRC38bzvVFDUJsmCaMCL2suCs2A2yxAgGb9pu9AJYLAmxQC4mM3jNqhg\\n/E7yuaBbek3O02zN/ctvflJ250wZCy+z0ZGIp1ak6pu1j14IwHokl9j36zNfGtfv\\nADVOcdpWITFFlPqwq1qt/H3UsKVmtiF3BNWWTeUEQwKvlU8ymxgS99yn0+4OPyNT\\nL3EUeS+NQJtDS01unau0t7LnjUXn+XIneWny8bIYOQCuVR6s/gpIGuhBaUqwaJOw\\n7jkJZYF2Ij7uPb4b5/R3vX2FfxxqEHqssFSg8FFUNTZz3qNZs0CRVyfA972g9WkJ\\nhPfn31pQYil4QGRibCMIeU27YAEjXoqfJKEPh4UWMQsQLrEfdGfb8VgwrPbniGfU\\nL3jKJR3VAafL9330iawzVQDlIlwGl6u77gEXMl9K0pfazunYhAp+BMP+9ot5ckK+\\nosmrqj11qMESsAj083GeFdfV3pXEIwUytaB0AKEht9DbqUfiE/oeZ/LAXgySMtVC\\nsbC4ESmgVeY2xSBIJdDyUap7FR49GGrw0W49NUv9gRgQtGGaNVQQO9oGL2PBC41P\\niWF9GLoX30HIz1P8PF/cZvicSSPkQf2Z6TV+t0ebdGNS5DjapdnCrq8m9Z0pyKsQ\\nuxAL2a7zX8l5i1CZh1ycUGsCAwEAAQ==\n616abc23:MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0MfCDrhODRCIxR9Dep1s\\neXafh5CE5BrF4WbCgCsevyPIdvTeyIaW4vmO3bbG4VzhogDZju+R3IQYFuhoXP5v\\nY+zYJGnwrgz3r5wYAvPnLEs1+dtDKYOgJXQj+wLJBW1mzRDL8FoRXOe5iRmn1EFS\\nwZ1DoUvyu7/J5r0itKicZp3QKED6YoilXed+1vnS4Sk0mzN4smuMR9eO1mMCqNp9\\n9KTfRDHTbakIHwasECCXCp50uXdoW6ig/xUAFanpm9LtK6jctNDbXDhQmgvAaLXZ\\nLvFqoaYJ/CvWkyYCgL6qxvMvVmPoRv7OPcyni4xR/WgWa0MSaEWjgPx3+yj9fiMA\\n1S02pFWFDOr5OUF/O4YhFJvUCOtVsUPPfA/Lj6faL0h5QI9mQhy5Zb9TTaS9jB6p\\nLw7u0dJlrjFedk8KTJdFCcaGYHP6kNPnOxMylcB/5WcztXZVQD5WpCicGNBxCGMm\\nW64SgrV7M07gQfL/32QLsdqPUf0i8hoVD8wfQ3EpbQzv6Fk1Cn90bZqZafg8XWGY\\nwddhkXk7egrr23Djv37V2okjzdqoyLBYBxMz63qQzFoAVv5VoY2NDTbXYUYytOvG\\nGJ1afYDRVWrExCech1mX5ZVUB1br6WM+psFLJFoBFl6mDmiYt0vMYBddKISsvwLl\\nIJQkzDwtXzT2cSjoj3T5QekCAwEAAQ==\n616ac3bc:MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvaaoSLab+IluixwKV5Od\\n0gib2YurjPatGIbn5Ov2DLUFYiebj2oJINXJSwUOO+4WcuHFEqiL/1rya+k5hLZt\\nhnPL1tn6QD4rESznvGSasRCQNT2vS/oyZbTYJRyAtFkEYLlq0t3S3xBxxHWuvIf0\\nqVxVNYpQWyM3N9RIeYBR/euXKJXileSHk/uq1I5wTC0XBIHWcthczGN0m9wBEiWS\\n0m3cnPk4q0Ea8mUJ91Rqob19qETz6VbSPYYpZk3qOycjKosuwcuzoMpwU8KRiMFd\\n5LHtX0Hx85ghGsWDVtS0c0+aJa4lOMGvJCAOvDfqvODv7gKlCXUpgumGpLdTmaZ8\\n1RwqspAe3IqBcdKTqRD4m2mSg23nVx2FAY3cjFvZQtfooT7q1ItRV5RgH6FhQSl7\\n+6YIMJ1Bf8AAlLdRLpg+doOUGcEn+pkDiHFgI8ylH1LKyFKw+eXaAml/7DaWZk1d\\ndqggwhXOhc/UUZFQuQQ8A8zpA13PcbC05XxN2hyP93tCEtyynMLVPtrRwDnHxFKa\\nqKzs3rMDXPSXRn3ZZTdKH3069ApkEjQdpcwUh+EmJ1Ve/5cdtzT6kKWCjKBFZP/s\\n91MlRrX2BTRdHaU5QJkUheUtakwxuHrdah2F94lRmsnQlpPr2YseJu6sIE+Dnx4M\\nCfhdVbQL2w54R645nlnohu8CAwEAAQ==\n616adfeb:MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAq0BFD1D4lIxQcsqEpQzU\\npNCYM3aP1V/fxxVdT4DWvSI53JHTwHQamKdMWtEXetWVbP5zSROniYKFXd/xrD9X\\n0jiGHey3lEtylXRIPxe5s+wXoCmNLcJVnvTcDtwx/ne2NLHxp76lyc25At+6RgE6\\nADjLVuoD7M4IFDkAsd8UQ8zM0Dww9SylIk/wgV3ZkifecvgUQRagrNUdUjR56EBZ\\nraQrev4hhzOgwelT0kXCu3snbUuNY/lU53CoTzfBJ5UfEJ5pMw1ij6X0r5S9IVsy\\nKLWH1hiO0NzU2c8ViUYCly4Fe9xMTFc6u2dy/dxf6FwERfGzETQxqZvSfrRX+GLj\\n/QZAXiPg5178hT/m0Y3z5IGenIC/80Z9NCi+byF1WuJlzKjDcF/TU72zk0+PNM/H\\nKuppf3JT4DyjiVzNC5YoWJT2QRMS9KLP5iKCSThwVceEEg5HfhQBRT9M6KIcFLSs\\nmFjx9kNEEmc1E8hl5IR3+3Ry8G5/bTIIruz14jgeY9u5jhL8Vyyvo41jgt9sLHR1\\n/J1TxKfkgksYev7PoX6/ZzJ1ksWKZY5NFoDXTNYUgzFUTOoEaOg3BAQKadb3Qbbq\\nXIrxmPBdgrn9QI7NCgfnAY3Tb4EEjs3ON/BNyEhUENcXOH6I1NbcuBQ7g9P73kE4\\nVORdoc8MdJ5eoKBpO8Ww8HECAwEAAQ==\n616ae350:MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAyduVzi1mWm+lYo2Tqt/0\\nXkCIWrDNP1QBMVPrE0/ZlU2bCGSoo2Z9FHQKz/mTyMRlhNqTfhJ5qU3U9XlyGOPJ\\npiM+b91g26pnpXJ2Q2kOypSgOMOPA4cQ42PkHBEqhuzssfj9t7x47ppS94bboh46\\nxLSDRff/NAbtwTpvhStV3URYkxFG++cKGGa5MPXBrxIp+iZf9GnuxVdST5PGiVGP\\nODL/b69sPJQNbJHVquqUTOh5Ry8uuD2WZuXfKf7/C0jC/ie9m2+0CttNu9tMciGM\\nEyKG1/Xhk5iIWO43m4SrrT2WkFlcZ1z2JSf9Pjm4C2+HovYpihwwdM/OdP8Xmsnr\\nDzVB4YvQiW+IHBjStHVuyiZWc+JsgEPJzisNY0Wyc/kNyNtqVKpX6dRhMLanLmy+\\nf53cCSI05KPQAcGj6tdL+D60uKDkt+FsDa0BTAobZ31OsFVid0vCXtsbplNhW1IF\\nHwsGXBTVcfXg44RLyL8Lk/2dQxDHNHzAUslJXzPxaHBLmt++2COa2EI1iWlvtznk\\nOk9WP8SOAIj+xdqoiHcC4j72BOVVgiITIJNHrbppZCq6qPR+fgXmXa+sDcGh30m6\\n9Wpbr28kLMSHiENCWTdsFij+NQTd5S47H7XTROHnalYDuF1RpS+DpQidT5tUimaT\\nJZDr++FjKrnnijbyNF8b98UCAwEAAQ==\n616db30d:MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAnpUpyWDWjlUk3smlWeA0\\nlIMW+oJ38t92CRLHH3IqRhyECBRW0d0aRGtq7TY8PmxjjvBZrxTNDpJT6KUk4LRm\\na6A6IuAI7QnNK8SJqM0DLzlpygd7GJf8ZL9SoHSH+gFsYF67Cpooz/YDqWrlN7Vw\\ntO00s0B+eXy+PCXYU7VSfuWFGK8TGEv6HfGMALLjhqMManyvfp8hz3ubN1rK3c8C\\nUS/ilRh1qckdbtPvoDPhSbTDmfU1g/EfRSIEXBrIMLg9ka/XB9PvWRrekrppnQzP\\nhP9YE3x/wbFc5QqQWiRCYyQl/rgIMOXvIxhkfe8H5n1Et4VAorkpEAXdsfN8KSVv\\nLSMazVlLp9GYq5SUpqYX3KnxdWBgN7BJoZ4sltsTpHQ/34SXWfu3UmyUveWj7wp0\\nx9hwsPirVI00EEea9AbP7NM2rAyu6ukcm4m6ATd2DZJIViq2es6m60AE6SMCmrQF\\nwmk4H/kdQgeAELVfGOm2VyJ3z69fQuywz7xu27S6zTKi05Qlnohxol4wVb6OB7qG\\nLPRtK9ObgzRo/OPumyXqlzAi/Yvyd1ZQk8labZps3e16bQp8+pVPiumWioMFJDWV\\nGZjCmyMSU8V6MB6njbgLHoyg2LCukCAeSjbPGGGYhnKLm1AKSoJh3IpZuqcKCk5C\\n8CM1S15HxV78s9dFntEqIokCAwEAAQ==\n66ba20fe:MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtfB12w4ZgqsXWZDfUAV/\\n6Y4aHUKIu3q4SXrNZ7CXF9nXoAVYrS7NAxJdAodsY3vPCN0g5O8DFXR+390LdOuQ\\n+HsGKCc1k5tX5ZXld37EZNTNSbR0k+NKhd9h6X3u6wqPOx7SIKxwAQR8qeeFq4pP\\nrt9GAGlxtuYgzIIcKJPwE0dZlcBCg+GnptCUZXp/38BP1eYC+xTXSL6Muq1etYfg\\nodXdb7Yl+2h1IHuOwo5rjgY5kpY7GcAs8AjGk3lDD/av60OTYccknH0NCVSmPoXK\\nvrxDBOn0LQRNBLcAfnTKgHrzy0Q5h4TNkkyTgxkoQw5ObDk9nnabTxql732yy9BY\\ns+hM9+dSFO1HKeVXreYSA2n1ndF18YAvAumzgyqzB7I4pMHXq1kC/8bONMJxwSkS\\nYm6CoXKyavp7RqGMyeVpRC7tV+blkrrUml0BwNkxE+XnwDRB3xDV6hqgWe0XrifD\\nYTfvd9ScZQP83ip0r4IKlq4GMv/R5shcCRJSkSZ6QSGshH40JYSoiwJf5FHbj9ND\\n7do0UAqebWo4yNx63j/wb2ULorW3AClv0BCFSdPsIrCStiGdpgJDBR2P2NZOCob3\\nG9uMj+wJD6JJg2nWqNJxkANXX37Qf8plgzssrhrgOvB0fjjS7GYhfkfmZTJ0wPOw\\nA8+KzFseBh4UFGgue78KwgkCAwEAAQ==\n'\n__Keyring=\n__KeyringFile=\"/usr/share/keyrings/ubuntu-archive-keyring.gpg\"\n__SkipSigCheck=0\n__SkipEmulation=0\n__UseMirror=0\n\n__UnprocessedBuildArgs=\nwhile :; do\n if [[ \"$#\" -le 0 ]]; then\n break\n fi\n\n lowerI=\"$(echo \"$1\" | tr \"[:upper:]\" \"[:lower:]\")\"\n case $lowerI in\n -\\?|-h|--help)\n usage\n ;;\n arm)\n __BuildArch=arm\n __UbuntuArch=armhf\n __AlpineArch=armv7\n __QEMUArch=arm\n ;;\n arm64)\n __BuildArch=arm64\n __UbuntuArch=arm64\n __AlpineArch=aarch64\n __QEMUArch=aarch64\n __FreeBSDArch=arm64\n __FreeBSDMachineArch=aarch64\n ;;\n armel)\n __BuildArch=armel\n __UbuntuArch=armel\n __UbuntuRepo=\"http://archive.debian.org/debian/\"\n __CodeName=buster\n __KeyringFile=\"/usr/share/keyrings/debian-archive-keyring.gpg\"\n __LLDB_Package=\"liblldb-6.0-dev\"\n __UbuntuPackages=\"${__UbuntuPackages// libomp-dev/}\"\n __UbuntuPackages=\"${__UbuntuPackages// libomp5/}\"\n __UbuntuSuites=\n ;;\n armv6)\n __BuildArch=armv6\n __UbuntuArch=armhf\n __QEMUArch=arm\n __UbuntuRepo=\"http://raspbian.raspberrypi.org/raspbian/\"\n __CodeName=buster\n __KeyringFile=\"/usr/share/keyrings/raspbian-archive-keyring.gpg\"\n __LLDB_Package=\"liblldb-6.0-dev\"\n __UbuntuSuites=\n\n if [[ -e \"$__KeyringFile\" ]]; then\n __Keyring=\"--keyring $__KeyringFile\"\n fi\n ;;\n loongarch64)\n __BuildArch=loongarch64\n __AlpineArch=loongarch64\n __QEMUArch=loongarch64\n __UbuntuArch=loong64\n __UbuntuSuites=unreleased\n __LLDB_Package=\"liblldb-19-dev\"\n\n if [[ \"$__CodeName\" == \"sid\" ]]; then\n __UbuntuRepo=\"http://ftp.ports.debian.org/debian-ports/\"\n fi\n ;;\n riscv64)\n __BuildArch=riscv64\n __AlpineArch=riscv64\n __AlpinePackages=\"${__AlpinePackages// lldb-dev/}\"\n __QEMUArch=riscv64\n __UbuntuArch=riscv64\n __UbuntuPackages=\"${__UbuntuPackages// libunwind8-dev/}\"\n unset __LLDB_Package\n ;;\n ppc64le)\n __BuildArch=ppc64le\n __AlpineArch=ppc64le\n __QEMUArch=ppc64le\n __UbuntuArch=ppc64el\n __UbuntuRepo=\"http://ports.ubuntu.com/ubuntu-ports/\"\n __UbuntuPackages=\"${__UbuntuPackages// libunwind8-dev/}\"\n __UbuntuPackages=\"${__UbuntuPackages// libomp-dev/}\"\n __UbuntuPackages=\"${__UbuntuPackages// libomp5/}\"\n unset __LLDB_Package\n ;;\n s390x)\n __BuildArch=s390x\n __AlpineArch=s390x\n __QEMUArch=s390x\n __UbuntuArch=s390x\n __UbuntuRepo=\"http://ports.ubuntu.com/ubuntu-ports/\"\n __UbuntuPackages=\"${__UbuntuPackages// libunwind8-dev/}\"\n __UbuntuPackages=\"${__UbuntuPackages// libomp-dev/}\"\n __UbuntuPackages=\"${__UbuntuPackages// libomp5/}\"\n unset __LLDB_Package\n ;;\n x64)\n __BuildArch=x64\n __AlpineArch=x86_64\n __UbuntuArch=amd64\n __FreeBSDArch=amd64\n __FreeBSDMachineArch=amd64\n __illumosArch=x86_64\n __HaikuArch=x86_64\n __UbuntuRepo=\"http://archive.ubuntu.com/ubuntu/\"\n ;;\n x86)\n __BuildArch=x86\n __UbuntuArch=i386\n __AlpineArch=x86\n __UbuntuRepo=\"http://archive.ubuntu.com/ubuntu/\"\n ;;\n lldb*)\n version=\"$(echo \"$lowerI\" | tr -d '[:alpha:]-=')\"\n majorVersion=\"${version%%.*}\"\n\n [ -z \"${version##*.*}\" ] && minorVersion=\"${version#*.}\"\n if [ -z \"$minorVersion\" ]; then\n minorVersion=0\n fi\n\n # for versions > 6.0, lldb has dropped the minor version\n if [ \"$majorVersion\" -le 6 ]; then\n version=\"$majorVersion.$minorVersion\"\n else\n version=\"$majorVersion\"\n fi\n\n __LLDB_Package=\"liblldb-${version}-dev\"\n ;;\n no-lldb)\n unset __LLDB_Package\n ;;\n llvm*)\n version=\"$(echo \"$lowerI\" | tr -d '[:alpha:]-=')\"\n __LLVM_MajorVersion=\"${version%%.*}\"\n\n [ -z \"${version##*.*}\" ] && __LLVM_MinorVersion=\"${version#*.}\"\n if [ -z \"$__LLVM_MinorVersion\" ]; then\n __LLVM_MinorVersion=0\n fi\n\n # for versions > 6.0, lldb has dropped the minor version\n if [ \"$__LLVM_MajorVersion\" -gt 6 ]; then\n __LLVM_MinorVersion=\n fi\n\n ;;\n xenial) # Ubuntu 16.04\n __CodeName=xenial\n ;;\n bionic) # Ubuntu 18.04\n __CodeName=bionic\n ;;\n focal) # Ubuntu 20.04\n __CodeName=focal\n ;;\n jammy) # Ubuntu 22.04\n __CodeName=jammy\n ;;\n noble) # Ubuntu 24.04\n __CodeName=noble\n if [[ -z \"$__LLDB_Package\" ]]; then\n __LLDB_Package=\"liblldb-19-dev\"\n fi\n ;;\n stretch) # Debian 9\n __CodeName=stretch\n __LLDB_Package=\"liblldb-6.0-dev\"\n __KeyringFile=\"/usr/share/keyrings/debian-archive-keyring.gpg\"\n\n if [[ -z \"$__UbuntuRepo\" ]]; then\n __UbuntuRepo=\"http://ftp.debian.org/debian/\"\n fi\n ;;\n buster) # Debian 10\n __CodeName=buster\n __LLDB_Package=\"liblldb-6.0-dev\"\n __KeyringFile=\"/usr/share/keyrings/debian-archive-keyring.gpg\"\n\n if [[ -z \"$__UbuntuRepo\" ]]; then\n __UbuntuRepo=\"http://archive.debian.org/debian/\"\n fi\n ;;\n bullseye) # Debian 11\n __CodeName=bullseye\n __KeyringFile=\"/usr/share/keyrings/debian-archive-keyring.gpg\"\n\n if [[ -z \"$__UbuntuRepo\" ]]; then\n __UbuntuRepo=\"http://ftp.debian.org/debian/\"\n fi\n ;;\n bookworm) # Debian 12\n __CodeName=bookworm\n __KeyringFile=\"/usr/share/keyrings/debian-archive-keyring.gpg\"\n\n if [[ -z \"$__UbuntuRepo\" ]]; then\n __UbuntuRepo=\"http://ftp.debian.org/debian/\"\n fi\n ;;\n sid) # Debian sid\n __CodeName=sid\n __UbuntuSuites=\n\n # Debian-Ports architectures need different values\n case \"$__UbuntuArch\" in\n amd64|arm64|armel|armhf|i386|mips64el|ppc64el|riscv64|s390x)\n __KeyringFile=\"/usr/share/keyrings/debian-archive-keyring.gpg\"\n\n if [[ -z \"$__UbuntuRepo\" ]]; then\n __UbuntuRepo=\"http://ftp.debian.org/debian/\"\n fi\n ;;\n *)\n __KeyringFile=\"/usr/share/keyrings/debian-ports-archive-keyring.gpg\"\n\n if [[ -z \"$__UbuntuRepo\" ]]; then\n __UbuntuRepo=\"http://ftp.ports.debian.org/debian-ports/\"\n fi\n ;;\n esac\n\n if [[ -e \"$__KeyringFile\" ]]; then\n __Keyring=\"--keyring $__KeyringFile\"\n fi\n ;;\n tizen)\n __CodeName=\n __UbuntuRepo=\n __Tizen=tizen\n ;;\n alpine*)\n __CodeName=alpine\n __UbuntuRepo=\n\n if [[ \"$lowerI\" == \"alpineedge\" ]]; then\n __AlpineVersion=edge\n else\n version=\"$(echo \"$lowerI\" | tr -d '[:alpha:]-=')\"\n __AlpineMajorVersion=\"${version%%.*}\"\n __AlpineMinorVersion=\"${version#*.}\"\n __AlpineVersion=\"$__AlpineMajorVersion.$__AlpineMinorVersion\"\n fi\n ;;\n freebsd13)\n __CodeName=freebsd\n __SkipUnmount=1\n ;;\n freebsd14)\n __CodeName=freebsd\n __FreeBSDBase=\"14.2-RELEASE\"\n __FreeBSDABI=\"14\"\n __SkipUnmount=1\n ;;\n illumos)\n __CodeName=illumos\n __SkipUnmount=1\n ;;\n haiku)\n __CodeName=haiku\n __SkipUnmount=1\n ;;\n --skipunmount)\n __SkipUnmount=1\n ;;\n --skipsigcheck)\n __SkipSigCheck=1\n ;;\n --skipemulation)\n __SkipEmulation=1\n ;;\n --rootfsdir|-rootfsdir)\n shift\n __RootfsDir=\"$1\"\n ;;\n --use-mirror)\n __UseMirror=1\n ;;\n --use-jobs)\n shift\n MAXJOBS=$1\n ;;\n *)\n __UnprocessedBuildArgs=\"$__UnprocessedBuildArgs $1\"\n ;;\n esac\n\n shift\ndone\n\ncase \"$__AlpineVersion\" in\n 3.14) __AlpinePackages+=\" llvm11-libs\" ;;\n 3.15) __AlpinePackages+=\" llvm12-libs\" ;;\n 3.16) __AlpinePackages+=\" llvm13-libs\" ;;\n 3.17) __AlpinePackages+=\" llvm15-libs\" ;;\n edge) __AlpineLlvmLibsLookup=1 ;;\n *)\n if [[ \"$__AlpineArch\" =~ s390x|ppc64le ]]; then\n __AlpineVersion=3.15 # minimum version that supports lldb-dev\n __AlpinePackages+=\" llvm12-libs\"\n elif [[ \"$__AlpineArch\" == \"x86\" ]]; then\n __AlpineVersion=3.17 # minimum version that supports lldb-dev\n __AlpinePackages+=\" llvm15-libs\"\n elif [[ \"$__AlpineArch\" == \"riscv64\" || \"$__AlpineArch\" == \"loongarch64\" ]]; then\n __AlpineVersion=3.21 # minimum version that supports lldb-dev\n __AlpinePackages+=\" llvm19-libs\"\n elif [[ -n \"$__AlpineMajorVersion\" ]]; then\n # use whichever alpine version is provided and select the latest toolchain libs\n __AlpineLlvmLibsLookup=1\n else\n __AlpineVersion=3.13 # 3.13 to maximize compatibility\n __AlpinePackages+=\" llvm10-libs\"\n fi\nesac\n\nif [[ \"$__AlpineVersion\" =~ 3\\.1[345] ]]; then\n # compiler-rt--static was merged in compiler-rt package in alpine 3.16\n # for older versions, we need compiler-rt--static, so replace the name\n __AlpinePackages=\"${__AlpinePackages/compiler-rt/compiler-rt-static}\"\nfi\n\n__UbuntuPackages+=\" ${__LLDB_Package:-}\"\n\nif [[ -z \"$__UbuntuRepo\" ]]; then\n __UbuntuRepo=\"http://ports.ubuntu.com/\"\nfi\n\nif [[ -n \"$__LLVM_MajorVersion\" ]]; then\n __UbuntuPackages+=\" libclang-common-${__LLVM_MajorVersion}${__LLVM_MinorVersion:+.$__LLVM_MinorVersion}-dev\"\nfi\n\nif [[ -z \"$__RootfsDir\" && -n \"$ROOTFS_DIR\" ]]; then\n __RootfsDir=\"$ROOTFS_DIR\"\nfi\n\nif [[ -z \"$__RootfsDir\" ]]; then\n __RootfsDir=\"$__CrossDir/../../../.tools/rootfs/$__BuildArch\"\nfi\n\nif [[ -d \"$__RootfsDir\" ]]; then\n if [[ \"$__SkipUnmount\" == \"0\" ]]; then\n umount \"$__RootfsDir\"/* || true\n fi\n rm -rf \"$__RootfsDir\"\nfi\n\nmkdir -p \"$__RootfsDir\"\n__RootfsDir=\"$( cd \"$__RootfsDir\" && pwd )\"\n\n__hasWget=\nensureDownloadTool()\n{\n if command -v wget &> /dev/null; then\n __hasWget=1\n elif command -v curl &> /dev/null; then\n __hasWget=0\n else\n >&2 echo \"ERROR: either wget or curl is required by this script.\"\n exit 1\n fi\n}\n\nif [[ \"$__CodeName\" == \"alpine\" ]]; then\n __ApkToolsVersion=2.12.11\n __ApkToolsDir=\"$(mktemp -d)\"\n __ApkKeysDir=\"$(mktemp -d)\"\n arch=\"$(uname -m)\"\n\n ensureDownloadTool\n\n if [[ \"$__hasWget\" == 1 ]]; then\n wget -P \"$__ApkToolsDir\" \"https://gitlab.alpinelinux.org/api/v4/projects/5/packages/generic/v$__ApkToolsVersion/$arch/apk.static\"\n else\n curl -SLO --create-dirs --output-dir \"$__ApkToolsDir\" \"https://gitlab.alpinelinux.org/api/v4/projects/5/packages/generic/v$__ApkToolsVersion/$arch/apk.static\"\n fi\n if [[ \"$arch\" == \"x86_64\" ]]; then\n __ApkToolsSHA512SUM=\"53e57b49230da07ef44ee0765b9592580308c407a8d4da7125550957bb72cb59638e04f8892a18b584451c8d841d1c7cb0f0ab680cc323a3015776affaa3be33\"\n elif [[ \"$arch\" == \"aarch64\" ]]; then\n __ApkToolsSHA512SUM=\"9e2b37ecb2b56c05dad23d379be84fd494c14bd730b620d0d576bda760588e1f2f59a7fcb2f2080577e0085f23a0ca8eadd993b4e61c2ab29549fdb71969afd0\"\n else\n echo \"WARNING: add missing hash for your host architecture. To find the value, use: 'find /tmp -name apk.static -exec sha512sum {} \\;'\"\n fi\n echo \"$__ApkToolsSHA512SUM $__ApkToolsDir/apk.static\" | sha512sum -c\n chmod +x \"$__ApkToolsDir/apk.static\"\n\n if [[ \"$__AlpineVersion\" == \"edge\" ]]; then\n version=edge\n else\n version=\"v$__AlpineVersion\"\n fi\n\n for line in $__AlpineKeys; do\n id=\"${line%%:*}\"\n content=\"${line#*:}\"\n\n echo -e \"-----BEGIN PUBLIC KEY-----\\n$content\\n-----END PUBLIC KEY-----\" > \"$__ApkKeysDir/alpine-devel@lists.alpinelinux.org-$id.rsa.pub\"\n done\n\n if [[ \"$__SkipSigCheck\" == \"1\" ]]; then\n __ApkSignatureArg=\"--allow-untrusted\"\n else\n __ApkSignatureArg=\"--keys-dir $__ApkKeysDir\"\n fi\n\n if [[ \"$__SkipEmulation\" == \"1\" ]]; then\n __NoEmulationArg=\"--no-scripts\"\n fi\n\n # initialize DB\n # shellcheck disable=SC2086\n \"$__ApkToolsDir/apk.static\" \\\n -X \"http://dl-cdn.alpinelinux.org/alpine/$version/main\" \\\n -X \"http://dl-cdn.alpinelinux.org/alpine/$version/community\" \\\n -U $__ApkSignatureArg --root \"$__RootfsDir\" --arch \"$__AlpineArch\" --initdb add\n\n if [[ \"$__AlpineLlvmLibsLookup\" == 1 ]]; then\n # shellcheck disable=SC2086\n __AlpinePackages+=\" $(\"$__ApkToolsDir/apk.static\" \\\n -X \"http://dl-cdn.alpinelinux.org/alpine/$version/main\" \\\n -X \"http://dl-cdn.alpinelinux.org/alpine/$version/community\" \\\n -U $__ApkSignatureArg --root \"$__RootfsDir\" --arch \"$__AlpineArch\" \\\n search 'llvm*-libs' | grep -E '^llvm' | sort | tail -1 | sed 's/-[^-]*//2g')\"\n fi\n\n # install all packages in one go\n # shellcheck disable=SC2086\n \"$__ApkToolsDir/apk.static\" \\\n -X \"http://dl-cdn.alpinelinux.org/alpine/$version/main\" \\\n -X \"http://dl-cdn.alpinelinux.org/alpine/$version/community\" \\\n -U $__ApkSignatureArg --root \"$__RootfsDir\" --arch \"$__AlpineArch\" $__NoEmulationArg \\\n add $__AlpinePackages\n\n rm -r \"$__ApkToolsDir\"\nelif [[ \"$__CodeName\" == \"freebsd\" ]]; then\n mkdir -p \"$__RootfsDir\"/usr/local/etc\n JOBS=${MAXJOBS:=\"$(getconf _NPROCESSORS_ONLN)\"}\n\n ensureDownloadTool\n\n if [[ \"$__hasWget\" == 1 ]]; then\n wget -O- \"https://download.freebsd.org/ftp/releases/${__FreeBSDArch}/${__FreeBSDMachineArch}/${__FreeBSDBase}/base.txz\" | tar -C \"$__RootfsDir\" -Jxf - ./lib ./usr/lib ./usr/libdata ./usr/include ./usr/share/keys ./etc ./bin/freebsd-version\n else\n curl -SL \"https://download.freebsd.org/ftp/releases/${__FreeBSDArch}/${__FreeBSDMachineArch}/${__FreeBSDBase}/base.txz\" | tar -C \"$__RootfsDir\" -Jxf - ./lib ./usr/lib ./usr/libdata ./usr/include ./usr/share/keys ./etc ./bin/freebsd-version\n fi\n echo \"ABI = \\\"FreeBSD:${__FreeBSDABI}:${__FreeBSDMachineArch}\\\"; FINGERPRINTS = \\\"${__RootfsDir}/usr/share/keys\\\"; REPOS_DIR = [\\\"${__RootfsDir}/etc/pkg\\\"]; REPO_AUTOUPDATE = NO; RUN_SCRIPTS = NO;\" > \"${__RootfsDir}\"/usr/local/etc/pkg.conf\n echo \"FreeBSD: { url: \\\"pkg+http://pkg.FreeBSD.org/\\${ABI}/quarterly\\\", mirror_type: \\\"srv\\\", signature_type: \\\"fingerprints\\\", fingerprints: \\\"/usr/share/keys/pkg\\\", enabled: yes }\" > \"${__RootfsDir}\"/etc/pkg/FreeBSD.conf\n mkdir -p \"$__RootfsDir\"/tmp\n # get and build package manager\n if [[ \"$__hasWget\" == 1 ]]; then\n wget -O- \"https://github.com/freebsd/pkg/archive/${__FreeBSDPkg}.tar.gz\" | tar -C \"$__RootfsDir\"/tmp -zxf -\n else\n curl -SL \"https://github.com/freebsd/pkg/archive/${__FreeBSDPkg}.tar.gz\" | tar -C \"$__RootfsDir\"/tmp -zxf -\n fi\n cd \"$__RootfsDir/tmp/pkg-${__FreeBSDPkg}\"\n # needed for install to succeed\n mkdir -p \"$__RootfsDir\"/host/etc\n ./autogen.sh && ./configure --prefix=\"$__RootfsDir\"/host && make -j \"$JOBS\" && make install\n rm -rf \"$__RootfsDir/tmp/pkg-${__FreeBSDPkg}\"\n # install packages we need.\n INSTALL_AS_USER=$(whoami) \"$__RootfsDir\"/host/sbin/pkg -r \"$__RootfsDir\" -C \"$__RootfsDir\"/usr/local/etc/pkg.conf update\n # shellcheck disable=SC2086\n INSTALL_AS_USER=$(whoami) \"$__RootfsDir\"/host/sbin/pkg -r \"$__RootfsDir\" -C \"$__RootfsDir\"/usr/local/etc/pkg.conf install --yes $__FreeBSDPackages\nelif [[ \"$__CodeName\" == \"illumos\" ]]; then\n mkdir \"$__RootfsDir/tmp\"\n pushd \"$__RootfsDir/tmp\"\n JOBS=${MAXJOBS:=\"$(getconf _NPROCESSORS_ONLN)\"}\n\n ensureDownloadTool\n\n echo \"Downloading sysroot.\"\n if [[ \"$__hasWget\" == 1 ]]; then\n wget -O- https://github.com/illumos/sysroot/releases/download/20181213-de6af22ae73b-v1/illumos-sysroot-i386-20181213-de6af22ae73b-v1.tar.gz | tar -C \"$__RootfsDir\" -xzf -\n else\n curl -SL https://github.com/illumos/sysroot/releases/download/20181213-de6af22ae73b-v1/illumos-sysroot-i386-20181213-de6af22ae73b-v1.tar.gz | tar -C \"$__RootfsDir\" -xzf -\n fi\n echo \"Building binutils. Please wait..\"\n if [[ \"$__hasWget\" == 1 ]]; then\n wget -O- https://ftp.gnu.org/gnu/binutils/binutils-2.42.tar.xz | tar -xJf -\n else\n curl -SL https://ftp.gnu.org/gnu/binutils/binutils-2.42.tar.xz | tar -xJf -\n fi\n mkdir build-binutils && cd build-binutils\n ../binutils-2.42/configure --prefix=\"$__RootfsDir\" --target=\"${__illumosArch}-sun-solaris2.11\" --program-prefix=\"${__illumosArch}-illumos-\" --with-sysroot=\"$__RootfsDir\"\n make -j \"$JOBS\" && make install && cd ..\n echo \"Building gcc. Please wait..\"\n if [[ \"$__hasWget\" == 1 ]]; then\n wget -O- https://ftp.gnu.org/gnu/gcc/gcc-13.3.0/gcc-13.3.0.tar.xz | tar -xJf -\n else\n curl -SL https://ftp.gnu.org/gnu/gcc/gcc-13.3.0/gcc-13.3.0.tar.xz | tar -xJf -\n fi\n CFLAGS=\"-fPIC\"\n CXXFLAGS=\"-fPIC\"\n CXXFLAGS_FOR_TARGET=\"-fPIC\"\n CFLAGS_FOR_TARGET=\"-fPIC\"\n export CFLAGS CXXFLAGS CXXFLAGS_FOR_TARGET CFLAGS_FOR_TARGET\n mkdir build-gcc && cd build-gcc\n ../gcc-13.3.0/configure --prefix=\"$__RootfsDir\" --target=\"${__illumosArch}-sun-solaris2.11\" --program-prefix=\"${__illumosArch}-illumos-\" --with-sysroot=\"$__RootfsDir\" --with-gnu-as \\\n --with-gnu-ld --disable-nls --disable-libgomp --disable-libquadmath --disable-libssp --disable-libvtv --disable-libcilkrts --disable-libada --disable-libsanitizer \\\n --disable-libquadmath-support --disable-shared --enable-tls\n make -j \"$JOBS\" && make install && cd ..\n BaseUrl=https://pkgsrc.smartos.org\n if [[ \"$__UseMirror\" == 1 ]]; then\n BaseUrl=https://pkgsrc.smartos.skylime.net\n fi\n BaseUrl=\"$BaseUrl/packages/SmartOS/2019Q4/${__illumosArch}/All\"\n echo \"Downloading manifest\"\n if [[ \"$__hasWget\" == 1 ]]; then\n wget \"$BaseUrl\"\n else\n curl -SLO \"$BaseUrl\"\n fi\n echo \"Downloading dependencies.\"\n read -ra array <<<\"$__IllumosPackages\"\n for package in \"${array[@]}\"; do\n echo \"Installing '$package'\"\n # find last occurrence of package in listing and extract its name\n package=\"$(sed -En '/.*href=\"('\"$package\"'-[0-9].*).tgz\".*/h;$!d;g;s//\\1/p' All)\"\n echo \"Resolved name '$package'\"\n if [[ \"$__hasWget\" == 1 ]]; then\n wget \"$BaseUrl\"/\"$package\".tgz\n else\n curl -SLO \"$BaseUrl\"/\"$package\".tgz\n fi\n ar -x \"$package\".tgz\n tar --skip-old-files -xzf \"$package\".tmp.tg* -C \"$__RootfsDir\" 2>/dev/null\n done\n echo \"Cleaning up temporary files.\"\n popd\n rm -rf \"$__RootfsDir\"/{tmp,+*}\n mkdir -p \"$__RootfsDir\"/usr/include/net\n mkdir -p \"$__RootfsDir\"/usr/include/netpacket\n if [[ \"$__hasWget\" == 1 ]]; then\n wget -P \"$__RootfsDir\"/usr/include/net https://raw.githubusercontent.com/illumos/illumos-gate/master/usr/src/uts/common/io/bpf/net/bpf.h\n wget -P \"$__RootfsDir\"/usr/include/net https://raw.githubusercontent.com/illumos/illumos-gate/master/usr/src/uts/common/io/bpf/net/dlt.h\n wget -P \"$__RootfsDir\"/usr/include/netpacket https://raw.githubusercontent.com/illumos/illumos-gate/master/usr/src/uts/common/inet/sockmods/netpacket/packet.h\n wget -P \"$__RootfsDir\"/usr/include/sys https://raw.githubusercontent.com/illumos/illumos-gate/master/usr/src/uts/common/sys/sdt.h\n else\n curl -SLO --create-dirs --output-dir \"$__RootfsDir\"/usr/include/net https://raw.githubusercontent.com/illumos/illumos-gate/master/usr/src/uts/common/io/bpf/net/bpf.h\n curl -SLO --create-dirs --output-dir \"$__RootfsDir\"/usr/include/net https://raw.githubusercontent.com/illumos/illumos-gate/master/usr/src/uts/common/io/bpf/net/dlt.h\n curl -SLO --create-dirs --output-dir \"$__RootfsDir\"/usr/include/netpacket https://raw.githubusercontent.com/illumos/illumos-gate/master/usr/src/uts/common/inet/sockmods/netpacket/packet.h\n curl -SLO --create-dirs --output-dir \"$__RootfsDir\"/usr/include/sys https://raw.githubusercontent.com/illumos/illumos-gate/master/usr/src/uts/common/sys/sdt.h\n fi\nelif [[ \"$__CodeName\" == \"haiku\" ]]; then\n JOBS=${MAXJOBS:=\"$(getconf _NPROCESSORS_ONLN)\"}\n\n echo \"Building Haiku sysroot for $__HaikuArch\"\n mkdir -p \"$__RootfsDir/tmp\"\n pushd \"$__RootfsDir/tmp\"\n\n mkdir \"$__RootfsDir/tmp/download\"\n\n ensureDownloadTool\n\n echo \"Downloading Haiku package tools\"\n git clone https://github.com/haiku/haiku-toolchains-ubuntu --depth 1 \"$__RootfsDir/tmp/script\"\n if [[ \"$__hasWget\" == 1 ]]; then\n wget -O \"$__RootfsDir/tmp/download/hosttools.zip\" \"$(\"$__RootfsDir/tmp/script/fetch.sh\" --hosttools)\"\n else\n curl -SLo \"$__RootfsDir/tmp/download/hosttools.zip\" \"$(\"$__RootfsDir/tmp/script/fetch.sh\" --hosttools)\"\n fi\n\n unzip -o \"$__RootfsDir/tmp/download/hosttools.zip\" -d \"$__RootfsDir/tmp/bin\"\n\n HaikuBaseUrl=\"https://eu.hpkg.haiku-os.org/haiku/master/$__HaikuArch/current\"\n HaikuPortsBaseUrl=\"https://eu.hpkg.haiku-os.org/haikuports/master/$__HaikuArch/current\"\n\n echo \"Downloading HaikuPorts package repository index...\"\n if [[ \"$__hasWget\" == 1 ]]; then\n wget -P \"$__RootfsDir/tmp/download\" \"$HaikuPortsBaseUrl/repo\"\n else\n curl -SLO --create-dirs --output-dir \"$__RootfsDir/tmp/download\" \"$HaikuPortsBaseUrl/repo\"\n fi\n\n echo \"Downloading Haiku packages\"\n read -ra array <<<\"$__HaikuPackages\"\n for package in \"${array[@]}\"; do\n echo \"Downloading $package...\"\n hpkgFilename=\"$(LD_LIBRARY_PATH=\"$__RootfsDir/tmp/bin\" \"$__RootfsDir/tmp/bin/package_repo\" list -f \"$__RootfsDir/tmp/download/repo\" |\n grep -E \"${package}-\" | sort -V | tail -n 1 | xargs)\"\n if [ -z \"$hpkgFilename\" ]; then\n >&2 echo \"ERROR: package $package missing.\"\n exit 1\n fi\n echo \"Resolved filename: $hpkgFilename...\"\n hpkgDownloadUrl=\"$HaikuPortsBaseUrl/packages/$hpkgFilename\"\n if [[ \"$__hasWget\" == 1 ]]; then\n wget -P \"$__RootfsDir/tmp/download\" \"$hpkgDownloadUrl\"\n else\n curl -SLO --create-dirs --output-dir \"$__RootfsDir/tmp/download\" \"$hpkgDownloadUrl\"\n fi\n done\n for package in haiku haiku_devel; do\n echo \"Downloading $package...\"\n if [[ \"$__hasWget\" == 1 ]]; then\n hpkgVersion=\"$(wget -qO- \"$HaikuBaseUrl\" | sed -n 's/^.*version: \"\\([^\"]*\\)\".*$/\\1/p')\"\n wget -P \"$__RootfsDir/tmp/download\" \"$HaikuBaseUrl/packages/$package-$hpkgVersion-1-$__HaikuArch.hpkg\"\n else\n hpkgVersion=\"$(curl -sSL \"$HaikuBaseUrl\" | sed -n 's/^.*version: \"\\([^\"]*\\)\".*$/\\1/p')\"\n curl -SLO --create-dirs --output-dir \"$__RootfsDir/tmp/download\" \"$HaikuBaseUrl/packages/$package-$hpkgVersion-1-$__HaikuArch.hpkg\"\n fi\n done\n\n # Set up the sysroot\n echo \"Setting up sysroot and extracting required packages\"\n mkdir -p \"$__RootfsDir/boot/system\"\n for file in \"$__RootfsDir/tmp/download/\"*.hpkg; do\n echo \"Extracting $file...\"\n LD_LIBRARY_PATH=\"$__RootfsDir/tmp/bin\" \"$__RootfsDir/tmp/bin/package\" extract -C \"$__RootfsDir/boot/system\" \"$file\"\n done\n\n # Download buildtools\n echo \"Downloading Haiku buildtools\"\n if [[ \"$__hasWget\" == 1 ]]; then\n wget -O \"$__RootfsDir/tmp/download/buildtools.zip\" \"$(\"$__RootfsDir/tmp/script/fetch.sh\" --buildtools --arch=$__HaikuArch)\"\n else\n curl -SLo \"$__RootfsDir/tmp/download/buildtools.zip\" \"$(\"$__RootfsDir/tmp/script/fetch.sh\" --buildtools --arch=$__HaikuArch)\"\n fi\n unzip -o \"$__RootfsDir/tmp/download/buildtools.zip\" -d \"$__RootfsDir\"\n\n # Cleaning up temporary files\n echo \"Cleaning up temporary files\"\n popd\n rm -rf \"$__RootfsDir/tmp\"\nelif [[ -n \"$__CodeName\" ]]; then\n __Suites=\"$__CodeName $(for suite in $__UbuntuSuites; do echo -n \"$__CodeName-$suite \"; done)\"\n\n if [[ \"$__SkipEmulation\" == \"1\" ]]; then\n if [[ -z \"$AR\" ]]; then\n if command -v ar &>/dev/null; then\n AR=\"$(command -v ar)\"\n elif command -v llvm-ar &>/dev/null; then\n AR=\"$(command -v llvm-ar)\"\n else\n echo \"Unable to find ar or llvm-ar on PATH, add them to PATH or set AR environment variable pointing to the available AR tool\"\n exit 1\n fi\n fi\n\n PYTHON=${PYTHON_EXECUTABLE:-python3}\n\n # shellcheck disable=SC2086,SC2046\n echo running \"$PYTHON\" \"$__CrossDir/install-debs.py\" --arch \"$__UbuntuArch\" --mirror \"$__UbuntuRepo\" --rootfsdir \"$__RootfsDir\" --artool \"$AR\" \\\n $(for suite in $__Suites; do echo -n \"--suite $suite \"; done) \\\n $__UbuntuPackages\n\n # shellcheck disable=SC2086,SC2046\n \"$PYTHON\" \"$__CrossDir/install-debs.py\" --arch \"$__UbuntuArch\" --mirror \"$__UbuntuRepo\" --rootfsdir \"$__RootfsDir\" --artool \"$AR\" \\\n $(for suite in $__Suites; do echo -n \"--suite $suite \"; done) \\\n $__UbuntuPackages\n\n exit 0\n fi\n\n __UpdateOptions=\n if [[ \"$__SkipSigCheck\" == \"0\" ]]; then\n __Keyring=\"$__Keyring --force-check-gpg\"\n else\n __Keyring=\n __UpdateOptions=\"--allow-unauthenticated --allow-insecure-repositories\"\n fi\n\n # shellcheck disable=SC2086\n echo running debootstrap \"--variant=minbase\" $__Keyring --arch \"$__UbuntuArch\" \"$__CodeName\" \"$__RootfsDir\" \"$__UbuntuRepo\"\n\n # shellcheck disable=SC2086\n if ! debootstrap \"--variant=minbase\" $__Keyring --arch \"$__UbuntuArch\" \"$__CodeName\" \"$__RootfsDir\" \"$__UbuntuRepo\"; then\n echo \"debootstrap failed! dumping debootstrap.log\"\n cat \"$__RootfsDir/debootstrap/debootstrap.log\"\n exit 1\n fi\n\n rm -rf \"$__RootfsDir\"/etc/apt/*.{sources,list} \"$__RootfsDir\"/etc/apt/sources.list.d\n mkdir -p \"$__RootfsDir/etc/apt/sources.list.d/\"\n\n # shellcheck disable=SC2086\n cat > \"$__RootfsDir/etc/apt/sources.list.d/$__CodeName.sources\" < token2) - (token1 < token2)\n else:\n return -1 if isinstance(token1, str) else 1\n\n return len(tokens1) - len(tokens2)\n\ndef compare_debian_versions(version1, version2):\n \"\"\"Compare two Debian package versions.\"\"\"\n epoch1, upstream1, revision1 = parse_debian_version(version1)\n epoch2, upstream2, revision2 = parse_debian_version(version2)\n\n if epoch1 != epoch2:\n return epoch1 - epoch2\n\n result = compare_upstream_version(upstream1, upstream2)\n if result != 0:\n return result\n\n return compare_upstream_version(revision1, revision2)\n\ndef resolve_dependencies(packages, aliases, desired_packages):\n \"\"\"Recursively resolves dependencies for the desired packages.\"\"\"\n resolved = []\n to_process = deque(desired_packages)\n\n while to_process:\n current = to_process.popleft()\n resolved_package = current if current in packages else aliases.get(current, [None])[0]\n\n if not resolved_package:\n print(f\"Error: Package '{current}' was not found in the available packages.\")\n sys.exit(1)\n\n if resolved_package not in resolved:\n resolved.append(resolved_package)\n\n deps = packages.get(resolved_package, {}).get(\"Depends\", \"\")\n if deps:\n deps = [dep.split(' ')[0] for dep in deps.split(', ') if dep]\n for dep in deps:\n if dep not in resolved and dep not in to_process and dep in packages:\n to_process.append(dep)\n\n return resolved\n\ndef parse_package_index(content):\n \"\"\"Parses the Packages.gz file and returns package information.\"\"\"\n packages = {}\n aliases = {}\n entries = re.split(r'\\n\\n+', content)\n\n for entry in entries:\n fields = dict(re.findall(r'^(\\S+): (.+)$', entry, re.MULTILINE))\n if \"Package\" in fields:\n package_name = fields[\"Package\"]\n version = fields.get(\"Version\")\n filename = fields.get(\"Filename\")\n depends = fields.get(\"Depends\")\n provides = fields.get(\"Provides\", None)\n\n # Only update if package_name is not in packages or if the new version is higher\n if package_name not in packages or compare_debian_versions(version, packages[package_name][\"Version\"]) > 0:\n packages[package_name] = {\n \"Version\": version,\n \"Filename\": filename,\n \"Depends\": depends\n }\n\n # Update aliases if package provides any alternatives\n if provides:\n provides_list = [x.strip() for x in provides.split(\",\")]\n for alias in provides_list:\n # Strip version specifiers\n alias_name = re.sub(r'\\s*\\(=.*\\)', '', alias)\n if alias_name not in aliases:\n aliases[alias_name] = []\n if package_name not in aliases[alias_name]:\n aliases[alias_name].append(package_name)\n\n return packages, aliases\n\ndef install_packages(mirror, packages_info, aliases, tmp_dir, extract_dir, ar_tool, desired_packages):\n \"\"\"Downloads .deb files and extracts them.\"\"\"\n resolved_packages = resolve_dependencies(packages_info, aliases, desired_packages)\n print(f\"Resolved packages (including dependencies): {resolved_packages}\")\n\n packages_to_download = {}\n\n for pkg in resolved_packages:\n if pkg in packages_info:\n packages_to_download[pkg] = packages_info[pkg]\n\n if pkg in aliases:\n for alias in aliases[pkg]:\n if alias in packages_info:\n packages_to_download[alias] = packages_info[alias]\n\n asyncio.run(download_deb_files_parallel(mirror, packages_to_download, tmp_dir))\n\n package_to_deb_file_map = {}\n for pkg in resolved_packages:\n pkg_info = packages_info.get(pkg)\n if pkg_info:\n deb_filename = pkg_info.get(\"Filename\")\n if deb_filename:\n deb_file_path = os.path.join(tmp_dir, os.path.basename(deb_filename))\n package_to_deb_file_map[pkg] = deb_file_path\n\n for pkg in reversed(resolved_packages):\n deb_file = package_to_deb_file_map.get(pkg)\n if deb_file and os.path.exists(deb_file):\n extract_deb_file(deb_file, tmp_dir, extract_dir, ar_tool)\n\n print(\"All done!\")\n\ndef extract_deb_file(deb_file, tmp_dir, extract_dir, ar_tool):\n \"\"\"Extract .deb file contents\"\"\"\n\n os.makedirs(extract_dir, exist_ok=True)\n\n with tempfile.TemporaryDirectory(dir=tmp_dir) as tmp_subdir:\n result = subprocess.run(f\"{ar_tool} t {os.path.abspath(deb_file)}\", cwd=tmp_subdir, check=True, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)\n\n tar_filename = None\n for line in result.stdout.decode().splitlines():\n if line.startswith(\"data.tar\"):\n tar_filename = line.strip()\n break\n\n if not tar_filename:\n raise FileNotFoundError(f\"Could not find 'data.tar.*' in {deb_file}.\")\n\n tar_file_path = os.path.join(tmp_subdir, tar_filename)\n print(f\"Extracting {tar_filename} from {deb_file}..\")\n\n subprocess.run(f\"{ar_tool} p {os.path.abspath(deb_file)} {tar_filename} > {tar_file_path}\", check=True, shell=True)\n\n file_extension = os.path.splitext(tar_file_path)[1].lower()\n\n if file_extension == \".xz\":\n mode = \"r:xz\"\n elif file_extension == \".gz\":\n mode = \"r:gz\"\n elif file_extension == \".zst\":\n # zstd is not supported by standard library yet\n decompressed_tar_path = tar_file_path.replace(\".zst\", \"\")\n with open(tar_file_path, \"rb\") as zst_file, open(decompressed_tar_path, \"wb\") as decompressed_file:\n dctx = zstandard.ZstdDecompressor()\n dctx.copy_stream(zst_file, decompressed_file)\n\n tar_file_path = decompressed_tar_path\n mode = \"r\"\n else:\n raise ValueError(f\"Unsupported compression format: {file_extension}\")\n\n with tarfile.open(tar_file_path, mode) as tar:\n tar.extractall(path=extract_dir, filter='fully_trusted')\n\ndef finalize_setup(rootfsdir):\n lib_dir = os.path.join(rootfsdir, 'lib')\n usr_lib_dir = os.path.join(rootfsdir, 'usr', 'lib')\n\n if os.path.exists(lib_dir):\n if os.path.islink(lib_dir):\n os.remove(lib_dir)\n else:\n os.makedirs(usr_lib_dir, exist_ok=True)\n\n for item in os.listdir(lib_dir):\n src = os.path.join(lib_dir, item)\n dest = os.path.join(usr_lib_dir, item)\n\n if os.path.isdir(src):\n shutil.copytree(src, dest, dirs_exist_ok=True)\n else:\n shutil.copy2(src, dest)\n\n shutil.rmtree(lib_dir)\n\n os.symlink(usr_lib_dir, lib_dir)\n\nif __name__ == \"__main__\":\n parser = argparse.ArgumentParser(description=\"Generate rootfs for .NET runtime on Debian-like OS\")\n parser.add_argument(\"--distro\", required=False, help=\"Distro name (e.g., debian, ubuntu, etc.)\")\n parser.add_argument(\"--arch\", required=True, help=\"Architecture (e.g., amd64, loong64, etc.)\")\n parser.add_argument(\"--rootfsdir\", required=True, help=\"Destination directory.\")\n parser.add_argument('--suite', required=True, action='append', help='Specify one or more repository suites to collect index data.')\n parser.add_argument(\"--mirror\", required=False, help=\"Mirror (e.g., http://ftp.debian.org/debian-ports etc.)\")\n parser.add_argument(\"--artool\", required=False, default=\"ar\", help=\"ar tool to extract debs (e.g., ar, llvm-ar etc.)\")\n parser.add_argument(\"packages\", nargs=\"+\", help=\"List of package names to be installed.\")\n\n args = parser.parse_args()\n\n if args.mirror is None:\n if args.distro == \"ubuntu\":\n args.mirror = \"http://archive.ubuntu.com/ubuntu\" if args.arch in [\"amd64\", \"i386\"] else \"http://ports.ubuntu.com/ubuntu-ports\"\n elif args.distro == \"debian\":\n args.mirror = \"http://ftp.debian.org/debian-ports\"\n else:\n raise Exception(\"Unsupported distro\")\n\n DESIRED_PACKAGES = args.packages + [ # base packages\n \"dpkg\",\n \"busybox\",\n \"libc-bin\",\n \"base-files\",\n \"base-passwd\",\n \"debianutils\"\n ]\n\n print(f\"Creating rootfs. rootfsdir: {args.rootfsdir}, distro: {args.distro}, arch: {args.arch}, suites: {args.suite}, mirror: {args.mirror}\")\n\n package_index_content = asyncio.run(download_package_index_parallel(args.mirror, args.arch, args.suite))\n\n packages_info, aliases = parse_package_index(package_index_content)\n\n with tempfile.TemporaryDirectory() as tmp_dir:\n install_packages(args.mirror, packages_info, aliases, tmp_dir, args.rootfsdir, args.artool, DESIRED_PACKAGES)\n\n finalize_setup(args.rootfsdir)\n"
},
{
"path": "eng/common/cross/riscv64/tizen/tizen.patch",
"content": "diff -u -r a/usr/lib/libc.so b/usr/lib/libc.so\n--- a/usr/lib64/libc.so\t2016-12-30 23:00:08.284951863 +0900\n+++ b/usr/lib64/libc.so\t2016-12-30 23:00:32.140951815 +0900\n@@ -2,4 +2,4 @@\n Use the shared library, but some functions are only in\n the static library, so try that secondarily. */\n OUTPUT_FORMAT(elf64-littleriscv)\n-GROUP ( /lib64/libc.so.6 /usr/lib64/libc_nonshared.a AS_NEEDED ( /lib64/ld-linux-riscv64-lp64d.so.1 ) )\n+GROUP ( libc.so.6 libc_nonshared.a AS_NEEDED ( ld-linux-riscv64-lp64d.so.1 ) )\n"
},
{
"path": "eng/common/cross/tizen-build-rootfs.sh",
"content": "#!/usr/bin/env bash\nset -e\n\nARCH=$1\nLINK_ARCH=$ARCH\n\ncase \"$ARCH\" in\n arm)\n TIZEN_ARCH=\"armv7hl\"\n ;;\n armel)\n TIZEN_ARCH=\"armv7l\"\n LINK_ARCH=\"arm\"\n ;;\n arm64)\n TIZEN_ARCH=\"aarch64\"\n ;;\n x86)\n TIZEN_ARCH=\"i686\"\n ;;\n x64)\n TIZEN_ARCH=\"x86_64\"\n LINK_ARCH=\"x86\"\n ;;\n riscv64)\n TIZEN_ARCH=\"riscv64\"\n LINK_ARCH=\"riscv\"\n ;;\n *)\n echo \"Unsupported architecture for tizen: $ARCH\"\n exit 1\nesac\n\n__CrossDir=$( cd \"$( dirname \"${BASH_SOURCE[0]}\" )\" && pwd )\n__TIZEN_CROSSDIR=\"$__CrossDir/${ARCH}/tizen\"\n\nif [[ -z \"$ROOTFS_DIR\" ]]; then\n echo \"ROOTFS_DIR is not defined.\"\n exit 1;\nfi\n\nTIZEN_TMP_DIR=$ROOTFS_DIR/tizen_tmp\nmkdir -p $TIZEN_TMP_DIR\n\n# Download files\necho \">>Start downloading files\"\nVERBOSE=1 $__CrossDir/tizen-fetch.sh $TIZEN_TMP_DIR $TIZEN_ARCH\necho \"<>Start constructing Tizen rootfs\"\nTIZEN_RPM_FILES=`ls $TIZEN_TMP_DIR/*.rpm`\ncd $ROOTFS_DIR\nfor f in $TIZEN_RPM_FILES; do\n rpm2cpio $f | cpio -idm --quiet\ndone\necho \"<>Start configuring Tizen rootfs\"\nln -sfn asm-${LINK_ARCH} ./usr/include/asm\npatch -p1 < $__TIZEN_CROSSDIR/tizen.patch\nif [[ \"$TIZEN_ARCH\" == \"riscv64\" ]]; then\n echo \"Fixing broken symlinks in $PWD\"\n rm ./usr/lib64/libresolv.so\n ln -s ../../lib64/libresolv.so.2 ./usr/lib64/libresolv.so\n rm ./usr/lib64/libpthread.so\n ln -s ../../lib64/libpthread.so.0 ./usr/lib64/libpthread.so\n rm ./usr/lib64/libdl.so\n ln -s ../../lib64/libdl.so.2 ./usr/lib64/libdl.so\n rm ./usr/lib64/libutil.so\n ln -s ../../lib64/libutil.so.1 ./usr/lib64/libutil.so\n rm ./usr/lib64/libm.so\n ln -s ../../lib64/libm.so.6 ./usr/lib64/libm.so\n rm ./usr/lib64/librt.so\n ln -s ../../lib64/librt.so.1 ./usr/lib64/librt.so\n rm ./lib/ld-linux-riscv64-lp64d.so.1\n ln -s ../lib64/ld-linux-riscv64-lp64d.so.1 ./lib/ld-linux-riscv64-lp64d.so.1\nfi\necho \"</dev/null; then\n VERBOSE=0\nfi\n\nLog()\n{\n if [ $VERBOSE -ge 1 ]; then\n echo ${@:2}\n fi\n}\n\nInform()\n{\n Log 1 -e \"\\x1B[0;34m$@\\x1B[m\"\n}\n\nDebug()\n{\n Log 2 -e \"\\x1B[0;32m$@\\x1B[m\"\n}\n\nError()\n{\n >&2 Log 0 -e \"\\x1B[0;31m$@\\x1B[m\"\n}\n\nFetch()\n{\n URL=$1\n FILE=$2\n PROGRESS=$3\n if [ $VERBOSE -ge 1 ] && [ $PROGRESS ]; then\n CURL_OPT=\"--progress-bar\"\n else\n CURL_OPT=\"--silent\"\n fi\n curl $CURL_OPT $URL > $FILE\n}\n\nhash curl 2> /dev/null || { Error \"Require 'curl' Aborting.\"; exit 1; }\nhash xmllint 2> /dev/null || { Error \"Require 'xmllint' Aborting.\"; exit 1; }\nhash sha256sum 2> /dev/null || { Error \"Require 'sha256sum' Aborting.\"; exit 1; }\n\nTMPDIR=$1\nif [ ! -d $TMPDIR ]; then\n TMPDIR=./tizen_tmp\n Debug \"Create temporary directory : $TMPDIR\"\n mkdir -p $TMPDIR\nfi\n\nTIZEN_ARCH=$2\n\nTIZEN_URL=http://download.tizen.org/snapshots/TIZEN/Tizen\nBUILD_XML=build.xml\nREPOMD_XML=repomd.xml\nPRIMARY_XML=primary.xml\nTARGET_URL=\"http://__not_initialized\"\n\nXpath_get()\n{\n XPATH_RESULT=''\n XPATH=$1\n XML_FILE=$2\n RESULT=$(xmllint --xpath $XPATH $XML_FILE)\n if [[ -z ${RESULT// } ]]; then\n Error \"Can not find target from $XML_FILE\"\n Debug \"Xpath = $XPATH\"\n exit 1\n fi\n XPATH_RESULT=$RESULT\n}\n\nfetch_tizen_pkgs_init()\n{\n TARGET=$1\n PROFILE=$2\n Debug \"Initialize TARGET=$TARGET, PROFILE=$PROFILE\"\n\n TMP_PKG_DIR=$TMPDIR/tizen_${PROFILE}_pkgs\n if [ -d $TMP_PKG_DIR ]; then rm -rf $TMP_PKG_DIR; fi\n mkdir -p $TMP_PKG_DIR\n\n PKG_URL=$TIZEN_URL/$PROFILE/latest\n\n BUILD_XML_URL=$PKG_URL/$BUILD_XML\n TMP_BUILD=$TMP_PKG_DIR/$BUILD_XML\n TMP_REPOMD=$TMP_PKG_DIR/$REPOMD_XML\n TMP_PRIMARY=$TMP_PKG_DIR/$PRIMARY_XML\n TMP_PRIMARYGZ=${TMP_PRIMARY}.gz\n\n Fetch $BUILD_XML_URL $TMP_BUILD\n\n Debug \"fetch $BUILD_XML_URL to $TMP_BUILD\"\n\n TARGET_XPATH=\"//build/buildtargets/buildtarget[@name=\\\"$TARGET\\\"]/repo[@type=\\\"binary\\\"]/text()\"\n Xpath_get $TARGET_XPATH $TMP_BUILD\n TARGET_PATH=$XPATH_RESULT\n TARGET_URL=$PKG_URL/$TARGET_PATH\n\n REPOMD_URL=$TARGET_URL/repodata/repomd.xml\n PRIMARY_XPATH='string(//*[local-name()=\"data\"][@type=\"primary\"]/*[local-name()=\"location\"]/@href)'\n\n Fetch $REPOMD_URL $TMP_REPOMD\n\n Debug \"fetch $REPOMD_URL to $TMP_REPOMD\"\n\n Xpath_get $PRIMARY_XPATH $TMP_REPOMD\n PRIMARY_XML_PATH=$XPATH_RESULT\n PRIMARY_URL=$TARGET_URL/$PRIMARY_XML_PATH\n\n Fetch $PRIMARY_URL $TMP_PRIMARYGZ\n\n Debug \"fetch $PRIMARY_URL to $TMP_PRIMARYGZ\"\n\n gunzip $TMP_PRIMARYGZ\n\n Debug \"unzip $TMP_PRIMARYGZ to $TMP_PRIMARY\"\n}\n\nfetch_tizen_pkgs()\n{\n ARCH=$1\n PACKAGE_XPATH_TPL='string(//*[local-name()=\"metadata\"]/*[local-name()=\"package\"][*[local-name()=\"name\"][text()=\"_PKG_\"]][*[local-name()=\"arch\"][text()=\"_ARCH_\"]]/*[local-name()=\"location\"]/@href)'\n\n PACKAGE_CHECKSUM_XPATH_TPL='string(//*[local-name()=\"metadata\"]/*[local-name()=\"package\"][*[local-name()=\"name\"][text()=\"_PKG_\"]][*[local-name()=\"arch\"][text()=\"_ARCH_\"]]/*[local-name()=\"checksum\"]/text())'\n\n for pkg in ${@:2}\n do\n Inform \"Fetching... $pkg\"\n XPATH=${PACKAGE_XPATH_TPL/_PKG_/$pkg}\n XPATH=${XPATH/_ARCH_/$ARCH}\n Xpath_get $XPATH $TMP_PRIMARY\n PKG_PATH=$XPATH_RESULT\n\n XPATH=${PACKAGE_CHECKSUM_XPATH_TPL/_PKG_/$pkg}\n XPATH=${XPATH/_ARCH_/$ARCH}\n Xpath_get $XPATH $TMP_PRIMARY\n CHECKSUM=$XPATH_RESULT\n\n PKG_URL=$TARGET_URL/$PKG_PATH\n PKG_FILE=$(basename $PKG_PATH)\n PKG_PATH=$TMPDIR/$PKG_FILE\n\n Debug \"Download $PKG_URL to $PKG_PATH\"\n Fetch $PKG_URL $PKG_PATH true\n\n echo \"$CHECKSUM $PKG_PATH\" | sha256sum -c - > /dev/null\n if [ $? -ne 0 ]; then\n Error \"Fail to fetch $PKG_URL to $PKG_PATH\"\n Debug \"Checksum = $CHECKSUM\"\n exit 1\n fi\n done\n}\n\nBASE=\"Tizen-Base\"\nUNIFIED=\"Tizen-Unified\"\n\nInform \"Initialize ${TIZEN_ARCH} base\"\nfetch_tizen_pkgs_init standard $BASE\nInform \"fetch common packages\"\nfetch_tizen_pkgs ${TIZEN_ARCH} gcc gcc-devel-static glibc glibc-devel libicu libicu-devel libatomic linux-glibc-devel keyutils keyutils-devel libkeyutils\nInform \"fetch coreclr packages\"\nfetch_tizen_pkgs ${TIZEN_ARCH} libgcc libstdc++ libstdc++-devel libunwind libunwind-devel lttng-ust-devel lttng-ust userspace-rcu-devel userspace-rcu\nif [ \"$TIZEN_ARCH\" != \"riscv64\" ]; then\n fetch_tizen_pkgs ${TIZEN_ARCH} lldb lldb-devel\nfi\nInform \"fetch corefx packages\"\nfetch_tizen_pkgs ${TIZEN_ARCH} libcom_err libcom_err-devel zlib zlib-devel libopenssl11 libopenssl1.1-devel krb5 krb5-devel\n\nInform \"Initialize standard unified\"\nfetch_tizen_pkgs_init standard $UNIFIED\nInform \"fetch corefx packages\"\nfetch_tizen_pkgs ${TIZEN_ARCH} gssdp gssdp-devel tizen-release\n\n"
},
{
"path": "eng/common/cross/toolchain.cmake",
"content": "set(CROSS_ROOTFS $ENV{ROOTFS_DIR})\n\n# reset platform variables (e.g. cmake 3.25 sets LINUX=1)\nunset(LINUX)\nunset(FREEBSD)\nunset(ILLUMOS)\nunset(ANDROID)\nunset(TIZEN)\nunset(HAIKU)\n\nset(TARGET_ARCH_NAME $ENV{TARGET_BUILD_ARCH})\nif(EXISTS ${CROSS_ROOTFS}/bin/freebsd-version)\n set(CMAKE_SYSTEM_NAME FreeBSD)\n set(FREEBSD 1)\nelseif(EXISTS ${CROSS_ROOTFS}/usr/platform/i86pc)\n set(CMAKE_SYSTEM_NAME SunOS)\n set(ILLUMOS 1)\nelseif(EXISTS ${CROSS_ROOTFS}/boot/system/develop/headers/config/HaikuConfig.h)\n set(CMAKE_SYSTEM_NAME Haiku)\n set(HAIKU 1)\nelse()\n set(CMAKE_SYSTEM_NAME Linux)\n set(LINUX 1)\nendif()\nset(CMAKE_SYSTEM_VERSION 1)\n\nif(EXISTS ${CROSS_ROOTFS}/etc/tizen-release)\n set(TIZEN 1)\nelseif(EXISTS ${CROSS_ROOTFS}/android_platform)\n set(ANDROID 1)\nendif()\n\nif(TARGET_ARCH_NAME STREQUAL \"arm\")\n set(CMAKE_SYSTEM_PROCESSOR armv7l)\n if(EXISTS ${CROSS_ROOTFS}/usr/lib/gcc/armv7-alpine-linux-musleabihf)\n set(TOOLCHAIN \"armv7-alpine-linux-musleabihf\")\n elseif(EXISTS ${CROSS_ROOTFS}/usr/lib/gcc/armv6-alpine-linux-musleabihf)\n set(TOOLCHAIN \"armv6-alpine-linux-musleabihf\")\n else()\n set(TOOLCHAIN \"arm-linux-gnueabihf\")\n endif()\n if(TIZEN)\n set(TIZEN_TOOLCHAIN \"armv7hl-tizen-linux-gnueabihf\")\n endif()\nelseif(TARGET_ARCH_NAME STREQUAL \"arm64\")\n set(CMAKE_SYSTEM_PROCESSOR aarch64)\n if(EXISTS ${CROSS_ROOTFS}/usr/lib/gcc/aarch64-alpine-linux-musl)\n set(TOOLCHAIN \"aarch64-alpine-linux-musl\")\n elseif(LINUX)\n set(TOOLCHAIN \"aarch64-linux-gnu\")\n if(TIZEN)\n set(TIZEN_TOOLCHAIN \"aarch64-tizen-linux-gnu\")\n endif()\n elseif(FREEBSD)\n set(triple \"aarch64-unknown-freebsd12\")\n endif()\nelseif(TARGET_ARCH_NAME STREQUAL \"armel\")\n set(CMAKE_SYSTEM_PROCESSOR armv7l)\n set(TOOLCHAIN \"arm-linux-gnueabi\")\n if(TIZEN)\n set(TIZEN_TOOLCHAIN \"armv7l-tizen-linux-gnueabi\")\n endif()\nelseif(TARGET_ARCH_NAME STREQUAL \"armv6\")\n set(CMAKE_SYSTEM_PROCESSOR armv6l)\n if(EXISTS ${CROSS_ROOTFS}/usr/lib/gcc/armv6-alpine-linux-musleabihf)\n set(TOOLCHAIN \"armv6-alpine-linux-musleabihf\")\n else()\n set(TOOLCHAIN \"arm-linux-gnueabihf\")\n endif()\nelseif(TARGET_ARCH_NAME STREQUAL \"loongarch64\")\n set(CMAKE_SYSTEM_PROCESSOR \"loongarch64\")\n if(EXISTS ${CROSS_ROOTFS}/usr/lib/gcc/loongarch64-alpine-linux-musl)\n set(TOOLCHAIN \"loongarch64-alpine-linux-musl\")\n else()\n set(TOOLCHAIN \"loongarch64-linux-gnu\")\n endif()\nelseif(TARGET_ARCH_NAME STREQUAL \"ppc64le\")\n set(CMAKE_SYSTEM_PROCESSOR ppc64le)\n if(EXISTS ${CROSS_ROOTFS}/usr/lib/gcc/powerpc64le-alpine-linux-musl)\n set(TOOLCHAIN \"powerpc64le-alpine-linux-musl\")\n else()\n set(TOOLCHAIN \"powerpc64le-linux-gnu\")\n endif()\nelseif(TARGET_ARCH_NAME STREQUAL \"riscv64\")\n set(CMAKE_SYSTEM_PROCESSOR riscv64)\n if(EXISTS ${CROSS_ROOTFS}/usr/lib/gcc/riscv64-alpine-linux-musl)\n set(TOOLCHAIN \"riscv64-alpine-linux-musl\")\n else()\n set(TOOLCHAIN \"riscv64-linux-gnu\")\n if(TIZEN)\n set(TIZEN_TOOLCHAIN \"riscv64-tizen-linux-gnu\")\n endif()\n endif()\nelseif(TARGET_ARCH_NAME STREQUAL \"s390x\")\n set(CMAKE_SYSTEM_PROCESSOR s390x)\n if(EXISTS ${CROSS_ROOTFS}/usr/lib/gcc/s390x-alpine-linux-musl)\n set(TOOLCHAIN \"s390x-alpine-linux-musl\")\n else()\n set(TOOLCHAIN \"s390x-linux-gnu\")\n endif()\nelseif(TARGET_ARCH_NAME STREQUAL \"x64\")\n set(CMAKE_SYSTEM_PROCESSOR x86_64)\n if(EXISTS ${CROSS_ROOTFS}/usr/lib/gcc/x86_64-alpine-linux-musl)\n set(TOOLCHAIN \"x86_64-alpine-linux-musl\")\n elseif(LINUX)\n set(TOOLCHAIN \"x86_64-linux-gnu\")\n if(TIZEN)\n set(TIZEN_TOOLCHAIN \"x86_64-tizen-linux-gnu\")\n endif()\n elseif(FREEBSD)\n set(triple \"x86_64-unknown-freebsd12\")\n elseif(ILLUMOS)\n set(TOOLCHAIN \"x86_64-illumos\")\n elseif(HAIKU)\n set(TOOLCHAIN \"x86_64-unknown-haiku\")\n endif()\nelseif(TARGET_ARCH_NAME STREQUAL \"x86\")\n set(CMAKE_SYSTEM_PROCESSOR i686)\n if(EXISTS ${CROSS_ROOTFS}/usr/lib/gcc/i586-alpine-linux-musl)\n set(TOOLCHAIN \"i586-alpine-linux-musl\")\n else()\n set(TOOLCHAIN \"i686-linux-gnu\")\n endif()\n if(TIZEN)\n set(TIZEN_TOOLCHAIN \"i586-tizen-linux-gnu\")\n endif()\nelse()\n message(FATAL_ERROR \"Arch is ${TARGET_ARCH_NAME}. Only arm, arm64, armel, armv6, loongarch64, ppc64le, riscv64, s390x, x64 and x86 are supported!\")\nendif()\n\nif(DEFINED ENV{TOOLCHAIN})\n set(TOOLCHAIN $ENV{TOOLCHAIN})\nendif()\n\n# Specify include paths\nif(TIZEN)\n function(find_toolchain_dir prefix)\n # Dynamically find the version subdirectory\n file(GLOB DIRECTORIES \"${prefix}/*\")\n list(GET DIRECTORIES 0 FIRST_MATCH)\n get_filename_component(TOOLCHAIN_VERSION ${FIRST_MATCH} NAME)\n\n set(TIZEN_TOOLCHAIN_PATH \"${prefix}/${TOOLCHAIN_VERSION}\" PARENT_SCOPE)\n endfunction()\n\n if(TARGET_ARCH_NAME MATCHES \"^(arm|armel|x86)$\")\n find_toolchain_dir(\"${CROSS_ROOTFS}/usr/lib/gcc/${TIZEN_TOOLCHAIN}\")\n else()\n find_toolchain_dir(\"${CROSS_ROOTFS}/usr/lib64/gcc/${TIZEN_TOOLCHAIN}\")\n endif()\n\n message(STATUS \"TIZEN_TOOLCHAIN_PATH set to: ${TIZEN_TOOLCHAIN_PATH}\")\n\n include_directories(SYSTEM ${TIZEN_TOOLCHAIN_PATH}/include/c++)\n include_directories(SYSTEM ${TIZEN_TOOLCHAIN_PATH}/include/c++/${TIZEN_TOOLCHAIN})\nendif()\n\nfunction(locate_toolchain_exec exec var)\n set(TOOLSET_PREFIX ${TOOLCHAIN}-)\n string(TOUPPER ${exec} EXEC_UPPERCASE)\n if(NOT \"$ENV{CLR_${EXEC_UPPERCASE}}\" STREQUAL \"\")\n set(${var} \"$ENV{CLR_${EXEC_UPPERCASE}}\" PARENT_SCOPE)\n return()\n endif()\n\n find_program(EXEC_LOCATION_${exec}\n NAMES\n \"${TOOLSET_PREFIX}${exec}${CLR_CMAKE_COMPILER_FILE_NAME_VERSION}\"\n \"${TOOLSET_PREFIX}${exec}\")\n\n if (EXEC_LOCATION_${exec} STREQUAL \"EXEC_LOCATION_${exec}-NOTFOUND\")\n message(FATAL_ERROR \"Unable to find toolchain executable. Name: ${exec}, Prefix: ${TOOLSET_PREFIX}.\")\n endif()\n set(${var} ${EXEC_LOCATION_${exec}} PARENT_SCOPE)\nendfunction()\n\nif(ANDROID)\n if(TARGET_ARCH_NAME STREQUAL \"arm\")\n set(ANDROID_ABI armeabi-v7a)\n elseif(TARGET_ARCH_NAME STREQUAL \"arm64\")\n set(ANDROID_ABI arm64-v8a)\n endif()\n\n # extract platform number required by the NDK's toolchain\n file(READ \"${CROSS_ROOTFS}/android_platform\" RID_FILE_CONTENTS)\n string(REPLACE \"RID=\" \"\" ANDROID_RID \"${RID_FILE_CONTENTS}\")\n string(REGEX REPLACE \".*\\\\.([0-9]+)-.*\" \"\\\\1\" ANDROID_PLATFORM \"${ANDROID_RID}\")\n\n set(ANDROID_TOOLCHAIN clang)\n set(FEATURE_EVENT_TRACE 0) # disable event trace as there is no lttng-ust package in termux repository\n set(CMAKE_SYSTEM_LIBRARY_PATH \"${CROSS_ROOTFS}/usr/lib\")\n set(CMAKE_SYSTEM_INCLUDE_PATH \"${CROSS_ROOTFS}/usr/include\")\n\n # include official NDK toolchain script\n include(${CROSS_ROOTFS}/../build/cmake/android.toolchain.cmake)\nelseif(FREEBSD)\n # we cross-compile by instructing clang\n set(CMAKE_C_COMPILER_TARGET ${triple})\n set(CMAKE_CXX_COMPILER_TARGET ${triple})\n set(CMAKE_ASM_COMPILER_TARGET ${triple})\n set(CMAKE_SYSROOT \"${CROSS_ROOTFS}\")\n set(CMAKE_EXE_LINKER_FLAGS \"${CMAKE_EXE_LINKER_FLAGS} -fuse-ld=lld\")\n set(CMAKE_SHARED_LINKER_FLAGS \"${CMAKE_SHARED_LINKER_FLAGS} -fuse-ld=lld\")\n set(CMAKE_MODULE_LINKER_FLAGS \"${CMAKE_MODULE_LINKER_FLAGS} -fuse-ld=lld\")\nelseif(ILLUMOS)\n set(CMAKE_SYSROOT \"${CROSS_ROOTFS}\")\n set(CMAKE_SYSTEM_PREFIX_PATH \"${CROSS_ROOTFS}\")\n set(CMAKE_C_STANDARD_LIBRARIES \"${CMAKE_C_STANDARD_LIBRARIES} -lssp\")\n set(CMAKE_CXX_STANDARD_LIBRARIES \"${CMAKE_CXX_STANDARD_LIBRARIES} -lssp\")\n\n include_directories(SYSTEM ${CROSS_ROOTFS}/include)\n\n locate_toolchain_exec(gcc CMAKE_C_COMPILER)\n locate_toolchain_exec(g++ CMAKE_CXX_COMPILER)\nelseif(HAIKU)\n set(CMAKE_SYSROOT \"${CROSS_ROOTFS}\")\n set(CMAKE_PROGRAM_PATH \"${CMAKE_PROGRAM_PATH};${CROSS_ROOTFS}/cross-tools-x86_64/bin\")\n set(CMAKE_SYSTEM_PREFIX_PATH \"${CROSS_ROOTFS}\")\n set(CMAKE_C_STANDARD_LIBRARIES \"${CMAKE_C_STANDARD_LIBRARIES} -lssp\")\n set(CMAKE_CXX_STANDARD_LIBRARIES \"${CMAKE_CXX_STANDARD_LIBRARIES} -lssp\")\n\n locate_toolchain_exec(gcc CMAKE_C_COMPILER)\n locate_toolchain_exec(g++ CMAKE_CXX_COMPILER)\n\n # let CMake set up the correct search paths\n include(Platform/Haiku)\nelse()\n set(CMAKE_SYSROOT \"${CROSS_ROOTFS}\")\n\n set(CMAKE_C_COMPILER_EXTERNAL_TOOLCHAIN \"${CROSS_ROOTFS}/usr\")\n set(CMAKE_CXX_COMPILER_EXTERNAL_TOOLCHAIN \"${CROSS_ROOTFS}/usr\")\n set(CMAKE_ASM_COMPILER_EXTERNAL_TOOLCHAIN \"${CROSS_ROOTFS}/usr\")\nendif()\n\n# Specify link flags\n\nfunction(add_toolchain_linker_flag Flag)\n set(Config \"${ARGV1}\")\n set(CONFIG_SUFFIX \"\")\n if (NOT Config STREQUAL \"\")\n set(CONFIG_SUFFIX \"_${Config}\")\n endif()\n set(\"CMAKE_EXE_LINKER_FLAGS${CONFIG_SUFFIX}_INIT\" \"${CMAKE_EXE_LINKER_FLAGS${CONFIG_SUFFIX}_INIT} ${Flag}\" PARENT_SCOPE)\n set(\"CMAKE_SHARED_LINKER_FLAGS${CONFIG_SUFFIX}_INIT\" \"${CMAKE_SHARED_LINKER_FLAGS${CONFIG_SUFFIX}_INIT} ${Flag}\" PARENT_SCOPE)\nendfunction()\n\nif(LINUX)\n add_toolchain_linker_flag(\"-Wl,--rpath-link=${CROSS_ROOTFS}/lib/${TOOLCHAIN}\")\n add_toolchain_linker_flag(\"-Wl,--rpath-link=${CROSS_ROOTFS}/usr/lib/${TOOLCHAIN}\")\nendif()\n\nif(TARGET_ARCH_NAME MATCHES \"^(arm|armel)$\")\n if(TIZEN)\n add_toolchain_linker_flag(\"-B${TIZEN_TOOLCHAIN_PATH}\")\n add_toolchain_linker_flag(\"-L${CROSS_ROOTFS}/lib\")\n add_toolchain_linker_flag(\"-L${CROSS_ROOTFS}/usr/lib\")\n add_toolchain_linker_flag(\"-L${TIZEN_TOOLCHAIN_PATH}\")\n endif()\nelseif(TARGET_ARCH_NAME MATCHES \"^(arm64|x64|riscv64)$\")\n if(TIZEN)\n add_toolchain_linker_flag(\"-B${TIZEN_TOOLCHAIN_PATH}\")\n add_toolchain_linker_flag(\"-L${CROSS_ROOTFS}/lib64\")\n add_toolchain_linker_flag(\"-L${CROSS_ROOTFS}/usr/lib64\")\n add_toolchain_linker_flag(\"-L${TIZEN_TOOLCHAIN_PATH}\")\n\n add_toolchain_linker_flag(\"-Wl,--rpath-link=${CROSS_ROOTFS}/lib64\")\n add_toolchain_linker_flag(\"-Wl,--rpath-link=${CROSS_ROOTFS}/usr/lib64\")\n add_toolchain_linker_flag(\"-Wl,--rpath-link=${TIZEN_TOOLCHAIN_PATH}\")\n endif()\nelseif(TARGET_ARCH_NAME STREQUAL \"s390x\")\n add_toolchain_linker_flag(\"--target=${TOOLCHAIN}\")\nelseif(TARGET_ARCH_NAME STREQUAL \"x86\")\n if(EXISTS ${CROSS_ROOTFS}/usr/lib/gcc/i586-alpine-linux-musl)\n add_toolchain_linker_flag(\"--target=${TOOLCHAIN}\")\n add_toolchain_linker_flag(\"-Wl,--rpath-link=${CROSS_ROOTFS}/usr/lib/gcc/${TOOLCHAIN}\")\n endif()\n add_toolchain_linker_flag(-m32)\n if(TIZEN)\n add_toolchain_linker_flag(\"-B${TIZEN_TOOLCHAIN_PATH}\")\n add_toolchain_linker_flag(\"-L${CROSS_ROOTFS}/lib\")\n add_toolchain_linker_flag(\"-L${CROSS_ROOTFS}/usr/lib\")\n add_toolchain_linker_flag(\"-L${TIZEN_TOOLCHAIN_PATH}\")\n endif()\nelseif(ILLUMOS)\n add_toolchain_linker_flag(\"-L${CROSS_ROOTFS}/lib/amd64\")\n add_toolchain_linker_flag(\"-L${CROSS_ROOTFS}/usr/amd64/lib\")\nelseif(HAIKU)\n add_toolchain_linker_flag(\"-lnetwork\")\n add_toolchain_linker_flag(\"-lroot\")\nendif()\n\n# Specify compile options\n\nif((TARGET_ARCH_NAME MATCHES \"^(arm|arm64|armel|armv6|loongarch64|ppc64le|riscv64|s390x|x64|x86)$\" AND NOT ANDROID AND NOT FREEBSD) OR ILLUMOS OR HAIKU)\n set(CMAKE_C_COMPILER_TARGET ${TOOLCHAIN})\n set(CMAKE_CXX_COMPILER_TARGET ${TOOLCHAIN})\n set(CMAKE_ASM_COMPILER_TARGET ${TOOLCHAIN})\nendif()\n\nif(TARGET_ARCH_NAME MATCHES \"^(arm|armel)$\")\n add_compile_options(-mthumb)\n if (NOT DEFINED CLR_ARM_FPU_TYPE)\n set (CLR_ARM_FPU_TYPE vfpv3)\n endif (NOT DEFINED CLR_ARM_FPU_TYPE)\n\n add_compile_options (-mfpu=${CLR_ARM_FPU_TYPE})\n if (NOT DEFINED CLR_ARM_FPU_CAPABILITY)\n set (CLR_ARM_FPU_CAPABILITY 0x7)\n endif (NOT DEFINED CLR_ARM_FPU_CAPABILITY)\n\n add_definitions (-DCLR_ARM_FPU_CAPABILITY=${CLR_ARM_FPU_CAPABILITY})\n\n # persist variables across multiple try_compile passes\n list(APPEND CMAKE_TRY_COMPILE_PLATFORM_VARIABLES CLR_ARM_FPU_TYPE CLR_ARM_FPU_CAPABILITY)\n\n if(TARGET_ARCH_NAME STREQUAL \"armel\")\n add_compile_options(-mfloat-abi=softfp)\n endif()\nelseif(TARGET_ARCH_NAME STREQUAL \"s390x\")\n add_compile_options(\"--target=${TOOLCHAIN}\")\nelseif(TARGET_ARCH_NAME STREQUAL \"x86\")\n if(EXISTS ${CROSS_ROOTFS}/usr/lib/gcc/i586-alpine-linux-musl)\n add_compile_options(--target=${TOOLCHAIN})\n endif()\n add_compile_options(-m32)\n add_compile_options(-Wno-error=unused-command-line-argument)\nendif()\n\nif(TIZEN)\n if(TARGET_ARCH_NAME MATCHES \"^(arm|armel|arm64|x86)$\")\n add_compile_options(-Wno-deprecated-declarations) # compile-time option\n add_compile_options(-D__extern_always_inline=inline) # compile-time option\n endif()\nendif()\n\n# Set LLDB include and library paths for builds that need lldb.\nif(TARGET_ARCH_NAME MATCHES \"^(arm|armel|x86)$\")\n if(TARGET_ARCH_NAME STREQUAL \"x86\")\n set(LLVM_CROSS_DIR \"$ENV{LLVM_CROSS_HOME}\")\n else() # arm/armel case\n set(LLVM_CROSS_DIR \"$ENV{LLVM_ARM_HOME}\")\n endif()\n if(LLVM_CROSS_DIR)\n set(WITH_LLDB_LIBS \"${LLVM_CROSS_DIR}/lib/\" CACHE STRING \"\")\n set(WITH_LLDB_INCLUDES \"${LLVM_CROSS_DIR}/include\" CACHE STRING \"\")\n set(LLDB_H \"${WITH_LLDB_INCLUDES}\" CACHE STRING \"\")\n set(LLDB \"${LLVM_CROSS_DIR}/lib/liblldb.so\" CACHE STRING \"\")\n else()\n if(TARGET_ARCH_NAME STREQUAL \"x86\")\n set(WITH_LLDB_LIBS \"${CROSS_ROOTFS}/usr/lib/i386-linux-gnu\" CACHE STRING \"\")\n set(CHECK_LLVM_DIR \"${CROSS_ROOTFS}/usr/lib/llvm-3.8/include\")\n if(EXISTS \"${CHECK_LLVM_DIR}\" AND IS_DIRECTORY \"${CHECK_LLVM_DIR}\")\n set(WITH_LLDB_INCLUDES \"${CHECK_LLVM_DIR}\")\n else()\n set(WITH_LLDB_INCLUDES \"${CROSS_ROOTFS}/usr/lib/llvm-3.6/include\")\n endif()\n else() # arm/armel case\n set(WITH_LLDB_LIBS \"${CROSS_ROOTFS}/usr/lib/${TOOLCHAIN}\" CACHE STRING \"\")\n set(WITH_LLDB_INCLUDES \"${CROSS_ROOTFS}/usr/lib/llvm-3.6/include\" CACHE STRING \"\")\n endif()\n endif()\nendif()\n\n# Set C++ standard library options if specified\nset(CLR_CMAKE_CXX_STANDARD_LIBRARY \"\" CACHE STRING \"Standard library flavor to link against. Only supported with the Clang compiler.\")\nif (CLR_CMAKE_CXX_STANDARD_LIBRARY)\n add_compile_options($<$:--stdlib=${CLR_CMAKE_CXX_STANDARD_LIBRARY}>)\n add_link_options($<$:--stdlib=${CLR_CMAKE_CXX_STANDARD_LIBRARY}>)\nendif()\n\noption(CLR_CMAKE_CXX_STANDARD_LIBRARY_STATIC \"Statically link against the C++ standard library\" OFF)\nif(CLR_CMAKE_CXX_STANDARD_LIBRARY_STATIC)\n add_link_options($<$:-static-libstdc++>)\nendif()\n\nset(CLR_CMAKE_CXX_ABI_LIBRARY \"\" CACHE STRING \"C++ ABI implementation library to link against. Only supported with the Clang compiler.\")\nif (CLR_CMAKE_CXX_ABI_LIBRARY)\n # The user may specify the ABI library with the 'lib' prefix, like 'libstdc++'. Strip the prefix here so the linker finds the right library.\n string(REGEX REPLACE \"^lib(.+)\" \"\\\\1\" CLR_CMAKE_CXX_ABI_LIBRARY ${CLR_CMAKE_CXX_ABI_LIBRARY})\n # We need to specify this as a linker-backend option as Clang will filter this option out when linking to libc++.\n add_link_options(\"LINKER:-l${CLR_CMAKE_CXX_ABI_LIBRARY}\")\nendif()\n\nset(CMAKE_FIND_ROOT_PATH_MODE_PROGRAM NEVER)\nset(CMAKE_FIND_ROOT_PATH_MODE_LIBRARY ONLY)\nset(CMAKE_FIND_ROOT_PATH_MODE_INCLUDE ONLY)\nset(CMAKE_FIND_ROOT_PATH_MODE_PACKAGE ONLY)\n"
},
{
"path": "eng/common/darc-init.ps1",
"content": "param (\n $darcVersion = $null,\n $versionEndpoint = 'https://maestro.dot.net/api/assets/darc-version?api-version=2020-02-20',\n $verbosity = 'minimal',\n $toolpath = $null\n)\n\n. $PSScriptRoot\\tools.ps1\n\nfunction InstallDarcCli ($darcVersion, $toolpath) {\n $darcCliPackageName = 'microsoft.dotnet.darc'\n\n $dotnetRoot = InitializeDotNetCli -install:$true\n $dotnet = \"$dotnetRoot\\dotnet.exe\"\n $toolList = & \"$dotnet\" tool list -g\n\n if ($toolList -like \"*$darcCliPackageName*\") {\n & \"$dotnet\" tool uninstall $darcCliPackageName -g\n }\n\n # If the user didn't explicitly specify the darc version,\n # query the Maestro API for the correct version of darc to install.\n if (-not $darcVersion) {\n $darcVersion = $(Invoke-WebRequest -Uri $versionEndpoint -UseBasicParsing).Content\n }\n\n $arcadeServicesSource = 'https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-eng/nuget/v3/index.json'\n\n Write-Host \"Installing Darc CLI version $darcVersion...\"\n Write-Host 'You may need to restart your command window if this is the first dotnet tool you have installed.'\n if (-not $toolpath) {\n Write-Host \"'$dotnet' tool install $darcCliPackageName --version $darcVersion --add-source '$arcadeServicesSource' -v $verbosity -g\"\n & \"$dotnet\" tool install $darcCliPackageName --version $darcVersion --add-source \"$arcadeServicesSource\" -v $verbosity -g\n }else {\n Write-Host \"'$dotnet' tool install $darcCliPackageName --version $darcVersion --add-source '$arcadeServicesSource' -v $verbosity --tool-path '$toolpath'\"\n & \"$dotnet\" tool install $darcCliPackageName --version $darcVersion --add-source \"$arcadeServicesSource\" -v $verbosity --tool-path \"$toolpath\"\n }\n}\n\ntry {\n InstallDarcCli $darcVersion $toolpath\n}\ncatch {\n Write-Host $_.ScriptStackTrace\n Write-PipelineTelemetryError -Category 'Darc' -Message $_\n ExitWithExitCode 1\n}"
},
{
"path": "eng/common/darc-init.sh",
"content": "#!/usr/bin/env bash\n\nsource=\"${BASH_SOURCE[0]}\"\ndarcVersion=''\nversionEndpoint='https://maestro.dot.net/api/assets/darc-version?api-version=2020-02-20'\nverbosity='minimal'\n\nwhile [[ $# > 0 ]]; do\n opt=\"$(echo \"$1\" | tr \"[:upper:]\" \"[:lower:]\")\"\n case \"$opt\" in\n --darcversion)\n darcVersion=$2\n shift\n ;;\n --versionendpoint)\n versionEndpoint=$2\n shift\n ;;\n --verbosity)\n verbosity=$2\n shift\n ;;\n --toolpath)\n toolpath=$2\n shift\n ;;\n *)\n echo \"Invalid argument: $1\"\n usage\n exit 1\n ;;\n esac\n\n shift\ndone\n\n# resolve $source until the file is no longer a symlink\nwhile [[ -h \"$source\" ]]; do\n scriptroot=\"$( cd -P \"$( dirname \"$source\" )\" && pwd )\"\n source=\"$(readlink \"$source\")\"\n # if $source was a relative symlink, we need to resolve it relative to the path where the\n # symlink file was located\n [[ $source != /* ]] && source=\"$scriptroot/$source\"\ndone\nscriptroot=\"$( cd -P \"$( dirname \"$source\" )\" && pwd )\"\n\n. \"$scriptroot/tools.sh\"\n\nif [ -z \"$darcVersion\" ]; then\n darcVersion=$(curl -X GET \"$versionEndpoint\" -H \"accept: text/plain\")\nfi\n\nfunction InstallDarcCli {\n local darc_cli_package_name=\"microsoft.dotnet.darc\"\n\n InitializeDotNetCli true\n local dotnet_root=$_InitializeDotNetCli\n\n if [ -z \"$toolpath\" ]; then\n local tool_list=$($dotnet_root/dotnet tool list -g)\n if [[ $tool_list = *$darc_cli_package_name* ]]; then\n echo $($dotnet_root/dotnet tool uninstall $darc_cli_package_name -g)\n fi\n else\n local tool_list=$($dotnet_root/dotnet tool list --tool-path \"$toolpath\")\n if [[ $tool_list = *$darc_cli_package_name* ]]; then\n echo $($dotnet_root/dotnet tool uninstall $darc_cli_package_name --tool-path \"$toolpath\")\n fi\n fi\n\n local arcadeServicesSource=\"https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-eng/nuget/v3/index.json\"\n\n echo \"Installing Darc CLI version $darcVersion...\"\n echo \"You may need to restart your command shell if this is the first dotnet tool you have installed.\"\n if [ -z \"$toolpath\" ]; then\n echo $($dotnet_root/dotnet tool install $darc_cli_package_name --version $darcVersion --add-source \"$arcadeServicesSource\" -v $verbosity -g)\n else\n echo $($dotnet_root/dotnet tool install $darc_cli_package_name --version $darcVersion --add-source \"$arcadeServicesSource\" -v $verbosity --tool-path \"$toolpath\")\n fi\n}\n\nInstallDarcCli\n"
},
{
"path": "eng/common/dotnet-install.cmd",
"content": "@echo off\npowershell -ExecutionPolicy ByPass -NoProfile -command \"& \"\"\"%~dp0dotnet-install.ps1\"\"\" %*\""
},
{
"path": "eng/common/dotnet-install.ps1",
"content": "[CmdletBinding(PositionalBinding=$false)]\nParam(\n [string] $verbosity = 'minimal',\n [string] $architecture = '',\n [string] $version = 'Latest',\n [string] $runtime = 'dotnet',\n [string] $RuntimeSourceFeed = '',\n [string] $RuntimeSourceFeedKey = ''\n)\n\n. $PSScriptRoot\\tools.ps1\n\n$dotnetRoot = Join-Path $RepoRoot '.dotnet'\n\n$installdir = $dotnetRoot\ntry {\n if ($architecture -and $architecture.Trim() -eq 'x86') {\n $installdir = Join-Path $installdir 'x86'\n }\n InstallDotNet $installdir $version $architecture $runtime $true -RuntimeSourceFeed $RuntimeSourceFeed -RuntimeSourceFeedKey $RuntimeSourceFeedKey\n}\ncatch {\n Write-Host $_.ScriptStackTrace\n Write-PipelineTelemetryError -Category 'InitializeToolset' -Message $_\n ExitWithExitCode 1\n}\n\nExitWithExitCode 0\n"
},
{
"path": "eng/common/dotnet-install.sh",
"content": "#!/usr/bin/env bash\n\nsource=\"${BASH_SOURCE[0]}\"\n# resolve $source until the file is no longer a symlink\nwhile [[ -h \"$source\" ]]; do\n scriptroot=\"$( cd -P \"$( dirname \"$source\" )\" && pwd )\"\n source=\"$(readlink \"$source\")\"\n # if $source was a relative symlink, we need to resolve it relative to the path where the\n # symlink file was located\n [[ $source != /* ]] && source=\"$scriptroot/$source\"\ndone\nscriptroot=\"$( cd -P \"$( dirname \"$source\" )\" && pwd )\"\n\n. \"$scriptroot/tools.sh\"\n\nversion='Latest'\narchitecture=''\nruntime='dotnet'\nruntimeSourceFeed=''\nruntimeSourceFeedKey=''\nwhile [[ $# > 0 ]]; do\n opt=\"$(echo \"$1\" | tr \"[:upper:]\" \"[:lower:]\")\"\n case \"$opt\" in\n -version|-v)\n shift\n version=\"$1\"\n ;;\n -architecture|-a)\n shift\n architecture=\"$1\"\n ;;\n -runtime|-r)\n shift\n runtime=\"$1\"\n ;;\n -runtimesourcefeed)\n shift\n runtimeSourceFeed=\"$1\"\n ;;\n -runtimesourcefeedkey)\n shift\n runtimeSourceFeedKey=\"$1\"\n ;;\n *)\n Write-PipelineTelemetryError -Category 'Build' -Message \"Invalid argument: $1\"\n exit 1\n ;;\n esac\n shift\ndone\n\n# Use uname to determine what the CPU is, see https://en.wikipedia.org/wiki/Uname#Examples\ncpuname=$(uname -m)\ncase $cpuname in\n arm64|aarch64)\n buildarch=arm64\n if [ \"$(getconf LONG_BIT)\" -lt 64 ]; then\n # This is 32-bit OS running on 64-bit CPU (for example Raspberry Pi OS)\n buildarch=arm\n fi\n ;;\n loongarch64)\n buildarch=loongarch64\n ;;\n amd64|x86_64)\n buildarch=x64\n ;;\n armv*l)\n buildarch=arm\n ;;\n i[3-6]86)\n buildarch=x86\n ;;\n riscv64)\n buildarch=riscv64\n ;;\n *)\n echo \"Unknown CPU $cpuname detected, treating it as x64\"\n buildarch=x64\n ;;\nesac\n\ndotnetRoot=\"${repo_root}.dotnet\"\nif [[ $architecture != \"\" ]] && [[ $architecture != $buildarch ]]; then\n dotnetRoot=\"$dotnetRoot/$architecture\"\nfi\n\nInstallDotNet \"$dotnetRoot\" $version \"$architecture\" $runtime true $runtimeSourceFeed $runtimeSourceFeedKey || {\n local exit_code=$?\n Write-PipelineTelemetryError -Category 'InitializeToolset' -Message \"dotnet-install.sh failed (exit code '$exit_code').\" >&2\n ExitWithExitCode $exit_code\n}\n\nExitWithExitCode 0\n"
},
{
"path": "eng/common/dotnet.cmd",
"content": "@echo off\n\n:: This script is used to install the .NET SDK.\n:: It will also invoke the SDK with any provided arguments.\n\npowershell -ExecutionPolicy ByPass -NoProfile -command \"& \"\"\"%~dp0dotnet.ps1\"\"\" %*\"\nexit /b %ErrorLevel%\n"
},
{
"path": "eng/common/dotnet.ps1",
"content": "# This script is used to install the .NET SDK.\n# It will also invoke the SDK with any provided arguments.\n\n. $PSScriptRoot\\tools.ps1\n$dotnetRoot = InitializeDotNetCli -install:$true\n\n# Invoke acquired SDK with args if they are provided\nif ($args.count -gt 0) {\n $env:DOTNET_NOLOGO=1\n & \"$dotnetRoot\\dotnet.exe\" $args\n}\n"
},
{
"path": "eng/common/dotnet.sh",
"content": "#!/usr/bin/env bash\n\n# This script is used to install the .NET SDK.\n# It will also invoke the SDK with any provided arguments.\n\nsource=\"${BASH_SOURCE[0]}\"\n# resolve $SOURCE until the file is no longer a symlink\nwhile [[ -h $source ]]; do\n scriptroot=\"$( cd -P \"$( dirname \"$source\" )\" && pwd )\"\n source=\"$(readlink \"$source\")\"\n\n # if $source was a relative symlink, we need to resolve it relative to the path where the\n # symlink file was located\n [[ $source != /* ]] && source=\"$scriptroot/$source\"\ndone\nscriptroot=\"$( cd -P \"$( dirname \"$source\" )\" && pwd )\"\n\nsource $scriptroot/tools.sh\nInitializeDotNetCli true # install\n\n# Invoke acquired SDK with args if they are provided\nif [[ $# > 0 ]]; then\n __dotnetDir=${_InitializeDotNetCli}\n dotnetPath=${__dotnetDir}/dotnet\n ${dotnetPath} \"$@\"\nfi\n"
},
{
"path": "eng/common/enable-cross-org-publishing.ps1",
"content": "param(\n [string] $token\n)\n\n\n. $PSScriptRoot\\pipeline-logging-functions.ps1\n\n# Write-PipelineSetVariable will no-op if a variable named $ci is not defined\n# Since this script is only ever called in AzDO builds, just universally set it\n$ci = $true\n\nWrite-PipelineSetVariable -Name 'VSS_NUGET_ACCESSTOKEN' -Value $token -IsMultiJobVariable $false\nWrite-PipelineSetVariable -Name 'VSS_NUGET_URI_PREFIXES' -Value 'https://dnceng.pkgs.visualstudio.com/;https://pkgs.dev.azure.com/dnceng/;https://devdiv.pkgs.visualstudio.com/;https://pkgs.dev.azure.com/devdiv/' -IsMultiJobVariable $false\n"
},
{
"path": "eng/common/generate-locproject.ps1",
"content": "Param(\n [Parameter(Mandatory=$true)][string] $SourcesDirectory, # Directory where source files live; if using a Localize directory it should live in here\n [string] $LanguageSet = 'VS_Main_Languages', # Language set to be used in the LocProject.json\n [switch] $UseCheckedInLocProjectJson, # When set, generates a LocProject.json and compares it to one that already exists in the repo; otherwise just generates one\n [switch] $CreateNeutralXlfs # Creates neutral xlf files. Only set to false when running locally\n)\n\n# Generates LocProject.json files for the OneLocBuild task. OneLocBuildTask is described here:\n# https://ceapex.visualstudio.com/CEINTL/_wiki/wikis/CEINTL.wiki/107/Localization-with-OneLocBuild-Task\n\nSet-StrictMode -Version 2.0\n$ErrorActionPreference = \"Stop\"\n. $PSScriptRoot\\pipeline-logging-functions.ps1\n\n$exclusionsFilePath = \"$SourcesDirectory\\eng\\Localize\\LocExclusions.json\"\n$exclusions = @{ Exclusions = @() }\nif (Test-Path -Path $exclusionsFilePath)\n{\n $exclusions = Get-Content \"$exclusionsFilePath\" | ConvertFrom-Json\n}\n\nPush-Location \"$SourcesDirectory\" # push location for Resolve-Path -Relative to work\n\n# Template files\n$jsonFiles = @()\n$jsonTemplateFiles = Get-ChildItem -Recurse -Path \"$SourcesDirectory\" | Where-Object { $_.FullName -Match \"\\.template\\.config\\\\localize\\\\.+\\.en\\.json\" } # .NET templating pattern\n$jsonTemplateFiles | ForEach-Object {\n $null = $_.Name -Match \"(.+)\\.[\\w-]+\\.json\" # matches '[filename].[langcode].json\n\n $destinationFile = \"$($_.Directory.FullName)\\$($Matches.1).json\"\n $jsonFiles += Copy-Item \"$($_.FullName)\" -Destination $destinationFile -PassThru\n}\n\n$jsonWinformsTemplateFiles = Get-ChildItem -Recurse -Path \"$SourcesDirectory\" | Where-Object { $_.FullName -Match \"en\\\\strings\\.json\" } # current winforms pattern\n\n$wxlFilesV3 = @()\n$wxlFilesV5 = @()\n$wxlFiles = Get-ChildItem -Recurse -Path \"$SourcesDirectory\" | Where-Object { $_.FullName -Match \"\\\\.+\\.wxl\" -And -Not( $_.Directory.Name -Match \"\\d{4}\" ) } # localized files live in four digit lang ID directories; this excludes them\nif (-not $wxlFiles) {\n $wxlEnFiles = Get-ChildItem -Recurse -Path \"$SourcesDirectory\" | Where-Object { $_.FullName -Match \"\\\\1033\\\\.+\\.wxl\" } # pick up en files (1033 = en) specifically so we can copy them to use as the neutral xlf files\n if ($wxlEnFiles) {\n $wxlFiles = @()\n $wxlEnFiles | ForEach-Object {\n $destinationFile = \"$($_.Directory.Parent.FullName)\\$($_.Name)\"\n $content = Get-Content $_.FullName -Raw\n\n # Split files on schema to select different parser settings in the generated project.\n if ($content -like \"*http://wixtoolset.org/schemas/v4/wxl*\")\n {\n $wxlFilesV5 += Copy-Item $_.FullName -Destination $destinationFile -PassThru\n }\n elseif ($content -like \"*http://schemas.microsoft.com/wix/2006/localization*\")\n {\n $wxlFilesV3 += Copy-Item $_.FullName -Destination $destinationFile -PassThru\n }\n }\n }\n}\n\n$macosHtmlEnFiles = Get-ChildItem -Recurse -Path \"$SourcesDirectory\" | Where-Object { $_.FullName -Match \"en\\.lproj\\\\.+\\.html$\" } # add installer HTML files\n$macosHtmlFiles = @()\nif ($macosHtmlEnFiles) {\n $macosHtmlEnFiles | ForEach-Object {\n $destinationFile = \"$($_.Directory.Parent.FullName)\\$($_.Name)\"\n $macosHtmlFiles += Copy-Item \"$($_.FullName)\" -Destination $destinationFile -PassThru\n }\n}\n\n$xlfFiles = @()\n\n$allXlfFiles = Get-ChildItem -Recurse -Path \"$SourcesDirectory\\*\\*.xlf\"\n$langXlfFiles = @()\nif ($allXlfFiles) {\n $null = $allXlfFiles[0].FullName -Match \"\\.([\\w-]+)\\.xlf\" # matches '[langcode].xlf'\n $firstLangCode = $Matches.1\n $langXlfFiles = Get-ChildItem -Recurse -Path \"$SourcesDirectory\\*\\*.$firstLangCode.xlf\"\n}\n$langXlfFiles | ForEach-Object {\n $null = $_.Name -Match \"(.+)\\.[\\w-]+\\.xlf\" # matches '[filename].[langcode].xlf\n\n $destinationFile = \"$($_.Directory.FullName)\\$($Matches.1).xlf\"\n $xlfFiles += Copy-Item \"$($_.FullName)\" -Destination $destinationFile -PassThru\n}\n\n$locFiles = $jsonFiles + $jsonWinformsTemplateFiles + $xlfFiles\n\n$locJson = @{\n Projects = @(\n @{\n LanguageSet = $LanguageSet\n LocItems = @(\n $locFiles | ForEach-Object {\n $outputPath = \"$(($_.DirectoryName | Resolve-Path -Relative) + \"\\\")\"\n $continue = $true\n foreach ($exclusion in $exclusions.Exclusions) {\n if ($_.FullName.Contains($exclusion))\n {\n $continue = $false\n }\n }\n $sourceFile = ($_.FullName | Resolve-Path -Relative)\n if (!$CreateNeutralXlfs -and $_.Extension -eq '.xlf') {\n Remove-Item -Path $sourceFile\n }\n if ($continue)\n {\n if ($_.Directory.Name -eq 'en' -and $_.Extension -eq '.json') {\n return @{\n SourceFile = $sourceFile\n CopyOption = \"LangIDOnPath\"\n OutputPath = \"$($_.Directory.Parent.FullName | Resolve-Path -Relative)\\\"\n }\n } else {\n return @{\n SourceFile = $sourceFile\n CopyOption = \"LangIDOnName\"\n OutputPath = $outputPath\n }\n }\n }\n }\n )\n },\n @{\n LanguageSet = $LanguageSet\n CloneLanguageSet = \"WiX_CloneLanguages\"\n LssFiles = @( \"wxl_loc.lss\" )\n LocItems = @(\n $wxlFilesV3 | ForEach-Object {\n $outputPath = \"$($_.Directory.FullName | Resolve-Path -Relative)\\\"\n $continue = $true\n foreach ($exclusion in $exclusions.Exclusions) {\n if ($_.FullName.Contains($exclusion)) {\n $continue = $false\n }\n }\n $sourceFile = ($_.FullName | Resolve-Path -Relative)\n if ($continue)\n {\n return @{\n SourceFile = $sourceFile\n CopyOption = \"LangIDOnPath\"\n OutputPath = $outputPath\n }\n }\n }\n )\n },\n @{\n LanguageSet = $LanguageSet\n CloneLanguageSet = \"WiX_CloneLanguages\"\n LssFiles = @( \"P210WxlSchemaV4.lss\" )\n LocItems = @(\n $wxlFilesV5 | ForEach-Object {\n $outputPath = \"$($_.Directory.FullName | Resolve-Path -Relative)\\\"\n $continue = $true\n foreach ($exclusion in $exclusions.Exclusions) {\n if ($_.FullName.Contains($exclusion)) {\n $continue = $false\n }\n }\n $sourceFile = ($_.FullName | Resolve-Path -Relative)\n if ($continue)\n {\n return @{\n SourceFile = $sourceFile\n CopyOption = \"LangIDOnPath\"\n OutputPath = $outputPath\n }\n }\n }\n )\n },\n @{\n LanguageSet = $LanguageSet\n CloneLanguageSet = \"VS_macOS_CloneLanguages\"\n LssFiles = @( \".\\eng\\common\\loc\\P22DotNetHtmlLocalization.lss\" )\n LocItems = @(\n $macosHtmlFiles | ForEach-Object {\n $outputPath = \"$($_.Directory.FullName | Resolve-Path -Relative)\\\"\n $continue = $true\n foreach ($exclusion in $exclusions.Exclusions) {\n if ($_.FullName.Contains($exclusion)) {\n $continue = $false\n }\n }\n $sourceFile = ($_.FullName | Resolve-Path -Relative)\n $lciFile = $sourceFile + \".lci\"\n if ($continue) {\n $result = @{\n SourceFile = $sourceFile\n CopyOption = \"LangIDOnPath\"\n OutputPath = $outputPath\n }\n if (Test-Path $lciFile -PathType Leaf) {\n $result[\"LciFile\"] = $lciFile\n }\n return $result\n }\n }\n )\n }\n )\n}\n\n$json = ConvertTo-Json $locJson -Depth 5\nWrite-Host \"LocProject.json generated:`n`n$json`n`n\"\nPop-Location\n\nif (!$UseCheckedInLocProjectJson) {\n New-Item \"$SourcesDirectory\\eng\\Localize\\LocProject.json\" -Force # Need this to make sure the Localize directory is created\n Set-Content \"$SourcesDirectory\\eng\\Localize\\LocProject.json\" $json\n}\nelse {\n New-Item \"$SourcesDirectory\\eng\\Localize\\LocProject-generated.json\" -Force # Need this to make sure the Localize directory is created\n Set-Content \"$SourcesDirectory\\eng\\Localize\\LocProject-generated.json\" $json\n\n if ((Get-FileHash \"$SourcesDirectory\\eng\\Localize\\LocProject-generated.json\").Hash -ne (Get-FileHash \"$SourcesDirectory\\eng\\Localize\\LocProject.json\").Hash) {\n Write-PipelineTelemetryError -Category \"OneLocBuild\" -Message \"Existing LocProject.json differs from generated LocProject.json. Download LocProject-generated.json and compare them.\"\n\n exit 1\n }\n else {\n Write-Host \"Generated LocProject.json and current LocProject.json are identical.\"\n }\n}\n"
},
{
"path": "eng/common/helixpublish.proj",
"content": "\n\n\n \n msbuild\n \n\n \n \n %(Identity)\n \n \n\n \n \n $(WorkItemDirectory)\n $(WorkItemCommand)\n $(WorkItemTimeout)\n \n \n\n \n \n \n \n \n\n"
},
{
"path": "eng/common/init-tools-native.cmd",
"content": "@echo off\npowershell -NoProfile -NoLogo -ExecutionPolicy ByPass -command \"& \"\"\"%~dp0init-tools-native.ps1\"\"\" %*\"\nexit /b %ErrorLevel%"
},
{
"path": "eng/common/init-tools-native.ps1",
"content": "<#\n.SYNOPSIS\nEntry point script for installing native tools\n\n.DESCRIPTION\nReads $RepoRoot\\global.json file to determine native assets to install\nand executes installers for those tools\n\n.PARAMETER BaseUri\nBase file directory or Url from which to acquire tool archives\n\n.PARAMETER InstallDirectory\nDirectory to install native toolset. This is a command-line override for the default\nInstall directory precedence order:\n- InstallDirectory command-line override\n- NETCOREENG_INSTALL_DIRECTORY environment variable\n- (default) %USERPROFILE%/.netcoreeng/native\n\n.PARAMETER Clean\nSwitch specifying to not install anything, but cleanup native asset folders\n\n.PARAMETER Force\nClean and then install tools\n\n.PARAMETER DownloadRetries\nTotal number of retry attempts\n\n.PARAMETER RetryWaitTimeInSeconds\nWait time between retry attempts in seconds\n\n.PARAMETER GlobalJsonFile\nFile path to global.json file\n\n.PARAMETER PathPromotion\nOptional switch to enable either promote native tools specified in the global.json to the path (in Azure Pipelines)\nor break the build if a native tool is not found on the path (on a local dev machine)\n\n.NOTES\n#>\n[CmdletBinding(PositionalBinding=$false)]\nParam (\n [string] $BaseUri = 'https://netcorenativeassets.blob.core.windows.net/resource-packages/external',\n [string] $InstallDirectory,\n [switch] $Clean = $False,\n [switch] $Force = $False,\n [int] $DownloadRetries = 5,\n [int] $RetryWaitTimeInSeconds = 30,\n [string] $GlobalJsonFile,\n [switch] $PathPromotion\n)\n\nif (!$GlobalJsonFile) {\n $GlobalJsonFile = Join-Path (Get-Item $PSScriptRoot).Parent.Parent.FullName 'global.json'\n}\n\nSet-StrictMode -version 2.0\n$ErrorActionPreference='Stop'\n\n. $PSScriptRoot\\pipeline-logging-functions.ps1\nImport-Module -Name (Join-Path $PSScriptRoot 'native\\CommonLibrary.psm1')\n\ntry {\n # Define verbose switch if undefined\n $Verbose = $VerbosePreference -Eq 'Continue'\n\n $EngCommonBaseDir = Join-Path $PSScriptRoot 'native\\'\n $NativeBaseDir = $InstallDirectory\n if (!$NativeBaseDir) {\n $NativeBaseDir = CommonLibrary\\Get-NativeInstallDirectory\n }\n $Env:CommonLibrary_NativeInstallDir = $NativeBaseDir\n $InstallBin = Join-Path $NativeBaseDir 'bin'\n $InstallerPath = Join-Path $EngCommonBaseDir 'install-tool.ps1'\n\n # Process tools list\n Write-Host \"Processing $GlobalJsonFile\"\n If (-Not (Test-Path $GlobalJsonFile)) {\n Write-Host \"Unable to find '$GlobalJsonFile'\"\n exit 0\n }\n $NativeTools = Get-Content($GlobalJsonFile) -Raw |\n ConvertFrom-Json |\n Select-Object -Expand 'native-tools' -ErrorAction SilentlyContinue\n if ($NativeTools) {\n if ($PathPromotion -eq $True) {\n $ArcadeToolsDirectory = \"$env:SYSTEMDRIVE\\arcade-tools\"\n if (Test-Path $ArcadeToolsDirectory) { # if this directory exists, we should use native tools on machine\n $NativeTools.PSObject.Properties | ForEach-Object {\n $ToolName = $_.Name\n $ToolVersion = $_.Value\n $InstalledTools = @{}\n\n if ((Get-Command \"$ToolName\" -ErrorAction SilentlyContinue) -eq $null) {\n if ($ToolVersion -eq \"latest\") {\n $ToolVersion = \"\"\n }\n $ToolDirectories = (Get-ChildItem -Path \"$ArcadeToolsDirectory\" -Filter \"$ToolName-$ToolVersion*\" | Sort-Object -Descending)\n if ($ToolDirectories -eq $null) {\n Write-Error \"Unable to find directory for $ToolName $ToolVersion; please make sure the tool is installed on this image.\"\n exit 1\n }\n $ToolDirectory = $ToolDirectories[0]\n $BinPathFile = \"$($ToolDirectory.FullName)\\binpath.txt\"\n if (-not (Test-Path -Path \"$BinPathFile\")) {\n Write-Error \"Unable to find binpath.txt in '$($ToolDirectory.FullName)' ($ToolName $ToolVersion); artifact is either installed incorrectly or is not a bootstrappable tool.\"\n exit 1\n }\n $BinPath = Get-Content \"$BinPathFile\"\n $ToolPath = Convert-Path -Path $BinPath\n Write-Host \"Adding $ToolName to the path ($ToolPath)...\"\n Write-Host \"##vso[task.prependpath]$ToolPath\"\n $env:PATH = \"$ToolPath;$env:PATH\"\n $InstalledTools += @{ $ToolName = $ToolDirectory.FullName }\n }\n }\n return $InstalledTools\n } else {\n $NativeTools.PSObject.Properties | ForEach-Object {\n $ToolName = $_.Name\n $ToolVersion = $_.Value\n\n if ((Get-Command \"$ToolName\" -ErrorAction SilentlyContinue) -eq $null) {\n Write-PipelineTelemetryError -Category 'NativeToolsBootstrap' -Message \"$ToolName not found on path. Please install $ToolName $ToolVersion before proceeding.\"\n Write-PipelineTelemetryError -Category 'NativeToolsBootstrap' -Message \"If this is running on a build machine, the arcade-tools directory was not found, which means there's an error with the image.\"\n }\n }\n exit 0\n }\n } else {\n $NativeTools.PSObject.Properties | ForEach-Object {\n $ToolName = $_.Name\n $ToolVersion = $_.Value\n $LocalInstallerArguments = @{ ToolName = \"$ToolName\" }\n $LocalInstallerArguments += @{ InstallPath = \"$InstallBin\" }\n $LocalInstallerArguments += @{ BaseUri = \"$BaseUri\" }\n $LocalInstallerArguments += @{ CommonLibraryDirectory = \"$EngCommonBaseDir\" }\n $LocalInstallerArguments += @{ Version = \"$ToolVersion\" }\n \n if ($Verbose) {\n $LocalInstallerArguments += @{ Verbose = $True }\n }\n if (Get-Variable 'Force' -ErrorAction 'SilentlyContinue') {\n if($Force) {\n $LocalInstallerArguments += @{ Force = $True }\n }\n }\n if ($Clean) {\n $LocalInstallerArguments += @{ Clean = $True }\n }\n \n Write-Verbose \"Installing $ToolName version $ToolVersion\"\n Write-Verbose \"Executing '$InstallerPath $($LocalInstallerArguments.Keys.ForEach({\"-$_ '$($LocalInstallerArguments.$_)'\"}) -join ' ')'\"\n & $InstallerPath @LocalInstallerArguments\n if ($LASTEXITCODE -Ne \"0\") {\n $errMsg = \"$ToolName installation failed\"\n if ((Get-Variable 'DoNotAbortNativeToolsInstallationOnFailure' -ErrorAction 'SilentlyContinue') -and $DoNotAbortNativeToolsInstallationOnFailure) {\n $showNativeToolsWarning = $true\n if ((Get-Variable 'DoNotDisplayNativeToolsInstallationWarnings' -ErrorAction 'SilentlyContinue') -and $DoNotDisplayNativeToolsInstallationWarnings) {\n $showNativeToolsWarning = $false\n }\n if ($showNativeToolsWarning) {\n Write-Warning $errMsg\n }\n $toolInstallationFailure = $true\n } else {\n # We cannot change this to Write-PipelineTelemetryError because of https://github.com/dotnet/arcade/issues/4482\n Write-Host $errMsg\n exit 1\n }\n }\n }\n \n if ((Get-Variable 'toolInstallationFailure' -ErrorAction 'SilentlyContinue') -and $toolInstallationFailure) {\n # We cannot change this to Write-PipelineTelemetryError because of https://github.com/dotnet/arcade/issues/4482\n Write-Host 'Native tools bootstrap failed'\n exit 1\n }\n }\n }\n else {\n Write-Host 'No native tools defined in global.json'\n exit 0\n }\n\n if ($Clean) {\n exit 0\n }\n if (Test-Path $InstallBin) {\n Write-Host 'Native tools are available from ' (Convert-Path -Path $InstallBin)\n Write-Host \"##vso[task.prependpath]$(Convert-Path -Path $InstallBin)\"\n return $InstallBin\n }\n elseif (-not ($PathPromotion)) {\n Write-PipelineTelemetryError -Category 'NativeToolsBootstrap' -Message 'Native tools install directory does not exist, installation failed'\n exit 1\n }\n exit 0\n}\ncatch {\n Write-Host $_.ScriptStackTrace\n Write-PipelineTelemetryError -Category 'NativeToolsBootstrap' -Message $_\n ExitWithExitCode 1\n}\n"
},
{
"path": "eng/common/init-tools-native.sh",
"content": "#!/usr/bin/env bash\n\nsource=\"${BASH_SOURCE[0]}\"\nscriptroot=\"$( cd -P \"$( dirname \"$source\" )\" && pwd )\"\n\nbase_uri='https://netcorenativeassets.blob.core.windows.net/resource-packages/external'\ninstall_directory=''\nclean=false\nforce=false\ndownload_retries=5\nretry_wait_time_seconds=30\nglobal_json_file=\"$(dirname \"$(dirname \"${scriptroot}\")\")/global.json\"\ndeclare -a native_assets\n\n. $scriptroot/pipeline-logging-functions.sh\n. $scriptroot/native/common-library.sh\n\nwhile (($# > 0)); do\n lowerI=\"$(echo $1 | tr \"[:upper:]\" \"[:lower:]\")\"\n case $lowerI in\n --baseuri)\n base_uri=$2\n shift 2\n ;;\n --installdirectory)\n install_directory=$2\n shift 2\n ;;\n --clean)\n clean=true\n shift 1\n ;;\n --force)\n force=true\n shift 1\n ;;\n --donotabortonfailure)\n donotabortonfailure=true\n shift 1\n ;;\n --donotdisplaywarnings)\n donotdisplaywarnings=true\n shift 1\n ;;\n --downloadretries)\n download_retries=$2\n shift 2\n ;;\n --retrywaittimeseconds)\n retry_wait_time_seconds=$2\n shift 2\n ;;\n --help)\n echo \"Common settings:\"\n echo \" --installdirectory Directory to install native toolset.\"\n echo \" This is a command-line override for the default\"\n echo \" Install directory precedence order:\"\n echo \" - InstallDirectory command-line override\"\n echo \" - NETCOREENG_INSTALL_DIRECTORY environment variable\"\n echo \" - (default) %USERPROFILE%/.netcoreeng/native\"\n echo \"\"\n echo \" --clean Switch specifying not to install anything, but cleanup native asset folders\"\n echo \" --donotabortonfailure Switch specifiying whether to abort native tools installation on failure\"\n echo \" --donotdisplaywarnings Switch specifiying whether to display warnings during native tools installation on failure\"\n echo \" --force Clean and then install tools\"\n echo \" --help Print help and exit\"\n echo \"\"\n echo \"Advanced settings:\"\n echo \" --baseuri Base URI for where to download native tools from\"\n echo \" --downloadretries Number of times a download should be attempted\"\n echo \" --retrywaittimeseconds Wait time between download attempts\"\n echo \"\"\n exit 0\n ;;\n esac\ndone\n\nfunction ReadGlobalJsonNativeTools {\n # happy path: we have a proper JSON parsing tool `jq(1)` in PATH!\n if command -v jq &> /dev/null; then\n\n # jq: read each key/value pair under \"native-tools\" entry and emit:\n # KEY=\"\" VALUE=\"\"\n # followed by a null byte.\n #\n # bash: read line with null byte delimeter and push to array (for later `eval`uation).\n\n while IFS= read -rd '' line; do\n native_assets+=(\"$line\")\n done < <(jq -r '. |\n select(has(\"native-tools\")) |\n .\"native-tools\" |\n keys[] as $k |\n @sh \"KEY=\\($k) VALUE=\\(.[$k])\\u0000\"' \"$global_json_file\")\n\n return\n fi\n\n # Warning: falling back to manually parsing JSON, which is not recommended.\n\n # Following routine matches the output and escaping logic of jq(1)'s @sh formatter used above.\n # It has been tested with several weird strings with escaped characters in entries (key and value)\n # and results were compared with the output of jq(1) in binary representation using xxd(1);\n # just before the assignment to 'native_assets' array (above and below).\n\n # try to capture the section under \"native-tools\".\n if [[ ! \"$(cat \"$global_json_file\")\" =~ \\\"native-tools\\\"[[:space:]\\:\\{]*([^\\}]+) ]]; then\n return\n fi\n\n section=\"${BASH_REMATCH[1]}\"\n\n parseStarted=0\n possibleEnd=0\n escaping=0\n escaped=0\n isKey=1\n\n for (( i=0; i<${#section}; i++ )); do\n char=\"${section:$i:1}\"\n if ! ((parseStarted)) && [[ \"$char\" =~ [[:space:],:] ]]; then continue; fi\n\n if ! ((escaping)) && [[ \"$char\" == \"\\\\\" ]]; then\n escaping=1\n elif ((escaping)) && ! ((escaped)); then\n escaped=1\n fi\n\n if ! ((parseStarted)) && [[ \"$char\" == \"\\\"\" ]]; then\n parseStarted=1\n possibleEnd=0\n elif [[ \"$char\" == \"'\" ]]; then\n token=\"$token'\\\\\\''\"\n possibleEnd=0\n elif ((escaping)) || [[ \"$char\" != \"\\\"\" ]]; then\n token=\"$token$char\"\n possibleEnd=1\n fi\n\n if ((possibleEnd)) && ! ((escaping)) && [[ \"$char\" == \"\\\"\" ]]; then\n # Use printf to unescape token to match jq(1)'s @sh formatting rules.\n # do not use 'token=\"$(printf \"$token\")\"' syntax, as $() eats the trailing linefeed.\n printf -v token \"'$token'\"\n\n if ((isKey)); then\n KEY=\"$token\"\n isKey=0\n else\n line=\"KEY=$KEY VALUE=$token\"\n native_assets+=(\"$line\")\n isKey=1\n fi\n\n # reset for next token\n parseStarted=0\n token=\n elif ((escaping)) && ((escaped)); then\n escaping=0\n escaped=0\n fi\n done\n}\n\nnative_base_dir=$install_directory\nif [[ -z $install_directory ]]; then\n native_base_dir=$(GetNativeInstallDirectory)\nfi\n\ninstall_bin=\"${native_base_dir}/bin\"\ninstalled_any=false\n\nReadGlobalJsonNativeTools\n\nif [[ ${#native_assets[@]} -eq 0 ]]; then\n echo \"No native tools defined in global.json\"\n exit 0;\nelse\n native_installer_dir=\"$scriptroot/native\"\n for index in \"${!native_assets[@]}\"; do\n eval \"${native_assets[\"$index\"]}\"\n\n installer_path=\"$native_installer_dir/install-$KEY.sh\"\n installer_command=\"$installer_path\"\n installer_command+=\" --baseuri $base_uri\"\n installer_command+=\" --installpath $install_bin\"\n installer_command+=\" --version $VALUE\"\n echo $installer_command\n\n if [[ $force = true ]]; then\n installer_command+=\" --force\"\n fi\n\n if [[ $clean = true ]]; then\n installer_command+=\" --clean\"\n fi\n\n if [[ -a $installer_path ]]; then\n $installer_command\n if [[ $? != 0 ]]; then\n if [[ $donotabortonfailure = true ]]; then\n if [[ $donotdisplaywarnings != true ]]; then\n Write-PipelineTelemetryError -category 'NativeToolsBootstrap' \"Execution Failed\"\n fi\n else\n Write-PipelineTelemetryError -category 'NativeToolsBootstrap' \"Execution Failed\"\n exit 1\n fi\n else\n $installed_any = true\n fi\n else\n if [[ $donotabortonfailure == true ]]; then\n if [[ $donotdisplaywarnings != true ]]; then\n Write-PipelineTelemetryError -category 'NativeToolsBootstrap' \"Execution Failed: no install script\"\n fi\n else\n Write-PipelineTelemetryError -category 'NativeToolsBootstrap' \"Execution Failed: no install script\"\n exit 1\n fi\n fi\n done\nfi\n\nif [[ $clean = true ]]; then\n exit 0\nfi\n\nif [[ -d $install_bin ]]; then\n echo \"Native tools are available from $install_bin\"\n echo \"##vso[task.prependpath]$install_bin\"\nelse\n if [[ $installed_any = true ]]; then\n Write-PipelineTelemetryError -category 'NativeToolsBootstrap' \"Native tools install directory does not exist, installation failed\"\n exit 1\n fi\nfi\n\nexit 0\n"
},
{
"path": "eng/common/internal/Directory.Build.props",
"content": "\n\n\n \n false\n false\n \n\n \n\n\n"
},
{
"path": "eng/common/internal/NuGet.config",
"content": "\n\n \n \n \n \n \n \n \n\n"
},
{
"path": "eng/common/internal/Tools.csproj",
"content": "\n\n\n \n net472\n false\n false\n \n \n \n \n \n \n \n \n \n \n\n \n \n\n\n"
},
{
"path": "eng/common/internal-feed-operations.ps1",
"content": "param(\n [Parameter(Mandatory=$true)][string] $Operation,\n [string] $AuthToken,\n [string] $CommitSha,\n [string] $RepoName,\n [switch] $IsFeedPrivate\n)\n\n$ErrorActionPreference = 'Stop'\nSet-StrictMode -Version 2.0\n. $PSScriptRoot\\tools.ps1\n\n# Sets VSS_NUGET_EXTERNAL_FEED_ENDPOINTS based on the \"darc-int-*\" feeds defined in NuGet.config. This is needed\n# in build agents by CredProvider to authenticate the restore requests to internal feeds as specified in\n# https://github.com/microsoft/artifacts-credprovider/blob/0f53327cd12fd893d8627d7b08a2171bf5852a41/README.md#environment-variables. This should ONLY be called from identified\n# internal builds\nfunction SetupCredProvider {\n param(\n [string] $AuthToken\n ) \n\n # Install the Cred Provider NuGet plugin\n Write-Host 'Setting up Cred Provider NuGet plugin in the agent...'\n Write-Host \"Getting 'installcredprovider.ps1' from 'https://github.com/microsoft/artifacts-credprovider'...\"\n\n $url = 'https://raw.githubusercontent.com/microsoft/artifacts-credprovider/master/helpers/installcredprovider.ps1'\n \n Write-Host \"Writing the contents of 'installcredprovider.ps1' locally...\"\n Invoke-WebRequest $url -UseBasicParsing -OutFile installcredprovider.ps1\n \n Write-Host 'Installing plugin...'\n .\\installcredprovider.ps1 -Force\n \n Write-Host \"Deleting local copy of 'installcredprovider.ps1'...\"\n Remove-Item .\\installcredprovider.ps1\n\n if (-Not(\"$env:USERPROFILE\\.nuget\\plugins\\netcore\")) {\n Write-PipelineTelemetryError -Category 'Arcade' -Message 'CredProvider plugin was not installed correctly!'\n ExitWithExitCode 1 \n } \n else {\n Write-Host 'CredProvider plugin was installed correctly!'\n }\n\n # Then, we set the 'VSS_NUGET_EXTERNAL_FEED_ENDPOINTS' environment variable to restore from the stable \n # feeds successfully\n\n $nugetConfigPath = Join-Path $RepoRoot \"NuGet.config\"\n\n if (-Not (Test-Path -Path $nugetConfigPath)) {\n Write-PipelineTelemetryError -Category 'Build' -Message 'NuGet.config file not found in repo root!'\n ExitWithExitCode 1\n }\n \n $endpoints = New-Object System.Collections.ArrayList\n $nugetConfigPackageSources = Select-Xml -Path $nugetConfigPath -XPath \"//packageSources/add[contains(@key, 'darc-int-')]/@value\" | foreach{$_.Node.Value}\n \n if (($nugetConfigPackageSources | Measure-Object).Count -gt 0 ) {\n foreach ($stableRestoreResource in $nugetConfigPackageSources) {\n $trimmedResource = ([string]$stableRestoreResource).Trim()\n [void]$endpoints.Add(@{endpoint=\"$trimmedResource\"; password=\"$AuthToken\"}) \n }\n }\n\n if (($endpoints | Measure-Object).Count -gt 0) {\n $endpointCredentials = @{endpointCredentials=$endpoints} | ConvertTo-Json -Compress\n\n # Create the environment variables the AzDo way\n Write-LoggingCommand -Area 'task' -Event 'setvariable' -Data $endpointCredentials -Properties @{\n 'variable' = 'VSS_NUGET_EXTERNAL_FEED_ENDPOINTS'\n 'issecret' = 'false'\n } \n\n # We don't want sessions cached since we will be updating the endpoints quite frequently\n Write-LoggingCommand -Area 'task' -Event 'setvariable' -Data 'False' -Properties @{\n 'variable' = 'NUGET_CREDENTIALPROVIDER_SESSIONTOKENCACHE_ENABLED'\n 'issecret' = 'false'\n } \n }\n else\n {\n Write-Host 'No internal endpoints found in NuGet.config'\n }\n}\n\n#Workaround for https://github.com/microsoft/msbuild/issues/4430\nfunction InstallDotNetSdkAndRestoreArcade {\n $dotnetTempDir = Join-Path $RepoRoot \"dotnet\"\n $dotnetSdkVersion=\"2.1.507\" # After experimentation we know this version works when restoring the SDK (compared to 3.0.*)\n $dotnet = \"$dotnetTempDir\\dotnet.exe\"\n $restoreProjPath = \"$PSScriptRoot\\restore.proj\"\n \n Write-Host \"Installing dotnet SDK version $dotnetSdkVersion to restore Arcade SDK...\"\n InstallDotNetSdk \"$dotnetTempDir\" \"$dotnetSdkVersion\"\n \n '' | Out-File \"$restoreProjPath\"\n\n & $dotnet restore $restoreProjPath\n\n Write-Host 'Arcade SDK restored!'\n\n if (Test-Path -Path $restoreProjPath) {\n Remove-Item $restoreProjPath\n }\n\n if (Test-Path -Path $dotnetTempDir) {\n Remove-Item $dotnetTempDir -Recurse\n }\n}\n\ntry {\n Push-Location $PSScriptRoot\n\n if ($Operation -like 'setup') {\n SetupCredProvider $AuthToken\n } \n elseif ($Operation -like 'install-restore') {\n InstallDotNetSdkAndRestoreArcade\n }\n else {\n Write-PipelineTelemetryError -Category 'Arcade' -Message \"Unknown operation '$Operation'!\"\n ExitWithExitCode 1 \n }\n} \ncatch {\n Write-Host $_.ScriptStackTrace\n Write-PipelineTelemetryError -Category 'Arcade' -Message $_\n ExitWithExitCode 1\n} \nfinally {\n Pop-Location\n}\n"
},
{
"path": "eng/common/internal-feed-operations.sh",
"content": "#!/usr/bin/env bash\n\nset -e\n\n# Sets VSS_NUGET_EXTERNAL_FEED_ENDPOINTS based on the \"darc-int-*\" feeds defined in NuGet.config. This is needed\n# in build agents by CredProvider to authenticate the restore requests to internal feeds as specified in\n# https://github.com/microsoft/artifacts-credprovider/blob/0f53327cd12fd893d8627d7b08a2171bf5852a41/README.md#environment-variables. \n# This should ONLY be called from identified internal builds\nfunction SetupCredProvider {\n local authToken=$1\n \n # Install the Cred Provider NuGet plugin\n echo \"Setting up Cred Provider NuGet plugin in the agent...\"...\n echo \"Getting 'installcredprovider.ps1' from 'https://github.com/microsoft/artifacts-credprovider'...\"\n\n local url=\"https://raw.githubusercontent.com/microsoft/artifacts-credprovider/master/helpers/installcredprovider.sh\" \n \n echo \"Writing the contents of 'installcredprovider.ps1' locally...\"\n local installcredproviderPath=\"installcredprovider.sh\"\n if command -v curl > /dev/null; then\n curl $url > \"$installcredproviderPath\"\n else \n wget -q -O \"$installcredproviderPath\" \"$url\"\n fi\n \n echo \"Installing plugin...\"\n . \"$installcredproviderPath\"\n \n echo \"Deleting local copy of 'installcredprovider.sh'...\"\n rm installcredprovider.sh\n\n if [ ! -d \"$HOME/.nuget/plugins\" ]; then\n Write-PipelineTelemetryError -category 'Build' 'CredProvider plugin was not installed correctly!'\n ExitWithExitCode 1 \n else \n echo \"CredProvider plugin was installed correctly!\"\n fi\n\n # Then, we set the 'VSS_NUGET_EXTERNAL_FEED_ENDPOINTS' environment variable to restore from the stable \n # feeds successfully\n\n local nugetConfigPath=\"{$repo_root}NuGet.config\"\n\n if [ ! \"$nugetConfigPath\" ]; then\n Write-PipelineTelemetryError -category 'Build' \"NuGet.config file not found in repo's root!\"\n ExitWithExitCode 1 \n fi\n \n local endpoints='['\n local nugetConfigPackageValues=`cat \"$nugetConfigPath\" | grep \"key=\\\"darc-int-\"`\n local pattern=\"value=\\\"(.*)\\\"\"\n\n for value in $nugetConfigPackageValues \n do\n if [[ $value =~ $pattern ]]; then\n local endpoint=\"${BASH_REMATCH[1]}\" \n endpoints+=\"{\\\"endpoint\\\": \\\"$endpoint\\\", \\\"password\\\": \\\"$authToken\\\"},\"\n fi\n done\n \n endpoints=${endpoints%?}\n endpoints+=']'\n\n if [ ${#endpoints} -gt 2 ]; then \n local endpointCredentials=\"{\\\"endpointCredentials\\\": \"$endpoints\"}\"\n\n echo \"##vso[task.setvariable variable=VSS_NUGET_EXTERNAL_FEED_ENDPOINTS]$endpointCredentials\"\n echo \"##vso[task.setvariable variable=NUGET_CREDENTIALPROVIDER_SESSIONTOKENCACHE_ENABLED]False\"\n else\n echo \"No internal endpoints found in NuGet.config\"\n fi\n} \n\n# Workaround for https://github.com/microsoft/msbuild/issues/4430\nfunction InstallDotNetSdkAndRestoreArcade {\n local dotnetTempDir=\"$repo_root/dotnet\"\n local dotnetSdkVersion=\"2.1.507\" # After experimentation we know this version works when restoring the SDK (compared to 3.0.*)\n local restoreProjPath=\"$repo_root/eng/common/restore.proj\"\n \n echo \"Installing dotnet SDK version $dotnetSdkVersion to restore Arcade SDK...\"\n echo \"\" > \"$restoreProjPath\"\n \n InstallDotNetSdk \"$dotnetTempDir\" \"$dotnetSdkVersion\"\n\n local res=`$dotnetTempDir/dotnet restore $restoreProjPath`\n echo \"Arcade SDK restored!\"\n\n # Cleanup\n if [ \"$restoreProjPath\" ]; then\n rm \"$restoreProjPath\"\n fi\n\n if [ \"$dotnetTempDir\" ]; then\n rm -r $dotnetTempDir\n fi\n}\n\nsource=\"${BASH_SOURCE[0]}\"\noperation=''\nauthToken=''\nrepoName=''\n\nwhile [[ $# > 0 ]]; do\n opt=\"$(echo \"$1\" | tr \"[:upper:]\" \"[:lower:]\")\"\n case \"$opt\" in\n --operation)\n operation=$2\n shift\n ;;\n --authtoken)\n authToken=$2\n shift\n ;;\n *)\n echo \"Invalid argument: $1\"\n usage\n exit 1\n ;;\n esac\n\n shift\ndone\n\nwhile [[ -h \"$source\" ]]; do\n scriptroot=\"$( cd -P \"$( dirname \"$source\" )\" && pwd )\"\n source=\"$(readlink \"$source\")\"\n # if $source was a relative symlink, we need to resolve it relative to the path where the\n # symlink file was located\n [[ $source != /* ]] && source=\"$scriptroot/$source\"\ndone\nscriptroot=\"$( cd -P \"$( dirname \"$source\" )\" && pwd )\"\n\n. \"$scriptroot/tools.sh\"\n\nif [ \"$operation\" = \"setup\" ]; then\n SetupCredProvider $authToken\nelif [ \"$operation\" = \"install-restore\" ]; then\n InstallDotNetSdkAndRestoreArcade\nelse\n echo \"Unknown operation '$operation'!\"\nfi\n"
},
{
"path": "eng/common/loc/P22DotNetHtmlLocalization.lss",
"content": "\n\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n"
},
{
"path": "eng/common/msbuild.ps1",
"content": "[CmdletBinding(PositionalBinding=$false)]\nParam(\n [string] $verbosity = 'minimal',\n [bool] $warnAsError = $true,\n [bool] $nodeReuse = $true,\n [switch] $ci,\n [switch] $prepareMachine,\n [switch] $excludePrereleaseVS,\n [string] $msbuildEngine = $null,\n [Parameter(ValueFromRemainingArguments=$true)][String[]]$extraArgs\n)\n\n. $PSScriptRoot\\tools.ps1\n\ntry {\n if ($ci) {\n $nodeReuse = $false\n }\n\n MSBuild @extraArgs\n} \ncatch {\n Write-Host $_.ScriptStackTrace\n Write-PipelineTelemetryError -Category 'Build' -Message $_\n ExitWithExitCode 1\n}\n\nExitWithExitCode 0"
},
{
"path": "eng/common/msbuild.sh",
"content": "#!/usr/bin/env bash\n\nsource=\"${BASH_SOURCE[0]}\"\n\n# resolve $source until the file is no longer a symlink\nwhile [[ -h \"$source\" ]]; do\n scriptroot=\"$( cd -P \"$( dirname \"$source\" )\" && pwd )\"\n source=\"$(readlink \"$source\")\"\n # if $source was a relative symlink, we need to resolve it relative to the path where the\n # symlink file was located\n [[ $source != /* ]] && source=\"$scriptroot/$source\"\ndone\nscriptroot=\"$( cd -P \"$( dirname \"$source\" )\" && pwd )\"\n\nverbosity='minimal'\nwarn_as_error=true\nnode_reuse=true\nprepare_machine=false\nextra_args=''\n\nwhile (($# > 0)); do\n lowerI=\"$(echo $1 | tr \"[:upper:]\" \"[:lower:]\")\"\n case $lowerI in\n --verbosity)\n verbosity=$2\n shift 2\n ;;\n --warnaserror)\n warn_as_error=$2\n shift 2\n ;;\n --nodereuse)\n node_reuse=$2\n shift 2\n ;;\n --ci)\n ci=true\n shift 1\n ;;\n --preparemachine)\n prepare_machine=true\n shift 1\n ;;\n *)\n extra_args=\"$extra_args $1\"\n shift 1\n ;;\n esac\ndone\n\n. \"$scriptroot/tools.sh\"\n\nif [[ \"$ci\" == true ]]; then\n node_reuse=false\nfi\n\nMSBuild $extra_args\nExitWithExitCode 0\n"
},
{
"path": "eng/common/native/CommonLibrary.psm1",
"content": "<#\n.SYNOPSIS\nHelper module to install an archive to a directory\n\n.DESCRIPTION\nHelper module to download and extract an archive to a specified directory\n\n.PARAMETER Uri\nUri of artifact to download\n\n.PARAMETER InstallDirectory\nDirectory to extract artifact contents to\n\n.PARAMETER Force\nForce download / extraction if file or contents already exist. Default = False\n\n.PARAMETER DownloadRetries\nTotal number of retry attempts. Default = 5\n\n.PARAMETER RetryWaitTimeInSeconds\nWait time between retry attempts in seconds. Default = 30\n\n.NOTES\nReturns False if download or extraction fail, True otherwise\n#>\nfunction DownloadAndExtract {\n [CmdletBinding(PositionalBinding=$false)]\n Param (\n [Parameter(Mandatory=$True)]\n [string] $Uri,\n [Parameter(Mandatory=$True)]\n [string] $InstallDirectory,\n [switch] $Force = $False,\n [int] $DownloadRetries = 5,\n [int] $RetryWaitTimeInSeconds = 30\n )\n # Define verbose switch if undefined\n $Verbose = $VerbosePreference -Eq \"Continue\"\n\n $TempToolPath = CommonLibrary\\Get-TempPathFilename -Path $Uri\n\n # Download native tool\n $DownloadStatus = CommonLibrary\\Get-File -Uri $Uri `\n -Path $TempToolPath `\n -DownloadRetries $DownloadRetries `\n -RetryWaitTimeInSeconds $RetryWaitTimeInSeconds `\n -Force:$Force `\n -Verbose:$Verbose\n\n if ($DownloadStatus -Eq $False) {\n Write-Error \"Download failed from $Uri\"\n return $False\n }\n\n # Extract native tool\n $UnzipStatus = CommonLibrary\\Expand-Zip -ZipPath $TempToolPath `\n -OutputDirectory $InstallDirectory `\n -Force:$Force `\n -Verbose:$Verbose\n\n if ($UnzipStatus -Eq $False) {\n # Retry Download one more time with Force=true\n $DownloadRetryStatus = CommonLibrary\\Get-File -Uri $Uri `\n -Path $TempToolPath `\n -DownloadRetries 1 `\n -RetryWaitTimeInSeconds $RetryWaitTimeInSeconds `\n -Force:$True `\n -Verbose:$Verbose\n\n if ($DownloadRetryStatus -Eq $False) {\n Write-Error \"Last attempt of download failed as well\"\n return $False\n }\n\n # Retry unzip again one more time with Force=true\n $UnzipRetryStatus = CommonLibrary\\Expand-Zip -ZipPath $TempToolPath `\n -OutputDirectory $InstallDirectory `\n -Force:$True `\n -Verbose:$Verbose\n if ($UnzipRetryStatus -Eq $False)\n {\n Write-Error \"Last attempt of unzip failed as well\"\n # Clean up partial zips and extracts\n if (Test-Path $TempToolPath) {\n Remove-Item $TempToolPath -Force\n }\n if (Test-Path $InstallDirectory) {\n Remove-Item $InstallDirectory -Force -Recurse\n }\n return $False\n }\n }\n\n return $True\n}\n\n<#\n.SYNOPSIS\nDownload a file, retry on failure\n\n.DESCRIPTION\nDownload specified file and retry if attempt fails\n\n.PARAMETER Uri\nUri of file to download. If Uri is a local path, the file will be copied instead of downloaded\n\n.PARAMETER Path\nPath to download or copy uri file to\n\n.PARAMETER Force\nOverwrite existing file if present. Default = False\n\n.PARAMETER DownloadRetries\nTotal number of retry attempts. Default = 5\n\n.PARAMETER RetryWaitTimeInSeconds\nWait time between retry attempts in seconds Default = 30\n\n#>\nfunction Get-File {\n [CmdletBinding(PositionalBinding=$false)]\n Param (\n [Parameter(Mandatory=$True)]\n [string] $Uri,\n [Parameter(Mandatory=$True)]\n [string] $Path,\n [int] $DownloadRetries = 5,\n [int] $RetryWaitTimeInSeconds = 30,\n [switch] $Force = $False\n )\n $Attempt = 0\n\n if ($Force) {\n if (Test-Path $Path) {\n Remove-Item $Path -Force\n }\n }\n if (Test-Path $Path) {\n Write-Host \"File '$Path' already exists, skipping download\"\n return $True\n }\n\n $DownloadDirectory = Split-Path -ErrorAction Ignore -Path \"$Path\" -Parent\n if (-Not (Test-Path $DownloadDirectory)) {\n New-Item -path $DownloadDirectory -force -itemType \"Directory\" | Out-Null\n }\n\n $TempPath = \"$Path.tmp\"\n if (Test-Path -IsValid -Path $Uri) {\n Write-Verbose \"'$Uri' is a file path, copying temporarily to '$TempPath'\"\n Copy-Item -Path $Uri -Destination $TempPath\n Write-Verbose \"Moving temporary file to '$Path'\"\n Move-Item -Path $TempPath -Destination $Path\n return $?\n }\n else {\n Write-Verbose \"Downloading $Uri\"\n # Don't display the console progress UI - it's a huge perf hit\n $ProgressPreference = 'SilentlyContinue' \n while($Attempt -Lt $DownloadRetries)\n {\n try {\n Invoke-WebRequest -UseBasicParsing -Uri $Uri -OutFile $TempPath\n Write-Verbose \"Downloaded to temporary location '$TempPath'\"\n Move-Item -Path $TempPath -Destination $Path\n Write-Verbose \"Moved temporary file to '$Path'\"\n return $True\n }\n catch {\n $Attempt++\n if ($Attempt -Lt $DownloadRetries) {\n $AttemptsLeft = $DownloadRetries - $Attempt\n Write-Warning \"Download failed, $AttemptsLeft attempts remaining, will retry in $RetryWaitTimeInSeconds seconds\"\n Start-Sleep -Seconds $RetryWaitTimeInSeconds\n }\n else {\n Write-Error $_\n Write-Error $_.Exception\n }\n }\n }\n }\n\n return $False\n}\n\n<#\n.SYNOPSIS\nGenerate a shim for a native tool\n\n.DESCRIPTION\nCreates a wrapper script (shim) that passes arguments forward to native tool assembly\n\n.PARAMETER ShimName\nThe name of the shim\n\n.PARAMETER ShimDirectory\nThe directory where shims are stored\n\n.PARAMETER ToolFilePath\nPath to file that shim forwards to\n\n.PARAMETER Force\nReplace shim if already present. Default = False\n\n.NOTES\nReturns $True if generating shim succeeds, $False otherwise\n#>\nfunction New-ScriptShim {\n [CmdletBinding(PositionalBinding=$false)]\n Param (\n [Parameter(Mandatory=$True)]\n [string] $ShimName,\n [Parameter(Mandatory=$True)]\n [string] $ShimDirectory,\n [Parameter(Mandatory=$True)]\n [string] $ToolFilePath,\n [Parameter(Mandatory=$True)]\n [string] $BaseUri,\n [switch] $Force\n )\n try {\n Write-Verbose \"Generating '$ShimName' shim\"\n\n if (-Not (Test-Path $ToolFilePath)){\n Write-Error \"Specified tool file path '$ToolFilePath' does not exist\"\n return $False\n }\n\n # WinShimmer is a small .NET Framework program that creates .exe shims to bootstrapped programs\n # Many of the checks for installed programs expect a .exe extension for Windows tools, rather\n # than a .bat or .cmd file.\n # Source: https://github.com/dotnet/arcade/tree/master/src/WinShimmer\n if (-Not (Test-Path \"$ShimDirectory\\WinShimmer\\winshimmer.exe\")) {\n $InstallStatus = DownloadAndExtract -Uri \"$BaseUri/windows/winshimmer/WinShimmer.zip\" `\n -InstallDirectory $ShimDirectory\\WinShimmer `\n -Force:$Force `\n -DownloadRetries 2 `\n -RetryWaitTimeInSeconds 5 `\n -Verbose:$Verbose\n }\n\n if ((Test-Path (Join-Path $ShimDirectory \"$ShimName.exe\"))) {\n Write-Host \"$ShimName.exe already exists; replacing...\"\n Remove-Item (Join-Path $ShimDirectory \"$ShimName.exe\")\n }\n\n & \"$ShimDirectory\\WinShimmer\\winshimmer.exe\" $ShimName $ToolFilePath $ShimDirectory\n return $True\n }\n catch {\n Write-Host $_\n Write-Host $_.Exception\n return $False\n }\n}\n\n<#\n.SYNOPSIS\nReturns the machine architecture of the host machine\n\n.NOTES\nReturns 'x64' on 64 bit machines\n Returns 'x86' on 32 bit machines\n#>\nfunction Get-MachineArchitecture {\n $ProcessorArchitecture = $Env:PROCESSOR_ARCHITECTURE\n $ProcessorArchitectureW6432 = $Env:PROCESSOR_ARCHITEW6432\n if($ProcessorArchitecture -Eq \"X86\")\n {\n if(($ProcessorArchitectureW6432 -Eq \"\") -Or\n ($ProcessorArchitectureW6432 -Eq \"X86\")) {\n return \"x86\"\n }\n $ProcessorArchitecture = $ProcessorArchitectureW6432\n }\n if (($ProcessorArchitecture -Eq \"AMD64\") -Or\n ($ProcessorArchitecture -Eq \"IA64\") -Or\n ($ProcessorArchitecture -Eq \"ARM64\") -Or\n ($ProcessorArchitecture -Eq \"LOONGARCH64\") -Or\n ($ProcessorArchitecture -Eq \"RISCV64\")) {\n return \"x64\"\n }\n return \"x86\"\n}\n\n<#\n.SYNOPSIS\nGet the name of a temporary folder under the native install directory\n#>\nfunction Get-TempDirectory {\n return Join-Path (Get-NativeInstallDirectory) \"temp/\"\n}\n\nfunction Get-TempPathFilename {\n [CmdletBinding(PositionalBinding=$false)]\n Param (\n [Parameter(Mandatory=$True)]\n [string] $Path\n )\n $TempDir = CommonLibrary\\Get-TempDirectory\n $TempFilename = Split-Path $Path -leaf\n $TempPath = Join-Path $TempDir $TempFilename\n return $TempPath\n}\n\n<#\n.SYNOPSIS\nReturns the base directory to use for native tool installation\n\n.NOTES\nReturns the value of the NETCOREENG_INSTALL_DIRECTORY if that environment variable\nis set, or otherwise returns an install directory under the %USERPROFILE%\n#>\nfunction Get-NativeInstallDirectory {\n $InstallDir = $Env:NETCOREENG_INSTALL_DIRECTORY\n if (!$InstallDir) {\n $InstallDir = Join-Path $Env:USERPROFILE \".netcoreeng/native/\"\n }\n return $InstallDir\n}\n\n<#\n.SYNOPSIS\nUnzip an archive\n\n.DESCRIPTION\nPowershell module to unzip an archive to a specified directory\n\n.PARAMETER ZipPath (Required)\nPath to archive to unzip\n\n.PARAMETER OutputDirectory (Required)\nOutput directory for archive contents\n\n.PARAMETER Force\nOverwrite output directory contents if they already exist\n\n.NOTES\n- Returns True and does not perform an extraction if output directory already exists but Overwrite is not True.\n- Returns True if unzip operation is successful\n- Returns False if Overwrite is True and it is unable to remove contents of OutputDirectory\n- Returns False if unable to extract zip archive\n#>\nfunction Expand-Zip {\n [CmdletBinding(PositionalBinding=$false)]\n Param (\n [Parameter(Mandatory=$True)]\n [string] $ZipPath,\n [Parameter(Mandatory=$True)]\n [string] $OutputDirectory,\n [switch] $Force\n )\n\n Write-Verbose \"Extracting '$ZipPath' to '$OutputDirectory'\"\n try {\n if ((Test-Path $OutputDirectory) -And (-Not $Force)) {\n Write-Host \"Directory '$OutputDirectory' already exists, skipping extract\"\n return $True\n }\n if (Test-Path $OutputDirectory) {\n Write-Verbose \"'Force' is 'True', but '$OutputDirectory' exists, removing directory\"\n Remove-Item $OutputDirectory -Force -Recurse\n if ($? -Eq $False) {\n Write-Error \"Unable to remove '$OutputDirectory'\"\n return $False\n }\n }\n\n $TempOutputDirectory = Join-Path \"$(Split-Path -Parent $OutputDirectory)\" \"$(Split-Path -Leaf $OutputDirectory).tmp\"\n if (Test-Path $TempOutputDirectory) {\n Remove-Item $TempOutputDirectory -Force -Recurse\n }\n New-Item -Path $TempOutputDirectory -Force -ItemType \"Directory\" | Out-Null\n\n Add-Type -assembly \"system.io.compression.filesystem\"\n [io.compression.zipfile]::ExtractToDirectory(\"$ZipPath\", \"$TempOutputDirectory\")\n if ($? -Eq $False) {\n Write-Error \"Unable to extract '$ZipPath'\"\n return $False\n }\n\n Move-Item -Path $TempOutputDirectory -Destination $OutputDirectory\n }\n catch {\n Write-Host $_\n Write-Host $_.Exception\n\n return $False\n }\n return $True\n}\n\nexport-modulemember -function DownloadAndExtract\nexport-modulemember -function Expand-Zip\nexport-modulemember -function Get-File\nexport-modulemember -function Get-MachineArchitecture\nexport-modulemember -function Get-NativeInstallDirectory\nexport-modulemember -function Get-TempDirectory\nexport-modulemember -function Get-TempPathFilename\nexport-modulemember -function New-ScriptShim\n"
},
{
"path": "eng/common/native/common-library.sh",
"content": "#!/usr/bin/env bash\n\nfunction GetNativeInstallDirectory {\n local install_dir\n\n if [[ -z $NETCOREENG_INSTALL_DIRECTORY ]]; then\n install_dir=$HOME/.netcoreeng/native/\n else\n install_dir=$NETCOREENG_INSTALL_DIRECTORY\n fi\n\n echo $install_dir\n return 0\n}\n\nfunction GetTempDirectory {\n\n echo $(GetNativeInstallDirectory)temp/\n return 0\n}\n\nfunction ExpandZip {\n local zip_path=$1\n local output_directory=$2\n local force=${3:-false}\n\n echo \"Extracting $zip_path to $output_directory\"\n if [[ -d $output_directory ]] && [[ $force = false ]]; then\n echo \"Directory '$output_directory' already exists, skipping extract\"\n return 0\n fi\n\n if [[ -d $output_directory ]]; then\n echo \"'Force flag enabled, but '$output_directory' exists. Removing directory\"\n rm -rf $output_directory\n if [[ $? != 0 ]]; then\n Write-PipelineTelemetryError -category 'NativeToolsBootstrap' \"Unable to remove '$output_directory'\"\n return 1\n fi\n fi\n\n echo \"Creating directory: '$output_directory'\"\n mkdir -p $output_directory\n\n echo \"Extracting archive\"\n tar -xf $zip_path -C $output_directory\n if [[ $? != 0 ]]; then\n Write-PipelineTelemetryError -category 'NativeToolsBootstrap' \"Unable to extract '$zip_path'\"\n return 1\n fi\n\n return 0\n}\n\nfunction GetCurrentOS {\n local unameOut=\"$(uname -s)\"\n case $unameOut in\n Linux*) echo \"Linux\";;\n Darwin*) echo \"MacOS\";;\n esac\n return 0\n}\n\nfunction GetFile {\n local uri=$1\n local path=$2\n local force=${3:-false}\n local download_retries=${4:-5}\n local retry_wait_time_seconds=${5:-30}\n\n if [[ -f $path ]]; then\n if [[ $force = false ]]; then\n echo \"File '$path' already exists. Skipping download\"\n return 0\n else\n rm -rf $path\n fi\n fi\n\n if [[ -f $uri ]]; then\n echo \"'$uri' is a file path, copying file to '$path'\"\n cp $uri $path\n return $?\n fi\n\n echo \"Downloading $uri\"\n # Use curl if available, otherwise use wget\n if command -v curl > /dev/null; then\n curl \"$uri\" -sSL --retry $download_retries --retry-delay $retry_wait_time_seconds --create-dirs -o \"$path\" --fail\n else\n wget -q -O \"$path\" \"$uri\" --tries=\"$download_retries\"\n fi\n\n return $?\n}\n\nfunction GetTempPathFileName {\n local path=$1\n\n local temp_dir=$(GetTempDirectory)\n local temp_file_name=$(basename $path)\n echo $temp_dir$temp_file_name\n return 0\n}\n\nfunction DownloadAndExtract {\n local uri=$1\n local installDir=$2\n local force=${3:-false}\n local download_retries=${4:-5}\n local retry_wait_time_seconds=${5:-30}\n\n local temp_tool_path=$(GetTempPathFileName $uri)\n\n echo \"downloading to: $temp_tool_path\"\n\n # Download file\n GetFile \"$uri\" \"$temp_tool_path\" $force $download_retries $retry_wait_time_seconds\n if [[ $? != 0 ]]; then\n Write-PipelineTelemetryError -category 'NativeToolsBootstrap' \"Failed to download '$uri' to '$temp_tool_path'.\"\n return 1\n fi\n\n # Extract File\n echo \"extracting from $temp_tool_path to $installDir\"\n ExpandZip \"$temp_tool_path\" \"$installDir\" $force $download_retries $retry_wait_time_seconds\n if [[ $? != 0 ]]; then\n Write-PipelineTelemetryError -category 'NativeToolsBootstrap' \"Failed to extract '$temp_tool_path' to '$installDir'.\"\n return 1\n fi\n\n return 0\n}\n\nfunction NewScriptShim {\n local shimpath=$1\n local tool_file_path=$2\n local force=${3:-false}\n\n echo \"Generating '$shimpath' shim\"\n if [[ -f $shimpath ]]; then\n if [[ $force = false ]]; then\n echo \"File '$shimpath' already exists.\" >&2\n return 1\n else\n rm -rf $shimpath\n fi\n fi\n \n if [[ ! -f $tool_file_path ]]; then\n # try to see if the path is lower cased\n tool_file_path=\"$(echo $tool_file_path | tr \"[:upper:]\" \"[:lower:]\")\" \n if [[ ! -f $tool_file_path ]]; then\n Write-PipelineTelemetryError -category 'NativeToolsBootstrap' \"Specified tool file path:'$tool_file_path' does not exist\"\n return 1\n fi\n fi\n\n local shim_contents=$'#!/usr/bin/env bash\\n'\n shim_contents+=\"SHIMARGS=\"$'$1\\n'\n shim_contents+=\"$tool_file_path\"$' $SHIMARGS\\n'\n\n # Write shim file\n echo \"$shim_contents\" > $shimpath\n\n chmod +x $shimpath\n\n echo \"Finished generating shim '$shimpath'\"\n\n return $?\n}\n\n"
},
{
"path": "eng/common/native/init-compiler.sh",
"content": "#!/bin/sh\n#\n# This file detects the C/C++ compiler and exports it to the CC/CXX environment variables\n#\n# NOTE: some scripts source this file and rely on stdout being empty, make sure\n# to not output *anything* here, unless it is an error message that fails the\n# build.\n\nif [ -z \"$build_arch\" ] || [ -z \"$compiler\" ]; then\n echo \"Usage...\"\n echo \"build_arch= compiler= init-compiler.sh\"\n echo \"Specify the target architecture.\"\n echo \"Specify the name of compiler (clang or gcc).\"\n exit 1\nfi\n\ncase \"$compiler\" in\n clang*|-clang*|--clang*)\n # clangx.y or clang-x.y\n version=\"$(echo \"$compiler\" | tr -d '[:alpha:]-=')\"\n majorVersion=\"${version%%.*}\"\n\n # LLVM based on v18 released in early 2024, with two releases per year\n maxVersion=\"$((18 + ((($(date +%Y) - 2024) * 12 + $(date +%-m) - 3) / 6)))\"\n compiler=clang\n ;;\n\n gcc*|-gcc*|--gcc*)\n # gccx.y or gcc-x.y\n version=\"$(echo \"$compiler\" | tr -d '[:alpha:]-=')\"\n majorVersion=\"${version%%.*}\"\n\n # GCC based on v14 released in early 2024, with one release per year\n maxVersion=\"$((14 + ((($(date +%Y) - 2024) * 12 + $(date +%-m) - 3) / 12)))\"\n compiler=gcc\n ;;\nesac\n\ncxxCompiler=\"$compiler++\"\n\n# clear the existing CC and CXX from environment\nCC=\nCXX=\nLDFLAGS=\n\nif [ \"$compiler\" = \"gcc\" ]; then cxxCompiler=\"g++\"; fi\n\ncheck_version_exists() {\n desired_version=-1\n\n # Set up the environment to be used for building with the desired compiler.\n if command -v \"$compiler-$1\" > /dev/null; then\n desired_version=\"-$1\"\n elif command -v \"$compiler$1\" > /dev/null; then\n desired_version=\"$1\"\n fi\n\n echo \"$desired_version\"\n}\n\n__baseOS=\"$(uname)\"\nset_compiler_version_from_CC() {\n if [ \"$__baseOS\" = \"Darwin\" ]; then\n # On Darwin, the versions from -version/-dumpversion refer to Xcode\n # versions, not llvm versions, so we can't rely on them.\n return\n fi\n\n version=\"$(\"$CC\" -dumpversion)\"\n if [ -z \"$version\" ]; then\n echo \"Error: $CC -dumpversion didn't provide a version\"\n exit 1\n fi\n\n # gcc and clang often display 3 part versions. However, gcc can show only 1 part in some environments.\n IFS=. read -r majorVersion _ < /dev/null; then\n echo \"Error: No compatible version of $compiler was found within the range of $minVersion to $maxVersion. Please upgrade your toolchain or specify the compiler explicitly using CLR_CC and CLR_CXX environment variables.\"\n exit 1\n fi\n\n CC=\"$(command -v \"$compiler\" 2> /dev/null)\"\n CXX=\"$(command -v \"$cxxCompiler\" 2> /dev/null)\"\n set_compiler_version_from_CC\n fi\n else\n desired_version=\"$(check_version_exists \"$majorVersion\")\"\n if [ \"$desired_version\" = \"-1\" ]; then\n echo \"Error: Could not find specific version of $compiler: $majorVersion.\"\n exit 1\n fi\n fi\n\n if [ -z \"$CC\" ]; then\n CC=\"$(command -v \"$compiler$desired_version\" 2> /dev/null)\"\n CXX=\"$(command -v \"$cxxCompiler$desired_version\" 2> /dev/null)\"\n if [ -z \"$CXX\" ]; then CXX=\"$(command -v \"$cxxCompiler\" 2> /dev/null)\"; fi\n set_compiler_version_from_CC\n fi\nelse\n if [ ! -f \"$CLR_CC\" ]; then\n echo \"Error: CLR_CC is set but path '$CLR_CC' does not exist\"\n exit 1\n fi\n CC=\"$CLR_CC\"\n CXX=\"$CLR_CXX\"\n set_compiler_version_from_CC\nfi\n\nif [ -z \"$CC\" ]; then\n echo \"Error: Unable to find $compiler.\"\n exit 1\nfi\n\nif [ \"$__baseOS\" != \"Darwin\" ]; then\n # On Darwin, we always want to use the Apple linker.\n\n # Only lld version >= 9 can be considered stable. lld supports s390x starting from 18.0.\n if [ \"$compiler\" = \"clang\" ] && [ -n \"$majorVersion\" ] && [ \"$majorVersion\" -ge 9 ] && { [ \"$build_arch\" != \"s390x\" ] || [ \"$majorVersion\" -ge 18 ]; }; then\n if \"$CC\" -fuse-ld=lld -Wl,--version >/dev/null 2>&1; then\n LDFLAGS=\"-fuse-ld=lld\"\n fi\n fi\nfi\n\nSCAN_BUILD_COMMAND=\"$(command -v \"scan-build$desired_version\" 2> /dev/null)\"\n\nexport CC CXX LDFLAGS SCAN_BUILD_COMMAND\n"
},
{
"path": "eng/common/native/init-distro-rid.sh",
"content": "#!/bin/sh\n\n# getNonPortableDistroRid\n#\n# Input:\n# targetOs: (str)\n# targetArch: (str)\n# rootfsDir: (str)\n#\n# Return:\n# non-portable rid\ngetNonPortableDistroRid()\n{\n targetOs=\"$1\"\n targetArch=\"$2\"\n rootfsDir=\"$3\"\n nonPortableRid=\"\"\n\n if [ \"$targetOs\" = \"linux\" ]; then\n # shellcheck disable=SC1091\n if [ -e \"${rootfsDir}/etc/os-release\" ]; then\n . \"${rootfsDir}/etc/os-release\"\n if echo \"${VERSION_ID:-}\" | grep -qE '^([[:digit:]]|\\.)+$'; then\n nonPortableRid=\"${ID}.${VERSION_ID}-${targetArch}\"\n else\n # Rolling release distros either do not set VERSION_ID, set it as blank or\n # set it to non-version looking string (such as TEMPLATE_VERSION_ID on ArchLinux);\n # so omit it here to be consistent with everything else.\n nonPortableRid=\"${ID}-${targetArch}\"\n fi\n elif [ -e \"${rootfsDir}/android_platform\" ]; then\n # shellcheck disable=SC1091\n . \"${rootfsDir}/android_platform\"\n nonPortableRid=\"$RID\"\n fi\n fi\n\n if [ \"$targetOs\" = \"freebsd\" ]; then\n # $rootfsDir can be empty. freebsd-version is a shell script and should always work.\n __freebsd_major_version=$(\"$rootfsDir\"/bin/freebsd-version | cut -d'.' -f1)\n nonPortableRid=\"freebsd.$__freebsd_major_version-${targetArch}\"\n elif command -v getprop >/dev/null && getprop ro.product.system.model | grep -qi android; then\n __android_sdk_version=$(getprop ro.build.version.sdk)\n nonPortableRid=\"android.$__android_sdk_version-${targetArch}\"\n elif [ \"$targetOs\" = \"illumos\" ]; then\n __uname_version=$(uname -v)\n nonPortableRid=\"illumos-${targetArch}\"\n elif [ \"$targetOs\" = \"solaris\" ]; then\n __uname_version=$(uname -v)\n __solaris_major_version=$(echo \"$__uname_version\" | cut -d'.' -f1)\n nonPortableRid=\"solaris.$__solaris_major_version-${targetArch}\"\n elif [ \"$targetOs\" = \"haiku\" ]; then\n __uname_release=\"$(uname -r)\"\n nonPortableRid=haiku.r\"$__uname_release\"-\"$targetArch\"\n fi\n\n echo \"$nonPortableRid\" | tr '[:upper:]' '[:lower:]'\n}\n\n# initDistroRidGlobal\n#\n# Input:\n# os: (str)\n# arch: (str)\n# rootfsDir?: (nullable:string)\n#\n# Return:\n# None\n#\n# Notes:\n# It is important to note that the function does not return anything, but it\n# exports the following variables on success:\n# __DistroRid : Non-portable rid of the target platform.\n# __PortableTargetOS : OS-part of the portable rid that corresponds to the target platform.\ninitDistroRidGlobal()\n{\n targetOs=\"$1\"\n targetArch=\"$2\"\n rootfsDir=\"\"\n if [ $# -ge 3 ]; then\n rootfsDir=\"$3\"\n fi\n\n if [ -n \"${rootfsDir}\" ]; then\n # We may have a cross build. Check for the existence of the rootfsDir\n if [ ! -e \"${rootfsDir}\" ]; then\n echo \"Error: rootfsDir has been passed, but the location is not valid.\"\n exit 1\n fi\n fi\n\n __DistroRid=$(getNonPortableDistroRid \"${targetOs}\" \"${targetArch}\" \"${rootfsDir}\")\n\n if [ -z \"${__PortableTargetOS:-}\" ]; then\n __PortableTargetOS=\"$targetOs\"\n\n STRINGS=\"$(command -v strings || true)\"\n if [ -z \"$STRINGS\" ]; then\n STRINGS=\"$(command -v llvm-strings || true)\"\n fi\n\n # Check for musl-based distros (e.g. Alpine Linux, Void Linux).\n if \"${rootfsDir}/usr/bin/ldd\" --version 2>&1 | grep -q musl ||\n ( [ -n \"$STRINGS\" ] && \"$STRINGS\" \"${rootfsDir}/usr/bin/ldd\" 2>&1 | grep -q musl ); then\n __PortableTargetOS=\"linux-musl\"\n fi\n fi\n\n export __DistroRid __PortableTargetOS\n}\n"
},
{
"path": "eng/common/native/init-os-and-arch.sh",
"content": "#!/bin/sh\n\n# Use uname to determine what the OS is.\nOSName=$(uname -s | tr '[:upper:]' '[:lower:]')\n\nif command -v getprop && getprop ro.product.system.model 2>&1 | grep -qi android; then\n OSName=\"android\"\nfi\n\ncase \"$OSName\" in\nfreebsd|linux|netbsd|openbsd|sunos|android|haiku)\n os=\"$OSName\" ;;\ndarwin)\n os=osx ;;\n*)\n echo \"Unsupported OS $OSName detected!\"\n exit 1 ;;\nesac\n\n# On Solaris, `uname -m` is discouraged, see https://docs.oracle.com/cd/E36784_01/html/E36870/uname-1.html\n# and `uname -p` returns processor type (e.g. i386 on amd64).\n# The appropriate tool to determine CPU is isainfo(1) https://docs.oracle.com/cd/E36784_01/html/E36870/isainfo-1.html.\nif [ \"$os\" = \"sunos\" ]; then\n if uname -o 2>&1 | grep -q illumos; then\n os=\"illumos\"\n else\n os=\"solaris\"\n fi\n CPUName=$(isainfo -n)\nelse\n # For the rest of the operating systems, use uname(1) to determine what the CPU is.\n CPUName=$(uname -m)\nfi\n\ncase \"$CPUName\" in\n arm64|aarch64)\n arch=arm64\n if [ \"$(getconf LONG_BIT)\" -lt 64 ]; then\n # This is 32-bit OS running on 64-bit CPU (for example Raspberry Pi OS)\n arch=arm\n fi\n ;;\n\n loongarch64)\n arch=loongarch64\n ;;\n\n riscv64)\n arch=riscv64\n ;;\n\n amd64|x86_64)\n arch=x64\n ;;\n\n armv7l|armv8l)\n # shellcheck disable=SC1091\n if (NAME=\"\"; . /etc/os-release; test \"$NAME\" = \"Tizen\"); then\n arch=armel\n else\n arch=arm\n fi\n ;;\n\n armv6l)\n arch=armv6\n ;;\n\n i[3-6]86)\n echo \"Unsupported CPU $CPUName detected, build might not succeed!\"\n arch=x86\n ;;\n\n s390x)\n arch=s390x\n ;;\n\n ppc64le)\n arch=ppc64le\n ;;\n *)\n echo \"Unknown CPU $CPUName detected!\"\n exit 1\n ;;\nesac\n"
},
{
"path": "eng/common/native/install-cmake-test.sh",
"content": "#!/usr/bin/env bash\n\nsource=\"${BASH_SOURCE[0]}\"\nscriptroot=\"$( cd -P \"$( dirname \"$source\" )\" && pwd )\"\n\n. $scriptroot/common-library.sh\n\nbase_uri=\ninstall_path=\nversion=\nclean=false\nforce=false\ndownload_retries=5\nretry_wait_time_seconds=30\n\nwhile (($# > 0)); do\n lowerI=\"$(echo $1 | tr \"[:upper:]\" \"[:lower:]\")\"\n case $lowerI in\n --baseuri)\n base_uri=$2\n shift 2\n ;;\n --installpath)\n install_path=$2\n shift 2\n ;;\n --version)\n version=$2\n shift 2\n ;;\n --clean)\n clean=true\n shift 1\n ;;\n --force)\n force=true\n shift 1\n ;;\n --downloadretries)\n download_retries=$2\n shift 2\n ;;\n --retrywaittimeseconds)\n retry_wait_time_seconds=$2\n shift 2\n ;;\n --help)\n echo \"Common settings:\"\n echo \" --baseuri Base file directory or Url wrom which to acquire tool archives\"\n echo \" --installpath Base directory to install native tool to\"\n echo \" --clean Don't install the tool, just clean up the current install of the tool\"\n echo \" --force Force install of tools even if they previously exist\"\n echo \" --help Print help and exit\"\n echo \"\"\n echo \"Advanced settings:\"\n echo \" --downloadretries Total number of retry attempts\"\n echo \" --retrywaittimeseconds Wait time between retry attempts in seconds\"\n echo \"\"\n exit 0\n ;;\n esac\ndone\n\ntool_name=\"cmake-test\"\ntool_os=$(GetCurrentOS)\ntool_folder=\"$(echo $tool_os | tr \"[:upper:]\" \"[:lower:]\")\"\ntool_arch=\"x86_64\"\ntool_name_moniker=\"$tool_name-$version-$tool_os-$tool_arch\"\ntool_install_directory=\"$install_path/$tool_name/$version\"\ntool_file_path=\"$tool_install_directory/$tool_name_moniker/bin/$tool_name\"\nshim_path=\"$install_path/$tool_name.sh\"\nuri=\"${base_uri}/$tool_folder/$tool_name/$tool_name_moniker.tar.gz\"\n\n# Clean up tool and installers\nif [[ $clean = true ]]; then\n echo \"Cleaning $tool_install_directory\"\n if [[ -d $tool_install_directory ]]; then\n rm -rf $tool_install_directory\n fi\n\n echo \"Cleaning $shim_path\"\n if [[ -f $shim_path ]]; then\n rm -rf $shim_path\n fi\n\n tool_temp_path=$(GetTempPathFileName $uri)\n echo \"Cleaning $tool_temp_path\"\n if [[ -f $tool_temp_path ]]; then\n rm -rf $tool_temp_path\n fi\n\n exit 0\nfi\n\n# Install tool\nif [[ -f $tool_file_path ]] && [[ $force = false ]]; then\n echo \"$tool_name ($version) already exists, skipping install\"\n exit 0\nfi\n\nDownloadAndExtract $uri $tool_install_directory $force $download_retries $retry_wait_time_seconds\n\nif [[ $? != 0 ]]; then\n Write-PipelineTelemetryError -category 'NativeToolsBootstrap' 'Installation failed'\n exit 1\nfi\n\n# Generate Shim\n# Always rewrite shims so that we are referencing the expected version\nNewScriptShim $shim_path $tool_file_path true\n\nif [[ $? != 0 ]]; then\n Write-PipelineTelemetryError -category 'NativeToolsBootstrap' 'Shim generation failed'\n exit 1\nfi\n\nexit 0\n"
},
{
"path": "eng/common/native/install-cmake.sh",
"content": "#!/usr/bin/env bash\n\nsource=\"${BASH_SOURCE[0]}\"\nscriptroot=\"$( cd -P \"$( dirname \"$source\" )\" && pwd )\"\n\n. $scriptroot/common-library.sh\n\nbase_uri=\ninstall_path=\nversion=\nclean=false\nforce=false\ndownload_retries=5\nretry_wait_time_seconds=30\n\nwhile (($# > 0)); do\n lowerI=\"$(echo $1 | tr \"[:upper:]\" \"[:lower:]\")\"\n case $lowerI in\n --baseuri)\n base_uri=$2\n shift 2\n ;;\n --installpath)\n install_path=$2\n shift 2\n ;;\n --version)\n version=$2\n shift 2\n ;;\n --clean)\n clean=true\n shift 1\n ;;\n --force)\n force=true\n shift 1\n ;;\n --downloadretries)\n download_retries=$2\n shift 2\n ;;\n --retrywaittimeseconds)\n retry_wait_time_seconds=$2\n shift 2\n ;;\n --help)\n echo \"Common settings:\"\n echo \" --baseuri Base file directory or Url wrom which to acquire tool archives\"\n echo \" --installpath Base directory to install native tool to\"\n echo \" --clean Don't install the tool, just clean up the current install of the tool\"\n echo \" --force Force install of tools even if they previously exist\"\n echo \" --help Print help and exit\"\n echo \"\"\n echo \"Advanced settings:\"\n echo \" --downloadretries Total number of retry attempts\"\n echo \" --retrywaittimeseconds Wait time between retry attempts in seconds\"\n echo \"\"\n exit 0\n ;;\n esac\ndone\n\ntool_name=\"cmake\"\ntool_os=$(GetCurrentOS)\ntool_folder=\"$(echo $tool_os | tr \"[:upper:]\" \"[:lower:]\")\"\ntool_arch=\"x86_64\"\ntool_name_moniker=\"$tool_name-$version-$tool_os-$tool_arch\"\ntool_install_directory=\"$install_path/$tool_name/$version\"\ntool_file_path=\"$tool_install_directory/$tool_name_moniker/bin/$tool_name\"\nshim_path=\"$install_path/$tool_name.sh\"\nuri=\"${base_uri}/$tool_folder/$tool_name/$tool_name_moniker.tar.gz\"\n\n# Clean up tool and installers\nif [[ $clean = true ]]; then\n echo \"Cleaning $tool_install_directory\"\n if [[ -d $tool_install_directory ]]; then\n rm -rf $tool_install_directory\n fi\n\n echo \"Cleaning $shim_path\"\n if [[ -f $shim_path ]]; then\n rm -rf $shim_path\n fi\n\n tool_temp_path=$(GetTempPathFileName $uri)\n echo \"Cleaning $tool_temp_path\"\n if [[ -f $tool_temp_path ]]; then\n rm -rf $tool_temp_path\n fi\n\n exit 0\nfi\n\n# Install tool\nif [[ -f $tool_file_path ]] && [[ $force = false ]]; then\n echo \"$tool_name ($version) already exists, skipping install\"\n exit 0\nfi\n\nDownloadAndExtract $uri $tool_install_directory $force $download_retries $retry_wait_time_seconds\n\nif [[ $? != 0 ]]; then\n Write-PipelineTelemetryError -category 'NativeToolsBootstrap' 'Installation failed'\n exit 1\nfi\n\n# Generate Shim\n# Always rewrite shims so that we are referencing the expected version\nNewScriptShim $shim_path $tool_file_path true\n\nif [[ $? != 0 ]]; then\n Write-PipelineTelemetryError -category 'NativeToolsBootstrap' 'Shim generation failed'\n exit 1\nfi\n\nexit 0\n"
},
{
"path": "eng/common/native/install-dependencies.sh",
"content": "#!/bin/sh\n\nset -e\n\n# This is a simple script primarily used for CI to install necessary dependencies\n#\n# Usage:\n#\n# ./install-dependencies.sh \n\nos=\"$(echo \"$1\" | tr \"[:upper:]\" \"[:lower:]\")\"\n\nif [ -z \"$os\" ]; then\n . \"$(dirname \"$0\")\"/init-os-and-arch.sh\nfi\n\ncase \"$os\" in\n linux)\n if [ -e /etc/os-release ]; then\n . /etc/os-release\n fi\n\n if [ \"$ID\" = \"debian\" ] || [ \"$ID_LIKE\" = \"debian\" ]; then\n apt update\n\n apt install -y build-essential gettext locales cmake llvm clang lld lldb liblldb-dev libunwind8-dev libicu-dev liblttng-ust-dev \\\n libssl-dev libkrb5-dev pigz cpio\n\n localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8\n elif [ \"$ID\" = \"fedora\" ] || [ \"$ID\" = \"rhel\" ] || [ \"$ID\" = \"azurelinux\" ]; then\n pkg_mgr=\"$(command -v tdnf 2>/dev/null || command -v dnf)\"\n $pkg_mgr install -y cmake llvm lld lldb clang python curl libicu-devel openssl-devel krb5-devel lttng-ust-devel pigz cpio\n elif [ \"$ID\" = \"alpine\" ]; then\n apk add build-base cmake bash curl clang llvm-dev lld lldb krb5-dev lttng-ust-dev icu-dev openssl-dev pigz cpio\n else\n echo \"Unsupported distro. distro: $ID\"\n exit 1\n fi\n ;;\n\n osx|maccatalyst|ios|iossimulator|tvos|tvossimulator)\n echo \"Installed xcode version: $(xcode-select -p)\"\n\n export HOMEBREW_NO_INSTALL_CLEANUP=1\n export HOMEBREW_NO_INSTALLED_DEPENDENTS_CHECK=1\n # Skip brew update for now, see https://github.com/actions/setup-python/issues/577\n # brew update --preinstall\n brew bundle --no-upgrade --file=- <\n[CmdletBinding(PositionalBinding=$false)]\nParam (\n [Parameter(Mandatory=$True)]\n [string] $ToolName,\n [Parameter(Mandatory=$True)]\n [string] $InstallPath,\n [Parameter(Mandatory=$True)]\n [string] $BaseUri,\n [Parameter(Mandatory=$True)]\n [string] $Version,\n [string] $CommonLibraryDirectory = $PSScriptRoot,\n [switch] $Force = $False,\n [switch] $Clean = $False,\n [int] $DownloadRetries = 5,\n [int] $RetryWaitTimeInSeconds = 30\n)\n\n. $PSScriptRoot\\..\\pipeline-logging-functions.ps1\n\n# Import common library modules\nImport-Module -Name (Join-Path $CommonLibraryDirectory \"CommonLibrary.psm1\")\n\ntry {\n # Define verbose switch if undefined\n $Verbose = $VerbosePreference -Eq \"Continue\"\n\n $Arch = CommonLibrary\\Get-MachineArchitecture\n $ToolOs = \"win64\"\n if($Arch -Eq \"x32\") {\n $ToolOs = \"win32\"\n }\n $ToolNameMoniker = \"$ToolName-$Version-$ToolOs-$Arch\"\n $ToolInstallDirectory = Join-Path $InstallPath \"$ToolName\\$Version\\\"\n $Uri = \"$BaseUri/windows/$ToolName/$ToolNameMoniker.zip\"\n $ShimPath = Join-Path $InstallPath \"$ToolName.exe\"\n\n if ($Clean) {\n Write-Host \"Cleaning $ToolInstallDirectory\"\n if (Test-Path $ToolInstallDirectory) {\n Remove-Item $ToolInstallDirectory -Force -Recurse\n }\n Write-Host \"Cleaning $ShimPath\"\n if (Test-Path $ShimPath) {\n Remove-Item $ShimPath -Force\n }\n $ToolTempPath = CommonLibrary\\Get-TempPathFilename -Path $Uri\n Write-Host \"Cleaning $ToolTempPath\"\n if (Test-Path $ToolTempPath) {\n Remove-Item $ToolTempPath -Force\n }\n exit 0\n }\n\n # Install tool\n if ((Test-Path $ToolInstallDirectory) -And (-Not $Force)) {\n Write-Verbose \"$ToolName ($Version) already exists, skipping install\"\n }\n else {\n $InstallStatus = CommonLibrary\\DownloadAndExtract -Uri $Uri `\n -InstallDirectory $ToolInstallDirectory `\n -Force:$Force `\n -DownloadRetries $DownloadRetries `\n -RetryWaitTimeInSeconds $RetryWaitTimeInSeconds `\n -Verbose:$Verbose\n\n if ($InstallStatus -Eq $False) {\n Write-PipelineTelemetryError \"Installation failed\" -Category \"NativeToolsetBootstrapping\"\n exit 1\n }\n }\n\n $ToolFilePath = Get-ChildItem $ToolInstallDirectory -Recurse -Filter \"$ToolName.exe\" | % { $_.FullName }\n if (@($ToolFilePath).Length -Gt 1) {\n Write-Error \"There are multiple copies of $ToolName in $($ToolInstallDirectory): `n$(@($ToolFilePath | out-string))\"\n exit 1\n } elseif (@($ToolFilePath).Length -Lt 1) {\n Write-Host \"$ToolName was not found in $ToolInstallDirectory.\"\n exit 1\n }\n\n # Generate shim\n # Always rewrite shims so that we are referencing the expected version\n $GenerateShimStatus = CommonLibrary\\New-ScriptShim -ShimName $ToolName `\n -ShimDirectory $InstallPath `\n -ToolFilePath \"$ToolFilePath\" `\n -BaseUri $BaseUri `\n -Force:$Force `\n -Verbose:$Verbose\n\n if ($GenerateShimStatus -Eq $False) {\n Write-PipelineTelemetryError \"Generate shim failed\" -Category \"NativeToolsetBootstrapping\"\n return 1\n }\n\n exit 0\n}\ncatch {\n Write-Host $_.ScriptStackTrace\n Write-PipelineTelemetryError -Category \"NativeToolsetBootstrapping\" -Message $_\n exit 1\n}\n"
},
{
"path": "eng/common/pipeline-logging-functions.ps1",
"content": "# Source for this file was taken from https://github.com/microsoft/azure-pipelines-task-lib/blob/11c9439d4af17e6475d9fe058e6b2e03914d17e6/powershell/VstsTaskSdk/LoggingCommandFunctions.ps1 and modified.\n\n# NOTE: You should not be calling these method directly as they are likely to change. Instead you should be calling the Write-Pipeline* functions defined in tools.ps1\n\n$script:loggingCommandPrefix = '##vso['\n$script:loggingCommandEscapeMappings = @( # TODO: WHAT ABOUT \"=\"? WHAT ABOUT \"%\"?\n New-Object psobject -Property @{ Token = ';' ; Replacement = '%3B' }\n New-Object psobject -Property @{ Token = \"`r\" ; Replacement = '%0D' }\n New-Object psobject -Property @{ Token = \"`n\" ; Replacement = '%0A' }\n New-Object psobject -Property @{ Token = \"]\" ; Replacement = '%5D' }\n)\n# TODO: BUG: Escape % ???\n# TODO: Add test to verify don't need to escape \"=\".\n\n# Specify \"-Force\" to force pipeline formatted output even if \"$ci\" is false or not set\nfunction Write-PipelineTelemetryError {\n [CmdletBinding()]\n param(\n [Parameter(Mandatory = $true)]\n [string]$Category,\n [Parameter(Mandatory = $true)]\n [string]$Message,\n [Parameter(Mandatory = $false)]\n [string]$Type = 'error',\n [string]$ErrCode,\n [string]$SourcePath,\n [string]$LineNumber,\n [string]$ColumnNumber,\n [switch]$AsOutput,\n [switch]$Force)\n\n $PSBoundParameters.Remove('Category') | Out-Null\n\n if ($Force -Or ((Test-Path variable:ci) -And $ci)) {\n $Message = \"(NETCORE_ENGINEERING_TELEMETRY=$Category) $Message\"\n }\n $PSBoundParameters.Remove('Message') | Out-Null\n $PSBoundParameters.Add('Message', $Message)\n Write-PipelineTaskError @PSBoundParameters\n}\n\n# Specify \"-Force\" to force pipeline formatted output even if \"$ci\" is false or not set\nfunction Write-PipelineTaskError {\n [CmdletBinding()]\n param(\n [Parameter(Mandatory = $true)]\n [string]$Message,\n [Parameter(Mandatory = $false)]\n [string]$Type = 'error',\n [string]$ErrCode,\n [string]$SourcePath,\n [string]$LineNumber,\n [string]$ColumnNumber,\n [switch]$AsOutput,\n [switch]$Force\n )\n\n if (!$Force -And (-Not (Test-Path variable:ci) -Or !$ci)) {\n if ($Type -eq 'error') {\n Write-Host $Message -ForegroundColor Red\n return\n }\n elseif ($Type -eq 'warning') {\n Write-Host $Message -ForegroundColor Yellow\n return\n }\n }\n\n if (($Type -ne 'error') -and ($Type -ne 'warning')) {\n Write-Host $Message\n return\n }\n $PSBoundParameters.Remove('Force') | Out-Null \n if (-not $PSBoundParameters.ContainsKey('Type')) {\n $PSBoundParameters.Add('Type', 'error')\n }\n Write-LogIssue @PSBoundParameters\n}\n \nfunction Write-PipelineSetVariable {\n [CmdletBinding()]\n param(\n [Parameter(Mandatory = $true)]\n [string]$Name,\n [string]$Value,\n [switch]$Secret,\n [switch]$AsOutput,\n [bool]$IsMultiJobVariable = $true)\n\n if ((Test-Path variable:ci) -And $ci) {\n Write-LoggingCommand -Area 'task' -Event 'setvariable' -Data $Value -Properties @{\n 'variable' = $Name\n 'isSecret' = $Secret\n 'isOutput' = $IsMultiJobVariable\n } -AsOutput:$AsOutput\n }\n}\n \nfunction Write-PipelinePrependPath {\n [CmdletBinding()]\n param(\n [Parameter(Mandatory = $true)]\n [string]$Path,\n [switch]$AsOutput)\n\n if ((Test-Path variable:ci) -And $ci) {\n Write-LoggingCommand -Area 'task' -Event 'prependpath' -Data $Path -AsOutput:$AsOutput\n }\n}\n\nfunction Write-PipelineSetResult {\n [CmdletBinding()]\n param(\n [ValidateSet(\"Succeeded\", \"SucceededWithIssues\", \"Failed\", \"Cancelled\", \"Skipped\")]\n [Parameter(Mandatory = $true)]\n [string]$Result,\n [string]$Message)\n if ((Test-Path variable:ci) -And $ci) {\n Write-LoggingCommand -Area 'task' -Event 'complete' -Data $Message -Properties @{\n 'result' = $Result\n }\n }\n}\n\n<########################################\n# Private functions.\n########################################>\nfunction Format-LoggingCommandData {\n [CmdletBinding()]\n param([string]$Value, [switch]$Reverse)\n\n if (!$Value) {\n return ''\n }\n\n if (!$Reverse) {\n foreach ($mapping in $script:loggingCommandEscapeMappings) {\n $Value = $Value.Replace($mapping.Token, $mapping.Replacement)\n }\n }\n else {\n for ($i = $script:loggingCommandEscapeMappings.Length - 1 ; $i -ge 0 ; $i--) {\n $mapping = $script:loggingCommandEscapeMappings[$i]\n $Value = $Value.Replace($mapping.Replacement, $mapping.Token)\n }\n }\n\n return $Value\n}\n\nfunction Format-LoggingCommand {\n [CmdletBinding()]\n param(\n [Parameter(Mandatory = $true)]\n [string]$Area,\n [Parameter(Mandatory = $true)]\n [string]$Event,\n [string]$Data,\n [hashtable]$Properties)\n\n # Append the preamble.\n [System.Text.StringBuilder]$sb = New-Object -TypeName System.Text.StringBuilder\n $null = $sb.Append($script:loggingCommandPrefix).Append($Area).Append('.').Append($Event)\n\n # Append the properties.\n if ($Properties) {\n $first = $true\n foreach ($key in $Properties.Keys) {\n [string]$value = Format-LoggingCommandData $Properties[$key]\n if ($value) {\n if ($first) {\n $null = $sb.Append(' ')\n $first = $false\n }\n else {\n $null = $sb.Append(';')\n }\n\n $null = $sb.Append(\"$key=$value\")\n }\n }\n }\n\n # Append the tail and output the value.\n $Data = Format-LoggingCommandData $Data\n $sb.Append(']').Append($Data).ToString()\n}\n\nfunction Write-LoggingCommand {\n [CmdletBinding(DefaultParameterSetName = 'Parameters')]\n param(\n [Parameter(Mandatory = $true, ParameterSetName = 'Parameters')]\n [string]$Area,\n [Parameter(Mandatory = $true, ParameterSetName = 'Parameters')]\n [string]$Event,\n [Parameter(ParameterSetName = 'Parameters')]\n [string]$Data,\n [Parameter(ParameterSetName = 'Parameters')]\n [hashtable]$Properties,\n [Parameter(Mandatory = $true, ParameterSetName = 'Object')]\n $Command,\n [switch]$AsOutput)\n\n if ($PSCmdlet.ParameterSetName -eq 'Object') {\n Write-LoggingCommand -Area $Command.Area -Event $Command.Event -Data $Command.Data -Properties $Command.Properties -AsOutput:$AsOutput\n return\n }\n\n $command = Format-LoggingCommand -Area $Area -Event $Event -Data $Data -Properties $Properties\n if ($AsOutput) {\n $command\n }\n else {\n Write-Host $command\n }\n}\n\nfunction Write-LogIssue {\n [CmdletBinding()]\n param(\n [ValidateSet('warning', 'error')]\n [Parameter(Mandatory = $true)]\n [string]$Type,\n [string]$Message,\n [string]$ErrCode,\n [string]$SourcePath,\n [string]$LineNumber,\n [string]$ColumnNumber,\n [switch]$AsOutput)\n\n $command = Format-LoggingCommand -Area 'task' -Event 'logissue' -Data $Message -Properties @{\n 'type' = $Type\n 'code' = $ErrCode\n 'sourcepath' = $SourcePath\n 'linenumber' = $LineNumber\n 'columnnumber' = $ColumnNumber\n }\n if ($AsOutput) {\n return $command\n }\n\n if ($Type -eq 'error') {\n $foregroundColor = $host.PrivateData.ErrorForegroundColor\n $backgroundColor = $host.PrivateData.ErrorBackgroundColor\n if ($foregroundColor -isnot [System.ConsoleColor] -or $backgroundColor -isnot [System.ConsoleColor]) {\n $foregroundColor = [System.ConsoleColor]::Red\n $backgroundColor = [System.ConsoleColor]::Black\n }\n }\n else {\n $foregroundColor = $host.PrivateData.WarningForegroundColor\n $backgroundColor = $host.PrivateData.WarningBackgroundColor\n if ($foregroundColor -isnot [System.ConsoleColor] -or $backgroundColor -isnot [System.ConsoleColor]) {\n $foregroundColor = [System.ConsoleColor]::Yellow\n $backgroundColor = [System.ConsoleColor]::Black\n }\n }\n\n Write-Host $command -ForegroundColor $foregroundColor -BackgroundColor $backgroundColor\n}\n"
},
{
"path": "eng/common/pipeline-logging-functions.sh",
"content": "#!/usr/bin/env bash\n\nfunction Write-PipelineTelemetryError {\n local telemetry_category=''\n local force=false\n local function_args=()\n local message=''\n while [[ $# -gt 0 ]]; do\n opt=\"$(echo \"${1/#--/-}\" | tr \"[:upper:]\" \"[:lower:]\")\"\n case \"$opt\" in\n -category|-c)\n telemetry_category=$2\n shift\n ;;\n -force|-f)\n force=true\n ;;\n -*)\n function_args+=(\"$1 $2\")\n shift\n ;;\n *)\n message=$*\n ;;\n esac\n shift\n done\n\n if [[ $force != true ]] && [[ \"$ci\" != true ]]; then\n echo \"$message\" >&2\n return\n fi\n\n if [[ $force == true ]]; then\n function_args+=(\"-force\")\n fi\n message=\"(NETCORE_ENGINEERING_TELEMETRY=$telemetry_category) $message\"\n function_args+=(\"$message\")\n Write-PipelineTaskError ${function_args[@]}\n}\n\nfunction Write-PipelineTaskError {\n local message_type=\"error\"\n local sourcepath=''\n local linenumber=''\n local columnnumber=''\n local error_code=''\n local force=false\n\n while [[ $# -gt 0 ]]; do\n opt=\"$(echo \"${1/#--/-}\" | tr \"[:upper:]\" \"[:lower:]\")\"\n case \"$opt\" in\n -type|-t)\n message_type=$2\n shift\n ;;\n -sourcepath|-s)\n sourcepath=$2\n shift\n ;;\n -linenumber|-ln)\n linenumber=$2\n shift\n ;;\n -columnnumber|-cn)\n columnnumber=$2\n shift\n ;;\n -errcode|-e)\n error_code=$2\n shift\n ;;\n -force|-f)\n force=true\n ;;\n *)\n break\n ;;\n esac\n\n shift\n done\n\n if [[ $force != true ]] && [[ \"$ci\" != true ]]; then\n echo \"$@\" >&2\n return\n fi\n\n local message=\"##vso[task.logissue\"\n\n message=\"$message type=$message_type\"\n\n if [ -n \"$sourcepath\" ]; then\n message=\"$message;sourcepath=$sourcepath\"\n fi\n\n if [ -n \"$linenumber\" ]; then\n message=\"$message;linenumber=$linenumber\"\n fi\n\n if [ -n \"$columnnumber\" ]; then\n message=\"$message;columnnumber=$columnnumber\"\n fi\n\n if [ -n \"$error_code\" ]; then\n message=\"$message;code=$error_code\"\n fi\n\n message=\"$message]$*\"\n echo \"$message\"\n}\n\nfunction Write-PipelineSetVariable {\n if [[ \"$ci\" != true ]]; then\n return\n fi\n\n local name=''\n local value=''\n local secret=false\n local as_output=false\n local is_multi_job_variable=true\n\n while [[ $# -gt 0 ]]; do\n opt=\"$(echo \"${1/#--/-}\" | tr \"[:upper:]\" \"[:lower:]\")\"\n case \"$opt\" in\n -name|-n)\n name=$2\n shift\n ;;\n -value|-v)\n value=$2\n shift\n ;;\n -secret|-s)\n secret=true\n ;;\n -as_output|-a)\n as_output=true\n ;;\n -is_multi_job_variable|-i)\n is_multi_job_variable=$2\n shift\n ;;\n esac\n shift\n done\n\n value=${value/;/%3B}\n value=${value/\\\\r/%0D}\n value=${value/\\\\n/%0A}\n value=${value/]/%5D}\n\n local message=\"##vso[task.setvariable variable=$name;isSecret=$secret;isOutput=$is_multi_job_variable]$value\"\n\n if [[ \"$as_output\" == true ]]; then\n $message\n else\n echo \"$message\"\n fi\n}\n\nfunction Write-PipelinePrependPath {\n local prepend_path=''\n\n while [[ $# -gt 0 ]]; do\n opt=\"$(echo \"${1/#--/-}\" | tr \"[:upper:]\" \"[:lower:]\")\"\n case \"$opt\" in\n -path|-p)\n prepend_path=$2\n shift\n ;;\n esac\n shift\n done\n\n export PATH=\"$prepend_path:$PATH\"\n\n if [[ \"$ci\" == true ]]; then\n echo \"##vso[task.prependpath]$prepend_path\"\n fi\n}\n\nfunction Write-PipelineSetResult {\n local result=''\n local message=''\n\n while [[ $# -gt 0 ]]; do\n opt=\"$(echo \"${1/#--/-}\" | tr \"[:upper:]\" \"[:lower:]\")\"\n case \"$opt\" in\n -result|-r)\n result=$2\n shift\n ;;\n -message|-m)\n message=$2\n shift\n ;;\n esac\n shift\n done\n\n if [[ \"$ci\" == true ]]; then\n echo \"##vso[task.complete result=$result;]$message\"\n fi\n}\n"
},
{
"path": "eng/common/post-build/check-channel-consistency.ps1",
"content": "param(\n [Parameter(Mandatory=$true)][string] $PromoteToChannels, # List of channels that the build should be promoted to\n [Parameter(Mandatory=$true)][array] $AvailableChannelIds # List of channel IDs available in the YAML implementation\n)\n\ntry {\n $ErrorActionPreference = 'Stop'\n Set-StrictMode -Version 2.0\n\n # `tools.ps1` checks $ci to perform some actions. Since the post-build\n # scripts don't necessarily execute in the same agent that run the\n # build.ps1/sh script this variable isn't automatically set.\n $ci = $true\n $disableConfigureToolsetImport = $true\n . $PSScriptRoot\\..\\tools.ps1\n\n if ($PromoteToChannels -eq \"\") {\n Write-PipelineTaskError -Type 'warning' -Message \"This build won't publish assets as it's not configured to any Maestro channel. If that wasn't intended use Darc to configure a default channel using add-default-channel for this branch or to promote it to a channel using add-build-to-channel. See https://github.com/dotnet/arcade/blob/main/Documentation/Darc.md#assigning-an-individual-build-to-a-channel for more info.\"\n ExitWithExitCode 0\n }\n\n # Check that every channel that Maestro told to promote the build to \n # is available in YAML\n $PromoteToChannelsIds = $PromoteToChannels -split \"\\D\" | Where-Object { $_ }\n\n $hasErrors = $false\n\n foreach ($id in $PromoteToChannelsIds) {\n if (($id -ne 0) -and ($id -notin $AvailableChannelIds)) {\n Write-PipelineTaskError -Message \"Channel $id is not present in the post-build YAML configuration! This is an error scenario. Please contact @dnceng.\"\n $hasErrors = $true\n }\n }\n\n # The `Write-PipelineTaskError` doesn't error the script and we might report several errors\n # in the previous lines. The check below makes sure that we return an error state from the\n # script if we reported any validation error\n if ($hasErrors) {\n ExitWithExitCode 1 \n }\n\n Write-Host 'done.'\n} \ncatch {\n Write-Host $_\n Write-PipelineTelemetryError -Category 'CheckChannelConsistency' -Message \"There was an error while trying to check consistency of Maestro default channels for the build and post-build YAML configuration.\"\n ExitWithExitCode 1\n}\n"
},
{
"path": "eng/common/post-build/nuget-validation.ps1",
"content": "# This script validates NuGet package metadata information using this \n# tool: https://github.com/NuGet/NuGetGallery/tree/jver-verify/src/VerifyMicrosoftPackage\n\nparam(\n [Parameter(Mandatory=$true)][string] $PackagesPath # Path to where the packages to be validated are\n)\n\n# `tools.ps1` checks $ci to perform some actions. Since the post-build\n# scripts don't necessarily execute in the same agent that run the\n# build.ps1/sh script this variable isn't automatically set.\n$ci = $true\n$disableConfigureToolsetImport = $true\n. $PSScriptRoot\\..\\tools.ps1\n\ntry {\n & $PSScriptRoot\\nuget-verification.ps1 ${PackagesPath}\\*.nupkg\n} \ncatch {\n Write-Host $_.ScriptStackTrace\n Write-PipelineTelemetryError -Category 'NuGetValidation' -Message $_\n ExitWithExitCode 1\n}\n"
},
{
"path": "eng/common/post-build/nuget-verification.ps1",
"content": "<#\n.SYNOPSIS\n Verifies that Microsoft NuGet packages have proper metadata.\n.DESCRIPTION\n Downloads a verification tool and runs metadata validation on the provided NuGet packages. This script writes an\n error if any of the provided packages fail validation. All arguments provided to this PowerShell script that do not\n match PowerShell parameters are passed on to the verification tool downloaded during the execution of this script.\n.PARAMETER NuGetExePath\n The path to the nuget.exe binary to use. If not provided, nuget.exe will be downloaded into the -DownloadPath\n directory.\n.PARAMETER PackageSource\n The package source to use to download the verification tool. If not provided, nuget.org will be used.\n.PARAMETER DownloadPath\n The directory path to download the verification tool and nuget.exe to. If not provided,\n %TEMP%\\NuGet.VerifyNuGetPackage will be used.\n.PARAMETER args\n Arguments that will be passed to the verification tool.\n.EXAMPLE\n PS> .\\verify.ps1 *.nupkg\n Verifies the metadata of all .nupkg files in the currect working directory.\n.EXAMPLE\n PS> .\\verify.ps1 --help\n Displays the help text of the downloaded verifiction tool.\n.LINK\n https://github.com/NuGet/NuGetGallery/blob/master/src/VerifyMicrosoftPackage/README.md\n#>\n\n# This script was copied from https://github.com/NuGet/NuGetGallery/blob/3e25ad135146676bcab0050a516939d9958bfa5d/src/VerifyMicrosoftPackage/verify.ps1\n\n[CmdletBinding(PositionalBinding = $false)]\nparam(\n [string]$NuGetExePath,\n [string]$PackageSource = \"https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public/nuget/v3/index.json\",\n [string]$DownloadPath,\n [Parameter(ValueFromRemainingArguments = $true)]\n [string[]]$args\n)\n\n# The URL to download nuget.exe.\n$nugetExeUrl = \"https://dist.nuget.org/win-x86-commandline/v4.9.4/nuget.exe\"\n\n# The package ID of the verification tool.\n$packageId = \"NuGet.VerifyMicrosoftPackage\"\n\n# The location that nuget.exe and the verification tool will be downloaded to.\nif (!$DownloadPath) {\n $DownloadPath = (Join-Path $env:TEMP \"NuGet.VerifyMicrosoftPackage\")\n}\n\n$fence = New-Object -TypeName string -ArgumentList '=', 80\n\n# Create the download directory, if it doesn't already exist.\nif (!(Test-Path $DownloadPath)) {\n New-Item -ItemType Directory $DownloadPath | Out-Null\n}\nWrite-Host \"Using download path: $DownloadPath\"\n\nif ($NuGetExePath) {\n $nuget = $NuGetExePath\n} else {\n $downloadedNuGetExe = Join-Path $DownloadPath \"nuget.exe\"\n \n # Download nuget.exe, if it doesn't already exist.\n if (!(Test-Path $downloadedNuGetExe)) {\n Write-Host \"Downloading nuget.exe from $nugetExeUrl...\"\n $ProgressPreference = 'SilentlyContinue'\n try {\n Invoke-WebRequest $nugetExeUrl -UseBasicParsing -OutFile $downloadedNuGetExe\n $ProgressPreference = 'Continue'\n } catch {\n $ProgressPreference = 'Continue'\n Write-Error $_\n Write-Error \"nuget.exe failed to download.\"\n exit\n }\n }\n\n $nuget = $downloadedNuGetExe\n}\n\nWrite-Host \"Using nuget.exe path: $nuget\"\nWrite-Host \" \"\n\n# Download the latest version of the verification tool.\nWrite-Host \"Downloading the latest version of $packageId from $packageSource...\"\nWrite-Host $fence\n& $nuget install $packageId `\n -Prerelease `\n -OutputDirectory $DownloadPath `\n -Source $PackageSource\nWrite-Host $fence\nWrite-Host \" \"\n\nif ($LASTEXITCODE -ne 0) {\n Write-Error \"nuget.exe failed to fetch the verify tool.\"\n exit\n}\n\n# Find the most recently downloaded tool\nWrite-Host \"Finding the most recently downloaded verification tool.\"\n$verifyProbePath = Join-Path $DownloadPath \"$packageId.*\"\n$verifyPath = Get-ChildItem -Path $verifyProbePath -Directory `\n | Sort-Object -Property LastWriteTime -Descending `\n | Select-Object -First 1\n$verify = Join-Path $verifyPath \"tools\\NuGet.VerifyMicrosoftPackage.exe\"\nWrite-Host \"Using verification tool: $verify\"\nWrite-Host \" \"\n\n# Execute the verification tool.\nWrite-Host \"Executing the verify tool...\"\nWrite-Host $fence\n& $verify $args\nWrite-Host $fence\nWrite-Host \" \"\n\n# Respond to the exit code.\nif ($LASTEXITCODE -ne 0) {\n Write-Error \"The verify tool found some problems.\"\n} else {\n Write-Output \"The verify tool succeeded.\"\n}\n"
},
{
"path": "eng/common/post-build/publish-using-darc.ps1",
"content": "param(\n [Parameter(Mandatory=$true)][int] $BuildId,\n [Parameter(Mandatory=$true)][int] $PublishingInfraVersion,\n [Parameter(Mandatory=$true)][string] $AzdoToken,\n [Parameter(Mandatory=$false)][string] $MaestroApiEndPoint = 'https://maestro.dot.net',\n [Parameter(Mandatory=$true)][string] $WaitPublishingFinish,\n [Parameter(Mandatory=$false)][string] $ArtifactsPublishingAdditionalParameters,\n [Parameter(Mandatory=$false)][string] $SymbolPublishingAdditionalParameters,\n [Parameter(Mandatory=$false)][string] $RequireDefaultChannels,\n [Parameter(Mandatory=$false)][string] $SkipAssetsPublishing,\n [Parameter(Mandatory=$false)][string] $runtimeSourceFeed,\n [Parameter(Mandatory=$false)][string] $runtimeSourceFeedKey\n)\n\ntry {\n # `tools.ps1` checks $ci to perform some actions. Since the post-build\n # scripts don't necessarily execute in the same agent that run the\n # build.ps1/sh script this variable isn't automatically set.\n $ci = $true\n $disableConfigureToolsetImport = $true\n . $PSScriptRoot\\..\\tools.ps1\n\n $darc = Get-Darc\n\n $optionalParams = [System.Collections.ArrayList]::new()\n\n if (\"\" -ne $ArtifactsPublishingAdditionalParameters) {\n $optionalParams.Add(\"--artifact-publishing-parameters\") | Out-Null\n $optionalParams.Add($ArtifactsPublishingAdditionalParameters) | Out-Null\n }\n\n if (\"\" -ne $SymbolPublishingAdditionalParameters) {\n $optionalParams.Add(\"--symbol-publishing-parameters\") | Out-Null\n $optionalParams.Add($SymbolPublishingAdditionalParameters) | Out-Null\n }\n\n if (\"false\" -eq $WaitPublishingFinish) {\n $optionalParams.Add(\"--no-wait\") | Out-Null\n }\n \n if (\"true\" -eq $RequireDefaultChannels) {\n $optionalParams.Add(\"--default-channels-required\") | Out-Null\n }\n\n if (\"true\" -eq $SkipAssetsPublishing) {\n $optionalParams.Add(\"--skip-assets-publishing\") | Out-Null\n }\n\n & $darc add-build-to-channel `\n --id $buildId `\n --publishing-infra-version $PublishingInfraVersion `\n --default-channels `\n --source-branch main `\n --azdev-pat \"$AzdoToken\" `\n --bar-uri \"$MaestroApiEndPoint\" `\n --ci `\n --verbose `\n\t@optionalParams\n\n if ($LastExitCode -ne 0) {\n Write-Host \"Problems using Darc to promote build ${buildId} to default channels. Stopping execution...\"\n exit 1\n }\n\n Write-Host 'done.'\n}\ncatch {\n Write-Host $_\n Write-PipelineTelemetryError -Category 'PromoteBuild' -Message \"There was an error while trying to publish build '$BuildId' to default channels.\"\n ExitWithExitCode 1\n}\n"
},
{
"path": "eng/common/post-build/redact-logs.ps1",
"content": "[CmdletBinding(PositionalBinding=$False)]\nparam(\n [Parameter(Mandatory=$true, Position=0)][string] $InputPath,\n [Parameter(Mandatory=$true)][string] $BinlogToolVersion,\n [Parameter(Mandatory=$false)][string] $DotnetPath,\n [Parameter(Mandatory=$false)][string] $PackageFeed = 'https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public/nuget/v3/index.json',\n # File with strings to redact - separated by newlines.\n # For comments start the line with '# ' - such lines are ignored \n [Parameter(Mandatory=$false)][string] $TokensFilePath,\n [Parameter(ValueFromRemainingArguments=$true)][String[]]$TokensToRedact,\n [Parameter(Mandatory=$false)][string] $runtimeSourceFeed,\n [Parameter(Mandatory=$false)][string] $runtimeSourceFeedKey)\n\ntry {\n $ErrorActionPreference = 'Stop'\n Set-StrictMode -Version 2.0\n\n # `tools.ps1` checks $ci to perform some actions. Since the post-build\n # scripts don't necessarily execute in the same agent that run the\n # build.ps1/sh script this variable isn't automatically set.\n $ci = $true\n $disableConfigureToolsetImport = $true\n . $PSScriptRoot\\..\\tools.ps1\n\n $packageName = 'binlogtool'\n\n $dotnet = $DotnetPath\n\n if (!$dotnet) {\n $dotnetRoot = InitializeDotNetCli -install:$true\n $dotnet = \"$dotnetRoot\\dotnet.exe\"\n }\n \n $toolList = & \"$dotnet\" tool list -g\n\n if ($toolList -like \"*$packageName*\") {\n & \"$dotnet\" tool uninstall $packageName -g\n }\n\n $toolPath = \"$PSScriptRoot\\..\\..\\..\\.tools\"\n $verbosity = 'minimal'\n \n New-Item -ItemType Directory -Force -Path $toolPath\n \n Push-Location -Path $toolPath\n\n try {\n Write-Host \"Installing Binlog redactor CLI...\"\n Write-Host \"'$dotnet' new tool-manifest\"\n & \"$dotnet\" new tool-manifest\n Write-Host \"'$dotnet' tool install $packageName --local --add-source '$PackageFeed' -v $verbosity --version $BinlogToolVersion\"\n & \"$dotnet\" tool install $packageName --local --add-source \"$PackageFeed\" -v $verbosity --version $BinlogToolVersion\n\n if (Test-Path $TokensFilePath) {\n Write-Host \"Adding additional sensitive data for redaction from file: \" $TokensFilePath\n $TokensToRedact += Get-Content -Path $TokensFilePath | Foreach {$_.Trim()} | Where { $_ -notmatch \"^# \" }\n }\n\n $optionalParams = [System.Collections.ArrayList]::new()\n \n Foreach ($p in $TokensToRedact)\n {\n if($p -match '^\\$\\(.*\\)$')\n {\n Write-Host (\"Ignoring token {0} as it is probably unexpanded AzDO variable\" -f $p)\n } \n elseif($p)\n {\n $optionalParams.Add(\"-p:\" + $p) | Out-Null\n }\n }\n\n & $dotnet binlogtool redact --input:$InputPath --recurse --in-place `\n @optionalParams\n\n if ($LastExitCode -ne 0) {\n Write-PipelineTelemetryError -Category 'Redactor' -Type 'warning' -Message \"Problems using Redactor tool (exit code: $LastExitCode). But ignoring them now.\"\n }\n }\n finally {\n Pop-Location\n }\n\n Write-Host 'done.'\n} \ncatch {\n Write-Host $_\n Write-PipelineTelemetryError -Category 'Redactor' -Message \"There was an error while trying to redact logs. Error: $_\"\n ExitWithExitCode 1\n}\n"
},
{
"path": "eng/common/post-build/sourcelink-validation.ps1",
"content": "param(\n [Parameter(Mandatory=$true)][string] $InputPath, # Full path to directory where Symbols.NuGet packages to be checked are stored\n [Parameter(Mandatory=$true)][string] $ExtractPath, # Full path to directory where the packages will be extracted during validation\n [Parameter(Mandatory=$false)][string] $GHRepoName, # GitHub name of the repo including the Org. E.g., dotnet/arcade\n [Parameter(Mandatory=$false)][string] $GHCommit, # GitHub commit SHA used to build the packages\n [Parameter(Mandatory=$true)][string] $SourcelinkCliVersion # Version of SourceLink CLI to use\n)\n\n$ErrorActionPreference = 'Stop'\nSet-StrictMode -Version 2.0\n\n# `tools.ps1` checks $ci to perform some actions. Since the post-build\n# scripts don't necessarily execute in the same agent that run the\n# build.ps1/sh script this variable isn't automatically set.\n$ci = $true\n$disableConfigureToolsetImport = $true\n. $PSScriptRoot\\..\\tools.ps1\n\n# Cache/HashMap (File -> Exist flag) used to consult whether a file exist \n# in the repository at a specific commit point. This is populated by inserting\n# all files present in the repo at a specific commit point.\n$global:RepoFiles = @{}\n\n# Maximum number of jobs to run in parallel\n$MaxParallelJobs = 16\n\n$MaxRetries = 5\n$RetryWaitTimeInSeconds = 30\n\n# Wait time between check for system load\n$SecondsBetweenLoadChecks = 10\n\nif (!$InputPath -or !(Test-Path $InputPath)){\n Write-Host \"No files to validate.\"\n ExitWithExitCode 0\n}\n\n$ValidatePackage = {\n param( \n [string] $PackagePath # Full path to a Symbols.NuGet package\n )\n\n . $using:PSScriptRoot\\..\\tools.ps1\n\n # Ensure input file exist\n if (!(Test-Path $PackagePath)) {\n Write-Host \"Input file does not exist: $PackagePath\"\n return [pscustomobject]@{\n result = 1\n packagePath = $PackagePath\n }\n }\n\n # Extensions for which we'll look for SourceLink information\n # For now we'll only care about Portable & Embedded PDBs\n $RelevantExtensions = @('.dll', '.exe', '.pdb')\n \n Write-Host -NoNewLine 'Validating ' ([System.IO.Path]::GetFileName($PackagePath)) '...'\n\n $PackageId = [System.IO.Path]::GetFileNameWithoutExtension($PackagePath)\n $ExtractPath = Join-Path -Path $using:ExtractPath -ChildPath $PackageId\n $FailedFiles = 0\n\n Add-Type -AssemblyName System.IO.Compression.FileSystem\n\n [System.IO.Directory]::CreateDirectory($ExtractPath) | Out-Null\n\n try {\n $zip = [System.IO.Compression.ZipFile]::OpenRead($PackagePath)\n\n $zip.Entries | \n Where-Object {$RelevantExtensions -contains [System.IO.Path]::GetExtension($_.Name)} |\n ForEach-Object {\n $FileName = $_.FullName\n $Extension = [System.IO.Path]::GetExtension($_.Name)\n $FakeName = -Join((New-Guid), $Extension)\n $TargetFile = Join-Path -Path $ExtractPath -ChildPath $FakeName \n\n # We ignore resource DLLs\n if ($FileName.EndsWith('.resources.dll')) {\n return [pscustomobject]@{\n result = 0\n packagePath = $PackagePath\n }\n }\n\n [System.IO.Compression.ZipFileExtensions]::ExtractToFile($_, $TargetFile, $true)\n\n $ValidateFile = {\n param( \n [string] $FullPath, # Full path to the module that has to be checked\n [string] $RealPath,\n [ref] $FailedFiles\n )\n\n $sourcelinkExe = \"$env:USERPROFILE\\.dotnet\\tools\"\n $sourcelinkExe = Resolve-Path \"$sourcelinkExe\\sourcelink.exe\"\n $SourceLinkInfos = & $sourcelinkExe print-urls $FullPath | Out-String\n\n if ($LASTEXITCODE -eq 0 -and -not ([string]::IsNullOrEmpty($SourceLinkInfos))) {\n $NumFailedLinks = 0\n\n # We only care about Http addresses\n $Matches = (Select-String '(http[s]?)(:\\/\\/)([^\\s,]+)' -Input $SourceLinkInfos -AllMatches).Matches\n\n if ($Matches.Count -ne 0) {\n $Matches.Value |\n ForEach-Object {\n $Link = $_\n $CommitUrl = \"https://raw.githubusercontent.com/${using:GHRepoName}/${using:GHCommit}/\"\n \n $FilePath = $Link.Replace($CommitUrl, \"\")\n $Status = 200\n $Cache = $using:RepoFiles\n\n $attempts = 0\n\n while ($attempts -lt $using:MaxRetries) {\n if ( !($Cache.ContainsKey($FilePath)) ) {\n try {\n $Uri = $Link -as [System.URI]\n \n if ($Link -match \"submodules\") {\n # Skip submodule links until sourcelink properly handles submodules\n $Status = 200\n }\n elseif ($Uri.AbsoluteURI -ne $null -and ($Uri.Host -match 'github' -or $Uri.Host -match 'githubusercontent')) {\n # Only GitHub links are valid\n $Status = (Invoke-WebRequest -Uri $Link -UseBasicParsing -Method HEAD -TimeoutSec 5).StatusCode\n }\n else {\n # If it's not a github link, we want to break out of the loop and not retry.\n $Status = 0\n $attempts = $using:MaxRetries\n }\n }\n catch {\n Write-Host $_\n $Status = 0\n }\n }\n\n if ($Status -ne 200) {\n $attempts++\n \n if ($attempts -lt $using:MaxRetries)\n {\n $attemptsLeft = $using:MaxRetries - $attempts\n Write-Warning \"Download failed, $attemptsLeft attempts remaining, will retry in $using:RetryWaitTimeInSeconds seconds\"\n Start-Sleep -Seconds $using:RetryWaitTimeInSeconds\n }\n else {\n if ($NumFailedLinks -eq 0) {\n if ($FailedFiles.Value -eq 0) {\n Write-Host\n }\n \n Write-Host \"`tFile $RealPath has broken links:\"\n }\n \n Write-Host \"`t`tFailed to retrieve $Link\"\n \n $NumFailedLinks++\n }\n }\n else {\n break\n }\n }\n }\n }\n\n if ($NumFailedLinks -ne 0) {\n $FailedFiles.value++\n $global:LASTEXITCODE = 1\n }\n }\n }\n \n &$ValidateFile $TargetFile $FileName ([ref]$FailedFiles)\n }\n }\n catch {\n Write-Host $_\n }\n finally {\n $zip.Dispose() \n }\n\n if ($FailedFiles -eq 0) {\n Write-Host 'Passed.'\n return [pscustomobject]@{\n result = 0\n packagePath = $PackagePath\n }\n }\n else {\n Write-PipelineTelemetryError -Category 'SourceLink' -Message \"$PackagePath has broken SourceLink links.\"\n return [pscustomobject]@{\n result = 1\n packagePath = $PackagePath\n }\n }\n}\n\nfunction CheckJobResult(\n $result, \n $packagePath,\n [ref]$ValidationFailures,\n [switch]$logErrors) {\n if ($result -ne '0') {\n if ($logErrors) {\n Write-PipelineTelemetryError -Category 'SourceLink' -Message \"$packagePath has broken SourceLink links.\"\n }\n $ValidationFailures.Value++\n }\n}\n\nfunction ValidateSourceLinkLinks {\n if ($GHRepoName -ne '' -and !($GHRepoName -Match '^[^\\s\\/]+/[^\\s\\/]+$')) {\n if (!($GHRepoName -Match '^[^\\s-]+-[^\\s]+$')) {\n Write-PipelineTelemetryError -Category 'SourceLink' -Message \"GHRepoName should be in the format / or -. '$GHRepoName'\"\n ExitWithExitCode 1\n }\n else {\n $GHRepoName = $GHRepoName -replace '^([^\\s-]+)-([^\\s]+)$', '$1/$2';\n }\n }\n\n if ($GHCommit -ne '' -and !($GHCommit -Match '^[0-9a-fA-F]{40}$')) {\n Write-PipelineTelemetryError -Category 'SourceLink' -Message \"GHCommit should be a 40 chars hexadecimal string. '$GHCommit'\"\n ExitWithExitCode 1\n }\n\n if ($GHRepoName -ne '' -and $GHCommit -ne '') {\n $RepoTreeURL = -Join('http://api.github.com/repos/', $GHRepoName, '/git/trees/', $GHCommit, '?recursive=1')\n $CodeExtensions = @('.cs', '.vb', '.fs', '.fsi', '.fsx', '.fsscript')\n\n try {\n # Retrieve the list of files in the repo at that particular commit point and store them in the RepoFiles hash\n $Data = Invoke-WebRequest $RepoTreeURL -UseBasicParsing | ConvertFrom-Json | Select-Object -ExpandProperty tree\n \n foreach ($file in $Data) {\n $Extension = [System.IO.Path]::GetExtension($file.path)\n\n if ($CodeExtensions.Contains($Extension)) {\n $RepoFiles[$file.path] = 1\n }\n }\n }\n catch {\n Write-Host \"Problems downloading the list of files from the repo. Url used: $RepoTreeURL . Execution will proceed without caching.\"\n }\n }\n elseif ($GHRepoName -ne '' -or $GHCommit -ne '') {\n Write-Host 'For using the http caching mechanism both GHRepoName and GHCommit should be informed.'\n }\n \n if (Test-Path $ExtractPath) {\n Remove-Item $ExtractPath -Force -Recurse -ErrorAction SilentlyContinue\n }\n\n $ValidationFailures = 0\n\n # Process each NuGet package in parallel\n Get-ChildItem \"$InputPath\\*.symbols.nupkg\" |\n ForEach-Object {\n Write-Host \"Starting $($_.FullName)\"\n Start-Job -ScriptBlock $ValidatePackage -ArgumentList $_.FullName | Out-Null\n $NumJobs = @(Get-Job -State 'Running').Count\n \n while ($NumJobs -ge $MaxParallelJobs) {\n Write-Host \"There are $NumJobs validation jobs running right now. Waiting $SecondsBetweenLoadChecks seconds to check again.\"\n sleep $SecondsBetweenLoadChecks\n $NumJobs = @(Get-Job -State 'Running').Count\n }\n\n foreach ($Job in @(Get-Job -State 'Completed')) {\n $jobResult = Wait-Job -Id $Job.Id | Receive-Job\n CheckJobResult $jobResult.result $jobResult.packagePath ([ref]$ValidationFailures) -LogErrors\n Remove-Job -Id $Job.Id\n }\n }\n\n foreach ($Job in @(Get-Job)) {\n $jobResult = Wait-Job -Id $Job.Id | Receive-Job\n CheckJobResult $jobResult.result $jobResult.packagePath ([ref]$ValidationFailures)\n Remove-Job -Id $Job.Id\n }\n if ($ValidationFailures -gt 0) {\n Write-PipelineTelemetryError -Category 'SourceLink' -Message \"$ValidationFailures package(s) failed validation.\"\n ExitWithExitCode 1\n }\n}\n\nfunction InstallSourcelinkCli {\n $sourcelinkCliPackageName = 'sourcelink'\n\n $dotnetRoot = InitializeDotNetCli -install:$true\n $dotnet = \"$dotnetRoot\\dotnet.exe\"\n $toolList = & \"$dotnet\" tool list --global\n\n if (($toolList -like \"*$sourcelinkCliPackageName*\") -and ($toolList -like \"*$sourcelinkCliVersion*\")) {\n Write-Host \"SourceLink CLI version $sourcelinkCliVersion is already installed.\"\n }\n else {\n Write-Host \"Installing SourceLink CLI version $sourcelinkCliVersion...\"\n Write-Host 'You may need to restart your command window if this is the first dotnet tool you have installed.'\n & \"$dotnet\" tool install $sourcelinkCliPackageName --version $sourcelinkCliVersion --verbosity \"minimal\" --global \n }\n}\n\ntry {\n InstallSourcelinkCli\n\n foreach ($Job in @(Get-Job)) {\n Remove-Job -Id $Job.Id\n }\n\n ValidateSourceLinkLinks \n}\ncatch {\n Write-Host $_.Exception\n Write-Host $_.ScriptStackTrace\n Write-PipelineTelemetryError -Category 'SourceLink' -Message $_\n ExitWithExitCode 1\n}\n"
},
{
"path": "eng/common/post-build/symbols-validation.ps1",
"content": "param(\n [Parameter(Mandatory = $true)][string] $InputPath, # Full path to directory where NuGet packages to be checked are stored\n [Parameter(Mandatory = $true)][string] $ExtractPath, # Full path to directory where the packages will be extracted during validation\n [Parameter(Mandatory = $true)][string] $DotnetSymbolVersion, # Version of dotnet symbol to use\n [Parameter(Mandatory = $false)][switch] $CheckForWindowsPdbs, # If we should check for the existence of windows pdbs in addition to portable PDBs\n [Parameter(Mandatory = $false)][switch] $ContinueOnError, # If we should keep checking symbols after an error\n [Parameter(Mandatory = $false)][switch] $Clean, # Clean extracted symbols directory after checking symbols\n [Parameter(Mandatory = $false)][string] $SymbolExclusionFile # Exclude the symbols in the file from publishing to symbol server\n)\n\n. $PSScriptRoot\\..\\tools.ps1\n# Maximum number of jobs to run in parallel\n$MaxParallelJobs = 16\n\n# Max number of retries\n$MaxRetry = 5\n\n# Wait time between check for system load\n$SecondsBetweenLoadChecks = 10\n\n# Set error codes\nSet-Variable -Name \"ERROR_BADEXTRACT\" -Option Constant -Value -1\nSet-Variable -Name \"ERROR_FILEDOESNOTEXIST\" -Option Constant -Value -2\n\n$WindowsPdbVerificationParam = \"\"\nif ($CheckForWindowsPdbs) {\n $WindowsPdbVerificationParam = \"--windows-pdbs\"\n}\n\n$ExclusionSet = New-Object System.Collections.Generic.HashSet[string];\n\nif (!$InputPath -or !(Test-Path $InputPath)){\n Write-Host \"No symbols to validate.\"\n ExitWithExitCode 0\n}\n\n#Check if the path exists\nif ($SymbolExclusionFile -and (Test-Path $SymbolExclusionFile)){\n [string[]]$Exclusions = Get-Content \"$SymbolExclusionFile\"\n $Exclusions | foreach { if($_ -and $_.Trim()){$ExclusionSet.Add($_)} }\n}\nelse{\n Write-Host \"Symbol Exclusion file does not exists. No symbols to exclude.\"\n}\n\n$CountMissingSymbols = {\n param( \n [string] $PackagePath, # Path to a NuGet package\n [string] $WindowsPdbVerificationParam # If we should check for the existence of windows pdbs in addition to portable PDBs\n )\n\n Add-Type -AssemblyName System.IO.Compression.FileSystem\n\n Write-Host \"Validating $PackagePath \"\n\n # Ensure input file exist\n if (!(Test-Path $PackagePath)) {\n Write-PipelineTaskError \"Input file does not exist: $PackagePath\"\n return [pscustomobject]@{\n result = $using:ERROR_FILEDOESNOTEXIST\n packagePath = $PackagePath\n }\n }\n \n # Extensions for which we'll look for symbols\n $RelevantExtensions = @('.dll', '.exe', '.so', '.dylib')\n\n # How many files are missing symbol information\n $MissingSymbols = 0\n\n $PackageId = [System.IO.Path]::GetFileNameWithoutExtension($PackagePath)\n $PackageGuid = New-Guid\n $ExtractPath = Join-Path -Path $using:ExtractPath -ChildPath $PackageGuid\n $SymbolsPath = Join-Path -Path $ExtractPath -ChildPath 'Symbols'\n \n try {\n [System.IO.Compression.ZipFile]::ExtractToDirectory($PackagePath, $ExtractPath)\n }\n catch {\n Write-Host \"Something went wrong extracting $PackagePath\"\n Write-Host $_\n return [pscustomobject]@{\n result = $using:ERROR_BADEXTRACT\n packagePath = $PackagePath\n }\n }\n\n Get-ChildItem -Recurse $ExtractPath |\n Where-Object { $RelevantExtensions -contains $_.Extension } |\n ForEach-Object {\n $FileName = $_.FullName\n if ($FileName -Match '\\\\ref\\\\') {\n Write-Host \"`t Ignoring reference assembly file \" $FileName\n return\n }\n\n $FirstMatchingSymbolDescriptionOrDefault = {\n param( \n [string] $FullPath, # Full path to the module that has to be checked\n [string] $TargetServerParam, # Parameter to pass to `Symbol Tool` indicating the server to lookup for symbols\n [string] $WindowsPdbVerificationParam, # Parameter to pass to potential check for windows-pdbs.\n [string] $SymbolsPath\n )\n\n $FileName = [System.IO.Path]::GetFileName($FullPath)\n $Extension = [System.IO.Path]::GetExtension($FullPath)\n\n # Those below are potential symbol files that the `dotnet symbol` might\n # return. Which one will be returned depend on the type of file we are\n # checking and which type of file was uploaded.\n\n # The file itself is returned\n $SymbolPath = $SymbolsPath + '\\' + $FileName\n\n # PDB file for the module\n $PdbPath = $SymbolPath.Replace($Extension, '.pdb')\n\n # PDB file for R2R module (created by crossgen)\n $NGenPdb = $SymbolPath.Replace($Extension, '.ni.pdb')\n\n # DBG file for a .so library\n $SODbg = $SymbolPath.Replace($Extension, '.so.dbg')\n\n # DWARF file for a .dylib\n $DylibDwarf = $SymbolPath.Replace($Extension, '.dylib.dwarf')\n\n $dotnetSymbolExe = \"$env:USERPROFILE\\.dotnet\\tools\"\n $dotnetSymbolExe = Resolve-Path \"$dotnetSymbolExe\\dotnet-symbol.exe\"\n\n $totalRetries = 0\n\n while ($totalRetries -lt $using:MaxRetry) {\n\n # Save the output and get diagnostic output\n $output = & $dotnetSymbolExe --symbols --modules $WindowsPdbVerificationParam $TargetServerParam $FullPath -o $SymbolsPath --diagnostics | Out-String\n\n if ((Test-Path $PdbPath) -and (Test-path $SymbolPath)) {\n return 'Module and PDB for Module'\n }\n elseif ((Test-Path $NGenPdb) -and (Test-Path $PdbPath) -and (Test-Path $SymbolPath)) {\n return 'Dll, PDB and NGen PDB'\n }\n elseif ((Test-Path $SODbg) -and (Test-Path $SymbolPath)) {\n return 'So and DBG for SO'\n } \n elseif ((Test-Path $DylibDwarf) -and (Test-Path $SymbolPath)) {\n return 'Dylib and Dwarf for Dylib'\n } \n elseif (Test-Path $SymbolPath) {\n return 'Module'\n }\n else\n {\n $totalRetries++\n }\n }\n \n return $null\n }\n\n $FileRelativePath = $FileName.Replace(\"$ExtractPath\\\", \"\")\n if (($($using:ExclusionSet) -ne $null) -and ($($using:ExclusionSet).Contains($FileRelativePath) -or ($($using:ExclusionSet).Contains($FileRelativePath.Replace(\"\\\", \"/\"))))){\n Write-Host \"Skipping $FileName from symbol validation\"\n }\n\n else {\n $FileGuid = New-Guid\n $ExpandedSymbolsPath = Join-Path -Path $SymbolsPath -ChildPath $FileGuid\n\n $SymbolsOnMSDL = & $FirstMatchingSymbolDescriptionOrDefault `\n -FullPath $FileName `\n -TargetServerParam '--microsoft-symbol-server' `\n -SymbolsPath \"$ExpandedSymbolsPath-msdl\" `\n -WindowsPdbVerificationParam $WindowsPdbVerificationParam\n $SymbolsOnSymWeb = & $FirstMatchingSymbolDescriptionOrDefault `\n -FullPath $FileName `\n -TargetServerParam '--internal-server' `\n -SymbolsPath \"$ExpandedSymbolsPath-symweb\" `\n -WindowsPdbVerificationParam $WindowsPdbVerificationParam\n\n Write-Host -NoNewLine \"`t Checking file \" $FileName \"... \"\n \n if ($SymbolsOnMSDL -ne $null -and $SymbolsOnSymWeb -ne $null) {\n Write-Host \"Symbols found on MSDL ($SymbolsOnMSDL) and SymWeb ($SymbolsOnSymWeb)\"\n }\n else {\n $MissingSymbols++\n\n if ($SymbolsOnMSDL -eq $null -and $SymbolsOnSymWeb -eq $null) {\n Write-Host 'No symbols found on MSDL or SymWeb!'\n }\n else {\n if ($SymbolsOnMSDL -eq $null) {\n Write-Host 'No symbols found on MSDL!'\n }\n else {\n Write-Host 'No symbols found on SymWeb!'\n }\n }\n }\n }\n }\n \n if ($using:Clean) {\n Remove-Item $ExtractPath -Recurse -Force\n }\n \n Pop-Location\n\n return [pscustomobject]@{\n result = $MissingSymbols\n packagePath = $PackagePath\n }\n}\n\nfunction CheckJobResult(\n $result, \n $packagePath,\n [ref]$DupedSymbols,\n [ref]$TotalFailures) {\n if ($result -eq $ERROR_BADEXTRACT) {\n Write-PipelineTelemetryError -Category 'CheckSymbols' -Message \"$packagePath has duplicated symbol files\"\n $DupedSymbols.Value++\n } \n elseif ($result -eq $ERROR_FILEDOESNOTEXIST) {\n Write-PipelineTelemetryError -Category 'CheckSymbols' -Message \"$packagePath does not exist\"\n $TotalFailures.Value++\n }\n elseif ($result -gt '0') {\n Write-PipelineTelemetryError -Category 'CheckSymbols' -Message \"Missing symbols for $result modules in the package $packagePath\"\n $TotalFailures.Value++\n }\n else {\n Write-Host \"All symbols verified for package $packagePath\"\n }\n}\n\nfunction CheckSymbolsAvailable {\n if (Test-Path $ExtractPath) {\n Remove-Item $ExtractPath -Force -Recurse -ErrorAction SilentlyContinue\n }\n\n $TotalPackages = 0\n $TotalFailures = 0\n $DupedSymbols = 0\n\n Get-ChildItem \"$InputPath\\*.nupkg\" |\n ForEach-Object {\n $FileName = $_.Name\n $FullName = $_.FullName\n\n # These packages from Arcade-Services include some native libraries that\n # our current symbol uploader can't handle. Below is a workaround until\n # we get issue: https://github.com/dotnet/arcade/issues/2457 sorted.\n if ($FileName -Match 'Microsoft\\.DotNet\\.Darc\\.') {\n Write-Host \"Ignoring Arcade-services file: $FileName\"\n Write-Host\n return\n }\n elseif ($FileName -Match 'Microsoft\\.DotNet\\.Maestro\\.Tasks\\.') {\n Write-Host \"Ignoring Arcade-services file: $FileName\"\n Write-Host\n return\n }\n\n $TotalPackages++\n\n Start-Job -ScriptBlock $CountMissingSymbols -ArgumentList @($FullName,$WindowsPdbVerificationParam) | Out-Null\n\n $NumJobs = @(Get-Job -State 'Running').Count\n\n while ($NumJobs -ge $MaxParallelJobs) {\n Write-Host \"There are $NumJobs validation jobs running right now. Waiting $SecondsBetweenLoadChecks seconds to check again.\"\n sleep $SecondsBetweenLoadChecks\n $NumJobs = @(Get-Job -State 'Running').Count\n }\n\n foreach ($Job in @(Get-Job -State 'Completed')) {\n $jobResult = Wait-Job -Id $Job.Id | Receive-Job\n CheckJobResult $jobResult.result $jobResult.packagePath ([ref]$DupedSymbols) ([ref]$TotalFailures)\n Remove-Job -Id $Job.Id\n }\n Write-Host\n }\n\n foreach ($Job in @(Get-Job)) {\n $jobResult = Wait-Job -Id $Job.Id | Receive-Job\n CheckJobResult $jobResult.result $jobResult.packagePath ([ref]$DupedSymbols) ([ref]$TotalFailures)\n }\n\n if ($TotalFailures -gt 0 -or $DupedSymbols -gt 0) {\n if ($TotalFailures -gt 0) {\n Write-PipelineTelemetryError -Category 'CheckSymbols' -Message \"Symbols missing for $TotalFailures/$TotalPackages packages\"\n }\n\n if ($DupedSymbols -gt 0) {\n Write-PipelineTelemetryError -Category 'CheckSymbols' -Message \"$DupedSymbols/$TotalPackages packages had duplicated symbol files and could not be extracted\"\n }\n \n ExitWithExitCode 1\n }\n else {\n Write-Host \"All symbols validated!\"\n }\n}\n\nfunction InstallDotnetSymbol {\n $dotnetSymbolPackageName = 'dotnet-symbol'\n\n $dotnetRoot = InitializeDotNetCli -install:$true\n $dotnet = \"$dotnetRoot\\dotnet.exe\"\n $toolList = & \"$dotnet\" tool list --global\n\n if (($toolList -like \"*$dotnetSymbolPackageName*\") -and ($toolList -like \"*$dotnetSymbolVersion*\")) {\n Write-Host \"dotnet-symbol version $dotnetSymbolVersion is already installed.\"\n }\n else {\n Write-Host \"Installing dotnet-symbol version $dotnetSymbolVersion...\"\n Write-Host 'You may need to restart your command window if this is the first dotnet tool you have installed.'\n & \"$dotnet\" tool install $dotnetSymbolPackageName --version $dotnetSymbolVersion --verbosity \"minimal\" --global\n }\n}\n\ntry {\n InstallDotnetSymbol\n\n foreach ($Job in @(Get-Job)) {\n Remove-Job -Id $Job.Id\n }\n\n CheckSymbolsAvailable\n}\ncatch {\n Write-Host $_.ScriptStackTrace\n Write-PipelineTelemetryError -Category 'CheckSymbols' -Message $_\n ExitWithExitCode 1\n}\n"
},
{
"path": "eng/common/retain-build.ps1",
"content": "\nParam(\n[Parameter(Mandatory=$true)][int] $buildId,\n[Parameter(Mandatory=$true)][string] $azdoOrgUri, \n[Parameter(Mandatory=$true)][string] $azdoProject,\n[Parameter(Mandatory=$true)][string] $token\n)\n\n$ErrorActionPreference = 'Stop'\nSet-StrictMode -Version 2.0\n\nfunction Get-AzDOHeaders(\n [string] $token)\n{\n $base64AuthInfo = [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(\":${token}\"))\n $headers = @{\"Authorization\"=\"Basic $base64AuthInfo\"}\n return $headers\n}\n\nfunction Update-BuildRetention(\n [string] $azdoOrgUri,\n [string] $azdoProject,\n [int] $buildId,\n [string] $token)\n{\n $headers = Get-AzDOHeaders -token $token\n $requestBody = \"{\n `\"keepForever`\": `\"true`\"\n }\"\n\n $requestUri = \"${azdoOrgUri}/${azdoProject}/_apis/build/builds/${buildId}?api-version=6.0\"\n write-Host \"Attempting to retain build using the following URI: ${requestUri} ...\"\n\n try {\n Invoke-RestMethod -Uri $requestUri -Method Patch -Body $requestBody -Header $headers -contentType \"application/json\"\n Write-Host \"Updated retention settings for build ${buildId}.\"\n }\n catch {\n Write-Error \"Failed to update retention settings for build: $_.Exception.Response.StatusDescription\"\n exit 1\n }\n}\n\nUpdate-BuildRetention -azdoOrgUri $azdoOrgUri -azdoProject $azdoProject -buildId $buildId -token $token\nexit 0\n"
},
{
"path": "eng/common/sdk-task.ps1",
"content": "[CmdletBinding(PositionalBinding=$false)]\nParam(\n [string] $configuration = 'Debug',\n [string] $task,\n [string] $verbosity = 'minimal',\n [string] $msbuildEngine = $null,\n [switch] $restore,\n [switch] $prepareMachine,\n [switch][Alias('nobl')]$excludeCIBinaryLog,\n [switch]$noWarnAsError,\n [switch] $help,\n [string] $runtimeSourceFeed = '',\n [string] $runtimeSourceFeedKey = '',\n [Parameter(ValueFromRemainingArguments=$true)][String[]]$properties\n)\n\n$ci = $true\n$binaryLog = if ($excludeCIBinaryLog) { $false } else { $true }\n$warnAsError = if ($noWarnAsError) { $false } else { $true }\n\n. $PSScriptRoot\\tools.ps1\n\nfunction Print-Usage() {\n Write-Host \"Common settings:\"\n Write-Host \" -task Name of Arcade task (name of a project in SdkTasks directory of the Arcade SDK package)\"\n Write-Host \" -restore Restore dependencies\"\n Write-Host \" -verbosity Msbuild verbosity: q[uiet], m[inimal], n[ormal], d[etailed], and diag[nostic]\"\n Write-Host \" -help Print help and exit\"\n Write-Host \"\"\n\n Write-Host \"Advanced settings:\"\n Write-Host \" -prepareMachine Prepare machine for CI run\"\n Write-Host \" -msbuildEngine Msbuild engine to use to run build ('dotnet', 'vs', or unspecified).\"\n Write-Host \" -excludeCIBinaryLog When running on CI, allow no binary log (short: -nobl)\"\n Write-Host \"\"\n Write-Host \"Command line arguments not listed above are passed thru to msbuild.\"\n}\n\nfunction Build([string]$target) {\n $logSuffix = if ($target -eq 'Execute') { '' } else { \".$target\" }\n $log = Join-Path $LogDir \"$task$logSuffix.binlog\"\n $binaryLogArg = if ($binaryLog) { \"/bl:$log\" } else { \"\" }\n $outputPath = Join-Path $ToolsetDir \"$task\\\"\n\n MSBuild $taskProject `\n $binaryLogArg `\n /t:$target `\n /p:Configuration=$configuration `\n /p:RepoRoot=$RepoRoot `\n /p:BaseIntermediateOutputPath=$outputPath `\n /v:$verbosity `\n @properties\n}\n\ntry {\n if ($help -or (($null -ne $properties) -and ($properties.Contains('/help') -or $properties.Contains('/?')))) {\n Print-Usage\n exit 0\n }\n\n if ($task -eq \"\") {\n Write-PipelineTelemetryError -Category 'Build' -Message \"Missing required parameter '-task '\"\n Print-Usage\n ExitWithExitCode 1\n }\n\n if( $msbuildEngine -eq \"vs\") {\n # Ensure desktop MSBuild is available for sdk tasks.\n if( -not ($GlobalJson.tools.PSObject.Properties.Name -contains \"vs\" )) {\n $GlobalJson.tools | Add-Member -Name \"vs\" -Value (ConvertFrom-Json \"{ `\"version`\": `\"16.5`\" }\") -MemberType NoteProperty\n }\n if( -not ($GlobalJson.tools.PSObject.Properties.Name -match \"xcopy-msbuild\" )) {\n $GlobalJson.tools | Add-Member -Name \"xcopy-msbuild\" -Value \"18.0.0\" -MemberType NoteProperty\n }\n if ($GlobalJson.tools.\"xcopy-msbuild\".Trim() -ine \"none\") {\n $xcopyMSBuildToolsFolder = InitializeXCopyMSBuild $GlobalJson.tools.\"xcopy-msbuild\" -install $true\n }\n if ($xcopyMSBuildToolsFolder -eq $null) {\n throw 'Unable to get xcopy downloadable version of msbuild'\n }\n\n $global:_MSBuildExe = \"$($xcopyMSBuildToolsFolder)\\MSBuild\\Current\\Bin\\MSBuild.exe\"\n }\n\n $taskProject = GetSdkTaskProject $task\n if (!(Test-Path $taskProject)) {\n Write-PipelineTelemetryError -Category 'Build' -Message \"Unknown task: $task\"\n ExitWithExitCode 1\n }\n\n if ($restore) {\n Build 'Restore'\n }\n\n Build 'Execute'\n}\ncatch {\n Write-Host $_.ScriptStackTrace\n Write-PipelineTelemetryError -Category 'Build' -Message $_\n ExitWithExitCode 1\n}\n\nExitWithExitCode 0\n"
},
{
"path": "eng/common/sdk-task.sh",
"content": "#!/usr/bin/env bash\n\nshow_usage() {\n echo \"Common settings:\"\n echo \" --task Name of Arcade task (name of a project in SdkTasks directory of the Arcade SDK package)\"\n echo \" --restore Restore dependencies\"\n echo \" --verbosity Msbuild verbosity: q[uiet], m[inimal], n[ormal], d[etailed], and diag[nostic]\"\n echo \" --help Print help and exit\"\n echo \"\"\n\n echo \"Advanced settings:\"\n echo \" --excludeCIBinarylog Don't output binary log (short: -nobl)\"\n echo \" --noWarnAsError Do not warn as error\"\n echo \"\"\n echo \"Command line arguments not listed above are passed thru to msbuild.\"\n}\n\nsource=\"${BASH_SOURCE[0]}\"\n\n# resolve $source until the file is no longer a symlink\nwhile [[ -h \"$source\" ]]; do\n scriptroot=\"$( cd -P \"$( dirname \"$source\" )\" && pwd )\"\n source=\"$(readlink \"$source\")\"\n # if $source was a relative symlink, we need to resolve it relative to the path where the\n # symlink file was located\n [[ $source != /* ]] && source=\"$scriptroot/$source\"\ndone\nscriptroot=\"$( cd -P \"$( dirname \"$source\" )\" && pwd )\"\n\nBuild() {\n local target=$1\n local log_suffix=\"\"\n [[ \"$target\" != \"Execute\" ]] && log_suffix=\".$target\"\n local log=\"$log_dir/$task$log_suffix.binlog\"\n local binaryLogArg=\"\"\n [[ $binary_log == true ]] && binaryLogArg=\"/bl:$log\"\n local output_path=\"$toolset_dir/$task/\"\n\n MSBuild \"$taskProject\" \\\n $binaryLogArg \\\n /t:\"$target\" \\\n /p:Configuration=\"$configuration\" \\\n /p:RepoRoot=\"$repo_root\" \\\n /p:BaseIntermediateOutputPath=\"$output_path\" \\\n /v:\"$verbosity\" \\\n $properties\n}\n\nbinary_log=true\nconfiguration=\"Debug\"\nverbosity=\"minimal\"\nexclude_ci_binary_log=false\nrestore=false\nhelp=false\nproperties=''\nwarnAsError=true\n\nwhile (($# > 0)); do\n lowerI=\"$(echo $1 | tr \"[:upper:]\" \"[:lower:]\")\"\n case $lowerI in\n --task)\n task=$2\n shift 2\n ;;\n --restore)\n restore=true\n shift 1\n ;;\n --verbosity)\n verbosity=$2\n shift 2\n ;;\n --excludecibinarylog|--nobl)\n binary_log=false\n exclude_ci_binary_log=true\n shift 1\n ;;\n --noWarnAsError)\n warnAsError=false\n shift 1\n ;;\n --help)\n help=true\n shift 1\n ;;\n *)\n properties=\"$properties $1\"\n shift 1\n ;;\n esac\ndone\n\nci=true\n\nif $help; then\n show_usage\n exit 0\nfi\n\n. \"$scriptroot/tools.sh\"\nInitializeToolset\n\nif [[ -z \"$task\" ]]; then\n Write-PipelineTelemetryError -Category 'Task' -Name 'MissingTask' -Message \"Missing required parameter '-task '\"\n ExitWithExitCode 1\nfi\n\ntaskProject=$(GetSdkTaskProject \"$task\")\nif [[ ! -e \"$taskProject\" ]]; then\n Write-PipelineTelemetryError -Category 'Task' -Name 'UnknownTask' -Message \"Unknown task: $task\"\n ExitWithExitCode 1\nfi\n\nif $restore; then\n Build \"Restore\"\nfi\n\nBuild \"Execute\"\n\n\nExitWithExitCode 0\n"
},
{
"path": "eng/common/sdl/NuGet.config",
"content": "\n\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n\n"
},
{
"path": "eng/common/sdl/configure-sdl-tool.ps1",
"content": "Param(\n [string] $GuardianCliLocation,\n [string] $WorkingDirectory,\n [string] $TargetDirectory,\n [string] $GdnFolder,\n # The list of Guardian tools to configure. For each object in the array:\n # - If the item is a [hashtable], it must contain these entries:\n # - Name = The tool name as Guardian knows it.\n # - Scenario = (Optional) Scenario-specific name for this configuration entry. It must be unique\n # among all tool entries with the same Name.\n # - Args = (Optional) Array of Guardian tool configuration args, like '@(\"Target > C:\\temp\")'\n # - If the item is a [string] $v, it is treated as '@{ Name=\"$v\" }'\n [object[]] $ToolsList,\n [string] $GuardianLoggerLevel='Standard',\n # Optional: Additional params to add to any tool using CredScan.\n [string[]] $CrScanAdditionalRunConfigParams,\n # Optional: Additional params to add to any tool using PoliCheck.\n [string[]] $PoliCheckAdditionalRunConfigParams,\n # Optional: Additional params to add to any tool using CodeQL/Semmle.\n [string[]] $CodeQLAdditionalRunConfigParams,\n # Optional: Additional params to add to any tool using Binskim.\n [string[]] $BinskimAdditionalRunConfigParams\n)\n\n$ErrorActionPreference = 'Stop'\nSet-StrictMode -Version 2.0\n$disableConfigureToolsetImport = $true\n$global:LASTEXITCODE = 0\n\ntry {\n # `tools.ps1` checks $ci to perform some actions. Since the SDL\n # scripts don't necessarily execute in the same agent that run the\n # build.ps1/sh script this variable isn't automatically set.\n $ci = $true\n . $PSScriptRoot\\..\\tools.ps1\n\n # Normalize tools list: all in [hashtable] form with defined values for each key.\n $ToolsList = $ToolsList |\n ForEach-Object {\n if ($_ -is [string]) {\n $_ = @{ Name = $_ }\n }\n\n if (-not ($_['Scenario'])) { $_.Scenario = \"\" }\n if (-not ($_['Args'])) { $_.Args = @() }\n $_\n }\n \n Write-Host \"List of tools to configure:\"\n $ToolsList | ForEach-Object { $_ | Out-String | Write-Host }\n\n # We store config files in the r directory of .gdn\n $gdnConfigPath = Join-Path $GdnFolder 'r'\n $ValidPath = Test-Path $GuardianCliLocation\n\n if ($ValidPath -eq $False)\n {\n Write-PipelineTelemetryError -Force -Category 'Sdl' -Message \"Invalid Guardian CLI Location.\"\n ExitWithExitCode 1\n }\n\n foreach ($tool in $ToolsList) {\n # Put together the name and scenario to make a unique key.\n $toolConfigName = $tool.Name\n if ($tool.Scenario) {\n $toolConfigName += \"_\" + $tool.Scenario\n }\n\n Write-Host \"=== Configuring $toolConfigName...\"\n\n $gdnConfigFile = Join-Path $gdnConfigPath \"$toolConfigName-configure.gdnconfig\"\n\n # For some tools, add default and automatic args.\n switch -Exact ($tool.Name) {\n 'credscan' {\n if ($targetDirectory) {\n $tool.Args += \"`\"TargetDirectory < $TargetDirectory`\"\"\n }\n $tool.Args += \"`\"OutputType < pre`\"\"\n $tool.Args += $CrScanAdditionalRunConfigParams\n }\n 'policheck' {\n if ($targetDirectory) {\n $tool.Args += \"`\"Target < $TargetDirectory`\"\"\n }\n $tool.Args += $PoliCheckAdditionalRunConfigParams\n }\n {$_ -in 'semmle', 'codeql'} {\n if ($targetDirectory) {\n $tool.Args += \"`\"SourceCodeDirectory < $TargetDirectory`\"\"\n }\n $tool.Args += $CodeQLAdditionalRunConfigParams\n }\n 'binskim' {\n if ($targetDirectory) {\n # Binskim crashes due to specific PDBs. GitHub issue: https://github.com/microsoft/binskim/issues/924.\n # We are excluding all `_.pdb` files from the scan.\n $tool.Args += \"`\"Target < $TargetDirectory\\**;-:file|$TargetDirectory\\**\\_.pdb`\"\"\n }\n $tool.Args += $BinskimAdditionalRunConfigParams\n }\n }\n\n # Create variable pointing to the args array directly so we can use splat syntax later.\n $toolArgs = $tool.Args\n\n # Configure the tool. If args array is provided or the current tool has some default arguments\n # defined, add \"--args\" and splat each element on the end. Arg format is \"{Arg id} < {Value}\",\n # one per parameter. Doc page for \"guardian configure\":\n # https://dev.azure.com/securitytools/SecurityIntegration/_wiki/wikis/Guardian/1395/configure\n Exec-BlockVerbosely {\n & $GuardianCliLocation configure `\n --working-directory $WorkingDirectory `\n --tool $tool.Name `\n --output-path $gdnConfigFile `\n --logger-level $GuardianLoggerLevel `\n --noninteractive `\n --force `\n $(if ($toolArgs) { \"--args\" }) @toolArgs\n Exit-IfNZEC \"Sdl\"\n }\n\n Write-Host \"Created '$toolConfigName' configuration file: $gdnConfigFile\"\n }\n}\ncatch {\n Write-Host $_.ScriptStackTrace\n Write-PipelineTelemetryError -Force -Category 'Sdl' -Message $_\n ExitWithExitCode 1\n}\n"
},
{
"path": "eng/common/sdl/execute-all-sdl-tools.ps1",
"content": "Param(\n [string] $GuardianPackageName, # Required: the name of guardian CLI package (not needed if GuardianCliLocation is specified)\n [string] $NugetPackageDirectory, # Required: directory where NuGet packages are installed (not needed if GuardianCliLocation is specified)\n [string] $GuardianCliLocation, # Optional: Direct location of Guardian CLI executable if GuardianPackageName & NugetPackageDirectory are not specified\n [string] $Repository=$env:BUILD_REPOSITORY_NAME, # Required: the name of the repository (e.g. dotnet/arcade)\n [string] $BranchName=$env:BUILD_SOURCEBRANCH, # Optional: name of branch or version of gdn settings; defaults to master\n [string] $SourceDirectory=$env:BUILD_SOURCESDIRECTORY, # Required: the directory where source files are located\n [string] $ArtifactsDirectory = (Join-Path $env:BUILD_ARTIFACTSTAGINGDIRECTORY ('artifacts')), # Required: the directory where build artifacts are located\n [string] $AzureDevOpsAccessToken, # Required: access token for dnceng; should be provided via KeyVault\n\n # Optional: list of SDL tools to run on source code. See 'configure-sdl-tool.ps1' for tools list\n # format.\n [object[]] $SourceToolsList,\n # Optional: list of SDL tools to run on built artifacts. See 'configure-sdl-tool.ps1' for tools\n # list format.\n [object[]] $ArtifactToolsList,\n # Optional: list of SDL tools to run without automatically specifying a target directory. See\n # 'configure-sdl-tool.ps1' for tools list format.\n [object[]] $CustomToolsList,\n\n [bool] $TsaPublish=$False, # Optional: true will publish results to TSA; only set to true after onboarding to TSA; TSA is the automated framework used to upload test results as bugs.\n [string] $TsaBranchName=$env:BUILD_SOURCEBRANCH, # Optional: required for TSA publish; defaults to $(Build.SourceBranchName); TSA is the automated framework used to upload test results as bugs.\n [string] $TsaRepositoryName=$env:BUILD_REPOSITORY_NAME, # Optional: TSA repository name; will be generated automatically if not submitted; TSA is the automated framework used to upload test results as bugs.\n [string] $BuildNumber=$env:BUILD_BUILDNUMBER, # Optional: required for TSA publish; defaults to $(Build.BuildNumber)\n [bool] $UpdateBaseline=$False, # Optional: if true, will update the baseline in the repository; should only be run after fixing any issues which need to be fixed\n [bool] $TsaOnboard=$False, # Optional: if true, will onboard the repository to TSA; should only be run once; TSA is the automated framework used to upload test results as bugs.\n [string] $TsaInstanceUrl, # Optional: only needed if TsaOnboard or TsaPublish is true; the instance-url registered with TSA; TSA is the automated framework used to upload test results as bugs.\n [string] $TsaCodebaseName, # Optional: only needed if TsaOnboard or TsaPublish is true; the name of the codebase registered with TSA; TSA is the automated framework used to upload test results as bugs.\n [string] $TsaProjectName, # Optional: only needed if TsaOnboard or TsaPublish is true; the name of the project registered with TSA; TSA is the automated framework used to upload test results as bugs.\n [string] $TsaNotificationEmail, # Optional: only needed if TsaOnboard is true; the email(s) which will receive notifications of TSA bug filings (e.g. alias@microsoft.com); TSA is the automated framework used to upload test results as bugs.\n [string] $TsaCodebaseAdmin, # Optional: only needed if TsaOnboard is true; the aliases which are admins of the TSA codebase (e.g. DOMAIN\\alias); TSA is the automated framework used to upload test results as bugs.\n [string] $TsaBugAreaPath, # Optional: only needed if TsaOnboard is true; the area path where TSA will file bugs in AzDO; TSA is the automated framework used to upload test results as bugs.\n [string] $TsaIterationPath, # Optional: only needed if TsaOnboard is true; the iteration path where TSA will file bugs in AzDO; TSA is the automated framework used to upload test results as bugs.\n [string] $GuardianLoggerLevel='Standard', # Optional: the logger level for the Guardian CLI; options are Trace, Verbose, Standard, Warning, and Error\n [string[]] $CrScanAdditionalRunConfigParams, # Optional: Additional Params to custom build a CredScan run config in the format @(\"xyz:abc\",\"sdf:1\")\n [string[]] $PoliCheckAdditionalRunConfigParams, # Optional: Additional Params to custom build a Policheck run config in the format @(\"xyz:abc\",\"sdf:1\")\n [string[]] $CodeQLAdditionalRunConfigParams, # Optional: Additional Params to custom build a Semmle/CodeQL run config in the format @(\"xyz < abc\",\"sdf < 1\")\n [string[]] $BinskimAdditionalRunConfigParams, # Optional: Additional Params to custom build a Binskim run config in the format @(\"xyz < abc\",\"sdf < 1\")\n [bool] $BreakOnFailure=$False # Optional: Fail the build if there were errors during the run\n)\n\ntry {\n $ErrorActionPreference = 'Stop'\n Set-StrictMode -Version 2.0\n $disableConfigureToolsetImport = $true\n $global:LASTEXITCODE = 0\n\n # `tools.ps1` checks $ci to perform some actions. Since the SDL\n # scripts don't necessarily execute in the same agent that run the\n # build.ps1/sh script this variable isn't automatically set.\n $ci = $true\n . $PSScriptRoot\\..\\tools.ps1\n\n #Replace repo names to the format of org/repo\n if (!($Repository.contains('/'))) {\n $RepoName = $Repository -replace '(.*?)-(.*)', '$1/$2';\n }\n else{\n $RepoName = $Repository;\n }\n\n if ($GuardianPackageName) {\n $guardianCliLocation = Join-Path $NugetPackageDirectory (Join-Path $GuardianPackageName (Join-Path 'tools' 'guardian.cmd'))\n } else {\n $guardianCliLocation = $GuardianCliLocation\n }\n\n $workingDirectory = (Split-Path $SourceDirectory -Parent)\n $ValidPath = Test-Path $guardianCliLocation\n\n if ($ValidPath -eq $False)\n {\n Write-PipelineTelemetryError -Force -Category 'Sdl' -Message 'Invalid Guardian CLI Location.'\n ExitWithExitCode 1\n }\n\n Exec-BlockVerbosely {\n & $(Join-Path $PSScriptRoot 'init-sdl.ps1') -GuardianCliLocation $guardianCliLocation -Repository $RepoName -BranchName $BranchName -WorkingDirectory $workingDirectory -AzureDevOpsAccessToken $AzureDevOpsAccessToken -GuardianLoggerLevel $GuardianLoggerLevel\n }\n $gdnFolder = Join-Path $workingDirectory '.gdn'\n\n if ($TsaOnboard) {\n if ($TsaCodebaseName -and $TsaNotificationEmail -and $TsaCodebaseAdmin -and $TsaBugAreaPath) {\n Exec-BlockVerbosely {\n & $guardianCliLocation tsa-onboard --codebase-name \"$TsaCodebaseName\" --notification-alias \"$TsaNotificationEmail\" --codebase-admin \"$TsaCodebaseAdmin\" --instance-url \"$TsaInstanceUrl\" --project-name \"$TsaProjectName\" --area-path \"$TsaBugAreaPath\" --iteration-path \"$TsaIterationPath\" --working-directory $workingDirectory --logger-level $GuardianLoggerLevel\n }\n if ($LASTEXITCODE -ne 0) {\n Write-PipelineTelemetryError -Force -Category 'Sdl' -Message \"Guardian tsa-onboard failed with exit code $LASTEXITCODE.\"\n ExitWithExitCode $LASTEXITCODE\n }\n } else {\n Write-PipelineTelemetryError -Force -Category 'Sdl' -Message 'Could not onboard to TSA -- not all required values ($TsaCodebaseName, $TsaNotificationEmail, $TsaCodebaseAdmin, $TsaBugAreaPath) were specified.'\n ExitWithExitCode 1\n }\n }\n\n # Configure a list of tools with a default target directory. Populates the \".gdn/r\" directory.\n function Configure-ToolsList([object[]] $tools, [string] $targetDirectory) {\n if ($tools -and $tools.Count -gt 0) {\n Exec-BlockVerbosely {\n & $(Join-Path $PSScriptRoot 'configure-sdl-tool.ps1') `\n -GuardianCliLocation $guardianCliLocation `\n -WorkingDirectory $workingDirectory `\n -TargetDirectory $targetDirectory `\n -GdnFolder $gdnFolder `\n -ToolsList $tools `\n -AzureDevOpsAccessToken $AzureDevOpsAccessToken `\n -GuardianLoggerLevel $GuardianLoggerLevel `\n -CrScanAdditionalRunConfigParams $CrScanAdditionalRunConfigParams `\n -PoliCheckAdditionalRunConfigParams $PoliCheckAdditionalRunConfigParams `\n -CodeQLAdditionalRunConfigParams $CodeQLAdditionalRunConfigParams `\n -BinskimAdditionalRunConfigParams $BinskimAdditionalRunConfigParams\n if ($BreakOnFailure) {\n Exit-IfNZEC \"Sdl\"\n }\n }\n }\n }\n\n # Configure Artifact and Source tools with default Target directories.\n Configure-ToolsList $ArtifactToolsList $ArtifactsDirectory\n Configure-ToolsList $SourceToolsList $SourceDirectory\n # Configure custom tools with no default Target directory.\n Configure-ToolsList $CustomToolsList $null\n\n # At this point, all tools are configured in the \".gdn\" directory. Run them all in a single call.\n # (If we used \"run\" multiple times, each run would overwrite data from earlier runs.)\n Exec-BlockVerbosely {\n & $(Join-Path $PSScriptRoot 'run-sdl.ps1') `\n -GuardianCliLocation $guardianCliLocation `\n -WorkingDirectory $SourceDirectory `\n -UpdateBaseline $UpdateBaseline `\n -GdnFolder $gdnFolder\n }\n\n if ($TsaPublish) {\n if ($TsaBranchName -and $BuildNumber) {\n if (-not $TsaRepositoryName) {\n $TsaRepositoryName = \"$($Repository)-$($BranchName)\"\n }\n Exec-BlockVerbosely {\n & $guardianCliLocation tsa-publish --all-tools --repository-name \"$TsaRepositoryName\" --branch-name \"$TsaBranchName\" --build-number \"$BuildNumber\" --onboard $True --codebase-name \"$TsaCodebaseName\" --notification-alias \"$TsaNotificationEmail\" --codebase-admin \"$TsaCodebaseAdmin\" --instance-url \"$TsaInstanceUrl\" --project-name \"$TsaProjectName\" --area-path \"$TsaBugAreaPath\" --iteration-path \"$TsaIterationPath\" --working-directory $workingDirectory --logger-level $GuardianLoggerLevel\n }\n if ($LASTEXITCODE -ne 0) {\n Write-PipelineTelemetryError -Force -Category 'Sdl' -Message \"Guardian tsa-publish failed with exit code $LASTEXITCODE.\"\n ExitWithExitCode $LASTEXITCODE\n }\n } else {\n Write-PipelineTelemetryError -Force -Category 'Sdl' -Message 'Could not publish to TSA -- not all required values ($TsaBranchName, $BuildNumber) were specified.'\n ExitWithExitCode 1\n }\n }\n\n if ($BreakOnFailure) {\n Write-Host \"Failing the build in case of breaking results...\"\n Exec-BlockVerbosely {\n & $guardianCliLocation break --working-directory $workingDirectory --logger-level $GuardianLoggerLevel\n }\n } else {\n Write-Host \"Letting the build pass even if there were breaking results...\"\n }\n}\ncatch {\n Write-Host $_.ScriptStackTrace\n Write-PipelineTelemetryError -Force -Category 'Sdl' -Message $_\n exit 1\n}\n"
},
{
"path": "eng/common/sdl/extract-artifact-archives.ps1",
"content": "# This script looks for each archive file in a directory and extracts it into the target directory.\n# For example, the file \"$InputPath/bin.tar.gz\" extracts to \"$ExtractPath/bin.tar.gz.extracted/**\".\n# Uses the \"tar\" utility added to Windows 10 / Windows 2019 that supports tar.gz and zip.\nparam(\n # Full path to directory where archives are stored.\n [Parameter(Mandatory=$true)][string] $InputPath,\n # Full path to directory to extract archives into. May be the same as $InputPath.\n [Parameter(Mandatory=$true)][string] $ExtractPath\n)\n\n$ErrorActionPreference = 'Stop'\nSet-StrictMode -Version 2.0\n\n$disableConfigureToolsetImport = $true\n\ntry {\n # `tools.ps1` checks $ci to perform some actions. Since the SDL\n # scripts don't necessarily execute in the same agent that run the\n # build.ps1/sh script this variable isn't automatically set.\n $ci = $true\n . $PSScriptRoot\\..\\tools.ps1\n\n Measure-Command {\n $jobs = @()\n\n # Find archive files for non-Windows and Windows builds.\n $archiveFiles = @(\n Get-ChildItem (Join-Path $InputPath \"*.tar.gz\")\n Get-ChildItem (Join-Path $InputPath \"*.zip\")\n )\n\n foreach ($targzFile in $archiveFiles) {\n $jobs += Start-Job -ScriptBlock {\n $file = $using:targzFile\n $fileName = [System.IO.Path]::GetFileName($file)\n $extractDir = Join-Path $using:ExtractPath \"$fileName.extracted\"\n\n New-Item $extractDir -ItemType Directory -Force | Out-Null\n\n Write-Host \"Extracting '$file' to '$extractDir'...\"\n\n # Pipe errors to stdout to prevent PowerShell detecting them and quitting the job early.\n # This type of quit skips the catch, so we wouldn't be able to tell which file triggered the\n # error. Save output so it can be stored in the exception string along with context.\n $output = tar -xf $file -C $extractDir 2>&1\n # Handle NZEC manually rather than using Exit-IfNZEC: we are in a background job, so we\n # don't have access to the outer scope.\n if ($LASTEXITCODE -ne 0) {\n throw \"Error extracting '$file': non-zero exit code ($LASTEXITCODE). Output: '$output'\"\n }\n\n Write-Host \"Extracted to $extractDir\"\n }\n }\n\n Receive-Job $jobs -Wait\n }\n}\ncatch {\n Write-Host $_\n Write-PipelineTelemetryError -Force -Category 'Sdl' -Message $_\n ExitWithExitCode 1\n}\n"
},
{
"path": "eng/common/sdl/extract-artifact-packages.ps1",
"content": "param(\n [Parameter(Mandatory=$true)][string] $InputPath, # Full path to directory where artifact packages are stored\n [Parameter(Mandatory=$true)][string] $ExtractPath # Full path to directory where the packages will be extracted\n)\n\n$ErrorActionPreference = 'Stop'\nSet-StrictMode -Version 2.0\n\n$disableConfigureToolsetImport = $true\n\nfunction ExtractArtifacts {\n if (!(Test-Path $InputPath)) {\n Write-Host \"Input Path does not exist: $InputPath\"\n ExitWithExitCode 0\n }\n $Jobs = @()\n Get-ChildItem \"$InputPath\\*.nupkg\" |\n ForEach-Object {\n $Jobs += Start-Job -ScriptBlock $ExtractPackage -ArgumentList $_.FullName\n }\n\n foreach ($Job in $Jobs) {\n Wait-Job -Id $Job.Id | Receive-Job\n }\n}\n\ntry {\n # `tools.ps1` checks $ci to perform some actions. Since the SDL\n # scripts don't necessarily execute in the same agent that run the\n # build.ps1/sh script this variable isn't automatically set.\n $ci = $true\n . $PSScriptRoot\\..\\tools.ps1\n\n $ExtractPackage = {\n param( \n [string] $PackagePath # Full path to a NuGet package\n )\n\n if (!(Test-Path $PackagePath)) {\n Write-PipelineTelemetryError -Category 'Build' -Message \"Input file does not exist: $PackagePath\"\n ExitWithExitCode 1\n }\n\n $RelevantExtensions = @('.dll', '.exe', '.pdb')\n Write-Host -NoNewLine 'Extracting ' ([System.IO.Path]::GetFileName($PackagePath)) '...'\n\n $PackageId = [System.IO.Path]::GetFileNameWithoutExtension($PackagePath)\n $ExtractPath = Join-Path -Path $using:ExtractPath -ChildPath $PackageId\n\n Add-Type -AssemblyName System.IO.Compression.FileSystem\n\n [System.IO.Directory]::CreateDirectory($ExtractPath);\n\n try {\n $zip = [System.IO.Compression.ZipFile]::OpenRead($PackagePath)\n \n $zip.Entries | \n Where-Object {$RelevantExtensions -contains [System.IO.Path]::GetExtension($_.Name)} |\n ForEach-Object {\n $TargetPath = Join-Path -Path $ExtractPath -ChildPath (Split-Path -Path $_.FullName)\n [System.IO.Directory]::CreateDirectory($TargetPath);\n\n $TargetFile = Join-Path -Path $ExtractPath -ChildPath $_.FullName\n [System.IO.Compression.ZipFileExtensions]::ExtractToFile($_, $TargetFile)\n }\n }\n catch {\n Write-Host $_\n Write-PipelineTelemetryError -Force -Category 'Sdl' -Message $_\n ExitWithExitCode 1\n }\n finally {\n $zip.Dispose() \n }\n }\n Measure-Command { ExtractArtifacts }\n}\ncatch {\n Write-Host $_\n Write-PipelineTelemetryError -Force -Category 'Sdl' -Message $_\n ExitWithExitCode 1\n}\n"
},
{
"path": "eng/common/sdl/init-sdl.ps1",
"content": "Param(\n [string] $GuardianCliLocation,\n [string] $Repository,\n [string] $BranchName='master',\n [string] $WorkingDirectory,\n [string] $AzureDevOpsAccessToken,\n [string] $GuardianLoggerLevel='Standard'\n)\n\n$ErrorActionPreference = 'Stop'\nSet-StrictMode -Version 2.0\n$disableConfigureToolsetImport = $true\n$global:LASTEXITCODE = 0\n\n# `tools.ps1` checks $ci to perform some actions. Since the SDL\n# scripts don't necessarily execute in the same agent that run the\n# build.ps1/sh script this variable isn't automatically set.\n$ci = $true\n. $PSScriptRoot\\..\\tools.ps1\n\n# Don't display the console progress UI - it's a huge perf hit\n$ProgressPreference = 'SilentlyContinue'\n\n# Construct basic auth from AzDO access token; construct URI to the repository's gdn folder stored in that repository; construct location of zip file\n$encodedPat = [Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes(\":$AzureDevOpsAccessToken\"))\n$escapedRepository = [Uri]::EscapeDataString(\"/$Repository/$BranchName/.gdn\")\n$uri = \"https://dev.azure.com/dnceng/internal/_apis/git/repositories/sdl-tool-cfg/Items?path=$escapedRepository&versionDescriptor[versionOptions]=0&`$format=zip&api-version=5.0\"\n$zipFile = \"$WorkingDirectory/gdn.zip\"\n\nAdd-Type -AssemblyName System.IO.Compression.FileSystem\n$gdnFolder = (Join-Path $WorkingDirectory '.gdn')\n\ntry {\n # if the folder does not exist, we'll do a guardian init and push it to the remote repository\n Write-Host 'Initializing Guardian...'\n Write-Host \"$GuardianCliLocation init --working-directory $WorkingDirectory --logger-level $GuardianLoggerLevel\"\n & $GuardianCliLocation init --working-directory $WorkingDirectory --logger-level $GuardianLoggerLevel\n if ($LASTEXITCODE -ne 0) {\n Write-PipelineTelemetryError -Force -Category 'Build' -Message \"Guardian init failed with exit code $LASTEXITCODE.\"\n ExitWithExitCode $LASTEXITCODE\n }\n # We create the mainbaseline so it can be edited later\n Write-Host \"$GuardianCliLocation baseline --working-directory $WorkingDirectory --name mainbaseline\"\n & $GuardianCliLocation baseline --working-directory $WorkingDirectory --name mainbaseline\n if ($LASTEXITCODE -ne 0) {\n Write-PipelineTelemetryError -Force -Category 'Build' -Message \"Guardian baseline failed with exit code $LASTEXITCODE.\"\n ExitWithExitCode $LASTEXITCODE\n }\n ExitWithExitCode 0\n}\ncatch {\n Write-Host $_.ScriptStackTrace\n Write-PipelineTelemetryError -Force -Category 'Sdl' -Message $_\n ExitWithExitCode 1\n}\n"
},
{
"path": "eng/common/sdl/packages.config",
"content": "\n\n \n\n"
},
{
"path": "eng/common/sdl/run-sdl.ps1",
"content": "Param(\n [string] $GuardianCliLocation,\n [string] $WorkingDirectory,\n [string] $GdnFolder,\n [string] $UpdateBaseline,\n [string] $GuardianLoggerLevel='Standard'\n)\n\n$ErrorActionPreference = 'Stop'\nSet-StrictMode -Version 2.0\n$disableConfigureToolsetImport = $true\n$global:LASTEXITCODE = 0\n\ntry {\n # `tools.ps1` checks $ci to perform some actions. Since the SDL\n # scripts don't necessarily execute in the same agent that run the\n # build.ps1/sh script this variable isn't automatically set.\n $ci = $true\n . $PSScriptRoot\\..\\tools.ps1\n\n # We store config files in the r directory of .gdn\n $gdnConfigPath = Join-Path $GdnFolder 'r'\n $ValidPath = Test-Path $GuardianCliLocation\n\n if ($ValidPath -eq $False)\n {\n Write-PipelineTelemetryError -Force -Category 'Sdl' -Message \"Invalid Guardian CLI Location.\"\n ExitWithExitCode 1\n }\n\n $gdnConfigFiles = Get-ChildItem $gdnConfigPath -Recurse -Include '*.gdnconfig'\n Write-Host \"Discovered Guardian config files:\"\n $gdnConfigFiles | Out-String | Write-Host\n\n Exec-BlockVerbosely {\n & $GuardianCliLocation run `\n --working-directory $WorkingDirectory `\n --baseline mainbaseline `\n --update-baseline $UpdateBaseline `\n --logger-level $GuardianLoggerLevel `\n --config @gdnConfigFiles\n Exit-IfNZEC \"Sdl\"\n }\n}\ncatch {\n Write-Host $_.ScriptStackTrace\n Write-PipelineTelemetryError -Force -Category 'Sdl' -Message $_\n ExitWithExitCode 1\n}\n"
},
{
"path": "eng/common/sdl/sdl.ps1",
"content": "\nfunction Install-Gdn {\n param(\n [Parameter(Mandatory=$true)]\n [string]$Path,\n\n # If omitted, install the latest version of Guardian, otherwise install that specific version.\n [string]$Version\n )\n\n $ErrorActionPreference = 'Stop'\n Set-StrictMode -Version 2.0\n $disableConfigureToolsetImport = $true\n $global:LASTEXITCODE = 0\n\n # `tools.ps1` checks $ci to perform some actions. Since the SDL\n # scripts don't necessarily execute in the same agent that run the\n # build.ps1/sh script this variable isn't automatically set.\n $ci = $true\n . $PSScriptRoot\\..\\tools.ps1\n\n $argumentList = @(\"install\", \"Microsoft.Guardian.Cli\", \"-Source https://securitytools.pkgs.visualstudio.com/_packaging/Guardian/nuget/v3/index.json\", \"-OutputDirectory $Path\", \"-NonInteractive\", \"-NoCache\")\n\n if ($Version) {\n $argumentList += \"-Version $Version\"\n }\n \n Start-Process nuget -Verbose -ArgumentList $argumentList -NoNewWindow -Wait\n\n $gdnCliPath = Get-ChildItem -Filter guardian.cmd -Recurse -Path $Path\n\n if (!$gdnCliPath)\n {\n Write-PipelineTelemetryError -Category 'Sdl' -Message 'Failure installing Guardian'\n }\n\n return $gdnCliPath.FullName\n}"
},
{
"path": "eng/common/sdl/trim-assets-version.ps1",
"content": "<#\n.SYNOPSIS\nInstall and run the 'Microsoft.DotNet.VersionTools.Cli' tool with the 'trim-artifacts-version' command to trim the version from the NuGet assets file name.\n\n.PARAMETER InputPath\nFull path to directory where artifact packages are stored\n\n.PARAMETER Recursive\nSearch for NuGet packages recursively\n\n#>\n\nParam(\n [string] $InputPath,\n [bool] $Recursive = $true\n)\n\n$CliToolName = \"Microsoft.DotNet.VersionTools.Cli\"\n\nfunction Install-VersionTools-Cli {\n param(\n [Parameter(Mandatory=$true)][string]$Version\n )\n\n Write-Host \"Installing the package '$CliToolName' with a version of '$version' ...\"\n $feed = \"https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-eng/nuget/v3/index.json\"\n\n $argumentList = @(\"tool\", \"install\", \"--local\", \"$CliToolName\", \"--add-source $feed\", \"--no-cache\", \"--version $Version\", \"--create-manifest-if-needed\")\n Start-Process \"$dotnet\" -Verbose -ArgumentList $argumentList -NoNewWindow -Wait\n}\n\n# -------------------------------------------------------------------\n\nif (!(Test-Path $InputPath)) {\n Write-Host \"Input Path '$InputPath' does not exist\"\n ExitWithExitCode 1\n}\n\n$ErrorActionPreference = 'Stop'\nSet-StrictMode -Version 2.0\n\n$disableConfigureToolsetImport = $true\n$global:LASTEXITCODE = 0\n\n# `tools.ps1` checks $ci to perform some actions. Since the SDL\n# scripts don't necessarily execute in the same agent that run the\n# build.ps1/sh script this variable isn't automatically set.\n$ci = $true\n. $PSScriptRoot\\..\\tools.ps1\n\ntry {\n $dotnetRoot = InitializeDotNetCli -install:$true\n $dotnet = \"$dotnetRoot\\dotnet.exe\"\n\n $toolsetVersion = Read-ArcadeSdkVersion\n Install-VersionTools-Cli -Version $toolsetVersion\n\n $cliToolFound = (& \"$dotnet\" tool list --local | Where-Object {$_.Split(' ')[0] -eq $CliToolName})\n if ($null -eq $cliToolFound) {\n Write-PipelineTelemetryError -Force -Category 'Sdl' -Message \"The '$CliToolName' tool is not installed.\"\n ExitWithExitCode 1\n }\n\n Exec-BlockVerbosely {\n & \"$dotnet\" $CliToolName trim-assets-version `\n --assets-path $InputPath `\n --recursive $Recursive\n Exit-IfNZEC \"Sdl\"\n }\n}\ncatch {\n Write-Host $_\n Write-PipelineTelemetryError -Force -Category 'Sdl' -Message $_\n ExitWithExitCode 1\n}\n"
},
{
"path": "eng/common/template-guidance.md",
"content": "# Overview\n\nArcade provides templates for public (`/templates`) and 1ES pipeline templates (`/templates-official`) scenarios. Pipelines which are required to be managed by 1ES pipeline templates should reference `/templates-offical`, all other pipelines may reference `/templates`.\n\n## How to use\n\nBasic guidance is:\n\n- 1ES Pipeline Template or 1ES Microbuild template runs should reference `eng/common/templates-official`. Any internal production-graded pipeline should use these templates.\n\n- All other runs should reference `eng/common/templates`.\n\nSee [azure-pipelines.yml](../../azure-pipelines.yml) (templates-official example) or [azure-pipelines-pr.yml](../../azure-pipelines-pr.yml) (templates example) for examples.\n\n#### The `templateIs1ESManaged` parameter\n\nThe `templateIs1ESManaged` is available on most templates and affects which of the variants is used for nested templates. See [Development Notes](#development-notes) below for more information on the `templateIs1ESManaged1 parameter.\n\n- For templates under `job/`, `jobs/`, `steps`, or `post-build/`, this parameter must be explicitly set.\n\n## Multiple outputs\n\n1ES pipeline templates impose a policy where every publish artifact execution results in additional security scans being injected into your pipeline. When using `templates-official/jobs/jobs.yml`, Arcade reduces the number of additional security injections by gathering all publishing outputs into the [Build.ArtifactStagingDirectory](https://learn.microsoft.com/en-us/azure/devops/pipelines/build/variables?view=azure-devops&tabs=yaml#build-variables-devops-services), and utilizing the [outputParentDirectory](https://eng.ms/docs/cloud-ai-platform/devdiv/one-engineering-system-1es/1es-docs/1es-pipeline-templates/features/outputs#multiple-outputs) feature of 1ES pipeline templates. When implementing your pipeline, if you ensure publish artifacts are located in the `$(Build.ArtifactStagingDirectory)`, and utilize the 1ES provided template context, then you can reduce the number of security scans for your pipeline.\n\nExample:\n``` yaml\n# azure-pipelines.yml\nextends:\n template: azure-pipelines/MicroBuild.1ES.Official.yml@MicroBuildTemplate\n parameters:\n stages:\n - stage: build\n jobs:\n - template: /eng/common/templates-official/jobs/jobs.yml@self\n parameters:\n # 1ES makes use of outputs to reduce security task injection overhead\n templateContext:\n outputs:\n - output: pipelineArtifact\n displayName: 'Publish logs from source'\n continueOnError: true\n condition: always()\n targetPath: $(Build.ArtifactStagingDirectory)/artifacts/log\n artifactName: Logs\n jobs:\n - job: Windows\n steps:\n - script: echo \"friendly neighborhood\" > artifacts/marvel/spiderman.txt\n # copy build outputs to artifact staging directory for publishing\n - task: CopyFiles@2\n displayName: Gather build output\n inputs:\n SourceFolder: '$(System.DefaultWorkingDirectory)/artifacts/marvel'\n Contents: '**'\n TargetFolder: '$(Build.ArtifactStagingDirectory)/artifacts/marvel'\n```\n\nNote: Multiple outputs are ONLY applicable to 1ES PT publishing (only usable when referencing `templates-official`).\n\n## Development notes\n\n**Folder / file structure**\n\n``` text\neng\\common\\\n [templates || templates-official]\\\n job\\\n job.yml (shim + artifact publishing logic)\n onelocbuild.yml (shim)\n publish-build-assets.yml (shim)\n source-build.yml (shim)\n source-index-stage1.yml (shim)\n jobs\\\n codeql-build.yml (shim)\n jobs.yml (shim)\n source-build.yml (shim)\n post-build\\\n post-build.yml (shim)\n common-variabls.yml (shim)\n setup-maestro-vars.yml (shim)\n steps\\\n publish-build-artifacts.yml (logic)\n publish-pipeline-artifacts.yml (logic)\n component-governance.yml (shim)\n publish-logs.yml (shim)\n retain-build.yml (shim)\n send-to-helix.yml (shim)\n source-build.yml (shim)\n variables\\\n pool-providers.yml (logic + redirect) # templates/variables/pool-providers.yml will redirect to templates-official/variables/pool-providers.yml if you are running in the internal project\n sdl-variables.yml (logic)\n core-templates\\\n job\\\n job.yml (logic)\n onelocbuild.yml (logic)\n publish-build-assets.yml (logic)\n source-build.yml (logic)\n source-index-stage1.yml (logic)\n jobs\\\n codeql-build.yml (logic)\n jobs.yml (logic)\n source-build.yml (logic)\n post-build\\\n common-variabls.yml (logic)\n post-build.yml (logic)\n setup-maestro-vars.yml (logic)\n steps\\\n component-governance.yml (logic)\n publish-build-artifacts.yml (redirect)\n publish-logs.yml (logic)\n publish-pipeline-artifacts.yml (redirect)\n retain-build.yml (logic)\n send-to-helix.yml (logic)\n source-build.yml (logic)\n variables\\\n pool-providers.yml (redirect)\n```\n\nIn the table above, a file is designated as \"shim\", \"logic\", or \"redirect\".\n\n- shim - represents a yaml file which is an intermediate step between pipeline logic and .Net Core Engineering's templates (`core-templates`) and defines the `is1ESPipeline` parameter value.\n\n- logic - represents actual base template logic.\n\n- redirect- represents a file in `core-templates` which redirects to the \"logic\" file in either `templates` or `templates-official`.\n\nLogic for Arcade's templates live **primarily** in the `core-templates` folder. The exceptions to the location of the logic files are around artifact publishing, which is handled differently between 1es pipeline templates and standard templates. `templates` and `templates-official` provide shim entry points which redirect to `core-templates` while also defining the `is1ESPipeline` parameter. If a shim is referenced in `templates`, then `is1ESPipeline` is set to `false`. If a shim is referenced in `templates-official`, then `is1ESPipeline` is set to `true`.\n\nWithin `templates` and `templates-official`, the templates at the \"stages\", and \"jobs\" / \"job\" level have been replaced with shims. Templates at the \"steps\" and \"variables\" level are typically too granular to be replaced with shims and instead persist logic which is directly applicable to either scenario.\n\nWithin `core-templates`, there are a handful of places where logic is dependent on which shim entry point was used. In those places, we redirect back to the respective logic file in `templates` or `templates-official`.\n"
},
{
"path": "eng/common/templates/job/job.yml",
"content": "parameters: \n enablePublishBuildArtifacts: false\n runAsPublic: false\n# CG related params, unused now and can eventually be removed\n disableComponentGovernance: unused\n# Sbom related params, unused now and can eventually be removed\n enableSbom: unused\n PackageVersion: unused\n BuildDropPath: unused\n\njobs:\n- template: /eng/common/core-templates/job/job.yml\n parameters:\n is1ESPipeline: false\n\n ${{ each parameter in parameters }}:\n ${{ if and(ne(parameter.key, 'steps'), ne(parameter.key, 'is1ESPipeline')) }}:\n ${{ parameter.key }}: ${{ parameter.value }}\n\n steps:\n - ${{ each step in parameters.steps }}:\n - ${{ step }}\n\n # we don't run CG in public\n - ${{ if eq(variables['System.TeamProject'], 'public') }}:\n - script: echo \"##vso[task.setvariable variable=skipComponentGovernanceDetection]true\"\n displayName: Set skipComponentGovernanceDetection variable\n\n artifactPublishSteps:\n - ${{ if ne(parameters.artifacts.publish, '') }}:\n - ${{ if and(ne(parameters.artifacts.publish.artifacts, 'false'), ne(parameters.artifacts.publish.artifacts, '')) }}:\n - template: /eng/common/core-templates/steps/publish-pipeline-artifacts.yml\n parameters:\n is1ESPipeline: false\n args:\n displayName: Publish pipeline artifacts\n targetPath: '$(Build.ArtifactStagingDirectory)/artifacts'\n artifactName: ${{ coalesce(parameters.artifacts.publish.artifacts.name , 'Artifacts_$(Agent.Os)_$(_BuildConfig)') }}\n continueOnError: true\n condition: succeeded()\n retryCountOnTaskFailure: 10 # for any files being locked\n - template: /eng/common/core-templates/steps/publish-pipeline-artifacts.yml\n parameters:\n is1ESPipeline: false\n args:\n displayName: Publish pipeline artifacts\n targetPath: '$(Build.ArtifactStagingDirectory)/artifacts'\n artifactName: ${{ coalesce(parameters.artifacts.publish.artifacts.name , 'Artifacts_$(Agent.Os)_$(_BuildConfig)') }}_Attempt$(System.JobAttempt)\n continueOnError: true\n condition: not(succeeded())\n retryCountOnTaskFailure: 10 # for any files being locked\n - ${{ if and(ne(parameters.artifacts.publish.logs, 'false'), ne(parameters.artifacts.publish.logs, '')) }}:\n - template: /eng/common/core-templates/steps/publish-pipeline-artifacts.yml\n parameters:\n is1ESPipeline: false\n args:\n targetPath: '$(Build.ArtifactStagingDirectory)/artifacts/log'\n artifactName: ${{ coalesce(parameters.artifacts.publish.logs.name, 'Logs_Build_$(Agent.Os)_$(_BuildConfig)') }}\n displayName: 'Publish logs'\n continueOnError: true\n condition: always()\n retryCountOnTaskFailure: 10 # for any files being locked\n\n - ${{ if ne(parameters.enablePublishBuildArtifacts, 'false') }}:\n - template: /eng/common/core-templates/steps/publish-pipeline-artifacts.yml\n parameters:\n is1ESPipeline: false\n args:\n displayName: Publish Logs\n targetPath: '$(Build.ArtifactStagingDirectory)/artifacts/log/$(_BuildConfig)'\n artifactName: ${{ coalesce(parameters.enablePublishBuildArtifacts.artifactName, '$(Agent.Os)_$(Agent.JobName)_Attempt$(System.JobAttempt)' ) }}\n continueOnError: true\n condition: always()\n retryCountOnTaskFailure: 10 # for any files being locked\n\n - ${{ if eq(parameters.enableBuildRetry, 'true') }}:\n - template: /eng/common/core-templates/steps/publish-pipeline-artifacts.yml\n parameters:\n is1ESPipeline: false\n args:\n targetPath: '$(System.DefaultWorkingDirectory)\\eng\\common\\BuildConfiguration'\n artifactName: 'BuildConfiguration'\n displayName: 'Publish build retry configuration'\n continueOnError: true\n retryCountOnTaskFailure: 10 # for any files being locked\n"
},
{
"path": "eng/common/templates/job/onelocbuild.yml",
"content": "jobs:\n- template: /eng/common/core-templates/job/onelocbuild.yml\n parameters:\n is1ESPipeline: false\n\n ${{ each parameter in parameters }}:\n ${{ parameter.key }}: ${{ parameter.value }}\n"
},
{
"path": "eng/common/templates/job/publish-build-assets.yml",
"content": "jobs:\n- template: /eng/common/core-templates/job/publish-build-assets.yml\n parameters:\n is1ESPipeline: false\n\n ${{ each parameter in parameters }}:\n ${{ parameter.key }}: ${{ parameter.value }}\n"
},
{
"path": "eng/common/templates/job/source-build.yml",
"content": "jobs:\n- template: /eng/common/core-templates/job/source-build.yml\n parameters:\n is1ESPipeline: false\n\n ${{ each parameter in parameters }}:\n ${{ parameter.key }}: ${{ parameter.value }}\n"
},
{
"path": "eng/common/templates/job/source-index-stage1.yml",
"content": "jobs:\n- template: /eng/common/core-templates/job/source-index-stage1.yml\n parameters:\n is1ESPipeline: false\n\n ${{ each parameter in parameters }}:\n ${{ parameter.key }}: ${{ parameter.value }}\n"
},
{
"path": "eng/common/templates/jobs/codeql-build.yml",
"content": "jobs:\n- template: /eng/common/core-templates/jobs/codeql-build.yml\n parameters:\n is1ESPipeline: false\n\n ${{ each parameter in parameters }}:\n ${{ parameter.key }}: ${{ parameter.value }}\n"
},
{
"path": "eng/common/templates/jobs/jobs.yml",
"content": "jobs:\n- template: /eng/common/core-templates/jobs/jobs.yml\n parameters:\n is1ESPipeline: false\n\n ${{ each parameter in parameters }}:\n ${{ parameter.key }}: ${{ parameter.value }}\n"
},
{
"path": "eng/common/templates/jobs/source-build.yml",
"content": "jobs:\n- template: /eng/common/core-templates/jobs/source-build.yml\n parameters:\n is1ESPipeline: false\n\n ${{ each parameter in parameters }}:\n ${{ parameter.key }}: ${{ parameter.value }}"
},
{
"path": "eng/common/templates/post-build/common-variables.yml",
"content": "variables:\n- template: /eng/common/core-templates/post-build/common-variables.yml\n parameters:\n # Specifies whether to use 1ES\n is1ESPipeline: false\n\n ${{ each parameter in parameters }}:\n ${{ parameter.key }}: ${{ parameter.value }}"
},
{
"path": "eng/common/templates/post-build/post-build.yml",
"content": "stages:\n- template: /eng/common/core-templates/post-build/post-build.yml\n parameters:\n # Specifies whether to use 1ES\n is1ESPipeline: false\n\n ${{ each parameter in parameters }}:\n ${{ parameter.key }}: ${{ parameter.value }}"
},
{
"path": "eng/common/templates/post-build/setup-maestro-vars.yml",
"content": "steps:\n- template: /eng/common/core-templates/post-build/setup-maestro-vars.yml\n parameters:\n # Specifies whether to use 1ES\n is1ESPipeline: false\n\n ${{ each parameter in parameters }}:\n ${{ parameter.key }}: ${{ parameter.value }}"
},
{
"path": "eng/common/templates/steps/enable-internal-runtimes.yml",
"content": "# Obtains internal runtime download credentials and populates the 'dotnetbuilds-internal-container-read-token-base64'\n# variable with the base64-encoded SAS token, by default\n\nsteps:\n- template: /eng/common/core-templates/steps/enable-internal-runtimes.yml\n parameters:\n is1ESPipeline: false\n\n ${{ each parameter in parameters }}:\n ${{ parameter.key }}: ${{ parameter.value }}\n"
},
{
"path": "eng/common/templates/steps/enable-internal-sources.yml",
"content": "steps:\n- template: /eng/common/core-templates/steps/enable-internal-sources.yml\n parameters:\n is1ESPipeline: false\n\n ${{ each parameter in parameters }}:\n ${{ parameter.key }}: ${{ parameter.value }}"
},
{
"path": "eng/common/templates/steps/generate-sbom.yml",
"content": "steps:\n- template: /eng/common/core-templates/steps/generate-sbom.yml\n parameters:\n is1ESPipeline: false\n\n ${{ each parameter in parameters }}:\n ${{ parameter.key }}: ${{ parameter.value }}\n"
},
{
"path": "eng/common/templates/steps/get-delegation-sas.yml",
"content": "steps:\n- template: /eng/common/core-templates/steps/get-delegation-sas.yml\n parameters:\n is1ESPipeline: false\n\n ${{ each parameter in parameters }}:\n ${{ parameter.key }}: ${{ parameter.value }}\n"
},
{
"path": "eng/common/templates/steps/get-federated-access-token.yml",
"content": "steps:\n- template: /eng/common/core-templates/steps/get-federated-access-token.yml\n parameters:\n is1ESPipeline: false\n\n ${{ each parameter in parameters }}:\n ${{ parameter.key }}: ${{ parameter.value }}"
},
{
"path": "eng/common/templates/steps/publish-build-artifacts.yml",
"content": "parameters:\n- name: is1ESPipeline\n type: boolean\n default: false\n\n- name: displayName\n type: string\n default: 'Publish to Build Artifact'\n\n- name: condition\n type: string\n default: succeeded()\n\n- name: artifactName\n type: string\n\n- name: pathToPublish\n type: string\n\n- name: continueOnError\n type: boolean\n default: false\n\n- name: publishLocation\n type: string\n default: 'Container'\n\n- name: retryCountOnTaskFailure\n type: string\n default: 10\n\nsteps:\n- ${{ if eq(parameters.is1ESPipeline, true) }}:\n - 'eng/common/templates cannot be referenced from a 1ES managed template': error\n- task: PublishBuildArtifacts@1\n displayName: ${{ parameters.displayName }}\n condition: ${{ parameters.condition }}\n ${{ if parameters.continueOnError }}:\n continueOnError: ${{ parameters.continueOnError }}\n inputs:\n PublishLocation: ${{ parameters.publishLocation }} \n PathtoPublish: ${{ parameters.pathToPublish }}\n ${{ if parameters.artifactName }}:\n ArtifactName: ${{ parameters.artifactName }}\n ${{ if parameters.retryCountOnTaskFailure }}:\n retryCountOnTaskFailure: ${{ parameters.retryCountOnTaskFailure }}\n"
},
{
"path": "eng/common/templates/steps/publish-logs.yml",
"content": "steps:\n- template: /eng/common/core-templates/steps/publish-logs.yml\n parameters:\n is1ESPipeline: false\n\n ${{ each parameter in parameters }}:\n ${{ parameter.key }}: ${{ parameter.value }}\n"
},
{
"path": "eng/common/templates/steps/publish-pipeline-artifacts.yml",
"content": "parameters:\n- name: is1ESPipeline\n type: boolean\n default: false\n\n- name: args\n type: object\n default: {}\n\nsteps:\n- ${{ if eq(parameters.is1ESPipeline, true) }}:\n - 'eng/common/templates cannot be referenced from a 1ES managed template': error\n- task: PublishPipelineArtifact@1\n displayName: ${{ coalesce(parameters.args.displayName, 'Publish to Build Artifact') }}\n ${{ if parameters.args.condition }}:\n condition: ${{ parameters.args.condition }}\n ${{ else }}:\n condition: succeeded()\n ${{ if parameters.args.continueOnError }}:\n continueOnError: ${{ parameters.args.continueOnError }}\n inputs:\n targetPath: ${{ parameters.args.targetPath }}\n ${{ if parameters.args.artifactName }}:\n artifactName: ${{ parameters.args.artifactName }}\n ${{ if parameters.args.publishLocation }}:\n publishLocation: ${{ parameters.args.publishLocation }}\n ${{ if parameters.args.fileSharePath }}:\n fileSharePath: ${{ parameters.args.fileSharePath }}\n ${{ if parameters.args.Parallel }}:\n parallel: ${{ parameters.args.Parallel }}\n ${{ if parameters.args.parallelCount }}:\n parallelCount: ${{ parameters.args.parallelCount }}\n ${{ if parameters.args.properties }}:\n properties: ${{ parameters.args.properties }}"
},
{
"path": "eng/common/templates/steps/retain-build.yml",
"content": "steps:\n- template: /eng/common/core-templates/steps/retain-build.yml\n parameters:\n is1ESPipeline: false\n\n ${{ each parameter in parameters }}:\n ${{ parameter.key }}: ${{ parameter.value }}\n"
},
{
"path": "eng/common/templates/steps/send-to-helix.yml",
"content": "steps:\n- template: /eng/common/core-templates/steps/send-to-helix.yml\n parameters:\n is1ESPipeline: false\n\n ${{ each parameter in parameters }}:\n ${{ parameter.key }}: ${{ parameter.value }}\n"
},
{
"path": "eng/common/templates/steps/source-build.yml",
"content": "steps:\n- template: /eng/common/core-templates/steps/source-build.yml\n parameters:\n is1ESPipeline: false\n\n ${{ each parameter in parameters }}:\n ${{ parameter.key }}: ${{ parameter.value }}\n"
},
{
"path": "eng/common/templates/steps/source-index-stage1-publish.yml",
"content": "steps:\n- template: /eng/common/core-templates/steps/source-index-stage1-publish.yml\n parameters:\n is1ESPipeline: false\n\n ${{ each parameter in parameters }}:\n ${{ parameter.key }}: ${{ parameter.value }}\n"
},
{
"path": "eng/common/templates/steps/vmr-sync.yml",
"content": "### These steps synchronize new code from product repositories into the VMR (https://github.com/dotnet/dotnet).\n### They initialize the darc CLI and pull the new updates.\n### Changes are applied locally onto the already cloned VMR (located in $vmrPath).\n\nparameters:\n- name: targetRef\n displayName: Target revision in dotnet/ to synchronize\n type: string\n default: $(Build.SourceVersion)\n\n- name: vmrPath\n displayName: Path where the dotnet/dotnet is checked out to\n type: string\n default: $(Agent.BuildDirectory)/vmr\n\n- name: additionalSyncs\n displayName: Optional list of package names whose repo's source will also be synchronized in the local VMR, e.g. NuGet.Protocol\n type: object\n default: []\n\nsteps:\n- checkout: vmr\n displayName: Clone dotnet/dotnet\n path: vmr\n clean: true\n\n- checkout: self\n displayName: Clone $(Build.Repository.Name)\n path: repo\n fetchDepth: 0\n\n# This step is needed so that when we get a detached HEAD / shallow clone,\n# we still pull the commit into the temporary repo clone to use it during the sync.\n# Also unshallow the clone so that forwardflow command would work.\n- script: |\n git branch repo-head\n git rev-parse HEAD\n displayName: Label PR commit\n workingDirectory: $(Agent.BuildDirectory)/repo\n\n- script: |\n git config --global user.name \"dotnet-maestro[bot]\"\n git config --global user.email \"dotnet-maestro[bot]@users.noreply.github.com\"\n displayName: Set git author to dotnet-maestro[bot]\n workingDirectory: ${{ parameters.vmrPath }}\n\n- script: |\n ./eng/common/vmr-sync.sh \\\n --vmr ${{ parameters.vmrPath }} \\\n --tmp $(Agent.TempDirectory) \\\n --azdev-pat '$(dn-bot-all-orgs-code-r)' \\\n --ci \\\n --debug\n\n if [ \"$?\" -ne 0 ]; then\n echo \"##vso[task.logissue type=error]Failed to synchronize the VMR\"\n exit 1\n fi\n displayName: Sync repo into VMR (Unix)\n condition: ne(variables['Agent.OS'], 'Windows_NT')\n workingDirectory: $(Agent.BuildDirectory)/repo\n\n- script: |\n git config --global diff.astextplain.textconv echo\n git config --system core.longpaths true\n displayName: Configure Windows git (longpaths, astextplain)\n condition: eq(variables['Agent.OS'], 'Windows_NT')\n\n- powershell: |\n ./eng/common/vmr-sync.ps1 `\n -vmr ${{ parameters.vmrPath }} `\n -tmp $(Agent.TempDirectory) `\n -azdevPat '$(dn-bot-all-orgs-code-r)' `\n -ci `\n -debugOutput\n\n if ($LASTEXITCODE -ne 0) {\n echo \"##vso[task.logissue type=error]Failed to synchronize the VMR\"\n exit 1\n }\n displayName: Sync repo into VMR (Windows)\n condition: eq(variables['Agent.OS'], 'Windows_NT')\n workingDirectory: $(Agent.BuildDirectory)/repo\n\n- ${{ if eq(variables['Build.Reason'], 'PullRequest') }}:\n - task: CopyFiles@2\n displayName: Collect failed patches\n condition: failed()\n inputs:\n SourceFolder: '$(Agent.TempDirectory)'\n Contents: '*.patch'\n TargetFolder: '$(Build.ArtifactStagingDirectory)/FailedPatches'\n\n - publish: '$(Build.ArtifactStagingDirectory)/FailedPatches'\n artifact: $(System.JobDisplayName)_FailedPatches\n displayName: Upload failed patches\n condition: failed()\n\n- ${{ each assetName in parameters.additionalSyncs }}:\n # The vmr-sync script ends up staging files in the local VMR so we have to commit those\n - script:\n git commit --allow-empty -am \"Forward-flow $(Build.Repository.Name)\"\n displayName: Commit local VMR changes\n workingDirectory: ${{ parameters.vmrPath }}\n\n - script: |\n set -ex\n\n echo \"Searching for details of asset ${{ assetName }}...\"\n\n # Use darc to get dependencies information\n dependencies=$(./.dotnet/dotnet darc get-dependencies --name '${{ assetName }}' --ci)\n\n # Extract repository URL and commit hash\n repository=$(echo \"$dependencies\" | grep 'Repo:' | sed 's/Repo:[[:space:]]*//' | head -1)\n\n if [ -z \"$repository\" ]; then\n echo \"##vso[task.logissue type=error]Asset ${{ assetName }} not found in the dependency list\"\n exit 1\n fi\n\n commit=$(echo \"$dependencies\" | grep 'Commit:' | sed 's/Commit:[[:space:]]*//' | head -1)\n\n echo \"Updating the VMR from $repository / $commit...\"\n cd ..\n git clone $repository ${{ assetName }}\n cd ${{ assetName }}\n git checkout $commit\n git branch \"sync/$commit\"\n\n ./eng/common/vmr-sync.sh \\\n --vmr ${{ parameters.vmrPath }} \\\n --tmp $(Agent.TempDirectory) \\\n --azdev-pat '$(dn-bot-all-orgs-code-r)' \\\n --ci \\\n --debug\n\n if [ \"$?\" -ne 0 ]; then\n echo \"##vso[task.logissue type=error]Failed to synchronize the VMR\"\n exit 1\n fi\n displayName: Sync ${{ assetName }} into (Unix)\n condition: ne(variables['Agent.OS'], 'Windows_NT')\n workingDirectory: $(Agent.BuildDirectory)/repo\n\n - powershell: |\n $ErrorActionPreference = 'Stop'\n\n Write-Host \"Searching for details of asset ${{ assetName }}...\"\n\n $dependencies = .\\.dotnet\\dotnet darc get-dependencies --name '${{ assetName }}' --ci\n\n $repository = $dependencies | Select-String -Pattern 'Repo:\\s+([^\\s]+)' | Select-Object -First 1\n $repository -match 'Repo:\\s+([^\\s]+)' | Out-Null\n $repository = $matches[1]\n\n if ($repository -eq $null) {\n Write-Error \"Asset ${{ assetName }} not found in the dependency list\"\n exit 1\n }\n\n $commit = $dependencies | Select-String -Pattern 'Commit:\\s+([^\\s]+)' | Select-Object -First 1\n $commit -match 'Commit:\\s+([^\\s]+)' | Out-Null\n $commit = $matches[1]\n\n Write-Host \"Updating the VMR from $repository / $commit...\"\n cd ..\n git clone $repository ${{ assetName }}\n cd ${{ assetName }}\n git checkout $commit\n git branch \"sync/$commit\"\n\n .\\eng\\common\\vmr-sync.ps1 `\n -vmr ${{ parameters.vmrPath }} `\n -tmp $(Agent.TempDirectory) `\n -azdevPat '$(dn-bot-all-orgs-code-r)' `\n -ci `\n -debugOutput\n\n if ($LASTEXITCODE -ne 0) {\n echo \"##vso[task.logissue type=error]Failed to synchronize the VMR\"\n exit 1\n }\n displayName: Sync ${{ assetName }} into (Windows)\n condition: ne(variables['Agent.OS'], 'Windows_NT')\n workingDirectory: $(Agent.BuildDirectory)/repo\n"
},
{
"path": "eng/common/templates/variables/pool-providers.yml",
"content": "# Select a pool provider based off branch name. Anything with branch name containing 'release' must go into an -Svc pool,\n# otherwise it should go into the \"normal\" pools. This separates out the queueing and billing of released branches.\n\n# Motivation:\n# Once a given branch of a repository's output has been officially \"shipped\" once, it is then considered to be COGS\n# (Cost of goods sold) and should be moved to a servicing pool provider. This allows both separation of queueing\n# (allowing release builds and main PR builds to not intefere with each other) and billing (required for COGS.\n# Additionally, the pool provider name itself may be subject to change when the .NET Core Engineering Services\n# team needs to move resources around and create new and potentially differently-named pools. Using this template\n# file from an Arcade-ified repo helps guard against both having to update one's release/* branches and renaming.\n\n# How to use:\n# This yaml assumes your shipped product branches use the naming convention \"release/...\" (which many do).\n# If we find alternate naming conventions in broad usage it can be added to the condition below.\n#\n# First, import the template in an arcade-ified repo to pick up the variables, e.g.:\n#\n# variables:\n# - template: /eng/common/templates/variables/pool-providers.yml\n#\n# ... then anywhere specifying the pool provider use the runtime variables,\n# $(DncEngInternalBuildPool) and $ (DncEngPublicBuildPool), e.g.:\n#\n# pool:\n# name: $(DncEngInternalBuildPool)\n# demands: ImageOverride -equals windows.vs2026.amd64\nvariables:\n - ${{ if eq(variables['System.TeamProject'], 'internal') }}:\n - template: /eng/common/templates-official/variables/pool-providers.yml\n - ${{ else }}:\n # Coalesce the target and source branches so we know when a PR targets a release branch\n # If these variables are somehow missing, fall back to main (tends to have more capacity)\n\n # Any new -Svc alternative pools should have variables added here to allow for splitting work\n - name: DncEngPublicBuildPool\n value: $[\n replace(\n replace(\n eq(contains(coalesce(variables['System.PullRequest.TargetBranch'], variables['Build.SourceBranch'], 'refs/heads/main'), 'release'), 'true'),\n True,\n 'NetCore-Svc-Public'\n ),\n False,\n 'NetCore-Public'\n )\n ]\n\n - name: DncEngInternalBuildPool\n value: $[\n replace(\n replace(\n eq(contains(coalesce(variables['System.PullRequest.TargetBranch'], variables['Build.SourceBranch'], 'refs/heads/main'), 'release'), 'true'),\n True,\n 'NetCore1ESPool-Svc-Internal'\n ),\n False,\n 'NetCore1ESPool-Internal'\n )\n ]\n"
},
{
"path": "eng/common/templates/vmr-build-pr.yml",
"content": "# This pipeline is used for running the VMR verification of the PR changes in repo-level PRs.\n#\n# It will run a full set of verification jobs defined in:\n# https://github.com/dotnet/dotnet/blob/10060d128e3f470e77265f8490f5e4f72dae738e/eng/pipelines/templates/stages/vmr-build.yml#L27-L38\n#\n# For repos that do not need to run the full set, you would do the following:\n#\n# 1. Copy this YML file to a repo-specific location, i.e. outside of eng/common.\n#\n# 2. Add `verifications` parameter to VMR template reference\n#\n# Examples:\n# - For source-build stage 1 verification, add the following:\n# verifications: [ \"source-build-stage1\" ]\n#\n# - For Windows only verifications, add the following:\n# verifications: [ \"unified-build-windows-x64\", \"unified-build-windows-x86\" ]\n\ntrigger: none\npr: none\n\nvariables:\n- template: /eng/common/templates/variables/pool-providers.yml@self\n\n- name: skipComponentGovernanceDetection # we run CG on internal builds only\n value: true\n\n- name: Codeql.Enabled # we run CodeQL on internal builds only\n value: false\n\nresources:\n repositories:\n - repository: vmr\n type: github\n name: dotnet/dotnet\n endpoint: dotnet\n ref: refs/heads/main # Set to whatever VMR branch the PR build should insert into\n\nstages:\n- template: /eng/pipelines/templates/stages/vmr-build.yml@vmr\n parameters:\n isBuiltFromVmr: false\n scope: lite\n"
},
{
"path": "eng/common/templates-official/job/job.yml",
"content": "parameters:\n runAsPublic: false\n# Sbom related params, unused now and can eventually be removed\n enableSbom: unused\n PackageVersion: unused\n BuildDropPath: unused\n\njobs:\n- template: /eng/common/core-templates/job/job.yml\n parameters:\n is1ESPipeline: true\n\n # publish artifacts\n # for 1ES managed templates, use the templateContext.output to handle multiple outputs.\n templateContext:\n outputParentDirectory: $(Build.ArtifactStagingDirectory)\n outputs:\n - ${{ if ne(parameters.artifacts.publish, '') }}:\n - ${{ if and(ne(parameters.artifacts.publish.artifacts, 'false'), ne(parameters.artifacts.publish.artifacts, '')) }}:\n - output: pipelineArtifact\n displayName: Publish pipeline artifacts\n targetPath: '$(Build.ArtifactStagingDirectory)/artifacts'\n artifactName: ${{ coalesce(parameters.artifacts.publish.artifacts.name , 'Artifacts_$(Agent.Os)_$(_BuildConfig)') }}\n condition: succeeded()\n retryCountOnTaskFailure: 10 # for any files being locked\n continueOnError: true\n - output: pipelineArtifact\n displayName: Publish pipeline artifacts\n targetPath: '$(Build.ArtifactStagingDirectory)/artifacts'\n artifactName: ${{ coalesce(parameters.artifacts.publish.artifacts.name , 'Artifacts_$(Agent.Os)_$(_BuildConfig)') }}_Attempt$(System.JobAttempt)\n condition: not(succeeded())\n retryCountOnTaskFailure: 10 # for any files being locked\n continueOnError: true\n - ${{ if and(ne(parameters.artifacts.publish.logs, 'false'), ne(parameters.artifacts.publish.logs, '')) }}:\n - output: pipelineArtifact\n targetPath: '$(Build.ArtifactStagingDirectory)/artifacts/log'\n artifactName: ${{ coalesce(parameters.artifacts.publish.logs.name, 'Logs_Build_$(Agent.Os)_$(_BuildConfig)_Attempt$(System.JobAttempt)') }}\n displayName: 'Publish logs'\n continueOnError: true\n condition: always()\n retryCountOnTaskFailure: 10 # for any files being locked\n isProduction: false # logs are non-production artifacts\n\n - ${{ if eq(parameters.enablePublishBuildArtifacts, true) }}:\n - output: pipelineArtifact\n displayName: Publish Logs\n targetPath: '$(Build.ArtifactStagingDirectory)/artifacts/log/$(_BuildConfig)'\n artifactName: ${{ coalesce(parameters.enablePublishBuildArtifacts.artifactName, '$(Agent.Os)_$(Agent.JobName)_Attempt$(System.JobAttempt)' ) }}\n continueOnError: true\n condition: always()\n retryCountOnTaskFailure: 10 # for any files being locked\n isProduction: false # logs are non-production artifacts\n\n - ${{ if eq(parameters.enableBuildRetry, 'true') }}:\n - output: pipelineArtifact\n targetPath: '$(Build.ArtifactStagingDirectory)/artifacts/eng/common/BuildConfiguration'\n artifactName: 'BuildConfiguration'\n displayName: 'Publish build retry configuration'\n continueOnError: true\n retryCountOnTaskFailure: 10 # for any files being locked\n isProduction: false # BuildConfiguration is a non-production artifact\n\n # V4 publishing: automatically publish staged artifacts as a pipeline artifact.\n # The artifact name matches the SDK's FutureArtifactName ($(System.PhaseName)_Artifacts),\n # which is encoded in the asset manifest for downstream publishing to discover.\n # Jobs can opt in by setting enablePublishing: true.\n - ${{ if and(eq(parameters.publishingVersion, 4), eq(parameters.enablePublishing, 'true')) }}:\n - output: pipelineArtifact\n displayName: 'Publish V4 pipeline artifacts'\n targetPath: '$(Build.ArtifactStagingDirectory)/artifacts'\n artifactName: '$(System.PhaseName)_Artifacts'\n continueOnError: true\n retryCountOnTaskFailure: 10 # for any files being locked\n\n # add any outputs provided via root yaml\n - ${{ if ne(parameters.templateContext.outputs, '') }}:\n - ${{ each output in parameters.templateContext.outputs }}:\n - ${{ output }}\n \n # add any remaining templateContext properties\n ${{ each context in parameters.templateContext }}:\n ${{ if and(ne(context.key, 'outputParentDirectory'), ne(context.key, 'outputs')) }}:\n ${{ context.key }}: ${{ context.value }}\n\n ${{ each parameter in parameters }}:\n ${{ if and(ne(parameter.key, 'templateContext'), ne(parameter.key, 'is1ESPipeline')) }}:\n ${{ parameter.key }}: ${{ parameter.value }}\n"
},
{
"path": "eng/common/templates-official/job/onelocbuild.yml",
"content": "jobs:\n- template: /eng/common/core-templates/job/onelocbuild.yml\n parameters:\n is1ESPipeline: true\n\n ${{ each parameter in parameters }}:\n ${{ parameter.key }}: ${{ parameter.value }}\n"
},
{
"path": "eng/common/templates-official/job/publish-build-assets.yml",
"content": "jobs:\n- template: /eng/common/core-templates/job/publish-build-assets.yml\n parameters:\n is1ESPipeline: true\n\n ${{ each parameter in parameters }}:\n ${{ parameter.key }}: ${{ parameter.value }}\n"
},
{
"path": "eng/common/templates-official/job/source-build.yml",
"content": "jobs:\n- template: /eng/common/core-templates/job/source-build.yml\n parameters:\n is1ESPipeline: true\n\n ${{ each parameter in parameters }}:\n ${{ parameter.key }}: ${{ parameter.value }}\n"
},
{
"path": "eng/common/templates-official/job/source-index-stage1.yml",
"content": "jobs:\n- template: /eng/common/core-templates/job/source-index-stage1.yml\n parameters:\n is1ESPipeline: true\n\n ${{ each parameter in parameters }}:\n ${{ parameter.key }}: ${{ parameter.value }}\n"
},
{
"path": "eng/common/templates-official/jobs/codeql-build.yml",
"content": "jobs:\n- template: /eng/common/core-templates/jobs/codeql-build.yml\n parameters:\n is1ESPipeline: true\n\n ${{ each parameter in parameters }}:\n ${{ parameter.key }}: ${{ parameter.value }}\n"
},
{
"path": "eng/common/templates-official/jobs/jobs.yml",
"content": "jobs:\n- template: /eng/common/core-templates/jobs/jobs.yml\n parameters:\n is1ESPipeline: true\n\n ${{ each parameter in parameters }}:\n ${{ parameter.key }}: ${{ parameter.value }}\n"
},
{
"path": "eng/common/templates-official/jobs/source-build.yml",
"content": "jobs:\n- template: /eng/common/core-templates/jobs/source-build.yml\n parameters:\n is1ESPipeline: true\n\n ${{ each parameter in parameters }}:\n ${{ parameter.key }}: ${{ parameter.value }}"
},
{
"path": "eng/common/templates-official/post-build/common-variables.yml",
"content": "variables:\n- template: /eng/common/core-templates/post-build/common-variables.yml\n parameters:\n # Specifies whether to use 1ES\n is1ESPipeline: true\n\n ${{ each parameter in parameters }}:\n ${{ parameter.key }}: ${{ parameter.value }}"
},
{
"path": "eng/common/templates-official/post-build/post-build.yml",
"content": "stages:\n- template: /eng/common/core-templates/post-build/post-build.yml\n parameters:\n # Specifies whether to use 1ES\n is1ESPipeline: true\n\n ${{ each parameter in parameters }}:\n ${{ parameter.key }}: ${{ parameter.value }}\n"
},
{
"path": "eng/common/templates-official/post-build/setup-maestro-vars.yml",
"content": "steps:\n- template: /eng/common/core-templates/post-build/setup-maestro-vars.yml\n parameters:\n # Specifies whether to use 1ES\n is1ESPipeline: true\n\n ${{ each parameter in parameters }}:\n ${{ parameter.key }}: ${{ parameter.value }}"
},
{
"path": "eng/common/templates-official/steps/enable-internal-runtimes.yml",
"content": "# Obtains internal runtime download credentials and populates the 'dotnetbuilds-internal-container-read-token-base64'\n# variable with the base64-encoded SAS token, by default\nsteps:\n- template: /eng/common/core-templates/steps/enable-internal-runtimes.yml\n parameters:\n is1ESPipeline: true\n\n ${{ each parameter in parameters }}:\n ${{ parameter.key }}: ${{ parameter.value }}\n"
},
{
"path": "eng/common/templates-official/steps/enable-internal-sources.yml",
"content": "steps:\n- template: /eng/common/core-templates/steps/enable-internal-sources.yml\n parameters:\n is1ESPipeline: true\n\n ${{ each parameter in parameters }}:\n ${{ parameter.key }}: ${{ parameter.value }}"
},
{
"path": "eng/common/templates-official/steps/generate-sbom.yml",
"content": "steps:\n- template: /eng/common/core-templates/steps/generate-sbom.yml\n parameters:\n is1ESPipeline: true\n\n ${{ each parameter in parameters }}:\n ${{ parameter.key }}: ${{ parameter.value }}\n"
},
{
"path": "eng/common/templates-official/steps/get-delegation-sas.yml",
"content": "steps:\n- template: /eng/common/core-templates/steps/get-delegation-sas.yml\n parameters:\n is1ESPipeline: true\n\n ${{ each parameter in parameters }}:\n ${{ parameter.key }}: ${{ parameter.value }}\n"
},
{
"path": "eng/common/templates-official/steps/get-federated-access-token.yml",
"content": "steps:\n- template: /eng/common/core-templates/steps/get-federated-access-token.yml\n parameters:\n is1ESPipeline: true\n\n ${{ each parameter in parameters }}:\n ${{ parameter.key }}: ${{ parameter.value }}"
},
{
"path": "eng/common/templates-official/steps/publish-build-artifacts.yml",
"content": "parameters:\n- name: displayName\n type: string\n default: 'Publish to Build Artifact'\n\n- name: condition\n type: string\n default: succeeded()\n\n- name: artifactName\n type: string\n\n- name: pathToPublish\n type: string\n\n- name: continueOnError\n type: boolean\n default: false\n\n- name: publishLocation\n type: string\n default: 'Container'\n\n- name: is1ESPipeline\n type: boolean\n default: true\n\n- name: retryCountOnTaskFailure\n type: string\n default: 10\n \nsteps:\n- ${{ if ne(parameters.is1ESPipeline, true) }}:\n - 'eng/common/templates-official cannot be referenced from a non-1ES managed template': error\n- task: 1ES.PublishBuildArtifacts@1\n displayName: ${{ parameters.displayName }}\n condition: ${{ parameters.condition }}\n ${{ if parameters.continueOnError }}:\n continueOnError: ${{ parameters.continueOnError }}\n inputs:\n PublishLocation: ${{ parameters.publishLocation }}\n PathtoPublish: ${{ parameters.pathToPublish }}\n ${{ if parameters.artifactName }}:\n ArtifactName: ${{ parameters.artifactName }}\n ${{ if parameters.retryCountOnTaskFailure }}:\n retryCountOnTaskFailure: ${{ parameters.retryCountOnTaskFailure }}\n"
},
{
"path": "eng/common/templates-official/steps/publish-logs.yml",
"content": "steps:\n- template: /eng/common/core-templates/steps/publish-logs.yml\n parameters:\n is1ESPipeline: true\n\n ${{ each parameter in parameters }}:\n ${{ parameter.key }}: ${{ parameter.value }}\n"
},
{
"path": "eng/common/templates-official/steps/publish-pipeline-artifacts.yml",
"content": "parameters:\n- name: is1ESPipeline\n type: boolean\n default: true\n\n- name: args\n type: object\n default: {}\n\nsteps:\n- ${{ if ne(parameters.is1ESPipeline, true) }}:\n - 'eng/common/templates-official cannot be referenced from a non-1ES managed template': error\n- task: 1ES.PublishPipelineArtifact@1\n displayName: ${{ coalesce(parameters.args.displayName, 'Publish to Build Artifact') }}\n ${{ if parameters.args.condition }}:\n condition: ${{ parameters.args.condition }}\n ${{ else }}:\n condition: succeeded()\n ${{ if parameters.args.continueOnError }}:\n continueOnError: ${{ parameters.args.continueOnError }}\n inputs:\n targetPath: ${{ parameters.args.targetPath }}\n ${{ if parameters.args.artifactName }}:\n artifactName: ${{ parameters.args.artifactName }}\n ${{ if parameters.args.properties }}:\n properties: ${{ parameters.args.properties }}\n ${{ if ne(parameters.args.sbomEnabled, '') }}:\n sbomEnabled: ${{ parameters.args.sbomEnabled }}\n ${{ if ne(parameters.args.isProduction, '') }}:\n isProduction: ${{ parameters.args.isProduction }}\n"
},
{
"path": "eng/common/templates-official/steps/retain-build.yml",
"content": "steps:\n- template: /eng/common/core-templates/steps/retain-build.yml\n parameters:\n is1ESPipeline: true\n\n ${{ each parameter in parameters }}:\n ${{ parameter.key }}: ${{ parameter.value }}\n"
},
{
"path": "eng/common/templates-official/steps/send-to-helix.yml",
"content": "steps:\n- template: /eng/common/core-templates/steps/send-to-helix.yml\n parameters:\n is1ESPipeline: true\n\n ${{ each parameter in parameters }}:\n ${{ parameter.key }}: ${{ parameter.value }}\n"
},
{
"path": "eng/common/templates-official/steps/source-build.yml",
"content": "steps:\n- template: /eng/common/core-templates/steps/source-build.yml\n parameters:\n is1ESPipeline: true\n\n ${{ each parameter in parameters }}:\n ${{ parameter.key }}: ${{ parameter.value }}\n"
},
{
"path": "eng/common/templates-official/steps/source-index-stage1-publish.yml",
"content": "steps:\n- template: /eng/common/core-templates/steps/source-index-stage1-publish.yml\n parameters:\n is1ESPipeline: true\n\n ${{ each parameter in parameters }}:\n ${{ parameter.key }}: ${{ parameter.value }}\n"
},
{
"path": "eng/common/templates-official/variables/pool-providers.yml",
"content": "# Select a pool provider based off branch name. Anything with branch name containing 'release' must go into an -Svc pool, \n# otherwise it should go into the \"normal\" pools. This separates out the queueing and billing of released branches.\n\n# Motivation: \n# Once a given branch of a repository's output has been officially \"shipped\" once, it is then considered to be COGS\n# (Cost of goods sold) and should be moved to a servicing pool provider. This allows both separation of queueing\n# (allowing release builds and main PR builds to not intefere with each other) and billing (required for COGS.\n# Additionally, the pool provider name itself may be subject to change when the .NET Core Engineering Services \n# team needs to move resources around and create new and potentially differently-named pools. Using this template \n# file from an Arcade-ified repo helps guard against both having to update one's release/* branches and renaming.\n\n# How to use: \n# This yaml assumes your shipped product branches use the naming convention \"release/...\" (which many do).\n# If we find alternate naming conventions in broad usage it can be added to the condition below.\n#\n# First, import the template in an arcade-ified repo to pick up the variables, e.g.:\n#\n# variables:\n# - template: /eng/common/templates-official/variables/pool-providers.yml\n#\n# ... then anywhere specifying the pool provider use the runtime variables,\n# $(DncEngInternalBuildPool)\n#\n# pool:\n# name: $(DncEngInternalBuildPool)\n# image: windows.vs2026.amd64\n\nvariables:\n # Coalesce the target and source branches so we know when a PR targets a release branch\n # If these variables are somehow missing, fall back to main (tends to have more capacity)\n\n # Any new -Svc alternative pools should have variables added here to allow for splitting work\n\n - name: DncEngInternalBuildPool\n value: $[\n replace(\n replace(\n eq(contains(coalesce(variables['System.PullRequest.TargetBranch'], variables['Build.SourceBranch'], 'refs/heads/main'), 'release'), 'true'),\n True,\n 'NetCore1ESPool-Svc-Internal'\n ),\n False,\n 'NetCore1ESPool-Internal'\n )\n ]"
},
{
"path": "eng/common/templates-official/variables/sdl-variables.yml",
"content": "variables:\n# The Guardian version specified in 'eng/common/sdl/packages.config'. This value must be kept in\n# sync with the packages.config file.\n- name: DefaultGuardianVersion\n value: 0.109.0\n- name: GuardianPackagesConfigFile\n value: $(System.DefaultWorkingDirectory)\\eng\\common\\sdl\\packages.config"
},
{
"path": "eng/common/tools.ps1",
"content": "# Initialize variables if they aren't already defined.\n# These may be defined as parameters of the importing script, or set after importing this script.\n\n# CI mode - set to true on CI server for PR validation build or official build.\n[bool]$ci = if (Test-Path variable:ci) { $ci } else { $false }\n\n# Build configuration. Common values include 'Debug' and 'Release', but the repository may use other names.\n[string]$configuration = if (Test-Path variable:configuration) { $configuration } else { 'Debug' }\n\n# Set to true to opt out of outputting binary log while running in CI\n[bool]$excludeCIBinarylog = if (Test-Path variable:excludeCIBinarylog) { $excludeCIBinarylog } else { $false }\n\n# Set to true to output binary log from msbuild. Note that emitting binary log slows down the build.\n[bool]$binaryLog = if (Test-Path variable:binaryLog) { $binaryLog } else { $ci -and !$excludeCIBinarylog }\n\n# Set to true to use the pipelines logger which will enable Azure logging output.\n# https://github.com/Microsoft/azure-pipelines-tasks/blob/master/docs/authoring/commands.md\n# This flag is meant as a temporary opt-opt for the feature while validate it across\n# our consumers. It will be deleted in the future.\n[bool]$pipelinesLog = if (Test-Path variable:pipelinesLog) { $pipelinesLog } else { $ci }\n\n# Turns on machine preparation/clean up code that changes the machine state (e.g. kills build processes).\n[bool]$prepareMachine = if (Test-Path variable:prepareMachine) { $prepareMachine } else { $false }\n\n# True to restore toolsets and dependencies.\n[bool]$restore = if (Test-Path variable:restore) { $restore } else { $true }\n\n# Adjusts msbuild verbosity level.\n[string]$verbosity = if (Test-Path variable:verbosity) { $verbosity } else { 'minimal' }\n\n# Set to true to reuse msbuild nodes. Recommended to not reuse on CI.\n[bool]$nodeReuse = if (Test-Path variable:nodeReuse) { $nodeReuse } else { !$ci }\n\n# Configures warning treatment in msbuild.\n[bool]$warnAsError = if (Test-Path variable:warnAsError) { $warnAsError } else { $true }\n\n# Specifies which msbuild engine to use for build: 'vs', 'dotnet' or unspecified (determined based on presence of tools.vs in global.json).\n[string]$msbuildEngine = if (Test-Path variable:msbuildEngine) { $msbuildEngine } else { $null }\n\n# True to attempt using .NET Core already that meets requirements specified in global.json\n# installed on the machine instead of downloading one.\n[bool]$useInstalledDotNetCli = if (Test-Path variable:useInstalledDotNetCli) { $useInstalledDotNetCli } else { $true }\n\n# Enable repos to use a particular version of the on-line dotnet-install scripts.\n# default URL: https://builds.dotnet.microsoft.com/dotnet/scripts/v1/dotnet-install.ps1\n[string]$dotnetInstallScriptVersion = if (Test-Path variable:dotnetInstallScriptVersion) { $dotnetInstallScriptVersion } else { 'v1' }\n\n# True to use global NuGet cache instead of restoring packages to repository-local directory.\n[bool]$useGlobalNuGetCache = if (Test-Path variable:useGlobalNuGetCache) { $useGlobalNuGetCache } else { !$ci }\n\n# True to exclude prerelease versions Visual Studio during build\n[bool]$excludePrereleaseVS = if (Test-Path variable:excludePrereleaseVS) { $excludePrereleaseVS } else { $false }\n\n# An array of names of processes to stop on script exit if prepareMachine is true.\n$processesToStopOnExit = if (Test-Path variable:processesToStopOnExit) { $processesToStopOnExit } else { @('msbuild', 'dotnet', 'vbcscompiler') }\n\n$disableConfigureToolsetImport = if (Test-Path variable:disableConfigureToolsetImport) { $disableConfigureToolsetImport } else { $null }\n\nset-strictmode -version 2.0\n$ErrorActionPreference = 'Stop'\n[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12\n\n# If specifies, provides an alternate path for getting .NET Core SDKs and Runtimes. This script will still try public sources first.\n[string]$runtimeSourceFeed = if (Test-Path variable:runtimeSourceFeed) { $runtimeSourceFeed } else { $null }\n# Base-64 encoded SAS token that has permission to storage container described by $runtimeSourceFeed\n[string]$runtimeSourceFeedKey = if (Test-Path variable:runtimeSourceFeedKey) { $runtimeSourceFeedKey } else { $null }\n\n# True when the build is running within the VMR.\n[bool]$fromVMR = if (Test-Path variable:fromVMR) { $fromVMR } else { $false }\n\nfunction Create-Directory ([string[]] $path) {\n New-Item -Path $path -Force -ItemType 'Directory' | Out-Null\n}\n\nfunction Unzip([string]$zipfile, [string]$outpath) {\n Add-Type -AssemblyName System.IO.Compression.FileSystem\n [System.IO.Compression.ZipFile]::ExtractToDirectory($zipfile, $outpath)\n}\n\n# This will exec a process using the console and return it's exit code.\n# This will not throw when the process fails.\n# Returns process exit code.\nfunction Exec-Process([string]$command, [string]$commandArgs) {\n $startInfo = New-Object System.Diagnostics.ProcessStartInfo\n $startInfo.FileName = $command\n $startInfo.Arguments = $commandArgs\n $startInfo.UseShellExecute = $false\n $startInfo.WorkingDirectory = Get-Location\n\n $process = New-Object System.Diagnostics.Process\n $process.StartInfo = $startInfo\n $process.Start() | Out-Null\n\n $finished = $false\n try {\n while (-not $process.WaitForExit(100)) {\n # Non-blocking loop done to allow ctr-c interrupts\n }\n\n $finished = $true\n return $global:LASTEXITCODE = $process.ExitCode\n }\n finally {\n # If we didn't finish then an error occurred or the user hit ctrl-c. Either\n # way kill the process\n if (-not $finished) {\n $process.Kill()\n }\n }\n}\n\n# Take the given block, print it, print what the block probably references from the current set of\n# variables using low-effort string matching, then run the block.\n#\n# This is intended to replace the pattern of manually copy-pasting a command, wrapping it in quotes,\n# and printing it using \"Write-Host\". The copy-paste method is more readable in build logs, but less\n# maintainable and less reliable. It is easy to make a mistake and modify the command without\n# properly updating the \"Write-Host\" line, resulting in misleading build logs. The probability of\n# this mistake makes the pattern hard to trust when it shows up in build logs. Finding the bug in\n# existing source code can also be difficult, because the strings are not aligned to each other and\n# the line may be 300+ columns long.\n#\n# By removing the need to maintain two copies of the command, Exec-BlockVerbosely avoids the issues.\n#\n# In Bash (or any posix-like shell), \"set -x\" prints usable verbose output automatically.\n# \"Set-PSDebug\" appears to be similar at first glance, but unfortunately, it isn't very useful: it\n# doesn't print any info about the variables being used by the command, which is normally the\n# interesting part to diagnose.\nfunction Exec-BlockVerbosely([scriptblock] $block) {\n Write-Host \"--- Running script block:\"\n $blockString = $block.ToString().Trim()\n Write-Host $blockString\n\n Write-Host \"--- List of variables that might be used:\"\n # For each variable x in the environment, check the block for a reference to x via simple \"$x\" or\n # \"@x\" syntax. This doesn't detect other ways to reference variables (\"${x}\" nor \"$variable:x\",\n # among others). It only catches what this function was originally written for: simple\n # command-line commands.\n $variableTable = Get-Variable |\n Where-Object {\n $blockString.Contains(\"`$$($_.Name)\") -or $blockString.Contains(\"@$($_.Name)\")\n } |\n Format-Table -AutoSize -HideTableHeaders -Wrap |\n Out-String\n Write-Host $variableTable.Trim()\n\n Write-Host \"--- Executing:\"\n & $block\n Write-Host \"--- Done running script block!\"\n}\n\n# createSdkLocationFile parameter enables a file being generated under the toolset directory\n# which writes the sdk's location into. This is only necessary for cmd --> powershell invocations\n# as dot sourcing isn't possible.\nfunction InitializeDotNetCli([bool]$install, [bool]$createSdkLocationFile) {\n if (Test-Path variable:global:_DotNetInstallDir) {\n return $global:_DotNetInstallDir\n }\n\n # Don't resolve runtime, shared framework, or SDK from other locations to ensure build determinism\n $env:DOTNET_MULTILEVEL_LOOKUP=0\n\n # Disable first run since we do not need all ASP.NET packages restored.\n $env:DOTNET_NOLOGO=1\n\n # Disable telemetry on CI.\n if ($ci) {\n $env:DOTNET_CLI_TELEMETRY_OPTOUT=1\n }\n\n # Find the first path on %PATH% that contains the dotnet.exe\n if ($useInstalledDotNetCli -and (-not $globalJsonHasRuntimes) -and ($env:DOTNET_INSTALL_DIR -eq $null)) {\n $dotnetExecutable = GetExecutableFileName 'dotnet'\n $dotnetCmd = Get-Command $dotnetExecutable -ErrorAction SilentlyContinue\n\n if ($dotnetCmd -ne $null) {\n $env:DOTNET_INSTALL_DIR = Split-Path $dotnetCmd.Path -Parent\n }\n }\n\n $dotnetSdkVersion = $GlobalJson.tools.dotnet\n\n # Use dotnet installation specified in DOTNET_INSTALL_DIR if it contains the required SDK version,\n # otherwise install the dotnet CLI and SDK to repo local .dotnet directory to avoid potential permission issues.\n if ((-not $globalJsonHasRuntimes) -and (-not [string]::IsNullOrEmpty($env:DOTNET_INSTALL_DIR)) -and (Test-Path(Join-Path $env:DOTNET_INSTALL_DIR \"sdk\\$dotnetSdkVersion\"))) {\n $dotnetRoot = $env:DOTNET_INSTALL_DIR\n } else {\n $dotnetRoot = Join-Path $RepoRoot '.dotnet'\n\n if (-not (Test-Path(Join-Path $dotnetRoot \"sdk\\$dotnetSdkVersion\"))) {\n if ($install) {\n InstallDotNetSdk $dotnetRoot $dotnetSdkVersion\n } else {\n Write-PipelineTelemetryError -Category 'InitializeToolset' -Message \"Unable to find dotnet with SDK version '$dotnetSdkVersion'\"\n ExitWithExitCode 1\n }\n }\n\n $env:DOTNET_INSTALL_DIR = $dotnetRoot\n }\n\n # Creates a temporary file under the toolset dir.\n # The following code block is protecting against concurrent access so that this function can\n # be called in parallel.\n if ($createSdkLocationFile) {\n do {\n $sdkCacheFileTemp = Join-Path $ToolsetDir $([System.IO.Path]::GetRandomFileName())\n }\n until (!(Test-Path $sdkCacheFileTemp))\n Set-Content -Path $sdkCacheFileTemp -Value $dotnetRoot\n\n try {\n Move-Item -Force $sdkCacheFileTemp (Join-Path $ToolsetDir 'sdk.txt')\n } catch {\n # Somebody beat us\n Remove-Item -Path $sdkCacheFileTemp\n }\n }\n\n # Add dotnet to PATH. This prevents any bare invocation of dotnet in custom\n # build steps from using anything other than what we've downloaded.\n # It also ensures that VS msbuild will use the downloaded sdk targets.\n $env:PATH = \"$dotnetRoot;$env:PATH\"\n\n # Make Sure that our bootstrapped dotnet cli is available in future steps of the Azure Pipelines build\n Write-PipelinePrependPath -Path $dotnetRoot\n\n Write-PipelineSetVariable -Name 'DOTNET_MULTILEVEL_LOOKUP' -Value '0'\n Write-PipelineSetVariable -Name 'DOTNET_NOLOGO' -Value '1'\n\n return $global:_DotNetInstallDir = $dotnetRoot\n}\n\nfunction Retry($downloadBlock, $maxRetries = 5) {\n $retries = 1\n\n while($true) {\n try {\n & $downloadBlock\n break\n }\n catch {\n Write-PipelineTelemetryError -Category 'InitializeToolset' -Message $_\n }\n\n if (++$retries -le $maxRetries) {\n $delayInSeconds = [math]::Pow(2, $retries) - 1 # Exponential backoff\n Write-Host \"Retrying. Waiting for $delayInSeconds seconds before next attempt ($retries of $maxRetries).\"\n Start-Sleep -Seconds $delayInSeconds\n }\n else {\n Write-PipelineTelemetryError -Category 'InitializeToolset' -Message \"Unable to download file in $maxRetries attempts.\"\n break\n }\n }\n}\n\nfunction GetDotNetInstallScript([string] $dotnetRoot) {\n $installScript = Join-Path $dotnetRoot 'dotnet-install.ps1'\n $shouldDownload = $false\n \n if (!(Test-Path $installScript)) {\n $shouldDownload = $true\n } else {\n # Check if the script is older than 30 days\n $fileAge = (Get-Date) - (Get-Item $installScript).LastWriteTime\n if ($fileAge.Days -gt 30) {\n Write-Host \"Existing install script is too old, re-downloading...\"\n $shouldDownload = $true\n }\n }\n \n if ($shouldDownload) {\n Create-Directory $dotnetRoot\n $ProgressPreference = 'SilentlyContinue' # Don't display the console progress UI - it's a huge perf hit\n $uri = \"https://builds.dotnet.microsoft.com/dotnet/scripts/$dotnetInstallScriptVersion/dotnet-install.ps1\"\n\n Retry({\n Write-Host \"GET $uri\"\n Invoke-WebRequest $uri -UseBasicParsing -OutFile $installScript\n })\n }\n\n return $installScript\n}\n\nfunction InstallDotNetSdk([string] $dotnetRoot, [string] $version, [string] $architecture = '', [switch] $noPath) {\n InstallDotNet $dotnetRoot $version $architecture '' $false $runtimeSourceFeed $runtimeSourceFeedKey -noPath:$noPath\n}\n\nfunction InstallDotNet([string] $dotnetRoot,\n [string] $version,\n [string] $architecture = '',\n [string] $runtime = '',\n [bool] $skipNonVersionedFiles = $false,\n [string] $runtimeSourceFeed = '',\n [string] $runtimeSourceFeedKey = '',\n [switch] $noPath) {\n\n $dotnetVersionLabel = \"'sdk v$version'\"\n\n if ($runtime -ne '' -and $runtime -ne 'sdk') {\n $runtimePath = $dotnetRoot\n $runtimePath = $runtimePath + \"\\shared\"\n if ($runtime -eq \"dotnet\") { $runtimePath = $runtimePath + \"\\Microsoft.NETCore.App\" }\n if ($runtime -eq \"aspnetcore\") { $runtimePath = $runtimePath + \"\\Microsoft.AspNetCore.App\" }\n if ($runtime -eq \"windowsdesktop\") { $runtimePath = $runtimePath + \"\\Microsoft.WindowsDesktop.App\" }\n $runtimePath = $runtimePath + \"\\\" + $version\n \n $dotnetVersionLabel = \"runtime toolset '$runtime/$architecture v$version'\"\n\n if (Test-Path $runtimePath) {\n Write-Host \" Runtime toolset '$runtime/$architecture v$version' already installed.\"\n $installSuccess = $true\n Exit\n }\n }\n\n $installScript = GetDotNetInstallScript $dotnetRoot\n $installParameters = @{\n Version = $version\n InstallDir = $dotnetRoot\n }\n\n if ($architecture) { $installParameters.Architecture = $architecture }\n if ($runtime) { $installParameters.Runtime = $runtime }\n if ($skipNonVersionedFiles) { $installParameters.SkipNonVersionedFiles = $skipNonVersionedFiles }\n if ($noPath) { $installParameters.NoPath = $True }\n\n $variations = @()\n $variations += @($installParameters)\n\n $dotnetBuilds = $installParameters.Clone()\n $dotnetbuilds.AzureFeed = \"https://ci.dot.net/public\"\n $variations += @($dotnetBuilds)\n\n if ($runtimeSourceFeed) {\n $runtimeSource = $installParameters.Clone()\n $runtimeSource.AzureFeed = $runtimeSourceFeed\n if ($runtimeSourceFeedKey) {\n $decodedBytes = [System.Convert]::FromBase64String($runtimeSourceFeedKey)\n $decodedString = [System.Text.Encoding]::UTF8.GetString($decodedBytes)\n $runtimeSource.FeedCredential = $decodedString\n }\n $variations += @($runtimeSource)\n }\n\n $installSuccess = $false\n foreach ($variation in $variations) {\n if ($variation | Get-Member AzureFeed) {\n $location = $variation.AzureFeed\n } else {\n $location = \"public location\";\n }\n Write-Host \" Attempting to install $dotnetVersionLabel from $location.\"\n try {\n & $installScript @variation\n $installSuccess = $true\n break\n }\n catch {\n Write-Host \" Failed to install $dotnetVersionLabel from $location.\"\n }\n }\n if (-not $installSuccess) {\n Write-PipelineTelemetryError -Category 'InitializeToolset' -Message \"Failed to install $dotnetVersionLabel from any of the specified locations.\"\n ExitWithExitCode 1\n }\n}\n\n#\n# Locates Visual Studio MSBuild installation.\n# The preference order for MSBuild to use is as follows:\n#\n# 1. MSBuild from an active VS command prompt\n# 2. MSBuild from a compatible VS installation\n# 3. MSBuild from the xcopy tool package\n#\n# Returns full path to msbuild.exe.\n# Throws on failure.\n#\nfunction InitializeVisualStudioMSBuild([bool]$install, [object]$vsRequirements = $null) {\n if (-not (IsWindowsPlatform)) {\n throw \"Cannot initialize Visual Studio on non-Windows\"\n }\n\n if (Test-Path variable:global:_MSBuildExe) {\n return $global:_MSBuildExe\n }\n\n # Minimum VS version to require.\n $vsMinVersionReqdStr = '17.7'\n $vsMinVersionReqd = [Version]::new($vsMinVersionReqdStr)\n\n # If the version of msbuild is going to be xcopied,\n # use this version. Version matches a package here:\n # https://dev.azure.com/dnceng/public/_artifacts/feed/dotnet-eng/NuGet/Microsoft.DotNet.Arcade.MSBuild.Xcopy/versions/18.0.0\n $defaultXCopyMSBuildVersion = '18.0.0'\n\n if (!$vsRequirements) {\n if (Get-Member -InputObject $GlobalJson.tools -Name 'vs') {\n $vsRequirements = $GlobalJson.tools.vs\n }\n else {\n $vsRequirements = New-Object PSObject -Property @{ version = $vsMinVersionReqdStr }\n }\n }\n $vsMinVersionStr = if ($vsRequirements.version) { $vsRequirements.version } else { $vsMinVersionReqdStr }\n $vsMinVersion = [Version]::new($vsMinVersionStr)\n\n # Try msbuild command available in the environment.\n if ($env:VSINSTALLDIR -ne $null) {\n $msbuildCmd = Get-Command 'msbuild.exe' -ErrorAction SilentlyContinue\n if ($msbuildCmd -ne $null) {\n # Workaround for https://github.com/dotnet/roslyn/issues/35793\n # Due to this issue $msbuildCmd.Version returns 0.0.0.0 for msbuild.exe 16.2+\n $msbuildVersion = [Version]::new((Get-Item $msbuildCmd.Path).VersionInfo.ProductVersion.Split([char[]]@('-', '+'))[0])\n\n if ($msbuildVersion -ge $vsMinVersion) {\n return $global:_MSBuildExe = $msbuildCmd.Path\n }\n\n # Report error - the developer environment is initialized with incompatible VS version.\n throw \"Developer Command Prompt for VS $($env:VisualStudioVersion) is not recent enough. Please upgrade to $vsMinVersionStr or build from a plain CMD window\"\n }\n }\n\n # Locate Visual Studio installation or download x-copy msbuild.\n $vsInfo = LocateVisualStudio $vsRequirements\n if ($vsInfo -ne $null -and $env:ForceUseXCopyMSBuild -eq $null) {\n # Ensure vsInstallDir has a trailing slash\n $vsInstallDir = Join-Path $vsInfo.installationPath \"\\\"\n $vsMajorVersion = $vsInfo.installationVersion.Split('.')[0]\n\n InitializeVisualStudioEnvironmentVariables $vsInstallDir $vsMajorVersion\n } else {\n if (Get-Member -InputObject $GlobalJson.tools -Name 'xcopy-msbuild') {\n $xcopyMSBuildVersion = $GlobalJson.tools.'xcopy-msbuild'\n $vsMajorVersion = $xcopyMSBuildVersion.Split('.')[0]\n } else {\n #if vs version provided in global.json is incompatible (too low) then use the default version for xcopy msbuild download\n if($vsMinVersion -lt $vsMinVersionReqd){\n Write-Host \"Using xcopy-msbuild version of $defaultXCopyMSBuildVersion since VS version $vsMinVersionStr provided in global.json is not compatible\"\n $xcopyMSBuildVersion = $defaultXCopyMSBuildVersion\n $vsMajorVersion = $xcopyMSBuildVersion.Split('.')[0]\n }\n else{\n # If the VS version IS compatible, look for an xcopy msbuild package\n # with a version matching VS.\n # Note: If this version does not exist, then an explicit version of xcopy msbuild\n # can be specified in global.json. This will be required for pre-release versions of msbuild.\n $vsMajorVersion = $vsMinVersion.Major\n $vsMinorVersion = $vsMinVersion.Minor\n $xcopyMSBuildVersion = \"$vsMajorVersion.$vsMinorVersion.0\"\n }\n }\n\n $vsInstallDir = $null\n if ($xcopyMSBuildVersion.Trim() -ine \"none\") {\n $vsInstallDir = InitializeXCopyMSBuild $xcopyMSBuildVersion $install\n if ($vsInstallDir -eq $null) {\n throw \"Could not xcopy msbuild. Please check that package 'Microsoft.DotNet.Arcade.MSBuild.Xcopy @ $xcopyMSBuildVersion' exists on feed 'dotnet-eng'.\"\n }\n }\n if ($vsInstallDir -eq $null) {\n throw 'Unable to find Visual Studio that has required version and components installed'\n }\n }\n\n $msbuildVersionDir = if ([int]$vsMajorVersion -lt 16) { \"$vsMajorVersion.0\" } else { \"Current\" }\n\n $local:BinFolder = Join-Path $vsInstallDir \"MSBuild\\$msbuildVersionDir\\Bin\"\n $local:Prefer64bit = if (Get-Member -InputObject $vsRequirements -Name 'Prefer64bit') { $vsRequirements.Prefer64bit } else { $false }\n if ($local:Prefer64bit -and (Test-Path(Join-Path $local:BinFolder \"amd64\"))) {\n $global:_MSBuildExe = Join-Path $local:BinFolder \"amd64\\msbuild.exe\"\n } else {\n $global:_MSBuildExe = Join-Path $local:BinFolder \"msbuild.exe\"\n }\n\n return $global:_MSBuildExe\n}\n\nfunction InitializeVisualStudioEnvironmentVariables([string] $vsInstallDir, [string] $vsMajorVersion) {\n $env:VSINSTALLDIR = $vsInstallDir\n Set-Item \"env:VS$($vsMajorVersion)0COMNTOOLS\" (Join-Path $vsInstallDir \"Common7\\Tools\\\")\n\n $vsSdkInstallDir = Join-Path $vsInstallDir \"VSSDK\\\"\n if (Test-Path $vsSdkInstallDir) {\n Set-Item \"env:VSSDK$($vsMajorVersion)0Install\" $vsSdkInstallDir\n $env:VSSDKInstall = $vsSdkInstallDir\n }\n}\n\nfunction InstallXCopyMSBuild([string]$packageVersion) {\n return InitializeXCopyMSBuild $packageVersion -install $true\n}\n\nfunction InitializeXCopyMSBuild([string]$packageVersion, [bool]$install) {\n $packageName = 'Microsoft.DotNet.Arcade.MSBuild.Xcopy'\n $packageDir = Join-Path $ToolsDir \"msbuild\\$packageVersion\"\n $packagePath = Join-Path $packageDir \"$packageName.$packageVersion.nupkg\"\n\n if (!(Test-Path $packageDir)) {\n if (!$install) {\n return $null\n }\n\n Create-Directory $packageDir\n\n Write-Host \"Downloading $packageName $packageVersion\"\n $ProgressPreference = 'SilentlyContinue' # Don't display the console progress UI - it's a huge perf hit\n Retry({\n Invoke-WebRequest \"https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-eng/nuget/v3/flat2/$packageName/$packageVersion/$packageName.$packageVersion.nupkg\" -UseBasicParsing -OutFile $packagePath\n })\n\n if (!(Test-Path $packagePath)) {\n Write-PipelineTelemetryError -Category 'InitializeToolset' -Message \"See https://dev.azure.com/dnceng/internal/_wiki/wikis/DNCEng%20Services%20Wiki/1074/Updating-Microsoft.DotNet.Arcade.MSBuild.Xcopy-WAS-RoslynTools.MSBuild-(xcopy-msbuild)-generation?anchor=troubleshooting for help troubleshooting issues with XCopy MSBuild\"\n throw\n }\n Unzip $packagePath $packageDir\n }\n\n return Join-Path $packageDir 'tools'\n}\n\n#\n# Locates Visual Studio instance that meets the minimal requirements specified by tools.vs object in global.json.\n#\n# The following properties of tools.vs are recognized:\n# \"version\": \"{major}.{minor}\"\n# Two part minimal VS version, e.g. \"15.9\", \"16.0\", etc.\n# \"components\": [\"componentId1\", \"componentId2\", ...]\n# Array of ids of workload components that must be available in the VS instance.\n# See e.g. https://docs.microsoft.com/en-us/visualstudio/install/workload-component-id-vs-enterprise?view=vs-2017\n#\n# Returns JSON describing the located VS instance (same format as returned by vswhere),\n# or $null if no instance meeting the requirements is found on the machine.\n#\nfunction LocateVisualStudio([object]$vsRequirements = $null){\n if (-not (IsWindowsPlatform)) {\n throw \"Cannot run vswhere on non-Windows platforms.\"\n }\n\n if (Get-Member -InputObject $GlobalJson.tools -Name 'vswhere') {\n $vswhereVersion = $GlobalJson.tools.vswhere\n } else {\n # keep this in sync with the VSWhereVersion in DefaultVersions.props\n $vswhereVersion = '3.1.7'\n }\n\n $vsWhereDir = Join-Path $ToolsDir \"vswhere\\$vswhereVersion\"\n $vsWhereExe = Join-Path $vsWhereDir 'vswhere.exe'\n\n if (!(Test-Path $vsWhereExe)) {\n Create-Directory $vsWhereDir\n Write-Host \"Downloading vswhere $vswhereVersion\"\n $ProgressPreference = 'SilentlyContinue' # Don't display the console progress UI - it's a huge perf hit\n Retry({\n Invoke-WebRequest \"https://netcorenativeassets.blob.core.windows.net/resource-packages/external/windows/vswhere/$vswhereVersion/vswhere.exe\" -UseBasicParsing -OutFile $vswhereExe\n })\n }\n\n if (!$vsRequirements) {\n if (Get-Member -InputObject $GlobalJson.tools -Name 'vs' -ErrorAction SilentlyContinue) {\n $vsRequirements = $GlobalJson.tools.vs\n } else {\n $vsRequirements = $null\n }\n }\n\n $args = @('-latest', '-format', 'json', '-requires', 'Microsoft.Component.MSBuild', '-products', '*')\n\n if (!$excludePrereleaseVS) {\n $args += '-prerelease'\n }\n\n if ($vsRequirements -and (Get-Member -InputObject $vsRequirements -Name 'version' -ErrorAction SilentlyContinue)) {\n $args += '-version'\n $args += $vsRequirements.version\n }\n\n if ($vsRequirements -and (Get-Member -InputObject $vsRequirements -Name 'components' -ErrorAction SilentlyContinue)) {\n foreach ($component in $vsRequirements.components) {\n $args += '-requires'\n $args += $component\n }\n }\n\n $vsInfo =& $vsWhereExe $args | ConvertFrom-Json\n\n if ($lastExitCode -ne 0) {\n return $null\n }\n\n # use first matching instance\n return $vsInfo[0]\n}\n\nfunction InitializeBuildTool() {\n if (Test-Path variable:global:_BuildTool) {\n # If the requested msbuild parameters do not match, clear the cached variables.\n if($global:_BuildTool.Contains('ExcludePrereleaseVS') -and $global:_BuildTool.ExcludePrereleaseVS -ne $excludePrereleaseVS) {\n Remove-Item variable:global:_BuildTool\n Remove-Item variable:global:_MSBuildExe\n } else {\n return $global:_BuildTool\n }\n }\n\n if (-not $msbuildEngine) {\n $msbuildEngine = GetDefaultMSBuildEngine\n }\n\n # Initialize dotnet cli if listed in 'tools'\n $dotnetRoot = $null\n if (Get-Member -InputObject $GlobalJson.tools -Name 'dotnet') {\n $dotnetRoot = InitializeDotNetCli -install:$restore\n }\n\n if ($msbuildEngine -eq 'dotnet') {\n if (!$dotnetRoot) {\n Write-PipelineTelemetryError -Category 'InitializeToolset' -Message \"/global.json must specify 'tools.dotnet'.\"\n ExitWithExitCode 1\n }\n $dotnetPath = Join-Path $dotnetRoot (GetExecutableFileName 'dotnet')\n\n $buildTool = @{ Path = $dotnetPath; Command = 'msbuild'; Tool = 'dotnet'; Framework = 'net' }\n } elseif ($msbuildEngine -eq \"vs\") {\n try {\n $msbuildPath = InitializeVisualStudioMSBuild -install:$restore\n } catch {\n Write-PipelineTelemetryError -Category 'InitializeToolset' -Message $_\n ExitWithExitCode 1\n }\n\n $buildTool = @{ Path = $msbuildPath; Command = \"\"; Tool = \"vs\"; Framework = \"netframework\"; ExcludePrereleaseVS = $excludePrereleaseVS }\n } else {\n Write-PipelineTelemetryError -Category 'InitializeToolset' -Message \"Unexpected value of -msbuildEngine: '$msbuildEngine'.\"\n ExitWithExitCode 1\n }\n\n return $global:_BuildTool = $buildTool\n}\n\nfunction GetDefaultMSBuildEngine() {\n # Presence of tools.vs indicates the repo needs to build using VS msbuild on Windows.\n if (Get-Member -InputObject $GlobalJson.tools -Name 'vs') {\n return 'vs'\n }\n\n if (Get-Member -InputObject $GlobalJson.tools -Name 'dotnet') {\n return 'dotnet'\n }\n\n Write-PipelineTelemetryError -Category 'InitializeToolset' -Message \"-msbuildEngine must be specified, or /global.json must specify 'tools.dotnet' or 'tools.vs'.\"\n ExitWithExitCode 1\n}\n\nfunction GetNuGetPackageCachePath() {\n if ($env:NUGET_PACKAGES -eq $null) {\n # Use local cache on CI to ensure deterministic build.\n # Avoid using the http cache as workaround for https://github.com/NuGet/Home/issues/3116\n # use global cache in dev builds to avoid cost of downloading packages.\n # For directory normalization, see also: https://github.com/NuGet/Home/issues/7968\n if ($useGlobalNuGetCache) {\n $env:NUGET_PACKAGES = Join-Path $env:UserProfile '.nuget\\packages\\'\n } else {\n $env:NUGET_PACKAGES = Join-Path $RepoRoot '.packages\\'\n }\n }\n\n return $env:NUGET_PACKAGES\n}\n\n# Returns a full path to an Arcade SDK task project file.\nfunction GetSdkTaskProject([string]$taskName) {\n return Join-Path (Split-Path (InitializeToolset) -Parent) \"SdkTasks\\$taskName.proj\"\n}\n\nfunction InitializeNativeTools() {\n if (-Not (Test-Path variable:DisableNativeToolsetInstalls) -And (Get-Member -InputObject $GlobalJson -Name \"native-tools\")) {\n $nativeArgs= @{}\n if ($ci) {\n $nativeArgs = @{\n InstallDirectory = \"$ToolsDir\"\n }\n }\n if ($env:NativeToolsOnMachine) {\n Write-Host \"Variable NativeToolsOnMachine detected, enabling native tool path promotion...\"\n $nativeArgs += @{ PathPromotion = $true }\n }\n & \"$PSScriptRoot/init-tools-native.ps1\" @nativeArgs\n }\n}\n\nfunction Read-ArcadeSdkVersion() {\n return $GlobalJson.'msbuild-sdks'.'Microsoft.DotNet.Arcade.Sdk'\n}\n\nfunction InitializeToolset() {\n # For Unified Build/Source-build support, check whether the environment variable is\n # set. If it is, then use this as the toolset build project.\n if ($env:_InitializeToolset -ne $null) {\n return $global:_InitializeToolset = $env:_InitializeToolset\n }\n\n if (Test-Path variable:global:_InitializeToolset) {\n return $global:_InitializeToolset\n }\n\n $nugetCache = GetNuGetPackageCachePath\n\n $toolsetVersion = Read-ArcadeSdkVersion\n $toolsetLocationFile = Join-Path $ToolsetDir \"$toolsetVersion.txt\"\n\n if (Test-Path $toolsetLocationFile) {\n $path = Get-Content $toolsetLocationFile -TotalCount 1\n if (Test-Path $path) {\n return $global:_InitializeToolset = $path\n }\n }\n\n if (-not $restore) {\n Write-PipelineTelemetryError -Category 'InitializeToolset' -Message \"Toolset version $toolsetVersion has not been restored.\"\n ExitWithExitCode 1\n }\n\n $buildTool = InitializeBuildTool\n\n $proj = Join-Path $ToolsetDir 'restore.proj'\n $bl = if ($binaryLog) { '/bl:' + (Join-Path $LogDir 'ToolsetRestore.binlog') } else { '' }\n\n '' | Set-Content $proj\n\n MSBuild-Core $proj $bl /t:__WriteToolsetLocation /clp:ErrorsOnly`;NoSummary /p:__ToolsetLocationOutputFile=$toolsetLocationFile\n\n $path = Get-Content $toolsetLocationFile -Encoding UTF8 -TotalCount 1\n if (!(Test-Path $path)) {\n throw \"Invalid toolset path: $path\"\n }\n\n return $global:_InitializeToolset = $path\n}\n\nfunction ExitWithExitCode([int] $exitCode) {\n if ($ci -and $prepareMachine) {\n Stop-Processes\n }\n exit $exitCode\n}\n\n# Check if $LASTEXITCODE is a nonzero exit code (NZEC). If so, print a Azure Pipeline error for\n# diagnostics, then exit the script with the $LASTEXITCODE.\nfunction Exit-IfNZEC([string] $category = \"General\") {\n Write-Host \"Exit code $LASTEXITCODE\"\n if ($LASTEXITCODE -ne 0) {\n $message = \"Last command failed with exit code $LASTEXITCODE.\"\n Write-PipelineTelemetryError -Force -Category $category -Message $message\n ExitWithExitCode $LASTEXITCODE\n }\n}\n\nfunction Stop-Processes() {\n Write-Host 'Killing running build processes...'\n foreach ($processName in $processesToStopOnExit) {\n Get-Process -Name $processName -ErrorAction SilentlyContinue | Stop-Process\n }\n}\n\n#\n# Executes msbuild (or 'dotnet msbuild') with arguments passed to the function.\n# The arguments are automatically quoted.\n# Terminates the script if the build fails.\n#\nfunction MSBuild() {\n if ($pipelinesLog) {\n $buildTool = InitializeBuildTool\n\n if ($ci -and $buildTool.Tool -eq 'dotnet') {\n $env:NUGET_PLUGIN_HANDSHAKE_TIMEOUT_IN_SECONDS = 20\n $env:NUGET_PLUGIN_REQUEST_TIMEOUT_IN_SECONDS = 20\n Write-PipelineSetVariable -Name 'NUGET_PLUGIN_HANDSHAKE_TIMEOUT_IN_SECONDS' -Value '20'\n Write-PipelineSetVariable -Name 'NUGET_PLUGIN_REQUEST_TIMEOUT_IN_SECONDS' -Value '20'\n }\n\n Enable-Nuget-EnhancedRetry\n\n $toolsetBuildProject = InitializeToolset\n $basePath = Split-Path -parent $toolsetBuildProject\n $selectedPath = Join-Path $basePath (Join-Path $buildTool.Framework 'Microsoft.DotNet.ArcadeLogging.dll')\n\n if (-not $selectedPath) {\n Write-PipelineTelemetryError -Category 'Build' -Message \"Unable to find arcade sdk logger assembly: $selectedPath\"\n ExitWithExitCode 1\n }\n\n $args += \"/logger:$selectedPath\"\n }\n\n MSBuild-Core @args\n}\n\n#\n# Executes msbuild (or 'dotnet msbuild') with arguments passed to the function.\n# The arguments are automatically quoted.\n# Terminates the script if the build fails.\n#\nfunction MSBuild-Core() {\n if ($ci) {\n if (!$binaryLog -and !$excludeCIBinarylog) {\n Write-PipelineTelemetryError -Category 'Build' -Message 'Binary log must be enabled in CI build, or explicitly opted-out from with the -excludeCIBinarylog switch.'\n ExitWithExitCode 1\n }\n\n if ($nodeReuse) {\n Write-PipelineTelemetryError -Category 'Build' -Message 'Node reuse must be disabled in CI build.'\n ExitWithExitCode 1\n }\n }\n\n Enable-Nuget-EnhancedRetry\n\n $buildTool = InitializeBuildTool\n\n $cmdArgs = \"$($buildTool.Command) /m /nologo /clp:Summary /v:$verbosity /nr:$nodeReuse /p:ContinuousIntegrationBuild=$ci\"\n\n # Add -mt flag for MSBuild multithreaded mode if enabled via environment variable\n if ($env:MSBUILD_MT_ENABLED -eq \"1\") {\n $cmdArgs += ' -mt'\n }\n\n if ($warnAsError) {\n $cmdArgs += ' /warnaserror /p:TreatWarningsAsErrors=true'\n }\n else {\n $cmdArgs += ' /p:TreatWarningsAsErrors=false'\n }\n\n foreach ($arg in $args) {\n if ($null -ne $arg -and $arg.Trim() -ne \"\") {\n if ($arg.EndsWith('\\')) {\n $arg = $arg + \"\\\"\n }\n $cmdArgs += \" `\"$arg`\"\"\n }\n }\n\n # Be sure quote the path in case there are spaces in the dotnet installation location.\n $env:ARCADE_BUILD_TOOL_COMMAND = \"`\"$($buildTool.Path)`\" $cmdArgs\"\n\n $exitCode = Exec-Process $buildTool.Path $cmdArgs\n\n if ($exitCode -ne 0) {\n # We should not Write-PipelineTaskError here because that message shows up in the build summary\n # The build already logged an error, that's the reason it failed. Producing an error here only adds noise.\n Write-Host \"Build failed with exit code $exitCode. Check errors above.\" -ForegroundColor Red\n\n $buildLog = GetMSBuildBinaryLogCommandLineArgument $args\n if ($null -ne $buildLog) {\n Write-Host \"See log: $buildLog\" -ForegroundColor DarkGray\n }\n\n # When running on Azure Pipelines, override the returned exit code to avoid double logging.\n # Skip this when the build is a child of the VMR build.\n if ($ci -and $env:SYSTEM_TEAMPROJECT -ne $null -and !$fromVMR) {\n Write-PipelineSetResult -Result \"Failed\" -Message \"msbuild execution failed.\"\n # Exiting with an exit code causes the azure pipelines task to log yet another \"noise\" error\n # The above Write-PipelineSetResult will cause the task to be marked as failure without adding yet another error\n ExitWithExitCode 0\n } else {\n ExitWithExitCode $exitCode\n }\n }\n}\n\nfunction GetMSBuildBinaryLogCommandLineArgument($arguments) {\n foreach ($argument in $arguments) {\n if ($argument -ne $null) {\n $arg = $argument.Trim()\n if ($arg.StartsWith('/bl:', \"OrdinalIgnoreCase\")) {\n return $arg.Substring('/bl:'.Length)\n }\n\n if ($arg.StartsWith('/binaryLogger:', 'OrdinalIgnoreCase')) {\n return $arg.Substring('/binaryLogger:'.Length)\n }\n }\n }\n\n return $null\n}\n\nfunction GetExecutableFileName($baseName) {\n if (IsWindowsPlatform) {\n return \"$baseName.exe\"\n }\n else {\n return $baseName\n }\n}\n\nfunction IsWindowsPlatform() {\n return [environment]::OSVersion.Platform -eq [PlatformID]::Win32NT\n}\n\nfunction Get-Darc($version) {\n $darcPath = \"$TempDir\\darc\\$([guid]::NewGuid())\"\n if ($version -ne $null) {\n & $PSScriptRoot\\darc-init.ps1 -toolpath $darcPath -darcVersion $version | Out-Host\n } else {\n & $PSScriptRoot\\darc-init.ps1 -toolpath $darcPath | Out-Host\n }\n return \"$darcPath\\darc.exe\"\n}\n\n. $PSScriptRoot\\pipeline-logging-functions.ps1\n\n$RepoRoot = Resolve-Path (Join-Path $PSScriptRoot '..\\..\\')\n$EngRoot = Resolve-Path (Join-Path $PSScriptRoot '..')\n$ArtifactsDir = Join-Path $RepoRoot 'artifacts'\n$ToolsetDir = Join-Path $ArtifactsDir 'toolset'\n$ToolsDir = Join-Path $RepoRoot '.tools'\n$LogDir = Join-Path (Join-Path $ArtifactsDir 'log') $configuration\n$TempDir = Join-Path (Join-Path $ArtifactsDir 'tmp') $configuration\n$GlobalJson = Get-Content -Raw -Path (Join-Path $RepoRoot 'global.json') | ConvertFrom-Json\n# true if global.json contains a \"runtimes\" section\n$globalJsonHasRuntimes = if ($GlobalJson.tools.PSObject.Properties.Name -Match 'runtimes') { $true } else { $false }\n\nCreate-Directory $ToolsetDir\nCreate-Directory $TempDir\nCreate-Directory $LogDir\n\nWrite-PipelineSetVariable -Name 'Artifacts' -Value $ArtifactsDir\nWrite-PipelineSetVariable -Name 'Artifacts.Toolset' -Value $ToolsetDir\nWrite-PipelineSetVariable -Name 'Artifacts.Log' -Value $LogDir\nWrite-PipelineSetVariable -Name 'TEMP' -Value $TempDir\nWrite-PipelineSetVariable -Name 'TMP' -Value $TempDir\n\n# Import custom tools configuration, if present in the repo.\n# Note: Import in global scope so that the script set top-level variables without qualification.\nif (!$disableConfigureToolsetImport) {\n $configureToolsetScript = Join-Path $EngRoot 'configure-toolset.ps1'\n if (Test-Path $configureToolsetScript) {\n . $configureToolsetScript\n if ((Test-Path variable:failOnConfigureToolsetError) -And $failOnConfigureToolsetError) {\n if ((Test-Path variable:LastExitCode) -And ($LastExitCode -ne 0)) {\n Write-PipelineTelemetryError -Category 'Build' -Message 'configure-toolset.ps1 returned a non-zero exit code'\n ExitWithExitCode $LastExitCode\n }\n }\n }\n}\n\n#\n# If $ci flag is set, turn on (and log that we did) special environment variables for improved Nuget client retry logic.\n#\nfunction Enable-Nuget-EnhancedRetry() {\n if ($ci) {\n Write-Host \"Setting NUGET enhanced retry environment variables\"\n $env:NUGET_ENABLE_ENHANCED_HTTP_RETRY = 'true'\n $env:NUGET_ENHANCED_MAX_NETWORK_TRY_COUNT = 6\n $env:NUGET_ENHANCED_NETWORK_RETRY_DELAY_MILLISECONDS = 1000\n $env:NUGET_RETRY_HTTP_429 = 'true'\n Write-PipelineSetVariable -Name 'NUGET_ENABLE_ENHANCED_HTTP_RETRY' -Value 'true'\n Write-PipelineSetVariable -Name 'NUGET_ENHANCED_MAX_NETWORK_TRY_COUNT' -Value '6'\n Write-PipelineSetVariable -Name 'NUGET_ENHANCED_NETWORK_RETRY_DELAY_MILLISECONDS' -Value '1000'\n Write-PipelineSetVariable -Name 'NUGET_RETRY_HTTP_429' -Value 'true'\n }\n}\n"
},
{
"path": "eng/common/tools.sh",
"content": "#!/usr/bin/env bash\n\n# Initialize variables if they aren't already defined.\n\n# CI mode - set to true on CI server for PR validation build or official build.\nci=${ci:-false}\n\n# Build mode\nsource_build=${source_build:-false}\n\n# Set to true to use the pipelines logger which will enable Azure logging output.\n# https://github.com/Microsoft/azure-pipelines-tasks/blob/master/docs/authoring/commands.md\n# This flag is meant as a temporary opt-opt for the feature while validate it across\n# our consumers. It will be deleted in the future.\nif [[ \"$ci\" == true ]]; then\n pipelines_log=${pipelines_log:-true}\nelse\n pipelines_log=${pipelines_log:-false}\nfi\n\n# Build configuration. Common values include 'Debug' and 'Release', but the repository may use other names.\nconfiguration=${configuration:-'Debug'}\n\n# Set to true to opt out of outputting binary log while running in CI\nexclude_ci_binary_log=${exclude_ci_binary_log:-false}\n\nif [[ \"$ci\" == true && \"$exclude_ci_binary_log\" == false ]]; then\n binary_log_default=true\nelse\n binary_log_default=false\nfi\n\n# Set to true to output binary log from msbuild. Note that emitting binary log slows down the build.\nbinary_log=${binary_log:-$binary_log_default}\n\n# Turns on machine preparation/clean up code that changes the machine state (e.g. kills build processes).\nprepare_machine=${prepare_machine:-false}\n\n# True to restore toolsets and dependencies.\nrestore=${restore:-true}\n\n# Adjusts msbuild verbosity level.\nverbosity=${verbosity:-'minimal'}\n\n# Set to true to reuse msbuild nodes. Recommended to not reuse on CI.\nif [[ \"$ci\" == true ]]; then\n node_reuse=${node_reuse:-false}\nelse\n node_reuse=${node_reuse:-true}\nfi\n\n# Configures warning treatment in msbuild.\nwarn_as_error=${warn_as_error:-true}\n\n# True to attempt using .NET Core already that meets requirements specified in global.json\n# installed on the machine instead of downloading one.\nuse_installed_dotnet_cli=${use_installed_dotnet_cli:-true}\n\n# Enable repos to use a particular version of the on-line dotnet-install scripts.\n# default URL: https://builds.dotnet.microsoft.com/dotnet/scripts/v1/dotnet-install.sh\ndotnetInstallScriptVersion=${dotnetInstallScriptVersion:-'v1'}\n\n# True to use global NuGet cache instead of restoring packages to repository-local directory.\n# Keep in sync with NuGetPackageroot in Arcade SDK's RepositoryLayout.props.\nif [[ \"$ci\" == true || \"$source_build\" == true ]]; then\n use_global_nuget_cache=${use_global_nuget_cache:-false}\nelse\n use_global_nuget_cache=${use_global_nuget_cache:-true}\nfi\n\n# Used when restoring .NET SDK from alternative feeds\nruntime_source_feed=${runtime_source_feed:-''}\nruntime_source_feed_key=${runtime_source_feed_key:-''}\n\n# True when the build is running within the VMR.\nfrom_vmr=${from_vmr:-false}\n\n# Resolve any symlinks in the given path.\nfunction ResolvePath {\n local path=$1\n\n while [[ -h $path ]]; do\n local dir=\"$( cd -P \"$( dirname \"$path\" )\" && pwd )\"\n path=\"$(readlink \"$path\")\"\n\n # if $path was a relative symlink, we need to resolve it relative to the path where the\n # symlink file was located\n [[ $path != /* ]] && path=\"$dir/$path\"\n done\n\n # return value\n _ResolvePath=\"$path\"\n}\n\n# ReadVersionFromJson [json key]\nfunction ReadGlobalVersion {\n local key=$1\n\n if command -v jq &> /dev/null; then\n _ReadGlobalVersion=\"$(jq -r \".[] | select(has(\\\"$key\\\")) | .\\\"$key\\\"\" \"$global_json_file\")\"\n elif [[ \"$(cat \"$global_json_file\")\" =~ \\\"$key\\\"[[:space:]\\:]*\\\"([^\\\"]+) ]]; then\n _ReadGlobalVersion=${BASH_REMATCH[1]}\n fi\n\n if [[ -z \"$_ReadGlobalVersion\" ]]; then\n Write-PipelineTelemetryError -category 'Build' \"Error: Cannot find \\\"$key\\\" in $global_json_file\"\n ExitWithExitCode 1\n fi\n}\n\nfunction InitializeDotNetCli {\n if [[ -n \"${_InitializeDotNetCli:-}\" ]]; then\n return\n fi\n\n local install=$1\n\n # Don't resolve runtime, shared framework, or SDK from other locations to ensure build determinism\n export DOTNET_MULTILEVEL_LOOKUP=0\n\n # Disable first run since we want to control all package sources\n export DOTNET_NOLOGO=1\n\n # Disable telemetry on CI\n if [[ $ci == true ]]; then\n export DOTNET_CLI_TELEMETRY_OPTOUT=1\n fi\n\n # LTTNG is the logging infrastructure used by Core CLR. Need this variable set\n # so it doesn't output warnings to the console.\n export LTTNG_HOME=\"$HOME\"\n\n # Find the first path on $PATH that contains the dotnet.exe\n if [[ \"$use_installed_dotnet_cli\" == true && $global_json_has_runtimes == false && -z \"${DOTNET_INSTALL_DIR:-}\" ]]; then\n local dotnet_path=`command -v dotnet`\n if [[ -n \"$dotnet_path\" ]]; then\n ResolvePath \"$dotnet_path\"\n export DOTNET_INSTALL_DIR=`dirname \"$_ResolvePath\"`\n fi\n fi\n\n ReadGlobalVersion \"dotnet\"\n local dotnet_sdk_version=$_ReadGlobalVersion\n local dotnet_root=\"\"\n\n # Use dotnet installation specified in DOTNET_INSTALL_DIR if it contains the required SDK version,\n # otherwise install the dotnet CLI and SDK to repo local .dotnet directory to avoid potential permission issues.\n if [[ $global_json_has_runtimes == false && -n \"${DOTNET_INSTALL_DIR:-}\" && -d \"$DOTNET_INSTALL_DIR/sdk/$dotnet_sdk_version\" ]]; then\n dotnet_root=\"$DOTNET_INSTALL_DIR\"\n else\n dotnet_root=\"${repo_root}.dotnet\"\n\n export DOTNET_INSTALL_DIR=\"$dotnet_root\"\n\n if [[ ! -d \"$DOTNET_INSTALL_DIR/sdk/$dotnet_sdk_version\" ]]; then\n if [[ \"$install\" == true ]]; then\n InstallDotNetSdk \"$dotnet_root\" \"$dotnet_sdk_version\"\n else\n Write-PipelineTelemetryError -category 'InitializeToolset' \"Unable to find dotnet with SDK version '$dotnet_sdk_version'\"\n ExitWithExitCode 1\n fi\n fi\n fi\n\n # Add dotnet to PATH. This prevents any bare invocation of dotnet in custom\n # build steps from using anything other than what we've downloaded.\n Write-PipelinePrependPath -path \"$dotnet_root\"\n\n Write-PipelineSetVariable -name \"DOTNET_MULTILEVEL_LOOKUP\" -value \"0\"\n Write-PipelineSetVariable -name \"DOTNET_NOLOGO\" -value \"1\"\n\n # return value\n _InitializeDotNetCli=\"$dotnet_root\"\n}\n\nfunction InstallDotNetSdk {\n local root=$1\n local version=$2\n local architecture=\"unset\"\n if [[ $# -ge 3 ]]; then\n architecture=$3\n fi\n InstallDotNet \"$root\" \"$version\" $architecture 'sdk' 'true' $runtime_source_feed $runtime_source_feed_key\n}\n\nfunction InstallDotNet {\n local root=$1\n local version=$2\n local runtime=$4\n\n local dotnetVersionLabel=\"'$runtime v$version'\"\n if [[ -n \"${4:-}\" ]] && [ \"$4\" != 'sdk' ]; then\n runtimePath=\"$root\"\n runtimePath=\"$runtimePath/shared\"\n case \"$runtime\" in\n dotnet)\n runtimePath=\"$runtimePath/Microsoft.NETCore.App\"\n ;;\n aspnetcore)\n runtimePath=\"$runtimePath/Microsoft.AspNetCore.App\"\n ;;\n windowsdesktop)\n runtimePath=\"$runtimePath/Microsoft.WindowsDesktop.App\"\n ;;\n *)\n ;;\n esac\n runtimePath=\"$runtimePath/$version\"\n\n dotnetVersionLabel=\"runtime toolset '$runtime/$architecture v$version'\"\n\n if [ -d \"$runtimePath\" ]; then\n echo \" Runtime toolset '$runtime/$architecture v$version' already installed.\"\n local installSuccess=1\n return\n fi\n fi\n\n GetDotNetInstallScript \"$root\"\n local install_script=$_GetDotNetInstallScript\n\n local installParameters=(--version $version --install-dir \"$root\")\n\n if [[ -n \"${3:-}\" ]] && [ \"$3\" != 'unset' ]; then\n installParameters+=(--architecture $3)\n fi\n if [[ -n \"${4:-}\" ]] && [ \"$4\" != 'sdk' ]; then\n installParameters+=(--runtime $4)\n fi\n if [[ \"$#\" -ge \"5\" ]] && [[ \"$5\" != 'false' ]]; then\n installParameters+=(--skip-non-versioned-files)\n fi\n\n local variations=() # list of variable names with parameter arrays in them\n\n local public_location=(\"${installParameters[@]}\")\n variations+=(public_location)\n\n local dotnetbuilds=(\"${installParameters[@]}\" --azure-feed \"https://ci.dot.net/public\")\n variations+=(dotnetbuilds)\n\n if [[ -n \"${6:-}\" ]]; then\n variations+=(private_feed)\n local private_feed=(\"${installParameters[@]}\" --azure-feed $6)\n if [[ -n \"${7:-}\" ]]; then\n # The 'base64' binary on alpine uses '-d' and doesn't support '--decode'\n # '-d'. To work around this, do a simple detection and switch the parameter\n # accordingly.\n decodeArg=\"--decode\"\n if base64 --help 2>&1 | grep -q \"BusyBox\"; then\n decodeArg=\"-d\"\n fi\n decodedFeedKey=`echo $7 | base64 $decodeArg`\n private_feed+=(--feed-credential $decodedFeedKey)\n fi\n fi\n\n local installSuccess=0\n for variationName in \"${variations[@]}\"; do\n local name=\"$variationName[@]\"\n local variation=(\"${!name}\")\n echo \" Attempting to install $dotnetVersionLabel from $variationName.\"\n bash \"$install_script\" \"${variation[@]}\" && installSuccess=1\n if [[ \"$installSuccess\" -eq 1 ]]; then\n break\n fi\n\n echo \" Failed to install $dotnetVersionLabel from $variationName.\"\n done\n\n if [[ \"$installSuccess\" -eq 0 ]]; then\n Write-PipelineTelemetryError -category 'InitializeToolset' \"Failed to install $dotnetVersionLabel from any of the specified locations.\"\n ExitWithExitCode 1\n fi\n}\n\nfunction with_retries {\n local maxRetries=5\n local retries=1\n echo \"Trying to run '$@' for maximum of $maxRetries attempts.\"\n while [[ $((retries++)) -le $maxRetries ]]; do\n \"$@\"\n\n if [[ $? == 0 ]]; then\n echo \"Ran '$@' successfully.\"\n return 0\n fi\n\n timeout=$((3**$retries-1))\n echo \"Failed to execute '$@'. Waiting $timeout seconds before next attempt ($retries out of $maxRetries).\" 1>&2\n sleep $timeout\n done\n\n echo \"Failed to execute '$@' for $maxRetries times.\" 1>&2\n\n return 1\n}\n\nfunction GetDotNetInstallScript {\n local root=$1\n local install_script=\"$root/dotnet-install.sh\"\n local install_script_url=\"https://builds.dotnet.microsoft.com/dotnet/scripts/$dotnetInstallScriptVersion/dotnet-install.sh\"\n local timestamp_file=\"$root/.dotnet-install.timestamp\"\n local should_download=false\n\n if [[ ! -a \"$install_script\" ]]; then\n should_download=true\n elif [[ -f \"$timestamp_file\" ]]; then\n # Check if the script is older than 30 days using timestamp file\n local download_time=$(cat \"$timestamp_file\" 2>/dev/null || echo \"0\")\n local current_time=$(date +%s)\n local age_seconds=$((current_time - download_time))\n \n # 30 days = 30 * 24 * 60 * 60 = 2592000 seconds\n if [[ $age_seconds -gt 2592000 ]]; then\n echo \"Existing install script is too old, re-downloading...\"\n should_download=true\n fi\n else\n # No timestamp file exists, assume script is old and re-download\n echo \"No timestamp found for existing install script, re-downloading...\"\n should_download=true\n fi\n\n if [[ \"$should_download\" == true ]]; then\n mkdir -p \"$root\"\n\n echo \"Downloading '$install_script_url'\"\n\n # Use curl if available, otherwise use wget\n if command -v curl > /dev/null; then\n # first, try directly, if this fails we will retry with verbose logging\n curl \"$install_script_url\" -sSL --retry 10 --create-dirs -o \"$install_script\" || {\n if command -v openssl &> /dev/null; then\n echo \"Curl failed; dumping some information about dotnet.microsoft.com for later investigation\"\n echo | openssl s_client -showcerts -servername dotnet.microsoft.com -connect dotnet.microsoft.com:443 || true\n fi\n echo \"Will now retry the same URL with verbose logging.\"\n with_retries curl \"$install_script_url\" -sSL --verbose --retry 10 --create-dirs -o \"$install_script\" || {\n local exit_code=$?\n Write-PipelineTelemetryError -category 'InitializeToolset' \"Failed to acquire dotnet install script (exit code '$exit_code').\"\n ExitWithExitCode $exit_code\n }\n }\n else\n with_retries wget -v -O \"$install_script\" \"$install_script_url\" || {\n local exit_code=$?\n Write-PipelineTelemetryError -category 'InitializeToolset' \"Failed to acquire dotnet install script (exit code '$exit_code').\"\n ExitWithExitCode $exit_code\n }\n fi\n \n # Create timestamp file to track download time in seconds from epoch\n date +%s > \"$timestamp_file\"\n fi\n # return value\n _GetDotNetInstallScript=\"$install_script\"\n}\n\nfunction InitializeBuildTool {\n if [[ -n \"${_InitializeBuildTool:-}\" ]]; then\n return\n fi\n\n InitializeDotNetCli $restore\n\n # return values\n _InitializeBuildTool=\"$_InitializeDotNetCli/dotnet\"\n _InitializeBuildToolCommand=\"msbuild\"\n}\n\nfunction GetNuGetPackageCachePath {\n if [[ -z ${NUGET_PACKAGES:-} ]]; then\n if [[ \"$use_global_nuget_cache\" == true ]]; then\n export NUGET_PACKAGES=\"$HOME/.nuget/packages/\"\n else\n export NUGET_PACKAGES=\"$repo_root/.packages/\"\n fi\n fi\n\n # return value\n _GetNuGetPackageCachePath=$NUGET_PACKAGES\n}\n\nfunction InitializeNativeTools() {\n if [[ -n \"${DisableNativeToolsetInstalls:-}\" ]]; then\n return\n fi\n if grep -Fq \"native-tools\" $global_json_file\n then\n local nativeArgs=\"\"\n if [[ \"$ci\" == true ]]; then\n nativeArgs=\"--installDirectory $tools_dir\"\n fi\n \"$_script_dir/init-tools-native.sh\" $nativeArgs\n fi\n}\n\nfunction InitializeToolset {\n if [[ -n \"${_InitializeToolset:-}\" ]]; then\n return\n fi\n\n GetNuGetPackageCachePath\n\n ReadGlobalVersion \"Microsoft.DotNet.Arcade.Sdk\"\n\n local toolset_version=$_ReadGlobalVersion\n local toolset_location_file=\"$toolset_dir/$toolset_version.txt\"\n\n if [[ -a \"$toolset_location_file\" ]]; then\n local path=`cat \"$toolset_location_file\"`\n if [[ -a \"$path\" ]]; then\n # return value\n _InitializeToolset=\"$path\"\n return\n fi\n fi\n\n if [[ \"$restore\" != true ]]; then\n Write-PipelineTelemetryError -category 'InitializeToolset' \"Toolset version $toolset_version has not been restored.\"\n ExitWithExitCode 2\n fi\n\n local proj=\"$toolset_dir/restore.proj\"\n\n local bl=\"\"\n if [[ \"$binary_log\" == true ]]; then\n bl=\"/bl:$log_dir/ToolsetRestore.binlog\"\n fi\n\n echo '' > \"$proj\"\n MSBuild-Core \"$proj\" $bl /t:__WriteToolsetLocation /clp:ErrorsOnly\\;NoSummary /p:__ToolsetLocationOutputFile=\"$toolset_location_file\"\n\n local toolset_build_proj=`cat \"$toolset_location_file\"`\n\n if [[ ! -a \"$toolset_build_proj\" ]]; then\n Write-PipelineTelemetryError -category 'Build' \"Invalid toolset path: $toolset_build_proj\"\n ExitWithExitCode 3\n fi\n\n # return value\n _InitializeToolset=\"$toolset_build_proj\"\n}\n\nfunction ExitWithExitCode {\n if [[ \"$ci\" == true && \"$prepare_machine\" == true ]]; then\n StopProcesses\n fi\n exit $1\n}\n\nfunction StopProcesses {\n echo \"Killing running build processes...\"\n pkill -9 \"dotnet\" || true\n pkill -9 \"vbcscompiler\" || true\n return 0\n}\n\nfunction MSBuild {\n local args=( \"$@\" )\n if [[ \"$pipelines_log\" == true ]]; then\n InitializeBuildTool\n InitializeToolset\n\n if [[ \"$ci\" == true ]]; then\n export NUGET_PLUGIN_HANDSHAKE_TIMEOUT_IN_SECONDS=20\n export NUGET_PLUGIN_REQUEST_TIMEOUT_IN_SECONDS=20\n Write-PipelineSetVariable -name \"NUGET_PLUGIN_HANDSHAKE_TIMEOUT_IN_SECONDS\" -value \"20\"\n Write-PipelineSetVariable -name \"NUGET_PLUGIN_REQUEST_TIMEOUT_IN_SECONDS\" -value \"20\"\n fi\n\n local toolset_dir=\"${_InitializeToolset%/*}\"\n local selectedPath=\"$toolset_dir/net/Microsoft.DotNet.ArcadeLogging.dll\"\n\n if [[ -z \"$selectedPath\" ]]; then\n Write-PipelineTelemetryError -category 'Build' \"Unable to find arcade sdk logger assembly: $selectedPath\"\n ExitWithExitCode 1\n fi\n\n args+=( \"-logger:$selectedPath\" )\n fi\n\n MSBuild-Core \"${args[@]}\"\n}\n\nfunction MSBuild-Core {\n if [[ \"$ci\" == true ]]; then\n if [[ \"$binary_log\" != true && \"$exclude_ci_binary_log\" != true ]]; then\n Write-PipelineTelemetryError -category 'Build' \"Binary log must be enabled in CI build, or explicitly opted-out from with the -noBinaryLog switch.\"\n ExitWithExitCode 1\n fi\n\n if [[ \"$node_reuse\" == true ]]; then\n Write-PipelineTelemetryError -category 'Build' \"Node reuse must be disabled in CI build.\"\n ExitWithExitCode 1\n fi\n fi\n\n InitializeBuildTool\n\n local warnaserror_switch=\"\"\n if [[ $warn_as_error == true ]]; then\n warnaserror_switch=\"/warnaserror\"\n fi\n\n function RunBuildTool {\n export ARCADE_BUILD_TOOL_COMMAND=\"$_InitializeBuildTool $@\"\n\n \"$_InitializeBuildTool\" \"$@\" || {\n local exit_code=$?\n # We should not Write-PipelineTaskError here because that message shows up in the build summary\n # The build already logged an error, that's the reason it failed. Producing an error here only adds noise.\n echo \"Build failed with exit code $exit_code. Check errors above.\"\n\n # When running on Azure Pipelines, override the returned exit code to avoid double logging.\n # Skip this when the build is a child of the VMR build.\n if [[ \"$ci\" == true && -n ${SYSTEM_TEAMPROJECT:-} && \"$from_vmr\" != true ]]; then\n Write-PipelineSetResult -result \"Failed\" -message \"msbuild execution failed.\"\n # Exiting with an exit code causes the azure pipelines task to log yet another \"noise\" error\n # The above Write-PipelineSetResult will cause the task to be marked as failure without adding yet another error\n ExitWithExitCode 0\n else\n ExitWithExitCode $exit_code\n fi\n }\n }\n\n # Add -mt flag for MSBuild multithreaded mode if enabled via environment variable\n local mt_switch=\"\"\n if [[ \"${MSBUILD_MT_ENABLED:-}\" == \"1\" ]]; then\n mt_switch=\"-mt\"\n fi\n\n RunBuildTool \"$_InitializeBuildToolCommand\" /m /nologo /clp:Summary /v:$verbosity /nr:$node_reuse $warnaserror_switch $mt_switch /p:TreatWarningsAsErrors=$warn_as_error /p:ContinuousIntegrationBuild=$ci \"$@\"\n}\n\nfunction GetDarc {\n darc_path=\"$temp_dir/darc\"\n version=\"$1\"\n\n if [[ -n \"$version\" ]]; then\n version=\"--darcversion $version\"\n fi\n\n \"$eng_root/common/darc-init.sh\" --toolpath \"$darc_path\" $version\n darc_tool=\"$darc_path/darc\"\n}\n\n# Returns a full path to an Arcade SDK task project file.\nfunction GetSdkTaskProject {\n taskName=$1\n echo \"$(dirname $_InitializeToolset)/SdkTasks/$taskName.proj\"\n}\n\nResolvePath \"${BASH_SOURCE[0]}\"\n_script_dir=`dirname \"$_ResolvePath\"`\n\n. \"$_script_dir/pipeline-logging-functions.sh\"\n\neng_root=`cd -P \"$_script_dir/..\" && pwd`\nrepo_root=`cd -P \"$_script_dir/../..\" && pwd`\nrepo_root=\"${repo_root}/\"\nartifacts_dir=\"${repo_root}artifacts\"\ntoolset_dir=\"$artifacts_dir/toolset\"\ntools_dir=\"${repo_root}.tools\"\nlog_dir=\"$artifacts_dir/log/$configuration\"\ntemp_dir=\"$artifacts_dir/tmp/$configuration\"\n\nglobal_json_file=\"${repo_root}global.json\"\n# determine if global.json contains a \"runtimes\" entry\nglobal_json_has_runtimes=false\nif command -v jq &> /dev/null; then\n if jq -e '.tools | has(\"runtimes\")' \"$global_json_file\" &> /dev/null; then\n global_json_has_runtimes=true\n fi\nelif [[ \"$(cat \"$global_json_file\")\" =~ \\\"runtimes\\\"[[:space:]\\:]*\\{ ]]; then\n global_json_has_runtimes=true\nfi\n\n# HOME may not be defined in some scenarios, but it is required by NuGet\nif [[ -z $HOME ]]; then\n export HOME=\"${repo_root}artifacts/.home/\"\n mkdir -p \"$HOME\"\nfi\n\nmkdir -p \"$toolset_dir\"\nmkdir -p \"$temp_dir\"\nmkdir -p \"$log_dir\"\n\nWrite-PipelineSetVariable -name \"Artifacts\" -value \"$artifacts_dir\"\nWrite-PipelineSetVariable -name \"Artifacts.Toolset\" -value \"$toolset_dir\"\nWrite-PipelineSetVariable -name \"Artifacts.Log\" -value \"$log_dir\"\nWrite-PipelineSetVariable -name \"Temp\" -value \"$temp_dir\"\nWrite-PipelineSetVariable -name \"TMP\" -value \"$temp_dir\"\n\n# Import custom tools configuration, if present in the repo.\nif [ -z \"${disable_configure_toolset_import:-}\" ]; then\n configure_toolset_script=\"$eng_root/configure-toolset.sh\"\n if [[ -a \"$configure_toolset_script\" ]]; then\n . \"$configure_toolset_script\"\n fi\nfi\n\n# TODO: https://github.com/dotnet/arcade/issues/1468\n# Temporary workaround to avoid breaking change.\n# Remove once repos are updated.\nif [[ -n \"${useInstalledDotNetCli:-}\" ]]; then\n use_installed_dotnet_cli=\"$useInstalledDotNetCli\"\nfi\n"
},
{
"path": "eng/common/vmr-sync.ps1",
"content": "<#\n.SYNOPSIS\n\nThis script is used for synchronizing the current repository into a local VMR.\nIt pulls the current repository's code into the specified VMR directory for local testing or\nSource-Build validation.\n\n.DESCRIPTION\n\nThe tooling used for synchronization will clone the VMR repository into a temporary folder if\nit does not already exist. These clones can be reused in future synchronizations, so it is\nrecommended to dedicate a folder for this to speed up re-runs.\n\n.EXAMPLE\n Synchronize current repository into a local VMR:\n ./vmr-sync.ps1 -vmrDir \"$HOME/repos/dotnet\" -tmpDir \"$HOME/repos/tmp\"\n\n.PARAMETER tmpDir\nRequired. Path to the temporary folder where repositories will be cloned\n\n.PARAMETER vmrBranch\nOptional. Branch of the 'dotnet/dotnet' repo to synchronize. The VMR will be checked out to this branch\n\n.PARAMETER azdevPat\nOptional. Azure DevOps PAT to use for cloning private repositories.\n\n.PARAMETER vmrDir\nOptional. Path to the dotnet/dotnet repository. When null, gets cloned to the temporary folder\n\n.PARAMETER debugOutput\nOptional. Enables debug logging in the darc vmr command.\n\n.PARAMETER ci\nOptional. Denotes that the script is running in a CI environment.\n#>\nparam (\n [Parameter(Mandatory=$true, HelpMessage=\"Path to the temporary folder where repositories will be cloned\")]\n [string][Alias('t', 'tmp')]$tmpDir,\n [string][Alias('b', 'branch')]$vmrBranch,\n [string]$remote,\n [string]$azdevPat,\n [string][Alias('v', 'vmr')]$vmrDir,\n [switch]$ci,\n [switch]$debugOutput\n)\n\nfunction Fail {\n Write-Host \"> $($args[0])\" -ForegroundColor 'Red'\n}\n\nfunction Highlight {\n Write-Host \"> $($args[0])\" -ForegroundColor 'Cyan'\n}\n\n$verbosity = 'verbose'\nif ($debugOutput) {\n $verbosity = 'debug'\n}\n# Validation\n\nif (-not $tmpDir) {\n Fail \"Missing -tmpDir argument. Please specify the path to the temporary folder where the repositories will be cloned\"\n exit 1\n}\n\n# Sanitize the input\n\nif (-not $vmrDir) {\n $vmrDir = Join-Path $tmpDir 'dotnet'\n}\n\nif (-not (Test-Path -Path $tmpDir -PathType Container)) {\n New-Item -ItemType Directory -Path $tmpDir | Out-Null\n}\n\n# Prepare the VMR\n\nif (-not (Test-Path -Path $vmrDir -PathType Container)) {\n Highlight \"Cloning 'dotnet/dotnet' into $vmrDir..\"\n git clone https://github.com/dotnet/dotnet $vmrDir\n\n if ($vmrBranch) {\n git -C $vmrDir switch -c $vmrBranch\n }\n}\nelse {\n if ((git -C $vmrDir diff --quiet) -eq $false) {\n Fail \"There are changes in the working tree of $vmrDir. Please commit or stash your changes\"\n exit 1\n }\n\n if ($vmrBranch) {\n Highlight \"Preparing $vmrDir\"\n git -C $vmrDir checkout $vmrBranch\n git -C $vmrDir pull\n }\n}\n\nSet-StrictMode -Version Latest\n\n# Prepare darc\n\nHighlight 'Installing .NET, preparing the tooling..'\n. .\\eng\\common\\tools.ps1\n$dotnetRoot = InitializeDotNetCli -install:$true\n$env:DOTNET_ROOT = $dotnetRoot\n$darc = Get-Darc\n\nHighlight \"Starting the synchronization of VMR..\"\n\n# Synchronize the VMR\n$versionDetailsPath = Resolve-Path (Join-Path $PSScriptRoot '..\\Version.Details.xml') | Select-Object -ExpandProperty Path\n[xml]$versionDetails = Get-Content -Path $versionDetailsPath\n$repoName = $versionDetails.SelectSingleNode('//Source').Mapping\nif (-not $repoName) {\n Fail \"Failed to resolve repo mapping from $versionDetailsPath\"\n exit 1\n}\n\n$darcArgs = (\n \"vmr\", \"forwardflow\",\n \"--tmp\", $tmpDir,\n \"--$verbosity\",\n $vmrDir\n)\n\nif ($ci) {\n $darcArgs += (\"--ci\")\n}\n\nif ($azdevPat) {\n $darcArgs += (\"--azdev-pat\", $azdevPat)\n}\n\n& \"$darc\" $darcArgs\n\nif ($LASTEXITCODE -eq 0) {\n Highlight \"Synchronization succeeded\"\n}\nelse {\n Highlight \"Failed to flow code into the local VMR. Falling back to resetting the VMR to match repo contents...\"\n git -C $vmrDir reset --hard\n\n $resetArgs = (\n \"vmr\", \"reset\",\n \"${repoName}:HEAD\",\n \"--vmr\", $vmrDir,\n \"--tmp\", $tmpDir,\n \"--additional-remotes\", \"${repoName}:${repoRoot}\"\n )\n\n & \"$darc\" $resetArgs\n\n if ($LASTEXITCODE -eq 0) {\n Highlight \"Successfully reset the VMR using 'darc vmr reset'\"\n }\n else {\n Fail \"Synchronization of repo to VMR failed!\"\n Fail \"'$vmrDir' is left in its last state (re-run of this script will reset it).\"\n Fail \"Please inspect the logs which contain path to the failing patch file (use -debugOutput to get all the details).\"\n Fail \"Once you make changes to the conflicting VMR patch, commit it locally and re-run this script.\"\n exit 1\n }\n}\n"
},
{
"path": "eng/common/vmr-sync.sh",
"content": "#!/bin/bash\n\n### This script is used for synchronizing the current repository into a local VMR.\n### It pulls the current repository's code into the specified VMR directory for local testing or\n### Source-Build validation.\n###\n### The tooling used for synchronization will clone the VMR repository into a temporary folder if\n### it does not already exist. These clones can be reused in future synchronizations, so it is\n### recommended to dedicate a folder for this to speed up re-runs.\n###\n### USAGE:\n### Synchronize current repository into a local VMR:\n### ./vmr-sync.sh --tmp \"$HOME/repos/tmp\" \"$HOME/repos/dotnet\"\n###\n### Options:\n### -t, --tmp, --tmp-dir PATH\n### Required. Path to the temporary folder where repositories will be cloned\n###\n### -b, --branch, --vmr-branch BRANCH_NAME\n### Optional. Branch of the 'dotnet/dotnet' repo to synchronize. The VMR will be checked out to this branch\n###\n### --debug\n### Optional. Turns on the most verbose logging for the VMR tooling\n###\n### --remote name:URI\n### Optional. Additional remote to use during the synchronization\n### This can be used to synchronize to a commit from a fork of the repository\n### Example: 'runtime:https://github.com/yourfork/runtime'\n###\n### --azdev-pat\n### Optional. Azure DevOps PAT to use for cloning private repositories.\n###\n### -v, --vmr, --vmr-dir PATH\n### Optional. Path to the dotnet/dotnet repository. When null, gets cloned to the temporary folder\n\nsource=\"${BASH_SOURCE[0]}\"\n\n# resolve $source until the file is no longer a symlink\nwhile [[ -h \"$source\" ]]; do\n scriptroot=\"$( cd -P \"$( dirname \"$source\" )\" && pwd )\"\n source=\"$(readlink \"$source\")\"\n # if $source was a relative symlink, we need to resolve it relative to the path where the\n # symlink file was located\n [[ $source != /* ]] && source=\"$scriptroot/$source\"\ndone\nscriptroot=\"$( cd -P \"$( dirname \"$source\" )\" && pwd )\"\n\nfunction print_help () {\n sed -n '/^### /,/^$/p' \"$source\" | cut -b 5-\n}\n\nCOLOR_RED=$(tput setaf 1 2>/dev/null || true)\nCOLOR_CYAN=$(tput setaf 6 2>/dev/null || true)\nCOLOR_CLEAR=$(tput sgr0 2>/dev/null || true)\nCOLOR_RESET=uniquesearchablestring\nFAILURE_PREFIX='> '\n\nfunction fail () {\n echo \"${COLOR_RED}$FAILURE_PREFIX${1//${COLOR_RESET}/${COLOR_RED}}${COLOR_CLEAR}\" >&2\n}\n\nfunction highlight () {\n echo \"${COLOR_CYAN}$FAILURE_PREFIX${1//${COLOR_RESET}/${COLOR_CYAN}}${COLOR_CLEAR}\"\n}\n\ntmp_dir=''\nvmr_dir=''\nvmr_branch=''\nadditional_remotes=''\nverbosity=verbose\nazdev_pat=''\nci=false\n\nwhile [[ $# -gt 0 ]]; do\n opt=\"$(echo \"$1\" | tr \"[:upper:]\" \"[:lower:]\")\"\n case \"$opt\" in\n -t|--tmp|--tmp-dir)\n tmp_dir=$2\n shift\n ;;\n -v|--vmr|--vmr-dir)\n vmr_dir=$2\n shift\n ;;\n -b|--branch|--vmr-branch)\n vmr_branch=$2\n shift\n ;;\n --remote)\n additional_remotes=\"$additional_remotes $2\"\n shift\n ;;\n --azdev-pat)\n azdev_pat=$2\n shift\n ;;\n --ci)\n ci=true\n ;;\n -d|--debug)\n verbosity=debug\n ;;\n -h|--help)\n print_help\n exit 0\n ;;\n *)\n fail \"Invalid argument: $1\"\n print_help\n exit 1\n ;;\n esac\n\n shift\ndone\n\n# Validation\n\nif [[ -z \"$tmp_dir\" ]]; then\n fail \"Missing --tmp-dir argument. Please specify the path to the temporary folder where the repositories will be cloned\"\n exit 1\nfi\n\n# Sanitize the input\n\nif [[ -z \"$vmr_dir\" ]]; then\n vmr_dir=\"$tmp_dir/dotnet\"\nfi\n\nif [[ ! -d \"$tmp_dir\" ]]; then\n mkdir -p \"$tmp_dir\"\nfi\n\nif [[ \"$verbosity\" == \"debug\" ]]; then\n set -x\nfi\n\n# Prepare the VMR\n\nif [[ ! -d \"$vmr_dir\" ]]; then\n highlight \"Cloning 'dotnet/dotnet' into $vmr_dir..\"\n git clone https://github.com/dotnet/dotnet \"$vmr_dir\"\n\n if [[ -n \"$vmr_branch\" ]]; then\n git -C \"$vmr_dir\" switch -c \"$vmr_branch\"\n fi\nelse\n if ! git -C \"$vmr_dir\" diff --quiet; then\n fail \"There are changes in the working tree of $vmr_dir. Please commit or stash your changes\"\n exit 1\n fi\n\n if [[ -n \"$vmr_branch\" ]]; then\n highlight \"Preparing $vmr_dir\"\n git -C \"$vmr_dir\" checkout \"$vmr_branch\"\n git -C \"$vmr_dir\" pull\n fi\nfi\n\nset -e\n\n# Prepare darc\n\nhighlight 'Installing .NET, preparing the tooling..'\nsource \"./eng/common/tools.sh\"\nInitializeDotNetCli true\nGetDarc\ndotnetDir=$( cd ./.dotnet/; pwd -P )\ndotnet=$dotnetDir/dotnet\n\nhighlight \"Starting the synchronization of VMR..\"\nset +e\n\nif [[ -n \"$additional_remotes\" ]]; then\n additional_remotes=\"--additional-remotes $additional_remotes\"\nfi\n\nif [[ -n \"$azdev_pat\" ]]; then\n azdev_pat=\"--azdev-pat $azdev_pat\"\nfi\n\nci_arg=''\nif [[ \"$ci\" == \"true\" ]]; then\n ci_arg=\"--ci\"\nfi\n\n# Synchronize the VMR\n\nversion_details_path=$(cd \"$scriptroot/..\"; pwd -P)/Version.Details.xml\nrepo_name=$(grep -m 1 ' EndpointOption { get; }\n internal Option AccountOption { get; }\n internal Option CertificateProfileOption { get; }\n internal AzureCredentialOptions AzureCredentialOptions { get; } = new();\n\n internal Argument?> FilesArgument { get; }\n\n internal ArtifactSigningCommand(CodeCommand codeCommand, IServiceProviderFactory serviceProviderFactory)\n : base(\"artifact-signing\", ArtifactSigningResources.CommandDescription)\n {\n ArgumentNullException.ThrowIfNull(codeCommand, nameof(codeCommand));\n ArgumentNullException.ThrowIfNull(serviceProviderFactory, nameof(serviceProviderFactory));\n\n EndpointOption = new Option(\"--artifact-signing-endpoint\", \"-ase\")\n {\n CustomParser = CodeCommand.ParseHttpsUrl,\n Description = ArtifactSigningResources.EndpointOptionDescription,\n Required = true\n };\n AccountOption = new Option(\"--artifact-signing-account\", \"-asa\")\n {\n Description = ArtifactSigningResources.AccountOptionDescription,\n Required = true\n };\n CertificateProfileOption = new Option(\"--artifact-signing-certificate-profile\", \"-ascp\")\n {\n Description = ArtifactSigningResources.CertificateProfileOptionDescription,\n Required = true\n };\n FilesArgument = new Argument?>(\"file(s)\")\n {\n Description = Resources.FilesArgumentDescription,\n Arity = ArgumentArity.OneOrMore\n };\n\n Options.Add(EndpointOption);\n Options.Add(AccountOption);\n Options.Add(CertificateProfileOption);\n AzureCredentialOptions.AddOptionsToCommand(this);\n\n Arguments.Add(FilesArgument);\n\n SetAction((ParseResult parseResult, CancellationToken cancellationToken) =>\n {\n List? filesArgument = parseResult.GetValue(FilesArgument);\n\n if (filesArgument is not { Count: > 0 })\n {\n Console.Error.WriteLine(Resources.MissingFileValue);\n\n return Task.FromResult(ExitCode.InvalidOptions);\n }\n\n TokenCredential? credential = AzureCredentialOptions.CreateTokenCredential(parseResult);\n\n if (credential is null)\n {\n return Task.FromResult(ExitCode.Failed);\n }\n\n // Some of the options are required and that is why we can safely use\n // the null-forgiving operator (!) to simplify the code.\n Uri endpointUrl = parseResult.GetValue(EndpointOption)!;\n string accountName = parseResult.GetValue(AccountOption)!;\n string certificateProfileName = parseResult.GetValue(CertificateProfileOption)!;\n\n serviceProviderFactory.AddServices(services =>\n {\n services.AddAzureClients(builder =>\n {\n builder.AddCertificateProfileClient(endpointUrl);\n builder.UseCredential(credential);\n builder.ConfigureDefaults(options => options.Retry.Mode = RetryMode.Exponential);\n });\n\n services.AddSingleton(serviceProvider =>\n {\n return new ArtifactSigningService(\n serviceProvider.GetRequiredService(),\n accountName,\n certificateProfileName,\n serviceProvider.GetRequiredService>());\n });\n });\n\n ArtifactSigningServiceProvider trustedSigningServiceProvider = new();\n\n return codeCommand.HandleAsync(parseResult, serviceProviderFactory, trustedSigningServiceProvider, filesArgument);\n });\n }\n }\n}\n"
},
{
"path": "src/Sign.Cli/ArtifactSigningResources.Designer.cs",
"content": "//------------------------------------------------------------------------------\n// \n// This code was generated by a tool.\n// Runtime Version:4.0.30319.42000\n//\n// Changes to this file may cause incorrect behavior and will be lost if\n// the code is regenerated.\n// \n//------------------------------------------------------------------------------\n\nnamespace Sign.Cli {\n using System;\n \n \n /// \n /// A strongly-typed resource class, for looking up localized strings, etc.\n /// \n // This class was auto-generated by the StronglyTypedResourceBuilder\n // class via a tool like ResGen or Visual Studio.\n // To add or remove a member, edit your .ResX file then rerun ResGen\n // with the /str option, or rebuild your VS project.\n [global::System.CodeDom.Compiler.GeneratedCodeAttribute(\"System.Resources.Tools.StronglyTypedResourceBuilder\", \"17.0.0.0\")]\n [global::System.Diagnostics.DebuggerNonUserCodeAttribute()]\n [global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()]\n internal class ArtifactSigningResources {\n \n private static global::System.Resources.ResourceManager resourceMan;\n \n private static global::System.Globalization.CultureInfo resourceCulture;\n \n [global::System.Diagnostics.CodeAnalysis.SuppressMessageAttribute(\"Microsoft.Performance\", \"CA1811:AvoidUncalledPrivateCode\")]\n internal ArtifactSigningResources() {\n }\n \n /// \n /// Returns the cached ResourceManager instance used by this class.\n /// \n [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]\n internal static global::System.Resources.ResourceManager ResourceManager {\n get {\n if (object.ReferenceEquals(resourceMan, null)) {\n global::System.Resources.ResourceManager temp = new global::System.Resources.ResourceManager(\"Sign.Cli.ArtifactSigningResources\", typeof(ArtifactSigningResources).Assembly);\n resourceMan = temp;\n }\n return resourceMan;\n }\n }\n \n /// \n /// Overrides the current thread's CurrentUICulture property for all\n /// resource lookups using this strongly typed resource class.\n /// \n [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]\n internal static global::System.Globalization.CultureInfo Culture {\n get {\n return resourceCulture;\n }\n set {\n resourceCulture = value;\n }\n }\n \n /// \n /// Looks up a localized string similar to The Artifact Signing Account name..\n /// \n internal static string AccountOptionDescription {\n get {\n return ResourceManager.GetString(\"AccountOptionDescription\", resourceCulture);\n }\n }\n \n /// \n /// Looks up a localized string similar to The Certificate Profile name..\n /// \n internal static string CertificateProfileOptionDescription {\n get {\n return ResourceManager.GetString(\"CertificateProfileOptionDescription\", resourceCulture);\n }\n }\n \n /// \n /// Looks up a localized string similar to Use Artifact Signing..\n /// \n internal static string CommandDescription {\n get {\n return ResourceManager.GetString(\"CommandDescription\", resourceCulture);\n }\n }\n \n /// \n /// Looks up a localized string similar to The Artifact Signing Account endpoint. The value must be a URI that aligns to the region that your Artifact Signing Account and Certificate Profile were created in..\n /// \n internal static string EndpointOptionDescription {\n get {\n return ResourceManager.GetString(\"EndpointOptionDescription\", resourceCulture);\n }\n }\n }\n}\n"
},
{
"path": "src/Sign.Cli/ArtifactSigningResources.resx",
"content": "\n\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n text/microsoft-resx\n \n \n 2.0\n \n \n System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\n \n \n System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\n \n \n The Artifact Signing Account name.\n \n \n The Certificate Profile name.\n \n \n Use Artifact Signing.\n \n \n The Artifact Signing Account endpoint. The value must be a URI that aligns to the region that your Artifact Signing Account and Certificate Profile were created in.\n \n"
},
{
"path": "src/Sign.Cli/AzureCredentialOptions.cs",
"content": "// Licensed to the .NET Foundation under one or more agreements.\n// The .NET Foundation licenses this file to you under the MIT license.\n// See the LICENSE.txt file in the project root for more information.\n\nusing System.CommandLine;\nusing Azure.Core;\nusing Azure.Identity;\n\nnamespace Sign.Cli\n{\n internal sealed class AzureCredentialOptions\n {\n internal Option CredentialTypeOption { get; }\n internal Option ManagedIdentityClientIdOption { get; }\n internal Option ManagedIdentityResourceIdOption { get; }\n internal Option ObsoleteManagedIdentityOption { get; }\n internal Option ObsoleteTenantIdOption { get; }\n internal Option ObsoleteClientIdOption { get; }\n internal Option ObsoleteClientSecretOption { get; }\n\n internal AzureCredentialOptions()\n {\n CredentialTypeOption = new Option(\"--azure-credential-type\", \"-act\")\n {\n Description = Resources.CredentialTypeOptionDescription\n };\n CredentialTypeOption.AcceptOnlyFromAmong(\n AzureCredentialType.AzureCli,\n AzureCredentialType.AzurePowerShell,\n AzureCredentialType.ManagedIdentity,\n AzureCredentialType.WorkloadIdentity);\n\n ManagedIdentityClientIdOption = new Option(\"--managed-identity-client-id\", \"-mici\")\n {\n Description = Resources.ManagedIdentityClientIdOptionDescription\n };\n ManagedIdentityResourceIdOption = new Option(\"--managed-identity-resource-id\", \"-miri\")\n {\n Description = Resources.ManagedIdentityResourceIdOptionDescription\n };\n ObsoleteManagedIdentityOption = new Option(\"--azure-key-vault-managed-identity\", \"-kvm\")\n {\n Description = Resources.ManagedIdentityOptionDescription,\n Hidden = true\n };\n ObsoleteTenantIdOption = new Option(\"--azure-key-vault-tenant-id\", \"-kvt\")\n {\n Description = Resources.TenantIdOptionDescription,\n Hidden = true\n };\n ObsoleteClientIdOption = new Option(\"--azure-key-vault-client-id\", \"-kvi\")\n {\n Description = Resources.ClientIdOptionDescription,\n Hidden = true\n };\n ObsoleteClientSecretOption = new Option(\"--azure-key-vault-client-secret\", \"-kvs\")\n {\n Description = Resources.ClientSecretOptionDescription,\n Hidden = true\n };\n }\n\n internal void AddOptionsToCommand(Command command)\n {\n command.Options.Add(CredentialTypeOption);\n command.Options.Add(ManagedIdentityClientIdOption);\n command.Options.Add(ManagedIdentityResourceIdOption);\n command.Options.Add(ObsoleteManagedIdentityOption);\n command.Options.Add(ObsoleteTenantIdOption);\n command.Options.Add(ObsoleteClientIdOption);\n command.Options.Add(ObsoleteClientSecretOption);\n }\n\n internal DefaultAzureCredentialOptions CreateDefaultAzureCredentialOptions(ParseResult parseResult)\n {\n DefaultAzureCredentialOptions options = new();\n\n string? managedIdentityClientId = parseResult.GetValue(ManagedIdentityClientIdOption);\n if (managedIdentityClientId is not null)\n {\n options.ManagedIdentityClientId = managedIdentityClientId;\n }\n\n string? managedIdentityResourceId = parseResult.GetValue(ManagedIdentityResourceIdOption);\n if (managedIdentityResourceId is not null)\n {\n options.ManagedIdentityResourceId = new ResourceIdentifier(managedIdentityResourceId);\n }\n\n return options;\n }\n\n internal TokenCredential? CreateTokenCredential(ParseResult parseResult)\n {\n bool? useManagedIdentity = parseResult.GetValue(ObsoleteManagedIdentityOption);\n\n if (useManagedIdentity is not null)\n {\n Console.Out.WriteLine(Resources.ManagedIdentityOptionObsolete);\n }\n\n string? tenantId = parseResult.GetValue(ObsoleteTenantIdOption);\n string? clientId = parseResult.GetValue(ObsoleteClientIdOption);\n string? secret = parseResult.GetValue(ObsoleteClientSecretOption);\n\n if (!string.IsNullOrEmpty(tenantId) &&\n !string.IsNullOrEmpty(clientId) &&\n !string.IsNullOrEmpty(secret))\n {\n Console.Out.WriteLine(Resources.ClientSecretOptionsObsolete);\n return new ClientSecretCredential(tenantId, clientId, secret);\n }\n\n switch (parseResult.GetValue(CredentialTypeOption))\n {\n case AzureCredentialType.AzureCli:\n return new AzureCliCredential();\n\n case AzureCredentialType.AzurePowerShell:\n return new AzurePowerShellCredential();\n\n case AzureCredentialType.ManagedIdentity:\n string? managedIdentityClientId = parseResult.GetValue(ManagedIdentityClientIdOption);\n if (managedIdentityClientId is not null)\n {\n ManagedIdentityId managedIdentityId = ManagedIdentityId.FromUserAssignedClientId(managedIdentityClientId);\n\n return new ManagedIdentityCredential(managedIdentityId);\n }\n\n string? managedIdentityResourceId = parseResult.GetValue(ManagedIdentityResourceIdOption);\n if (managedIdentityResourceId is not null)\n {\n ResourceIdentifier resourceIdentifier = new(managedIdentityResourceId);\n ManagedIdentityId managedIdentityId = ManagedIdentityId.FromUserAssignedResourceId(resourceIdentifier);\n\n return new ManagedIdentityCredential(managedIdentityId);\n }\n\n return new ManagedIdentityCredential(ManagedIdentityId.SystemAssigned);\n\n case AzureCredentialType.WorkloadIdentity:\n return new WorkloadIdentityCredential();\n\n default:\n DefaultAzureCredentialOptions options = CreateDefaultAzureCredentialOptions(parseResult);\n\n // CodeQL [SM05137] Sign CLI is not a production service.\n return new DefaultAzureCredential(options);\n }\n }\n }\n}\n"
},
{
"path": "src/Sign.Cli/AzureCredentialType.cs",
"content": "// Licensed to the .NET Foundation under one or more agreements.\n// The .NET Foundation licenses this file to you under the MIT license.\n// See the LICENSE.txt file in the project root for more information.\n\nnamespace Sign.Cli\n{\n internal static class AzureCredentialType\n {\n public const string AzureCli = \"azure-cli\";\n public const string AzurePowerShell = \"azure-powershell\";\n public const string ManagedIdentity = \"managed-identity\";\n public const string WorkloadIdentity = \"workload-identity\";\n }\n}\n"
},
{
"path": "src/Sign.Cli/AzureKeyVaultCommand.cs",
"content": "// Licensed to the .NET Foundation under one or more agreements.\n// The .NET Foundation licenses this file to you under the MIT license.\n// See the LICENSE.txt file in the project root for more information.\n\nusing System.CommandLine;\nusing System.CommandLine.Parsing;\nusing Azure.Core;\nusing Azure.Security.KeyVault.Certificates;\nusing Azure.Security.KeyVault.Keys.Cryptography;\nusing Microsoft.Extensions.Azure;\nusing Microsoft.Extensions.DependencyInjection;\nusing Microsoft.Extensions.Logging;\nusing Sign.Core;\nusing Sign.SignatureProviders.KeyVault;\n\nnamespace Sign.Cli\n{\n internal sealed class AzureKeyVaultCommand : Command\n {\n internal Option UrlOption { get; }\n internal Option CertificateOption { get; }\n internal AzureCredentialOptions AzureCredentialOptions { get; } = new();\n\n internal Argument?> FilesArgument { get; }\n\n internal AzureKeyVaultCommand(CodeCommand codeCommand, IServiceProviderFactory serviceProviderFactory)\n : base(\"azure-key-vault\", AzureKeyVaultResources.CommandDescription)\n {\n ArgumentNullException.ThrowIfNull(codeCommand, nameof(codeCommand));\n ArgumentNullException.ThrowIfNull(serviceProviderFactory, nameof(serviceProviderFactory));\n\n UrlOption = new Option(\"--azure-key-vault-url\", \"-kvu\")\n {\n Description = AzureKeyVaultResources.UrlOptionDescription,\n Required = true,\n CustomParser = ParseUrl\n };\n CertificateOption = new Option(\"--azure-key-vault-certificate\", \"-kvc\")\n {\n Description = AzureKeyVaultResources.CertificateOptionDescription,\n Required = true\n };\n FilesArgument = new Argument?>(\"file(s)\")\n {\n Description = Resources.FilesArgumentDescription,\n Arity = ArgumentArity.OneOrMore\n };\n\n Options.Add(UrlOption);\n Options.Add(CertificateOption);\n AzureCredentialOptions.AddOptionsToCommand(this);\n\n Arguments.Add(FilesArgument);\n\n SetAction((ParseResult parseResult, CancellationToken cancellationToken) =>\n {\n List? filesArgument = parseResult.GetValue(FilesArgument);\n\n if (filesArgument is not { Count: > 0 })\n {\n Console.Error.WriteLine(Resources.MissingFileValue);\n\n return Task.FromResult(ExitCode.InvalidOptions);\n }\n\n // this check exists as a courtesy to users who may have been signing .clickonce files via the old workaround.\n // at some point we should remove this check, probably once we hit v1.0\n if (filesArgument.Any(x => x.EndsWith(\".clickonce\", StringComparison.OrdinalIgnoreCase)))\n {\n Console.Error.WriteLine(AzureKeyVaultResources.ClickOnceExtensionNotSupported);\n\n return Task.FromResult(ExitCode.InvalidOptions);\n }\n\n TokenCredential? credential = AzureCredentialOptions.CreateTokenCredential(parseResult);\n if (credential is null)\n {\n return Task.FromResult(ExitCode.Failed);\n }\n\n // Some of the options are required and that is why we can safely use\n // the null-forgiving operator (!) to simplify the code.\n Uri url = parseResult.GetValue(UrlOption)!;\n string certificateId = parseResult.GetValue(CertificateOption)!;\n\n // Construct the URI for the certificate and the key from user parameters. We'll validate those with the SDK\n var certUri = new Uri($\"{url.Scheme}://{url.Authority}/certificates/{certificateId}\");\n\n if (!KeyVaultCertificateIdentifier.TryCreate(certUri, out var certId))\n {\n Console.Error.WriteLine(AzureKeyVaultResources.InvalidKeyVaultUrl);\n\n return Task.FromResult(ExitCode.InvalidOptions);\n }\n\n // The key uri is similar and the key name matches the certificate name\n var keyUri = new Uri($\"{url.Scheme}://{url.Authority}/keys/{certificateId}\");\n\n serviceProviderFactory.AddServices(services =>\n {\n services.AddAzureClients(builder =>\n {\n builder.AddCertificateClient(certId.VaultUri);\n builder.AddCryptographyClient(keyUri);\n builder.UseCredential(credential);\n builder.ConfigureDefaults(options => options.Retry.Mode = RetryMode.Exponential);\n });\n\n services.AddSingleton(serviceProvider =>\n {\n return new KeyVaultService(\n serviceProvider.GetRequiredService(),\n serviceProvider.GetRequiredService(),\n certId.Name,\n serviceProvider.GetRequiredService>());\n });\n });\n\n KeyVaultServiceProvider keyVaultServiceProvider = new();\n\n return codeCommand.HandleAsync(parseResult, serviceProviderFactory, keyVaultServiceProvider, filesArgument);\n });\n }\n\n private static Uri? ParseUrl(ArgumentResult result)\n {\n if (result.Tokens.Count != 1 ||\n !Uri.TryCreate(result.Tokens[0].Value, UriKind.Absolute, out Uri? uri)\n || !string.Equals(uri.Scheme, Uri.UriSchemeHttps, StringComparison.OrdinalIgnoreCase))\n {\n result.AddError(AzureKeyVaultResources.InvalidUrlValue);\n\n return null;\n }\n\n return uri;\n }\n }\n}\n"
},
{
"path": "src/Sign.Cli/AzureKeyVaultResources.Designer.cs",
"content": "//------------------------------------------------------------------------------\n// \n// This code was generated by a tool.\n// Runtime Version:4.0.30319.42000\n//\n// Changes to this file may cause incorrect behavior and will be lost if\n// the code is regenerated.\n// \n//------------------------------------------------------------------------------\n\nnamespace Sign.Cli {\n using System;\n \n \n /// \n /// A strongly-typed resource class, for looking up localized strings, etc.\n /// \n // This class was auto-generated by the StronglyTypedResourceBuilder\n // class via a tool like ResGen or Visual Studio.\n // To add or remove a member, edit your .ResX file then rerun ResGen\n // with the /str option, or rebuild your VS project.\n [global::System.CodeDom.Compiler.GeneratedCodeAttribute(\"System.Resources.Tools.StronglyTypedResourceBuilder\", \"18.0.0.0\")]\n [global::System.Diagnostics.DebuggerNonUserCodeAttribute()]\n [global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()]\n internal class AzureKeyVaultResources {\n \n private static global::System.Resources.ResourceManager resourceMan;\n \n private static global::System.Globalization.CultureInfo resourceCulture;\n \n [global::System.Diagnostics.CodeAnalysis.SuppressMessageAttribute(\"Microsoft.Performance\", \"CA1811:AvoidUncalledPrivateCode\")]\n internal AzureKeyVaultResources() {\n }\n \n /// \n /// Returns the cached ResourceManager instance used by this class.\n /// \n [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]\n internal static global::System.Resources.ResourceManager ResourceManager {\n get {\n if (object.ReferenceEquals(resourceMan, null)) {\n global::System.Resources.ResourceManager temp = new global::System.Resources.ResourceManager(\"Sign.Cli.AzureKeyVaultResources\", typeof(AzureKeyVaultResources).Assembly);\n resourceMan = temp;\n }\n return resourceMan;\n }\n }\n \n /// \n /// Overrides the current thread's CurrentUICulture property for all\n /// resource lookups using this strongly typed resource class.\n /// \n [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]\n internal static global::System.Globalization.CultureInfo Culture {\n get {\n return resourceCulture;\n }\n set {\n resourceCulture = value;\n }\n }\n \n /// \n /// Looks up a localized string similar to Name of the certificate in Azure Key Vault..\n /// \n internal static string CertificateOptionDescription {\n get {\n return ResourceManager.GetString(\"CertificateOptionDescription\", resourceCulture);\n }\n }\n \n /// \n /// Looks up a localized string similar to ClickOnce signing via the legacy .clickonce ZIP workaround is no longer supported. See documentation..\n /// \n internal static string ClickOnceExtensionNotSupported {\n get {\n return ResourceManager.GetString(\"ClickOnceExtensionNotSupported\", resourceCulture);\n }\n }\n \n /// \n /// Looks up a localized string similar to Use Azure Key Vault..\n /// \n internal static string CommandDescription {\n get {\n return ResourceManager.GetString(\"CommandDescription\", resourceCulture);\n }\n }\n \n /// \n /// Looks up a localized string similar to URL must only contain the protocol and host. (e.g.: https://<vault-name>.vault.azure.net/).\n /// \n internal static string InvalidKeyVaultUrl {\n get {\n return ResourceManager.GetString(\"InvalidKeyVaultUrl\", resourceCulture);\n }\n }\n \n /// \n /// Looks up a localized string similar to URL must be an absolute HTTPS URL to an Azure Key Vault..\n /// \n internal static string InvalidUrlValue {\n get {\n return ResourceManager.GetString(\"InvalidUrlValue\", resourceCulture);\n }\n }\n \n /// \n /// Looks up a localized string similar to URL to an Azure Key Vault..\n /// \n internal static string UrlOptionDescription {\n get {\n return ResourceManager.GetString(\"UrlOptionDescription\", resourceCulture);\n }\n }\n }\n}\n"
},
{
"path": "src/Sign.Cli/AzureKeyVaultResources.resx",
"content": "\n\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n text/microsoft-resx\n \n \n 2.0\n \n \n System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\n \n \n System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\n \n \n Name of the certificate in Azure Key Vault.\n \n \n ClickOnce signing via the legacy .clickonce ZIP workaround is no longer supported. See documentation.\n \n \n Use Azure Key Vault.\n \n \n URL must only contain the protocol and host. (e.g.: https://<vault-name>.vault.azure.net/)\n \n \n URL must be an absolute HTTPS URL to an Azure Key Vault.\n \n \n URL to an Azure Key Vault.\n \n"
},
{
"path": "src/Sign.Cli/CertificateStoreCommand.cs",
"content": "// Licensed to the .NET Foundation under one or more agreements.\n// The .NET Foundation licenses this file to you under the MIT license.\n// See the LICENSE.txt file in the project root for more information.\n\nusing System.CommandLine;\nusing System.CommandLine.Parsing;\nusing System.Globalization;\nusing System.Security.Cryptography;\nusing Sign.Core;\nusing Sign.SignatureProviders.CertificateStore;\n\nnamespace Sign.Cli\n{\n internal sealed class CertificateStoreCommand : Command\n {\n internal Option CertificateFingerprintOption { get; }\n internal Option CertificateFileOption { get; }\n internal Option CertificatePasswordOption { get; }\n internal Option CryptoServiceProviderOption { get; }\n internal Option PrivateKeyContainerOption { get; }\n internal Option UseMachineKeyContainerOption { get; }\n internal Option InteractiveOption { get; }\n\n internal Argument?> FilesArgument { get; }\n\n internal CertificateStoreCommand(CodeCommand codeCommand, IServiceProviderFactory serviceProviderFactory)\n : base(\"certificate-store\", Resources.CertificateStoreCommandDescription)\n {\n ArgumentNullException.ThrowIfNull(codeCommand, nameof(codeCommand));\n ArgumentNullException.ThrowIfNull(serviceProviderFactory, nameof(serviceProviderFactory));\n\n CertificateFingerprintOption = new Option(\"--certificate-fingerprint\", \"-cfp\")\n {\n CustomParser = ParseCertificateFingerprint,\n Description = CertificateStoreResources.CertificateFingerprintOptionDescription,\n Required = true\n };\n CertificateFileOption = new Option(\"--certificate-file\", \"-cf\")\n {\n Description = CertificateStoreResources.CertificateFileOptionDescription\n };\n CertificatePasswordOption = new Option(\"--password\", \"-p\")\n {\n Description = CertificateStoreResources.CertificatePasswordOptionDescription\n };\n CryptoServiceProviderOption = new Option(\"--crypto-service-provider\", \"-csp\")\n {\n Description = CertificateStoreResources.CspOptionDescription\n };\n PrivateKeyContainerOption = new Option(\"--key-container\", \"-k\")\n {\n Description = CertificateStoreResources.KeyContainerOptionDescription\n };\n UseMachineKeyContainerOption = new Option(\"--use-machine-key-container\", \"-km\")\n {\n DefaultValueFactory = _ => false,\n Description = CertificateStoreResources.UseMachineKeyContainerOptionDescription\n };\n InteractiveOption = new Option(\"--interactive\", \"-i\")\n {\n DefaultValueFactory = _ => false,\n Description = CertificateStoreResources.InteractiveDescription\n };\n FilesArgument = new Argument?>(\"file(s)\")\n {\n Description = Resources.FilesArgumentDescription,\n Arity = ArgumentArity.OneOrMore\n };\n\n Options.Add(CertificateFingerprintOption);\n Options.Add(CertificateFileOption);\n Options.Add(CertificatePasswordOption);\n Options.Add(CryptoServiceProviderOption);\n Options.Add(PrivateKeyContainerOption);\n Options.Add(UseMachineKeyContainerOption);\n Options.Add(InteractiveOption);\n Arguments.Add(FilesArgument);\n\n SetAction((ParseResult parseResult, CancellationToken cancellationToken) =>\n {\n List? filesArgument = parseResult.GetValue(FilesArgument);\n\n if (filesArgument is not { Count: > 0 })\n {\n Console.Error.WriteLine(Resources.MissingFileValue);\n\n return Task.FromResult(ExitCode.InvalidOptions);\n }\n\n // Some of the options are required and that is why we can safely use\n // the null-forgiving operator (!) to simplify the code.\n string certificateFingerprint = parseResult.GetValue(CertificateFingerprintOption)!;\n string? certificatePath = parseResult.GetValue(CertificateFileOption);\n string? certificatePassword = parseResult.GetValue(CertificatePasswordOption);\n string? cryptoServiceProvider = parseResult.GetValue(CryptoServiceProviderOption);\n string? privateKeyContainer = parseResult.GetValue(PrivateKeyContainerOption);\n bool useMachineKeyContainer = parseResult.GetValue(UseMachineKeyContainerOption);\n bool isInteractive = parseResult.GetValue(InteractiveOption);\n\n // Certificate fingerprint is required in case the provided certificate container contains multiple certificates.\n if (string.IsNullOrEmpty(certificateFingerprint))\n {\n Console.Error.WriteFormattedLine(\n Resources.InvalidCertificateFingerprintValue,\n CertificateFingerprintOption);\n\n return Task.FromResult(ExitCode.InvalidOptions);\n }\n\n if (!TryDeduceHashAlgorithm(certificateFingerprint, out HashAlgorithmName certificateFingerprintAlgorithm))\n {\n Console.Error.WriteFormattedLine(\n Resources.InvalidCertificateFingerprintValue,\n CertificateFingerprintOption);\n\n return Task.FromResult(ExitCode.InvalidOptions);\n }\n\n // CSP requires a private key container to function.\n if (string.IsNullOrEmpty(cryptoServiceProvider) != string.IsNullOrEmpty(privateKeyContainer))\n {\n if (string.IsNullOrEmpty(privateKeyContainer))\n {\n Console.Error.WriteLine(CertificateStoreResources.MissingPrivateKeyContainerError);\n\n return Task.FromResult(ExitCode.InvalidOptions);\n }\n else\n {\n Console.Error.WriteLine(CertificateStoreResources.MissingCspError);\n\n return Task.FromResult(ExitCode.InvalidOptions);\n }\n }\n\n CertificateStoreServiceProvider certificateStoreServiceProvider = new(\n certificateFingerprint,\n certificateFingerprintAlgorithm,\n cryptoServiceProvider,\n privateKeyContainer,\n certificatePath,\n certificatePassword,\n useMachineKeyContainer,\n isInteractive);\n\n return codeCommand.HandleAsync(parseResult, serviceProviderFactory, certificateStoreServiceProvider, filesArgument);\n });\n }\n\n private static string? ParseCertificateFingerprint(ArgumentResult result)\n {\n string? token = null;\n\n if (result.Tokens.Count == 1)\n {\n token = result.Tokens[0].Value;\n\n if (!HexHelpers.IsHex(token))\n {\n result.AddError(FormatMessage(\n Resources.InvalidCertificateFingerprintValue,\n result.Argument));\n }\n else if (!TryDeduceHashAlgorithm(token, out HashAlgorithmName hashAlgorithmName))\n {\n result.AddError(FormatMessage(\n Resources.InvalidCertificateFingerprintValue,\n result.Argument));\n }\n }\n else\n {\n result.AddError(FormatMessage(\n Resources.InvalidCertificateFingerprintValue,\n result.Argument));\n }\n\n return token;\n }\n\n private static string FormatMessage(string format, Argument argument)\n {\n return string.Format(CultureInfo.CurrentCulture, format, argument.Name);\n }\n\n private static bool TryDeduceHashAlgorithm(\n string certificateFingerprint,\n out HashAlgorithmName hashAlgorithmName)\n {\n hashAlgorithmName = HashAlgorithmName.SHA256;\n\n if (string.IsNullOrEmpty(certificateFingerprint))\n {\n return false;\n }\n\n // One hexadecimal character is 4 bits.\n switch (certificateFingerprint.Length)\n {\n case 64: // 64 characters * 4 bits/character = 256 bits\n hashAlgorithmName = HashAlgorithmName.SHA256;\n return true;\n\n case 96: // 96 characters * 4 bits/character = 384 bits\n hashAlgorithmName = HashAlgorithmName.SHA384;\n return true;\n\n case 128: // 128 characters * 4 bits/character = 512 bits\n hashAlgorithmName = HashAlgorithmName.SHA512;\n return true;\n\n default:\n return false;\n }\n }\n }\n}\n"
},
{
"path": "src/Sign.Cli/CertificateStoreResources.Designer.cs",
"content": "//------------------------------------------------------------------------------\n// \n// This code was generated by a tool.\n// Runtime Version:4.0.30319.42000\n//\n// Changes to this file may cause incorrect behavior and will be lost if\n// the code is regenerated.\n// \n//------------------------------------------------------------------------------\n\nnamespace Sign.Cli {\n using System;\n \n \n /// \n /// A strongly-typed resource class, for looking up localized strings, etc.\n /// \n // This class was auto-generated by the StronglyTypedResourceBuilder\n // class via a tool like ResGen or Visual Studio.\n // To add or remove a member, edit your .ResX file then rerun ResGen\n // with the /str option, or rebuild your VS project.\n [global::System.CodeDom.Compiler.GeneratedCodeAttribute(\"System.Resources.Tools.StronglyTypedResourceBuilder\", \"17.0.0.0\")]\n [global::System.Diagnostics.DebuggerNonUserCodeAttribute()]\n [global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()]\n internal class CertificateStoreResources {\n \n private static global::System.Resources.ResourceManager resourceMan;\n \n private static global::System.Globalization.CultureInfo resourceCulture;\n \n [global::System.Diagnostics.CodeAnalysis.SuppressMessageAttribute(\"Microsoft.Performance\", \"CA1811:AvoidUncalledPrivateCode\")]\n internal CertificateStoreResources() {\n }\n \n /// \n /// Returns the cached ResourceManager instance used by this class.\n /// \n [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]\n internal static global::System.Resources.ResourceManager ResourceManager {\n get {\n if (object.ReferenceEquals(resourceMan, null)) {\n global::System.Resources.ResourceManager temp = new global::System.Resources.ResourceManager(\"Sign.Cli.CertificateStoreResources\", typeof(CertificateStoreResources).Assembly);\n resourceMan = temp;\n }\n return resourceMan;\n }\n }\n \n /// \n /// Overrides the current thread's CurrentUICulture property for all\n /// resource lookups using this strongly typed resource class.\n /// \n [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]\n internal static global::System.Globalization.CultureInfo Culture {\n get {\n return resourceCulture;\n }\n set {\n resourceCulture = value;\n }\n }\n \n /// \n /// Looks up a localized string similar to PFX, P7B, or CER file containing a certificate and potentially a private key..\n /// \n internal static string CertificateFileOptionDescription {\n get {\n return ResourceManager.GetString(\"CertificateFileOptionDescription\", resourceCulture);\n }\n }\n \n /// \n /// Looks up a localized string similar to SHA fingerprint used to identify a certificate..\n /// \n internal static string CertificateFingerprintOptionDescription {\n get {\n return ResourceManager.GetString(\"CertificateFingerprintOptionDescription\", resourceCulture);\n }\n }\n \n /// \n /// Looks up a localized string similar to Password for certificate file..\n /// \n internal static string CertificatePasswordOptionDescription {\n get {\n return ResourceManager.GetString(\"CertificatePasswordOptionDescription\", resourceCulture);\n }\n }\n \n /// \n /// Looks up a localized string similar to Sign container contents.\n /// \n internal static string ContainersDescription {\n get {\n return ResourceManager.GetString(\"ContainersDescription\", resourceCulture);\n }\n }\n \n /// \n /// Looks up a localized string similar to Cryptographic Service Provider containing the private key container. Requires /k and optionally /km..\n /// \n internal static string CspOptionDescription {\n get {\n return ResourceManager.GetString(\"CspOptionDescription\", resourceCulture);\n }\n }\n \n /// \n /// Looks up a localized string similar to Allow user interactions (such as a dialog box) when a private key is accessed..\n /// \n internal static string InteractiveDescription {\n get {\n return ResourceManager.GetString(\"InteractiveDescription\", resourceCulture);\n }\n }\n \n /// \n /// Looks up a localized string similar to Private key container name..\n /// \n internal static string KeyContainerOptionDescription {\n get {\n return ResourceManager.GetString(\"KeyContainerOptionDescription\", resourceCulture);\n }\n }\n \n /// \n /// Looks up a localized string similar to Cryptographic Service Provider missing. Use /csp to specify a CSP..\n /// \n internal static string MissingCspError {\n get {\n return ResourceManager.GetString(\"MissingCspError\", resourceCulture);\n }\n }\n \n /// \n /// Looks up a localized string similar to Private key container name missing. Use /k to specify a key container name..\n /// \n internal static string MissingPrivateKeyContainerError {\n get {\n return ResourceManager.GetString(\"MissingPrivateKeyContainerError\", resourceCulture);\n }\n }\n \n /// \n /// Looks up a localized string similar to Use a machine-level private key container. (The default is user-level.).\n /// \n internal static string UseMachineKeyContainerOptionDescription {\n get {\n return ResourceManager.GetString(\"UseMachineKeyContainerOptionDescription\", resourceCulture);\n }\n }\n }\n}\n"
},
{
"path": "src/Sign.Cli/CertificateStoreResources.resx",
"content": "\n\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n text/microsoft-resx\n \n \n 2.0\n \n \n System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\n \n \n System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\n \n \n Allow user interactions (such as a dialog box) when a private key is accessed.\n \n \n PFX, P7B, or CER file containing a certificate and potentially a private key.\n {Locked=\"PFX\", \"P7B\", \"CER\"} are file extensions.\n \n \n SHA fingerprint used to identify a certificate.\n {Locked=\"SHA\"} is a cryptographic algorithm.\n \n \n Password for certificate file.\n \n \n Cryptographic Service Provider containing the private key container. Requires /k and optionally /km.\n {Locked=\"/k\", \"/km\"} are command line options.\n \n \n Private key container name.\n \n \n Cryptographic Service Provider missing. Use /csp to specify a CSP.\n {Locked=\"/csp\"} is a command line option.\n \n \n Private key container name missing. Use /k to specify a key container name.\n {Locked=\"/k\"} is a command line option.\n \n \n Use a machine-level private key container. (The default is user-level.)\n \n \n Sign container contents.\n \n"
},
{
"path": "src/Sign.Cli/CodeCommand.cs",
"content": "// Licensed to the .NET Foundation under one or more agreements.\n// The .NET Foundation licenses this file to you under the MIT license.\n// See the LICENSE.txt file in the project root for more information.\n\nusing System.CommandLine;\nusing System.CommandLine.Parsing;\nusing System.Globalization;\nusing System.Security.Cryptography;\nusing System.Text;\nusing Microsoft.Extensions.DependencyInjection;\nusing Microsoft.Extensions.FileSystemGlobbing;\nusing Microsoft.Extensions.FileSystemGlobbing.Abstractions;\nusing Microsoft.Extensions.Logging;\nusing Sign.Core;\n\nnamespace Sign.Cli\n{\n internal sealed class CodeCommand : Command\n {\n internal Option ApplicationNameOption { get; }\n internal Option BaseDirectoryOption { get; }\n internal Option DescriptionOption { get; }\n internal Option DescriptionUrlOption { get; }\n internal Option FileDigestOption { get; }\n internal Option FileListOption { get; }\n internal Option RecurseContainersOption { get; }\n internal Option MaxConcurrencyOption { get; }\n internal Option OutputOption { get; }\n internal Option PublisherNameOption { get; }\n internal Option TimestampDigestOption { get; }\n internal Option TimestampUrlOption { get; }\n internal Option VerbosityOption { get; }\n\n internal CodeCommand()\n : base(\"code\", Resources.CodeCommandDescription)\n {\n ApplicationNameOption = new Option(\"--application-name\", \"-an\")\n {\n Description = Resources.ApplicationNameOptionDescription,\n Recursive = true\n };\n BaseDirectoryOption = new Option(\"--base-directory\", \"-b\")\n {\n CustomParser = ParseBaseDirectoryOption,\n DefaultValueFactory = _ => new DirectoryInfo(Environment.CurrentDirectory),\n Description = Resources.BaseDirectoryOptionDescription,\n Recursive = true\n };\n DescriptionOption = new Option(\"--description\", \"-d\")\n {\n Description = Resources.DescriptionOptionDescription,\n Recursive = true\n };\n DescriptionUrlOption = new Option(\"--description-url\", \"-u\")\n {\n CustomParser = ParseUrl,\n Description = Resources.DescriptionUrlOptionDescription,\n Recursive = true\n };\n FileDigestOption = new Option(\"--file-digest\", \"-fd\")\n {\n CustomParser = HashAlgorithmParser.ParseHashAlgorithmName,\n DefaultValueFactory = _ => HashAlgorithmName.SHA256,\n Description = Resources.FileDigestOptionDescription,\n Recursive = true\n };\n FileListOption = new Option(\"--file-list\", \"-fl\")\n {\n Description = Resources.FileListOptionDescription,\n Recursive = true\n };\n RecurseContainersOption = new Option(\"--recurse-containers\", \"-rc\")\n {\n DefaultValueFactory = _ => true,\n Description = CertificateStoreResources.ContainersDescription,\n Recursive = true\n };\n MaxConcurrencyOption = new Option(\"--max-concurrency\", \"-m\")\n {\n CustomParser = ParseMaxConcurrencyOption,\n DefaultValueFactory = _ => 4,\n Description = Resources.MaxConcurrencyOptionDescription,\n Recursive = true\n };\n OutputOption = new Option(\"--output\", \"-o\")\n {\n Description = Resources.OutputOptionDescription,\n Recursive = true\n };\n PublisherNameOption = new Option(\"--publisher-name\", \"-pn\")\n {\n Description = Resources.PublisherNameOptionDescription,\n Recursive = true\n };\n TimestampDigestOption = new Option(\"--timestamp-digest\", \"-td\")\n {\n CustomParser = HashAlgorithmParser.ParseHashAlgorithmName,\n DefaultValueFactory = _ => HashAlgorithmName.SHA256,\n Description = Resources.TimestampDigestOptionDescription,\n Recursive = true\n };\n TimestampUrlOption = new Option(\"--timestamp-url\", \"-t\")\n {\n CustomParser = ParseUrl,\n DefaultValueFactory = _ => new Uri(\"http://timestamp.acs.microsoft.com\"),\n Description = Resources.TimestampUrlOptionDescription,\n Recursive = true\n };\n VerbosityOption = new Option(\"--verbosity\", \"-v\")\n {\n Description = Resources.VerbosityOptionDescription,\n Recursive = true\n };\n\n // These options are available on the adding command and all subcommands.\n // Order here is significant as it represents the order in which options are\n // displayed in help.\n Options.Add(ApplicationNameOption);\n Options.Add(DescriptionOption);\n Options.Add(DescriptionUrlOption);\n Options.Add(BaseDirectoryOption);\n Options.Add(OutputOption);\n Options.Add(PublisherNameOption);\n Options.Add(FileListOption);\n Options.Add(RecurseContainersOption);\n Options.Add(FileDigestOption);\n Options.Add(TimestampUrlOption);\n Options.Add(TimestampDigestOption);\n Options.Add(MaxConcurrencyOption);\n Options.Add(VerbosityOption);\n }\n\n internal async Task HandleAsync(ParseResult parseResult, IServiceProviderFactory serviceProviderFactory, ISignatureProvider signatureProvider, IEnumerable filesArgument)\n {\n // Some of the options have a default value and that is why we can safely use\n // the null-forgiving operator (!) to simplify the code.\n DirectoryInfo baseDirectory = parseResult.GetValue(BaseDirectoryOption)!;\n string? applicationName = parseResult.GetValue(ApplicationNameOption);\n string? publisherName = parseResult.GetValue(PublisherNameOption);\n string? description = parseResult.GetValue(DescriptionOption);\n Uri? descriptionUrl = parseResult.GetValue(DescriptionUrlOption);\n string? fileListFilePath = parseResult.GetValue(FileListOption);\n bool recurseContainers = parseResult.GetValue(RecurseContainersOption);\n HashAlgorithmName fileHashAlgorithmName = parseResult.GetValue(FileDigestOption);\n HashAlgorithmName timestampHashAlgorithmName = parseResult.GetValue(TimestampDigestOption);\n Uri timestampUrl = parseResult.GetValue(TimestampUrlOption)!;\n LogLevel verbosity = parseResult.GetValue(VerbosityOption);\n string? output = parseResult.GetValue(OutputOption);\n int maxConcurrency = parseResult.GetValue(MaxConcurrencyOption);\n\n // Make sure this is rooted\n if (!Path.IsPathRooted(baseDirectory.FullName))\n {\n Console.Error.WriteFormattedLine(\n Resources.InvalidBaseDirectoryValue,\n BaseDirectoryOption);\n\n return ExitCode.InvalidOptions;\n }\n\n IServiceProvider serviceProvider = serviceProviderFactory.Create(\n verbosity,\n addServices: (IServiceCollection services) =>\n {\n services.AddSingleton(\n (IServiceProvider serviceProvider) => signatureProvider.GetSignatureAlgorithmProvider(serviceProvider));\n services.AddSingleton(\n (IServiceProvider serviceProvider) => signatureProvider.GetCertificateProvider(serviceProvider));\n });\n\n List inputFiles = [];\n\n foreach (string fileArgument in filesArgument)\n {\n // If we're going to glob, we can't be fully rooted currently (fix me later)\n bool isGlob = fileArgument.Contains('*');\n\n if (isGlob)\n {\n if (Path.IsPathRooted(fileArgument))\n {\n Console.Error.WriteLine(Resources.InvalidFileValue);\n return ExitCode.InvalidOptions;\n }\n\n IFileListReader fileListReader = serviceProvider.GetRequiredService();\n IFileMatcher fileMatcher = serviceProvider.GetRequiredService();\n\n using (MemoryStream stream = new(Encoding.UTF8.GetBytes(fileArgument)))\n using (StreamReader reader = new(stream))\n {\n fileListReader.Read(reader, out Matcher? matcher, out Matcher? antiMatcher);\n\n DirectoryInfoBase directory = new DirectoryInfoWrapper(baseDirectory);\n\n IEnumerable matches = fileMatcher.EnumerateMatches(directory, matcher);\n\n if (antiMatcher is not null)\n {\n IEnumerable antiMatches = fileMatcher.EnumerateMatches(directory, antiMatcher);\n matches = matches.Except(antiMatches, FileInfoComparer.Instance);\n }\n\n inputFiles.AddRange(matches);\n }\n }\n else\n {\n inputFiles.Add(new FileInfo(ExpandFilePath(baseDirectory, fileArgument)));\n }\n }\n\n FileInfo? fileList = null;\n if (!string.IsNullOrEmpty(fileListFilePath))\n {\n if (Path.IsPathRooted(fileListFilePath))\n {\n fileList = new FileInfo(fileListFilePath);\n }\n else\n {\n fileList = new FileInfo(ExpandFilePath(baseDirectory, fileListFilePath));\n }\n }\n\n if (inputFiles.Count == 0)\n {\n Console.Error.WriteLine(Resources.NoFilesToSign);\n\n return ExitCode.NoInputsFound;\n }\n\n if (inputFiles.Any(file => !file.Exists))\n {\n Console.Error.WriteFormattedLine(\n Resources.SomeFilesDoNotExist,\n BaseDirectoryOption);\n\n foreach (FileInfo file in inputFiles.Where(file => !file.Exists))\n {\n Console.Error.WriteLine($\" {file.FullName}\");\n }\n\n return ExitCode.NoInputsFound;\n }\n\n ISigner signer = serviceProvider.GetRequiredService();\n\n int exitCode = await signer.SignAsync(\n inputFiles,\n output,\n fileList,\n recurseContainers,\n baseDirectory,\n applicationName,\n publisherName,\n description,\n descriptionUrl,\n timestampUrl,\n maxConcurrency,\n fileHashAlgorithmName,\n timestampHashAlgorithmName);\n\n return exitCode;\n }\n\n private static string ExpandFilePath(DirectoryInfo baseDirectory, string file)\n {\n if (Path.IsPathRooted(file))\n {\n return file;\n }\n\n return Path.Combine(baseDirectory.FullName, file);\n }\n\n private static DirectoryInfo ParseBaseDirectoryOption(ArgumentResult result)\n {\n if (result.Tokens.Count != 1 ||\n string.IsNullOrWhiteSpace(result.Tokens[0].Value))\n {\n result.AddError(FormatMessage(Resources.InvalidBaseDirectoryValue, result.Argument));\n\n return new DirectoryInfo(Environment.CurrentDirectory);\n }\n\n string value = result.Tokens[0].Value;\n\n if (Path.IsPathRooted(value))\n {\n return new DirectoryInfo(value);\n }\n\n result.AddError(FormatMessage(Resources.InvalidBaseDirectoryValue, result.Argument));\n\n return new DirectoryInfo(Environment.CurrentDirectory);\n }\n\n private static int ParseMaxConcurrencyOption(ArgumentResult result)\n {\n if (result.Tokens.Count != 1 ||\n !int.TryParse(result.Tokens[0].Value, out int value) ||\n value < 1)\n {\n result.AddError(FormatMessage(Resources.InvalidMaxConcurrencyValue, result.Argument));\n\n return default;\n }\n\n return value;\n }\n\n internal static Uri? ParseHttpsUrl(ArgumentResult result)\n {\n if (result.Tokens.Count != 1 ||\n !Uri.TryCreate(result.Tokens[0].Value, UriKind.Absolute, out Uri? uri) ||\n !string.Equals(Uri.UriSchemeHttps, uri.Scheme, StringComparison.OrdinalIgnoreCase))\n {\n result.AddError(FormatMessage(Resources.InvalidHttpsUrlValue, result.Argument));\n\n return null;\n }\n\n return uri;\n }\n\n internal static Uri? ParseUrl(ArgumentResult result)\n {\n if (result.Tokens.Count != 1 ||\n !Uri.TryCreate(result.Tokens[0].Value, UriKind.Absolute, out Uri? uri) ||\n !(string.Equals(Uri.UriSchemeHttp, uri.Scheme, StringComparison.OrdinalIgnoreCase) ||\n string.Equals(Uri.UriSchemeHttps, uri.Scheme, StringComparison.OrdinalIgnoreCase)))\n {\n result.AddError(FormatMessage(Resources.InvalidUrlValue, result.Argument));\n\n return null;\n }\n\n return uri;\n }\n\n private static string FormatMessage(string format, Argument argument)\n {\n return string.Format(CultureInfo.CurrentCulture, format, argument.Name);\n }\n }\n}\n"
},
{
"path": "src/Sign.Cli/Helpers/HashAlgorithmParser.cs",
"content": "// Licensed to the .NET Foundation under one or more agreements.\n// The .NET Foundation licenses this file to you under the MIT license.\n// See the LICENSE.txt file in the project root for more information.\n\nusing System.CommandLine.Parsing;\nusing System.Globalization;\nusing System.Security.Cryptography;\n\nnamespace Sign.Cli\n{\n internal static class HashAlgorithmParser\n {\n public static HashAlgorithmName ParseHashAlgorithmName(ArgumentResult result)\n {\n if (result.Tokens.Count == 0)\n {\n return HashAlgorithmName.SHA256;\n }\n\n string token = result.Tokens.Single().Value.ToLowerInvariant();\n\n switch (token)\n {\n case \"sha256\":\n return HashAlgorithmName.SHA256;\n\n case \"sha384\":\n return HashAlgorithmName.SHA384;\n\n case \"sha512\":\n return HashAlgorithmName.SHA512;\n\n default:\n result.AddError(string.Format(CultureInfo.CurrentCulture, Resources.InvalidDigestValue, result.Argument.Name));\n\n return HashAlgorithmName.SHA256;\n }\n }\n }\n}\n"
},
{
"path": "src/Sign.Cli/Kernel32.cs",
"content": "// Licensed to the .NET Foundation under one or more agreements.\n// The .NET Foundation licenses this file to you under the MIT license.\n// See the LICENSE.txt file in the project root for more information.\n\nusing System.ComponentModel;\nusing System.Runtime.InteropServices;\n\nnamespace Sign.Cli\n{\n#pragma warning disable IDE1006 // Naming Styles\n static class Kernel32\n {\n [DllImport(\"kernel32.dll\", SetLastError = true, PreserveSig = true)]\n [return: MarshalAs(UnmanagedType.Bool)]\n public static extern bool SetDllDirectoryW(\n [MarshalAs(UnmanagedType.LPWStr)] string lpPathName);\n\n [DllImport(\"kernel32.dll\", SetLastError = true, PreserveSig = true)]\n public static extern IntPtr LoadLibraryW(\n [MarshalAs(UnmanagedType.LPWStr)] string path);\n\n [DllImport(\"kernel32.dll\", SetLastError = true, PreserveSig = true)]\n public static extern IntPtr CreateActCtxW(ref ACTCTX pActCtx);\n\n [DllImport(\"kernel32.dll\", SetLastError = true, PreserveSig = true)]\n [return: MarshalAs(UnmanagedType.Bool)]\n public static extern bool ActivateActCtx(IntPtr hActCtx, out IntPtr lpCookie);\n\n [DllImport(\"kernel32.dll\", SetLastError = true, PreserveSig = true)]\n [return: MarshalAs(UnmanagedType.Bool)]\n public static extern bool DeactivateActCtx(int dwFlags, IntPtr lpCookie);\n\n [DllImport(\"kernel32.dll\", PreserveSig = true)]\n public static extern void ReleaseActCtx(IntPtr hActCtx);\n\n [StructLayout(LayoutKind.Sequential, Pack = 4, CharSet = CharSet.Unicode)]\n public struct ACTCTX\n {\n public int cbSize;\n public ActivationContextFlags dwFlags;\n public string lpSource;\n public ushort wProcessorArchitecture;\n public ushort wLangId;\n public string lpAssemblyDirectory;\n public string lpResourceName;\n public string lpApplicationName;\n public IntPtr hModule;\n }\n\n [Flags]\n public enum ActivationContextFlags : uint\n {\n ACTCTX_FLAG_RESOURCE_NAME_VALID = 0x008,\n ACTCTX_FLAG_APPLICATION_NAME_VALID = 0x020\n }\n\n public sealed class ActivationContext : IDisposable\n {\n readonly IntPtr INVALID_HANDLE_VALUE = new(-1);\n IntPtr activationContext = new(-1);\n IntPtr activationContextCookie;\n\n public ActivationContext(string assemblyName)\n {\n var requestedActivationContext = new ACTCTX\n {\n cbSize = Marshal.SizeOf(),\n lpSource = assemblyName\n };\n\n activationContext = CreateActCtxW(ref requestedActivationContext);\n if (activationContext != INVALID_HANDLE_VALUE)\n {\n if (!ActivateActCtx(activationContext, out activationContextCookie))\n {\n throw new Win32Exception(Marshal.GetLastWin32Error());\n }\n }\n else\n {\n throw new Win32Exception(Marshal.GetLastWin32Error());\n }\n }\n\n public void Dispose()\n {\n if (activationContextCookie != IntPtr.Zero)\n {\n if (!DeactivateActCtx(dwFlags: 0, activationContextCookie))\n {\n throw new Win32Exception(Marshal.GetLastWin32Error());\n }\n\n activationContextCookie = IntPtr.Zero;\n }\n\n if (activationContext != INVALID_HANDLE_VALUE)\n {\n ReleaseActCtx(activationContext);\n activationContext = INVALID_HANDLE_VALUE;\n }\n }\n }\n }\n#pragma warning restore IDE1006 // Naming Styles\n}"
},
{
"path": "src/Sign.Cli/PACKAGE.md",
"content": "## About\n\nSign CLI is a .NET tool that provides digital signing for .NET assemblies, packages, and other files.\n\nThe tool signs files inside-out, starting with the most nested files and then the outer files, ensuring everything is signed in the correct order.\n\n## Prerequisites\n\n- An up-to-date x64-based version of Windows currently in [mainstream support](https://learn.microsoft.com/lifecycle/products/)\n- [.NET 8 SDK or later](https://dotnet.microsoft.com/download)\n- [Microsoft Visual C++ 14 runtime](https://aka.ms/vs/17/release/vc_redist.x64.exe)\n- For ClickOnce and VSTO signing: A recent --- ideally, the latest --- version of [.NET Framework](https://dotnet.microsoft.com/download/dotnet-framework)\n\n## Usage\n\n- For help with...\n - Azure Key Vault: `sign code azure-key-vault --help`\n - Artifact Signing: `sign code artifact-signing --help`\n - local signing: `sign code certificate-store --help`\n- Version information: `sign --version`\n\nSee the [GitHub repository](https://github.com/dotnet/sign) for additional information and samples.\n\n## License\n\nThis package is released as open source under the [MIT license](https://licenses.nuget.org/MIT).\n\n## Feedback\n\nBug reports, feedback, and contributions are welcome at the [GitHub repository](https://github.com/dotnet/sign).\n\nHappy signing! 🚀\n"
},
{
"path": "src/Sign.Cli/Program.cs",
"content": "// Licensed to the .NET Foundation under one or more agreements.\n// The .NET Foundation licenses this file to you under the MIT license.\n// See the LICENSE.txt file in the project root for more information.\n\nusing Sign.Core;\n\nnamespace Sign.Cli\n{\n internal static class Program\n {\n internal static async Task Main(string[] args)\n {\n using (new TemporaryConsoleEncoding())\n {\n if (!Environment.Is64BitProcess)\n {\n Console.Error.WriteLine(Resources.x86NotSupported);\n\n return ExitCode.Failed;\n }\n\n AppInitializer.Initialize();\n\n string systemDirectoryPath = Environment.GetFolderPath(Environment.SpecialFolder.System);\n\n // NavSip.dll has a dependency on this.\n string vcRuntime140FilePath = Path.Combine(systemDirectoryPath, \"vcruntime140.dll\");\n\n if (!File.Exists(vcRuntime140FilePath))\n {\n WriteWarning(Resources.MsvcrtNotDetected);\n }\n\n try\n {\n SignCommand rootCommand = CreateCommand(serviceProviderFactory: null);\n\n return await rootCommand.Parse(args).InvokeAsync();\n }\n catch (Exception ex)\n {\n Console.WriteLine(ex);\n\n return ExitCode.Failed;\n }\n }\n }\n\n private static void WriteWarning(string warning)\n {\n Console.ForegroundColor = ConsoleColor.Yellow;\n Console.WriteLine(warning);\n Console.ResetColor();\n }\n\n internal static SignCommand CreateCommand(IServiceProviderFactory? serviceProviderFactory = null)\n {\n return new SignCommand(serviceProviderFactory);\n }\n }\n}\n"
},
{
"path": "src/Sign.Cli/Properties/launchSettings.json",
"content": "{\n \"profiles\": {\n \"Sign.Cli\": {\n \"commandName\": \"Project\",\n \"commandLineArgs\": \"code certificate-store -b C:\\\\Trash -v trace -cf C:\\\\git\\\\Entropy\\\\MakeTestCert\\\\af994810f3d0d01b5f6f37e8be085e1a537d40c9.pfx -cfp 0695cf4875ae67f2194ea4c2cbcdcb1327c6874d5949321c4d8028bed308b7a6 MakeTestCert.dll -o MakeTestCert.signed.dll\"\n }\n }\n}\n"
},
{
"path": "src/Sign.Cli/Resources.Designer.cs",
"content": "//------------------------------------------------------------------------------\n// \n// This code was generated by a tool.\n// Runtime Version:4.0.30319.42000\n//\n// Changes to this file may cause incorrect behavior and will be lost if\n// the code is regenerated.\n// \n//------------------------------------------------------------------------------\n\nnamespace Sign.Cli {\n using System;\n \n \n /// \n /// A strongly-typed resource class, for looking up localized strings, etc.\n /// \n // This class was auto-generated by the StronglyTypedResourceBuilder\n // class via a tool like ResGen or Visual Studio.\n // To add or remove a member, edit your .ResX file then rerun ResGen\n // with the /str option, or rebuild your VS project.\n [global::System.CodeDom.Compiler.GeneratedCodeAttribute(\"System.Resources.Tools.StronglyTypedResourceBuilder\", \"17.0.0.0\")]\n [global::System.Diagnostics.DebuggerNonUserCodeAttribute()]\n [global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()]\n internal class Resources {\n \n private static global::System.Resources.ResourceManager resourceMan;\n \n private static global::System.Globalization.CultureInfo resourceCulture;\n \n [global::System.Diagnostics.CodeAnalysis.SuppressMessageAttribute(\"Microsoft.Performance\", \"CA1811:AvoidUncalledPrivateCode\")]\n internal Resources() {\n }\n \n /// \n /// Returns the cached ResourceManager instance used by this class.\n /// \n [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]\n internal static global::System.Resources.ResourceManager ResourceManager {\n get {\n if (object.ReferenceEquals(resourceMan, null)) {\n global::System.Resources.ResourceManager temp = new global::System.Resources.ResourceManager(\"Sign.Cli.Resources\", typeof(Resources).Assembly);\n resourceMan = temp;\n }\n return resourceMan;\n }\n }\n \n /// \n /// Overrides the current thread's CurrentUICulture property for all\n /// resource lookups using this strongly typed resource class.\n /// \n [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]\n internal static global::System.Globalization.CultureInfo Culture {\n get {\n return resourceCulture;\n }\n set {\n resourceCulture = value;\n }\n }\n \n /// \n /// Looks up a localized string similar to Application name (ClickOnce)..\n /// \n internal static string ApplicationNameOptionDescription {\n get {\n return ResourceManager.GetString(\"ApplicationNameOptionDescription\", resourceCulture);\n }\n }\n \n /// \n /// Looks up a localized string similar to Base directory for files. Overrides the current working directory..\n /// \n internal static string BaseDirectoryOptionDescription {\n get {\n return ResourceManager.GetString(\"BaseDirectoryOptionDescription\", resourceCulture);\n }\n }\n \n /// \n /// Looks up a localized string similar to Use Windows Certificate Store or a local certificate file..\n /// \n internal static string CertificateStoreCommandDescription {\n get {\n return ResourceManager.GetString(\"CertificateStoreCommandDescription\", resourceCulture);\n }\n }\n \n /// \n /// Looks up a localized string similar to Client ID to authenticate to Azure..\n /// \n internal static string ClientIdOptionDescription {\n get {\n return ResourceManager.GetString(\"ClientIdOptionDescription\", resourceCulture);\n }\n }\n \n /// \n /// Looks up a localized string similar to Client secret to authenticate to Azure..\n /// \n internal static string ClientSecretOptionDescription {\n get {\n return ResourceManager.GetString(\"ClientSecretOptionDescription\", resourceCulture);\n }\n }\n \n /// \n /// Looks up a localized string similar to The client secret options are obsolete and should no longer be specified..\n /// \n internal static string ClientSecretOptionsObsolete {\n get {\n return ResourceManager.GetString(\"ClientSecretOptionsObsolete\", resourceCulture);\n }\n }\n \n /// \n /// Looks up a localized string similar to Sign binaries and containers..\n /// \n internal static string CodeCommandDescription {\n get {\n return ResourceManager.GetString(\"CodeCommandDescription\", resourceCulture);\n }\n }\n \n /// \n /// Looks up a localized string similar to Azure credential type that will be used. This defaults to DefaultAzureCredential..\n /// \n internal static string CredentialTypeOptionDescription {\n get {\n return ResourceManager.GetString(\"CredentialTypeOptionDescription\", resourceCulture);\n }\n }\n \n /// \n /// Looks up a localized string similar to Description of the signing certificate..\n /// \n internal static string DescriptionOptionDescription {\n get {\n return ResourceManager.GetString(\"DescriptionOptionDescription\", resourceCulture);\n }\n }\n \n /// \n /// Looks up a localized string similar to Description URL of the signing certificate..\n /// \n internal static string DescriptionUrlOptionDescription {\n get {\n return ResourceManager.GetString(\"DescriptionUrlOptionDescription\", resourceCulture);\n }\n }\n \n /// \n /// Looks up a localized string similar to Digest algorithm to hash files with. Allowed values are 'sha256', 'sha384', and 'sha512'..\n /// \n internal static string FileDigestOptionDescription {\n get {\n return ResourceManager.GetString(\"FileDigestOptionDescription\", resourceCulture);\n }\n }\n \n /// \n /// Looks up a localized string similar to Path to file containing paths of files to sign or to exclude from signing..\n /// \n internal static string FileListOptionDescription {\n get {\n return ResourceManager.GetString(\"FileListOptionDescription\", resourceCulture);\n }\n }\n \n /// \n /// Looks up a localized string similar to File(s) to sign..\n /// \n internal static string FilesArgumentDescription {\n get {\n return ResourceManager.GetString(\"FilesArgumentDescription\", resourceCulture);\n }\n }\n \n /// \n /// Looks up a localized string similar to Invalid value for {0}. The value must be a fully rooted directory path..\n /// \n internal static string InvalidBaseDirectoryValue {\n get {\n return ResourceManager.GetString(\"InvalidBaseDirectoryValue\", resourceCulture);\n }\n }\n \n /// \n /// Looks up a localized string similar to Invalid value for {0}. The value must be a SHA-256, SHA-384, or SHA-512 certificate fingerprint (in hexadecimal)..\n /// \n internal static string InvalidCertificateFingerprintValue {\n get {\n return ResourceManager.GetString(\"InvalidCertificateFingerprintValue\", resourceCulture);\n }\n }\n \n /// \n /// Looks up a localized string similar to Invalid value for {0}. The value must be 'sha256', 'sha384', or 'sha512'..\n /// \n internal static string InvalidDigestValue {\n get {\n return ResourceManager.GetString(\"InvalidDigestValue\", resourceCulture);\n }\n }\n \n /// \n /// Looks up a localized string similar to The file path cannot be rooted when using a glob. Use a path relative to the working directory (or base directory, if used)..\n /// \n internal static string InvalidFileValue {\n get {\n return ResourceManager.GetString(\"InvalidFileValue\", resourceCulture);\n }\n }\n \n /// \n /// Looks up a localized string similar to Invalid value for {0}. The value must be a number value greater than or equal to 1..\n /// \n internal static string InvalidMaxConcurrencyValue {\n get {\n return ResourceManager.GetString(\"InvalidMaxConcurrencyValue\", resourceCulture);\n }\n }\n \n /// \n /// Looks up a localized string similar to Invalid value for {0}. The value must be an absolute HTTPS URL..\n /// \n internal static string InvalidHttpsUrlValue {\n get {\n return ResourceManager.GetString(\"InvalidHttpsUrlValue\", resourceCulture);\n }\n }\n\n /// \n /// Looks up a localized string similar to Invalid value for {0}. The value must be an absolute HTTP or HTTPS URL..\n /// \n internal static string InvalidUrlValue {\n get {\n return ResourceManager.GetString(\"InvalidUrlValue\", resourceCulture);\n }\n }\n\n /// \n /// Looks up a localized string similar to The client id of a user assigned ManagedIdentity..\n /// \n internal static string ManagedIdentityClientIdOptionDescription {\n get {\n return ResourceManager.GetString(\"ManagedIdentityClientIdOptionDescription\", resourceCulture);\n }\n }\n \n /// \n /// Looks up a localized string similar to Managed identity to authenticate to Azure Key. (obsolete).\n /// \n internal static string ManagedIdentityOptionDescription {\n get {\n return ResourceManager.GetString(\"ManagedIdentityOptionDescription\", resourceCulture);\n }\n }\n \n /// \n /// Looks up a localized string similar to The -kvm and --azure-key-vault-managed-identity options are obsolete and should no longer be specified..\n /// \n internal static string ManagedIdentityOptionObsolete {\n get {\n return ResourceManager.GetString(\"ManagedIdentityOptionObsolete\", resourceCulture);\n }\n }\n \n /// \n /// Looks up a localized string similar to The resource id of a user assigned ManagedIdentity..\n /// \n internal static string ManagedIdentityResourceIdOptionDescription {\n get {\n return ResourceManager.GetString(\"ManagedIdentityResourceIdOptionDescription\", resourceCulture);\n }\n }\n \n /// \n /// Looks up a localized string similar to Maximum concurrency..\n /// \n internal static string MaxConcurrencyOptionDescription {\n get {\n return ResourceManager.GetString(\"MaxConcurrencyOptionDescription\", resourceCulture);\n }\n }\n \n /// \n /// Looks up a localized string similar to A file or glob is required..\n /// \n internal static string MissingFileValue {\n get {\n return ResourceManager.GetString(\"MissingFileValue\", resourceCulture);\n }\n }\n \n /// \n /// Looks up a localized string similar to Warning: The Microsoft Visual C++ 14 runtime is required but was not detected on your system. Download and install from https://aka.ms/vs/17/release/vc_redist.x64.exe.\n /// \n internal static string MsvcrtNotDetected {\n get {\n return ResourceManager.GetString(\"MsvcrtNotDetected\", resourceCulture);\n }\n }\n \n /// \n /// Looks up a localized string similar to No inputs found to sign..\n /// \n internal static string NoFilesToSign {\n get {\n return ResourceManager.GetString(\"NoFilesToSign\", resourceCulture);\n }\n }\n \n /// \n /// Looks up a localized string similar to Output file or directory. If omitted, input files will be overwritten..\n /// \n internal static string OutputOptionDescription {\n get {\n return ResourceManager.GetString(\"OutputOptionDescription\", resourceCulture);\n }\n }\n \n /// \n /// Looks up a localized string similar to Publisher name (ClickOnce)..\n /// \n internal static string PublisherNameOptionDescription {\n get {\n return ResourceManager.GetString(\"PublisherNameOptionDescription\", resourceCulture);\n }\n }\n \n /// \n /// Looks up a localized string similar to Sign CLI.\n /// \n internal static string SignCommandDescription {\n get {\n return ResourceManager.GetString(\"SignCommandDescription\", resourceCulture);\n }\n }\n \n /// \n /// Looks up a localized string similar to Some files do not exist. Try using a different {0} value or a fully qualified file path..\n /// \n internal static string SomeFilesDoNotExist {\n get {\n return ResourceManager.GetString(\"SomeFilesDoNotExist\", resourceCulture);\n }\n }\n \n /// \n /// Looks up a localized string similar to Tenant ID to authenticate to Azure..\n /// \n internal static string TenantIdOptionDescription {\n get {\n return ResourceManager.GetString(\"TenantIdOptionDescription\", resourceCulture);\n }\n }\n \n /// \n /// Looks up a localized string similar to Digest algorithm for the RFC 3161 timestamp server. Allowed values are sha256, sha384, and sha512..\n /// \n internal static string TimestampDigestOptionDescription {\n get {\n return ResourceManager.GetString(\"TimestampDigestOptionDescription\", resourceCulture);\n }\n }\n \n /// \n /// Looks up a localized string similar to RFC 3161 timestamp server URL..\n /// \n internal static string TimestampUrlOptionDescription {\n get {\n return ResourceManager.GetString(\"TimestampUrlOptionDescription\", resourceCulture);\n }\n }\n \n /// \n /// Looks up a localized string similar to Sets the verbosity level. Allowed values are 'none', 'critical', 'error', 'warning', 'information', 'debug', and 'trace'..\n /// \n internal static string VerbosityOptionDescription {\n get {\n return ResourceManager.GetString(\"VerbosityOptionDescription\", resourceCulture);\n }\n }\n \n /// \n /// Looks up a localized string similar to The trusted-signing command is obsolete. Use the artifact-signing command instead..\n /// \n internal static string TrustedSigningCommandObsolete {\n get {\n return ResourceManager.GetString(\"TrustedSigningCommandObsolete\", resourceCulture);\n }\n }\n \n /// \n /// Looks up a localized string similar to Only Windows x64 is supported at this time. See https://github.com/dotnet/sign/issues/474 regarding Windows x86 support..\n /// \n internal static string x86NotSupported {\n get {\n return ResourceManager.GetString(\"x86NotSupported\", resourceCulture);\n }\n }\n }\n}\n"
},
{
"path": "src/Sign.Cli/Resources.resx",
"content": "\n\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n text/microsoft-resx\n \n \n 2.0\n \n \n System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\n \n \n System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\n \n \n Application name (ClickOnce).\n \n \n Base directory for files. Overrides the current working directory.\n \n \n Use Windows Certificate Store or a local certificate file.\n \n \n Client ID to authenticate to Azure.\n \n \n Client secret to authenticate to Azure.\n \n \n The client secret options are obsolete and should no longer be specified.\n \n \n Sign binaries and containers.\n \n \n Description of the signing certificate.\n \n \n Description URL of the signing certificate.\n \n \n Digest algorithm to hash files with. Allowed values are 'sha256', 'sha384', and 'sha512'.\n {Locked=\"sha256\", \"sha384\", \"sha512\"} are cryptographic hash algorithm names and should not be localized.\n \n \n Path to file containing paths of files to sign or to exclude from signing.\n \n \n File(s) to sign.\n \n \n Invalid value for {0}. The value must be a fully rooted directory path.\n {NumberedPlaceholder=\"{0}\"} is an option name (e.g.: --base-directory) and should not be localized.\n \n \n Invalid value for {0}. The value must be a SHA-256, SHA-384, or SHA-512 certificate fingerprint (in hexadecimal).\n {NumberedPlaceholder=\"{0}\"} is the option name (e.g.: --certificate-fingerprint). {Locked=\"SHA-256\", \"SHA-384\", \"SHA-512\"} are cryptographic hash algorithms.\n \n \n Invalid value for {0}. The value must be 'sha256', 'sha384', or 'sha512'.\n {Locked=\"sha256\", \"sha384\", \"sha512\"} are cryptographic hash algorithm names and should not be localized. {NumberedPlaceholder=\"{0}\"} is an option name (e.g.: --file-digest) and should not be localized.\n \n \n The file path cannot be rooted when using a glob. Use a path relative to the working directory (or base directory, if used).\n \n \n Invalid value for {0}. The value must be a number value greater than or equal to 1.\n {NumberedPlaceholder=\"{0}\"} is an option name (e.g.: --max-concurrency) and should not be localized.\n \n \n Invalid value for {0}. The value must be an absolute HTTPS URL.\n {NumberedPlaceholder=\"{0}\"} is an option name (e.g.: --artifact-signing-endpoint) and should not be localized.\n \n \n Invalid value for {0}. The value must be an absolute HTTP or HTTPS URL.\n {NumberedPlaceholder=\"{0}\"} is an option name (e.g.: --timestamp-url) and should not be localized.\n \n \n The client id of a user assigned ManagedIdentity.\n \n \n Managed identity to authenticate to Azure Key. (obsolete)\n \n \n The -kvm and --azure-key-vault-managed-identity options are obsolete and should no longer be specified.\n \n \n The resource id of a user assigned ManagedIdentity.\n \n \n Maximum concurrency.\n \n \n A file or glob is required.\n \n \n No inputs found to sign.\n \n \n Output file or directory. If omitted, input files will be overwritten.\n \n \n Publisher name (ClickOnce).\n ClickOnce is a Microsoft deployment technology.\n \n \n Sign CLI\n \n \n Some files do not exist. Try using a different {0} value or a fully qualified file path.\n {NumberedPlaceholder=\"{0}\"} is an option name (e.g.: --base-directory) and should not be localized.\n \n \n Tenant ID to authenticate to Azure.\n \n \n Digest algorithm for the RFC 3161 timestamp server. Allowed values are sha256, sha384, and sha512.\n {Locked=\"RFC 3161\"} is an Internet standard (https://www.rfc-editor.org/info/rfc3161), and {Locked=\"sha256\", \"sha384\", \"sha512\"} are cryptographic hash algorithm names should not be localized.\n \n \n RFC 3161 timestamp server URL.\n {Locked=\"RFC 3161\"} is an Internet standard (https://www.rfc-editor.org/info/rfc3161) and should not be localized.\n \n \n Sets the verbosity level. Allowed values are 'none', 'critical', 'error', 'warning', 'information', 'debug', and 'trace'.\n {Locked=\"none\", \"critical\", \"error\", \"warning\", \"information\", \"debug\", \"trace\"} are option values and should not be localized.\n \n \n Only Windows x64 is supported at this time. See https://github.com/dotnet/sign/issues/474 regarding Windows x86 support.\n \n \n Warning: The Microsoft Visual C++ 14 runtime is required but was not detected on your system. Download and install from https://aka.ms/vs/17/release/vc_redist.x64.exe\n {Locked=\"https://aka.ms/vs/17/release/vc_redist.x64.exe\"} is a URL.\n \n \n Azure credential type that will be used. This defaults to DefaultAzureCredential.\n \n \n The trusted-signing command is obsolete. Use the artifact-signing command instead.\n \n\n"
},
{
"path": "src/Sign.Cli/Sign.Cli.csproj",
"content": "\n \n\n \n sign\n true\n true\n Exe\n Sign CLI\n PACKAGE.md\n true\n Major\n Sign.Cli\n false\n sign\n \n \n \n\n \n \n \n\n \n \n \n \n \n \n\n \n \n \n\n \n \n %WINDIR%\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\n $(RepositoryRootDirectory)\\scripts\\VerifyNuGetPackage.ps1\n \n\n \n \n\n \n \n true\n \\\n \n \n PreserveNewest\n \n \n true\n \\\n \n \n true\n \\\n \n \n\n \n \n TrustedSigningResources.resx\n True\n True\n \n \n True\n True\n AzureKeyVaultResources.resx\n \n \n True\n True\n CertificateStoreResources.resx\n \n \n True\n True\n Resources.resx\n \n \n True\n True\n ArtifactSigningResources.resx\n \n \n\n \n \n TrustedSigningResources.Designer.cs\n ResXFileCodeGenerator\n \n \n ResXFileCodeGenerator\n AzureKeyVaultResources.Designer.cs\n \n \n ResXFileCodeGenerator\n CertificateStoreResources.Designer.cs\n \n \n ResXFileCodeGenerator\n Resources.Designer.cs\n \n \n ResXFileCodeGenerator\n ArtifactSigningResources.Designer.cs\n \n \n\n"
},
{
"path": "src/Sign.Cli/SignCommand.cs",
"content": "// Licensed to the .NET Foundation under one or more agreements.\n// The .NET Foundation licenses this file to you under the MIT license.\n// See the LICENSE.txt file in the project root for more information.\n\nusing System.CommandLine;\nusing Sign.Core;\n\nnamespace Sign.Cli\n{\n internal sealed class SignCommand : RootCommand\n {\n internal SignCommand(IServiceProviderFactory? serviceProviderFactory = null)\n : base(Resources.SignCommandDescription)\n {\n CodeCommand codeCommand = new();\n serviceProviderFactory ??= new ServiceProviderFactory();\n\n Subcommands.Add(codeCommand);\n\n AzureKeyVaultCommand azureKeyVaultCommand = new(\n codeCommand,\n serviceProviderFactory);\n\n codeCommand.Subcommands.Add(azureKeyVaultCommand);\n\n CertificateStoreCommand certificateStoreCommand = new(\n codeCommand,\n serviceProviderFactory);\n\n codeCommand.Subcommands.Add(certificateStoreCommand);\n\n TrustedSigningCommand trustedSigningCommand = new(\n codeCommand,\n serviceProviderFactory);\n\n codeCommand.Subcommands.Add(trustedSigningCommand);\n\n ArtifactSigningCommand artifactSigningCommand = new(\n codeCommand,\n serviceProviderFactory);\n\n codeCommand.Subcommands.Add(artifactSigningCommand);\n }\n }\n}\n"
},
{
"path": "src/Sign.Cli/StandardStreamWriterExtensions.cs",
"content": "// Licensed to the .NET Foundation under one or more agreements.\n// The .NET Foundation licenses this file to you under the MIT license.\n// See the LICENSE.txt file in the project root for more information.\n\nusing System.Globalization;\n\nnamespace Sign.Cli\n{\n internal static class StandardStreamWriterExtensions\n {\n internal static void WriteFormattedLine(this TextWriter writer, string format, params object[] options)\n {\n string[] formattedOptions = options\n .Select(option => $\"{((dynamic)option).Name}\")\n .ToArray();\n\n writer.WriteLine(string.Format(CultureInfo.InvariantCulture, format, formattedOptions));\n }\n }\n}\n"
},
{
"path": "src/Sign.Cli/TemporaryConsoleEncoding.cs",
"content": "// Licensed to the .NET Foundation under one or more agreements.\n// The .NET Foundation licenses this file to you under the MIT license.\n// See the LICENSE.txt file in the project root for more information.\n\nusing System.Text;\n\nnamespace Sign.Cli\n{\n internal sealed class TemporaryConsoleEncoding : IDisposable\n {\n private readonly Encoding _defaultInputEncoding;\n private readonly Encoding _defaultOutputEncoding;\n\n internal TemporaryConsoleEncoding()\n {\n _defaultInputEncoding = Console.InputEncoding;\n _defaultOutputEncoding = Console.OutputEncoding;\n\n Console.InputEncoding = Encoding.UTF8;\n Console.OutputEncoding = Encoding.UTF8;\n }\n\n public void Dispose()\n {\n Console.InputEncoding = _defaultInputEncoding;\n Console.OutputEncoding = _defaultOutputEncoding;\n\n GC.SuppressFinalize(this);\n }\n }\n}"
},
{
"path": "src/Sign.Cli/TrustedSigningCommand.cs",
"content": "// Licensed to the .NET Foundation under one or more agreements.\n// The .NET Foundation licenses this file to you under the MIT license.\n// See the LICENSE.txt file in the project root for more information.\n\nusing System.CommandLine;\nusing Azure.CodeSigning;\nusing Azure.CodeSigning.Extensions;\nusing Azure.Core;\nusing Microsoft.Extensions.Azure;\nusing Microsoft.Extensions.DependencyInjection;\nusing Microsoft.Extensions.Logging;\nusing Sign.Core;\nusing Sign.SignatureProviders.ArtifactSigning;\n\nnamespace Sign.Cli\n{\n internal sealed class TrustedSigningCommand : Command\n {\n internal Option EndpointOption { get; }\n internal Option AccountOption { get; }\n internal Option CertificateProfileOption { get; }\n internal AzureCredentialOptions AzureCredentialOptions { get; } = new();\n\n internal Argument?> FilesArgument { get; }\n\n internal TrustedSigningCommand(CodeCommand codeCommand, IServiceProviderFactory serviceProviderFactory)\n : base(\"trusted-signing\", TrustedSigningResources.CommandDescription)\n {\n ArgumentNullException.ThrowIfNull(codeCommand, nameof(codeCommand));\n ArgumentNullException.ThrowIfNull(serviceProviderFactory, nameof(serviceProviderFactory));\n\n EndpointOption = new Option(\"--trusted-signing-endpoint\", \"-tse\")\n {\n CustomParser = CodeCommand.ParseHttpsUrl,\n Description = TrustedSigningResources.EndpointOptionDescription,\n Required = true\n };\n AccountOption = new Option(\"--trusted-signing-account\", \"-tsa\")\n {\n Description = TrustedSigningResources.AccountOptionDescription,\n Required = true\n };\n CertificateProfileOption = new Option(\"--trusted-signing-certificate-profile\", \"-tscp\")\n {\n Description = TrustedSigningResources.CertificateProfileOptionDescription,\n Required = true\n };\n FilesArgument = new Argument?>(\"file(s)\")\n {\n Description = Resources.FilesArgumentDescription,\n Arity = ArgumentArity.OneOrMore\n };\n\n Options.Add(EndpointOption);\n Options.Add(AccountOption);\n Options.Add(CertificateProfileOption);\n AzureCredentialOptions.AddOptionsToCommand(this);\n\n Arguments.Add(FilesArgument);\n\n SetAction((ParseResult parseResult, CancellationToken cancellationToken) =>\n {\n Console.Out.WriteLine(Resources.TrustedSigningCommandObsolete);\n\n List? filesArgument = parseResult.GetValue(FilesArgument);\n\n if (filesArgument is not { Count: > 0 })\n {\n Console.Error.WriteLine(Resources.MissingFileValue);\n\n return Task.FromResult(ExitCode.InvalidOptions);\n }\n\n TokenCredential? credential = AzureCredentialOptions.CreateTokenCredential(parseResult);\n\n if (credential is null)\n {\n return Task.FromResult(ExitCode.Failed);\n }\n\n // Some of the options are required and that is why we can safely use\n // the null-forgiving operator (!) to simplify the code.\n Uri endpointUrl = parseResult.GetValue(EndpointOption)!;\n string accountName = parseResult.GetValue(AccountOption)!;\n string certificateProfileName = parseResult.GetValue(CertificateProfileOption)!;\n\n serviceProviderFactory.AddServices(services =>\n {\n services.AddAzureClients(builder =>\n {\n builder.AddCertificateProfileClient(endpointUrl);\n builder.UseCredential(credential);\n builder.ConfigureDefaults(options => options.Retry.Mode = RetryMode.Exponential);\n });\n\n services.AddSingleton(serviceProvider =>\n {\n return new ArtifactSigningService(\n serviceProvider.GetRequiredService(),\n accountName,\n certificateProfileName,\n serviceProvider.GetRequiredService>());\n });\n });\n\n ArtifactSigningServiceProvider trustedSigningServiceProvider = new();\n\n return codeCommand.HandleAsync(parseResult, serviceProviderFactory, trustedSigningServiceProvider, filesArgument);\n });\n }\n }\n}\n"
},
{
"path": "src/Sign.Cli/TrustedSigningResources.Designer.cs",
"content": "//------------------------------------------------------------------------------\n// \n// This code was generated by a tool.\n// Runtime Version:4.0.30319.42000\n//\n// Changes to this file may cause incorrect behavior and will be lost if\n// the code is regenerated.\n// \n//------------------------------------------------------------------------------\n\nnamespace Sign.Cli {\n using System;\n \n \n /// \n /// A strongly-typed resource class, for looking up localized strings, etc.\n /// \n // This class was auto-generated by the StronglyTypedResourceBuilder\n // class via a tool like ResGen or Visual Studio.\n // To add or remove a member, edit your .ResX file then rerun ResGen\n // with the /str option, or rebuild your VS project.\n [global::System.CodeDom.Compiler.GeneratedCodeAttribute(\"System.Resources.Tools.StronglyTypedResourceBuilder\", \"17.0.0.0\")]\n [global::System.Diagnostics.DebuggerNonUserCodeAttribute()]\n [global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()]\n internal class TrustedSigningResources {\n \n private static global::System.Resources.ResourceManager resourceMan;\n \n private static global::System.Globalization.CultureInfo resourceCulture;\n \n [global::System.Diagnostics.CodeAnalysis.SuppressMessageAttribute(\"Microsoft.Performance\", \"CA1811:AvoidUncalledPrivateCode\")]\n internal TrustedSigningResources() {\n }\n \n /// \n /// Returns the cached ResourceManager instance used by this class.\n /// \n [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]\n internal static global::System.Resources.ResourceManager ResourceManager {\n get {\n if (object.ReferenceEquals(resourceMan, null)) {\n global::System.Resources.ResourceManager temp = new global::System.Resources.ResourceManager(\"Sign.Cli.TrustedSigningResources\", typeof(TrustedSigningResources).Assembly);\n resourceMan = temp;\n }\n return resourceMan;\n }\n }\n \n /// \n /// Overrides the current thread's CurrentUICulture property for all\n /// resource lookups using this strongly typed resource class.\n /// \n [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]\n internal static global::System.Globalization.CultureInfo Culture {\n get {\n return resourceCulture;\n }\n set {\n resourceCulture = value;\n }\n }\n \n /// \n /// Looks up a localized string similar to The Trusted Signing Account name..\n /// \n internal static string AccountOptionDescription {\n get {\n return ResourceManager.GetString(\"AccountOptionDescription\", resourceCulture);\n }\n }\n \n /// \n /// Looks up a localized string similar to The Certificate Profile name..\n /// \n internal static string CertificateProfileOptionDescription {\n get {\n return ResourceManager.GetString(\"CertificateProfileOptionDescription\", resourceCulture);\n }\n }\n \n /// \n /// Looks up a localized string similar to Use Trusted Signing. (obsolete, use artifact-signing instead).\n /// \n internal static string CommandDescription {\n get {\n return ResourceManager.GetString(\"CommandDescription\", resourceCulture);\n }\n }\n \n /// \n /// Looks up a localized string similar to The Trusted Signing Account endpoint. The value must be a URI that aligns to the region that your Trusted Signing Account and Certificate Profile were created in..\n /// \n internal static string EndpointOptionDescription {\n get {\n return ResourceManager.GetString(\"EndpointOptionDescription\", resourceCulture);\n }\n }\n }\n}\n"
},
{
"path": "src/Sign.Cli/TrustedSigningResources.resx",
"content": "\n\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n text/microsoft-resx\n \n \n 2.0\n \n \n System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\n \n \n System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\n \n \n The Trusted Signing Account name.\n \n \n The Certificate Profile name.\n \n \n Use Trusted Signing. (obsolete, use artifact-signing instead)\n \n \n The Trusted Signing Account endpoint. The value must be a URI that aligns to the region that your Trusted Signing Account and Certificate Profile were created in.\n \n\n"
},
{
"path": "src/Sign.Cli/appsettings.json",
"content": "{\n \"Logging\": {\n \"LogLevel\": {\n \"Azure.Core\": \"Error\",\n \"Azure.Identity\": \"Error\"\n }\n }\n}\n"
},
{
"path": "src/Sign.Cli/xlf/ArtifactSigningResources.cs.xlf",
"content": "\n\n \n \n \n The Artifact Signing Account name.\n Název účtu Artifact Signing\n \n \n \n The Certificate Profile name.\n Název profilu certifikátu\n \n \n \n Use Artifact Signing.\n Použijte Artifact Signing.\n \n \n \n The Artifact Signing Account endpoint. The value must be a URI that aligns to the region that your Artifact Signing Account and Certificate Profile were created in.\n Koncový bod účtu Artifact Signing. Hodnota musí být identifikátor URI, který odpovídá oblasti, ve které jste vytvořili účet Artifact Signing a profil certifikátu.\n \n \n \n \n"
},
{
"path": "src/Sign.Cli/xlf/ArtifactSigningResources.de.xlf",
"content": "\n\n \n \n \n The Artifact Signing Account name.\n Der Name des Artefaktsignatur-Kontos.\n \n \n \n The Certificate Profile name.\n Der Zertifikatprofilname.\n \n \n \n Use Artifact Signing.\n Artefaktsignatur verwenden\n \n \n \n The Artifact Signing Account endpoint. The value must be a URI that aligns to the region that your Artifact Signing Account and Certificate Profile were created in.\n Der Endpunkt des Kontos der Artefaktsignatur. Der Wert muss ein URI sein, der der Region entspricht, in der Ihr Konto der Artefaktsignatur und das Zertifikatprofil erstellt wurden.\n \n \n \n \n"
},
{
"path": "src/Sign.Cli/xlf/ArtifactSigningResources.es.xlf",
"content": "\n\n \n \n \n The Artifact Signing Account name.\n Nombre de la cuenta de firma de artefactos.\n \n \n \n The Certificate Profile name.\n Nombre del perfil de certificado.\n \n \n \n Use Artifact Signing.\n Use la firma de artefactos.\n \n \n \n The Artifact Signing Account endpoint. The value must be a URI that aligns to the region that your Artifact Signing Account and Certificate Profile were created in.\n Punto de conexión de la cuenta de firma de artefactos. El valor debe ser un URI que se alinee con la región en la que se crearon la cuenta de firma de artefactos y el perfil de certificado.\n \n \n \n \n"
},
{
"path": "src/Sign.Cli/xlf/ArtifactSigningResources.fr.xlf",
"content": "\n\n \n \n \n The Artifact Signing Account name.\n Nom du compte de Signature d'artefacts.\n \n \n \n The Certificate Profile name.\n Nom du profil de certificat.\n \n \n \n Use Artifact Signing.\n Utilisez la Signature d'artefacts.\n \n \n \n The Artifact Signing Account endpoint. The value must be a URI that aligns to the region that your Artifact Signing Account and Certificate Profile were created in.\n Point de terminaison du compte de Signature d'artefacts. La valeur doit être un URI correspondant à la région dans laquelle votre compte de Signature d'artefacts et votre profil de certificat ont été créés.\n \n \n \n \n"
},
{
"path": "src/Sign.Cli/xlf/ArtifactSigningResources.it.xlf",
"content": "\n\n \n \n \n The Artifact Signing Account name.\n Nome dell'account Firma artefatti.\n \n \n \n The Certificate Profile name.\n Nome profilo certificato.\n \n \n \n Use Artifact Signing.\n Usare Firma artefatti.\n \n \n \n The Artifact Signing Account endpoint. The value must be a URI that aligns to the region that your Artifact Signing Account and Certificate Profile were created in.\n Endpoint dell'account di Firma artefatti. Il valore deve essere un URI allineato all'area in cui sono stati creati l'account Firma artefatti e il profilo del certificato.\n \n \n \n \n"
},
{
"path": "src/Sign.Cli/xlf/ArtifactSigningResources.ja.xlf",
"content": "\n\n \n \n \n The Artifact Signing Account name.\n Artifact Signing アカウント名です。\n \n \n \n The Certificate Profile name.\n 証明書プロファイル名。\n \n \n \n Use Artifact Signing.\n Artifact Signing を使用します。\n \n \n \n The Artifact Signing Account endpoint. The value must be a URI that aligns to the region that your Artifact Signing Account and Certificate Profile were created in.\n Artifact Signing アカウントのエンドポイントです。この値は、Artifact Signing アカウントと証明書プロファイルが作成されたリージョンに合った URI である必要があります。\n \n \n \n \n"
},
{
"path": "src/Sign.Cli/xlf/ArtifactSigningResources.ko.xlf",
"content": "\n\n \n \n \n The Artifact Signing Account name.\n Artifact Signing 계정 이름입니다.\n \n \n \n The Certificate Profile name.\n 인증서 프로필 이름입니다.\n \n \n \n Use Artifact Signing.\n Artifact Signing을 사용합니다.\n \n \n \n The Artifact Signing Account endpoint. The value must be a URI that aligns to the region that your Artifact Signing Account and Certificate Profile were created in.\n Artifact Signing 계정 엔드포인트입니다. 값은 Artifact Signing 계정 및 인증서 프로필을 만든 지역에 맞는 URI여야 합니다.\n \n \n \n \n"
},
{
"path": "src/Sign.Cli/xlf/ArtifactSigningResources.pl.xlf",
"content": "\n\n \n \n \n The Artifact Signing Account name.\n Nazwa konta podpisywania artefaktu.\n \n \n \n The Certificate Profile name.\n Nazwa profilu certyfikatu.\n \n \n \n Use Artifact Signing.\n Użyj podpisywania artefaktu.\n \n \n \n The Artifact Signing Account endpoint. The value must be a URI that aligns to the region that your Artifact Signing Account and Certificate Profile were created in.\n Punkt końcowy konta podpisywania artefaktu. Wartość musi być identyfikatorem URI, który jest zgodny z regionem, w ramach którego utworzono konto podpisywania artefaktu i profil certyfikatu.\n \n \n \n \n"
},
{
"path": "src/Sign.Cli/xlf/ArtifactSigningResources.pt-BR.xlf",
"content": "\n\n \n \n \n The Artifact Signing Account name.\n O nome da Conta de Assinatura de Artefatos.\n \n \n \n The Certificate Profile name.\n O nome do Perfil de Certificado.\n \n \n \n Use Artifact Signing.\n Use a Assinatura de Artefatos.\n \n \n \n The Artifact Signing Account endpoint. The value must be a URI that aligns to the region that your Artifact Signing Account and Certificate Profile were created in.\n O ponto de extremidade da Conta de Assinatura de Artefatos. O valor deve ser um URI que se alinhe à região em que sua Conta de Assinatura de Artefatos e o Perfil de Certificado foram criados.\n \n \n \n \n"
},
{
"path": "src/Sign.Cli/xlf/ArtifactSigningResources.ru.xlf",
"content": "\n\n \n \n \n The Artifact Signing Account name.\n Имя учетной записи для подписания артефактов.\n \n \n \n The Certificate Profile name.\n Имя профиля сертификата.\n \n \n \n Use Artifact Signing.\n Использование подписания артефактов.\n \n \n \n The Artifact Signing Account endpoint. The value must be a URI that aligns to the region that your Artifact Signing Account and Certificate Profile were created in.\n Конечная точка учетной записи для подписания артефактов. Значение — универсальный код ресурса (URI), соответствующий региону, в котором созданы учетная запись для подписания артефактов и профиль сертификата.\n \n \n \n \n"
},
{
"path": "src/Sign.Cli/xlf/ArtifactSigningResources.tr.xlf",
"content": "\n\n \n \n \n The Artifact Signing Account name.\n Yapıt İmzalama Hesabı adı.\n \n \n \n The Certificate Profile name.\n Sertifika Profili adı.\n \n \n \n Use Artifact Signing.\n Yapıt İmzalama'yı kullanın.\n \n \n \n The Artifact Signing Account endpoint. The value must be a URI that aligns to the region that your Artifact Signing Account and Certificate Profile were created in.\n Yapıt İmzalama Hesabı uç noktası. Değer, Yapıt İmzalama Hesabınızın ve Sertifika Profilinizin oluşturulduğu bölgeyle uyumlu bir URI olmalıdır.\n \n \n \n \n"
},
{
"path": "src/Sign.Cli/xlf/ArtifactSigningResources.zh-Hans.xlf",
"content": "\n\n \n \n \n The Artifact Signing Account name.\n 工件签名帐户名。\n \n \n \n The Certificate Profile name.\n 证书配置文件名称。\n \n \n \n Use Artifact Signing.\n 使用工件签名。\n \n \n \n The Artifact Signing Account endpoint. The value must be a URI that aligns to the region that your Artifact Signing Account and Certificate Profile were created in.\n 工件签名帐户终结点。该值必须是与创建工件签名帐户和证书配置文件的区域相对应的 URI。\n \n \n \n \n"
},
{
"path": "src/Sign.Cli/xlf/ArtifactSigningResources.zh-Hant.xlf",
"content": "\n\n \n \n \n The Artifact Signing Account name.\n Artifact Signing 帳戶名稱。\n \n \n \n The Certificate Profile name.\n 憑證設定檔名稱。\n \n \n \n Use Artifact Signing.\n 使用 Artifact Signing。\n \n \n \n The Artifact Signing Account endpoint. The value must be a URI that aligns to the region that your Artifact Signing Account and Certificate Profile were created in.\n Artifact Signing 帳戶端點。值必須是 URI,且與您的 Artifact Signing 帳戶和憑證設定檔建立區域一致。\n \n \n \n \n"
},
{
"path": "src/Sign.Cli/xlf/AzureKeyVaultResources.cs.xlf",
"content": "\n\n \n \n \n Name of the certificate in Azure Key Vault.\n Název certifikátu v Azure Key Vault.\n \n \n \n ClickOnce signing via the legacy .clickonce ZIP workaround is no longer supported. See documentation.\n Podepisování ClickOnce prostřednictvím starší verze alternativního řešení .clickonce ZIP se už nepodporuje. Projděte si dokumentaci.\n \n \n \n Use Azure Key Vault.\n Použijte Azure Key Vault.\n \n \n \n URL must only contain the protocol and host. (e.g.: https://<vault-name>.vault.azure.net/)\n Adresa URL musí obsahovat pouze protokol a hostitele. (např. https://<vault-name>.vault.azure.net/)\n \n \n \n URL must be an absolute HTTPS URL to an Azure Key Vault.\n Adresa URL musí být absolutní adresa URL protokolu HTTPS pro Azure Key Vault.\n \n \n \n URL to an Azure Key Vault.\n Adresa URL Azure Key Vault.\n \n \n \n \n"
},
{
"path": "src/Sign.Cli/xlf/AzureKeyVaultResources.de.xlf",
"content": "\n\n \n \n \n Name of the certificate in Azure Key Vault.\n Name des Zertifikats in Azure Key Vault.\n \n \n \n ClickOnce signing via the legacy .clickonce ZIP workaround is no longer supported. See documentation.\n Die ClickOnce-Signierung über die Legacy-.clickonce-ZIP-Problemumgehung wird nicht mehr unterstützt. Siehe Dokumentation.\n \n \n \n Use Azure Key Vault.\n Verwenden Sie Azure Key Vault.\n \n \n \n URL must only contain the protocol and host. (e.g.: https://<vault-name>.vault.azure.net/)\n Die URL darf nur das Protokoll und den Host enthalten. (Beispiel: https://<vault-name>.vault.azure.net/)\n \n \n \n URL must be an absolute HTTPS URL to an Azure Key Vault.\n Die URL muss eine absolute HTTPS-URL zu einem Azure Key Vault sein.\n \n \n \n URL to an Azure Key Vault.\n URL zu einem Azure Key Vault.\n \n \n \n \n"
},
{
"path": "src/Sign.Cli/xlf/AzureKeyVaultResources.es.xlf",
"content": "\n\n \n \n \n Name of the certificate in Azure Key Vault.\n Nombre del certificado en Azure Key Vault.\n \n \n \n ClickOnce signing via the legacy .clickonce ZIP workaround is no longer supported. See documentation.\n Ya no se admite la firma ClickOnce a través de la solución zip heredada .clickonce. Consulte la documentación.\n \n \n \n Use Azure Key Vault.\n Use Azure Key Vault.\n \n \n \n URL must only contain the protocol and host. (e.g.: https://<vault-name>.vault.azure.net/)\n La dirección URL solo debe contener el protocolo y el host. (por ejemplo: https://<vault-name>.vault.azure.net/)\n \n \n \n URL must be an absolute HTTPS URL to an Azure Key Vault.\n La dirección URL debe ser una dirección URL HTTPS absoluta a un Azure Key Vault.\n \n \n \n URL to an Azure Key Vault.\n Dirección URL a un Azure Key Vault.\n \n \n \n \n"
},
{
"path": "src/Sign.Cli/xlf/AzureKeyVaultResources.fr.xlf",
"content": "\n\n \n \n \n Name of the certificate in Azure Key Vault.\n Nom du certificat dans Azure Key Vault.\n \n \n \n ClickOnce signing via the legacy .clickonce ZIP workaround is no longer supported. See documentation.\n La signature ClickOnce via la solution de contournement zip .clickonce héritée n’est plus prise en charge. Consulter la documentation.\n \n \n \n Use Azure Key Vault.\n Utilisez Azure Key Vault.\n \n \n \n URL must only contain the protocol and host. (e.g.: https://<vault-name>.vault.azure.net/)\n L’URL doit contenir uniquement le protocole et l’hôte. (par exemple : https://<vault-name>.vault.azure.net/)\n \n \n \n URL must be an absolute HTTPS URL to an Azure Key Vault.\n L’URL doit être une URL HTTPS absolue vers un coffre-fort Azure.\n \n \n \n URL to an Azure Key Vault.\n URL d’un Azure Key Vault.\n \n \n \n \n"
},
{
"path": "src/Sign.Cli/xlf/AzureKeyVaultResources.it.xlf",
"content": "\n\n \n \n \n Name of the certificate in Azure Key Vault.\n Nome del certificato in Azure Key Vault.\n \n \n \n ClickOnce signing via the legacy .clickonce ZIP workaround is no longer supported. See documentation.\n La firma ClickOnce tramite la soluzione alternativa legacy .clickonce ZIP non è più supportata. Vedere la documentazione.\n \n \n \n Use Azure Key Vault.\n Usare Azure Key Vault.\n \n \n \n URL must only contain the protocol and host. (e.g.: https://<vault-name>.vault.azure.net/)\n L'URL deve contenere solo il protocollo e l'host. (ad esempio: https://<vault-name>.vault.azure.net/)\n \n \n \n URL must be an absolute HTTPS URL to an Azure Key Vault.\n L'URL deve essere un URL HTTPS assoluto per Azure Key Vault.\n \n \n \n URL to an Azure Key Vault.\n URL a un Azure Key Vault.\n \n \n \n \n"
},
{
"path": "src/Sign.Cli/xlf/AzureKeyVaultResources.ja.xlf",
"content": "\n\n \n \n \n Name of the certificate in Azure Key Vault.\n Azure Key Vault 内の証明書の名前。\n \n \n \n ClickOnce signing via the legacy .clickonce ZIP workaround is no longer supported. See documentation.\n 従来の .clickonce ZIP 回避策による ClickOnce 署名はサポートされなくなりました。ドキュメントを参照してください。\n \n \n \n Use Azure Key Vault.\n Azure Key Vault を使用してください。\n \n \n \n URL must only contain the protocol and host. (e.g.: https://<vault-name>.vault.azure.net/)\n URL にはプロトコルとホストのみを含めなければなりません。(例: https://<vault-name>.vault.azure.net/)\n \n \n \n URL must be an absolute HTTPS URL to an Azure Key Vault.\n URL は、Azure Key Vault への絶対 HTTPS URL である必要があります。\n \n \n \n URL to an Azure Key Vault.\n Azure Key Vault への URL。\n \n \n \n \n"
},
{
"path": "src/Sign.Cli/xlf/AzureKeyVaultResources.ko.xlf",
"content": "\n\n \n \n \n Name of the certificate in Azure Key Vault.\n Azure Key Vault의 인증서 이름입니다.\n \n \n \n ClickOnce signing via the legacy .clickonce ZIP workaround is no longer supported. See documentation.\n 레거시 .clickonce ZIP 해결 방법을 통한 ClickOnce 서명은 더 이상 지원되지 않습니다. 설명서를 참조하세요.\n \n \n \n Use Azure Key Vault.\n Azure Key Vault를 사용합니다.\n \n \n \n URL must only contain the protocol and host. (e.g.: https://<vault-name>.vault.azure.net/)\n URL은 프로토콜과 호스트만 포함해야 합니다. (예: https://<vault-name>.vault.azure.net/)\n \n \n \n URL must be an absolute HTTPS URL to an Azure Key Vault.\n URL은 Azure Key Vault의 절대 HTTPS URL이어야 합니다.\n \n \n \n URL to an Azure Key Vault.\n Azure Key Vault에 대한 URL입니다.\n \n \n \n \n"
},
{
"path": "src/Sign.Cli/xlf/AzureKeyVaultResources.pl.xlf",
"content": "\n\n \n \n \n Name of the certificate in Azure Key Vault.\n Nazwa certyfikatu w usłudze Azure Key Vault.\n \n \n \n ClickOnce signing via the legacy .clickonce ZIP workaround is no longer supported. See documentation.\n Podpisywanie clickOnce za pośrednictwem starszego obejścia .clickonce ZIP nie jest już obsługiwane. Zobacz dokumentację.\n \n \n \n Use Azure Key Vault.\n Użyj usługi Azure Key Vault.\n \n \n \n URL must only contain the protocol and host. (e.g.: https://<vault-name>.vault.azure.net/)\n Adres URL może zawierać tylko protokół i hosta. (np. https://<vault-name>.vault.azure.net/)\n \n \n \n URL must be an absolute HTTPS URL to an Azure Key Vault.\n Adres URL musi być bezwzględnym adresem URL HTTPS do usługi Azure Key Vault.\n \n \n \n URL to an Azure Key Vault.\n Adres URL do usługi Azure Key Vault.\n \n \n \n \n"
},
{
"path": "src/Sign.Cli/xlf/AzureKeyVaultResources.pt-BR.xlf",
"content": "\n\n \n \n \n Name of the certificate in Azure Key Vault.\n Nome do certificado no Azure Key Vault.\n \n \n \n ClickOnce signing via the legacy .clickonce ZIP workaround is no longer supported. See documentation.\n Não há mais suporte para a assinatura do ClickOnce por meio da solução alternativa .clickonce ZIP herdada. Consulte a documentação.\n \n \n \n Use Azure Key Vault.\n Use o Azure Key Vault.\n \n \n \n URL must only contain the protocol and host. (e.g.: https://<vault-name>.vault.azure.net/)\n A URL deve conter somente o protocolo e o host. (por exemplo: https://<vault-name>.vault.azure.net/)\n \n \n \n URL must be an absolute HTTPS URL to an Azure Key Vault.\n A URL deve ser uma URL HTTPS absoluta para um Azure Key Vault.\n \n \n \n URL to an Azure Key Vault.\n URL para um Azure Key Vault.\n \n \n \n \n"
},
{
"path": "src/Sign.Cli/xlf/AzureKeyVaultResources.ru.xlf",
"content": "\n\n \n \n \n Name of the certificate in Azure Key Vault.\n Имя сертификата в Azure Key Vault.\n \n \n \n ClickOnce signing via the legacy .clickonce ZIP workaround is no longer supported. See documentation.\n Подписание ClickOnce с помощью устаревшего обходного пути .clickonce ZIP больше не поддерживается. См. документацию.\n \n \n \n Use Azure Key Vault.\n Использование Azure Key Vault.\n \n \n \n URL must only contain the protocol and host. (e.g.: https://<vault-name>.vault.azure.net/)\n URL-адрес должен содержать только протокол и хост. (например, https://<vault-name>.vault.azure.net/)\n \n \n \n URL must be an absolute HTTPS URL to an Azure Key Vault.\n URL-адрес должен быть абсолютным URL-адресом HTTPS для Azure Key Vault.\n \n \n \n URL to an Azure Key Vault.\n URL-адрес для Azure Key Vault.\n \n \n \n \n"
},
{
"path": "src/Sign.Cli/xlf/AzureKeyVaultResources.tr.xlf",
"content": "\n\n \n \n \n Name of the certificate in Azure Key Vault.\n Azure Key Vault’taki sertifikanın adı.\n \n \n \n ClickOnce signing via the legacy .clickonce ZIP workaround is no longer supported. See documentation.\n Eski .clickonce ZIP geçici çözümü aracılığıyla ClickOnce imzalama işlemi artık desteklenmiyor. Belgelere bakın.\n \n \n \n Use Azure Key Vault.\n Azure Key Vault’u kullanın.\n \n \n \n URL must only contain the protocol and host. (e.g.: https://<vault-name>.vault.azure.net/)\n URL yalnızca protokolü ve ana bilgisayarı içermeli. (ör. https://<vault-name>.vault.azure.net/)\n \n \n \n URL must be an absolute HTTPS URL to an Azure Key Vault.\n URL, bir Azure Key Vault'un mutlak HTTPS URL'si olmalıdır.\n \n \n \n URL to an Azure Key Vault.\n Azure Key Vault URL’si.\n \n \n \n \n"
},
{
"path": "src/Sign.Cli/xlf/AzureKeyVaultResources.zh-Hans.xlf",
"content": "\n\n \n \n \n Name of the certificate in Azure Key Vault.\n Azure Key Vault 中的证书名称。\n \n \n \n ClickOnce signing via the legacy .clickonce ZIP workaround is no longer supported. See documentation.\n 不再支持通过旧版 .clickonce ZIP 解决方法进行 ClickOnce 签名。参阅文档。\n \n \n \n Use Azure Key Vault.\n 使用 Azure Key Vault。\n \n \n \n URL must only contain the protocol and host. (e.g.: https://<vault-name>.vault.azure.net/)\n URL 只能包含协议和主机。(,例如: https://<vault-name>.vault.azure.net/)\n \n \n \n URL must be an absolute HTTPS URL to an Azure Key Vault.\n URL 必须是指向 Azure Key Vault 的绝对 HTTPS URL。\n \n \n \n URL to an Azure Key Vault.\n 指向 Azure Key Vault 的 URL。\n \n \n \n \n"
},
{
"path": "src/Sign.Cli/xlf/AzureKeyVaultResources.zh-Hant.xlf",
"content": "\n\n \n \n \n Name of the certificate in Azure Key Vault.\n Azure Key Vault 中的憑證名稱。\n \n \n \n ClickOnce signing via the legacy .clickonce ZIP workaround is no longer supported. See documentation.\n 已不再支援透過舊版 .clickonce ZIP 因應措施進行 ClickOnce 簽署。請參閱文件。\n \n \n \n Use Azure Key Vault.\n 使用 Azure Key Vault。\n \n \n \n URL must only contain the protocol and host. (e.g.: https://<vault-name>.vault.azure.net/)\n URL 只能包含通訊協定和主機。(例如: https://<vault-name>.vault.azure.net/)\n \n \n \n URL must be an absolute HTTPS URL to an Azure Key Vault.\n URL 必須是指向 Azure Key Vault 的絕對 HTTPS URL。\n \n \n \n URL to an Azure Key Vault.\n Azure Key Vault 的 URL。\n \n \n \n \n"
},
{
"path": "src/Sign.Cli/xlf/CertManagerResources.cs.xlf",
"content": "\n\n \n \n \n Cryptographic Service Provider containing the private key container. Requires /k or /km\n Zprostředkovatel kryptografických služeb obsahující kontejner privátního klíče. Vyžaduje se /k nebo /km.\n \n \n \n Private key container in the user store\n Kontejner privátního klíče v úložišti uživatele.\n \n \n \n Private key container in the machine store\n Kontejner privátního klíče v úložišti počítače.\n \n \n \n Multiple private key containers provided. Use either /k for user stores or /km for machine stores\n Poskytlo se několik kontejnerů privátních klíčů. Pro úložiště uživatele použijte /k a pro úložiště počítače použijte /km.\n \n \n \n Private key container missing while using /csp. Use /k or /km to provide a key container.\n Při použití /csp chybí kontejner privátního klíče. K poskytnutí kontejneru klíčů použijte /k nebo /km.\n \n \n \n SHA1 thumprint used to access a certificate from a certificate store (VSIX)\n Kryptografický otisk SHA1 použitý pro přístup k certifikátu z úložiště certifikátů (VSIX).\n \n \n \n \n"
},
{
"path": "src/Sign.Cli/xlf/CertManagerResources.de.xlf",
"content": "\n\n \n \n \n Cryptographic Service Provider containing the private key container. Requires /k or /km\n Kryptografiedienstanbieter, der den privaten Schlüsselcontainer enthält. Erfordert /k oder /km\n \n \n \n Private key container in the user store\n Container mit privatem Schlüssel im Benutzerspeicher\n \n \n \n Private key container in the machine store\n Container mit privatem Schlüssel im Computerspeicher\n \n \n \n Multiple private key containers provided. Use either /k for user stores or /km for machine stores\n Es wurden mehrere Container mit privatem Schlüssel bereitgestellt. Verwenden Sie entweder \"/k\" für Benutzerspeicher oder \"/km\" für Computerspeicher.\n \n \n \n Private key container missing while using /csp. Use /k or /km to provide a key container.\n Der Container für den privaten Schlüssel fehlt bei Verwendung von \"/csp\". Verwenden Sie \"/k\" oder \"/km\", um einen Schlüsselcontainer bereitzustellen.\n \n \n \n SHA1 thumprint used to access a certificate from a certificate store (VSIX)\n SHA1-Fingerabdruck für den Zugriff auf ein Zertifikat aus einem Zertifikatspeicher (VSIX)\n \n \n \n \n"
},
{
"path": "src/Sign.Cli/xlf/CertManagerResources.es.xlf",
"content": "\n\n \n \n \n Cryptographic Service Provider containing the private key container. Requires /k or /km\n Proveedor de servicios criptográficos que contiene el contenedor de claves privadas. Requiere /k o /km\n \n \n \n Private key container in the user store\n Contenedor de claves privadas en el almacén de usuarios\n \n \n \n Private key container in the machine store\n Contenedor de claves privadas en el almacén de máquinas\n \n \n \n Multiple private key containers provided. Use either /k for user stores or /km for machine stores\n Se proporcionaron varios contenedores de clave privada. Use /k para almacenes de usuarios o /km para almacenes de máquinas\n \n \n \n Private key container missing while using /csp. Use /k or /km to provide a key container.\n Falta el contenedor de clave privada al usar /csp. Use /k o /km para proporcionar un contenedor de claves.\n \n \n \n SHA1 thumprint used to access a certificate from a certificate store (VSIX)\n Huella digital SHA1 usada para obtener acceso a un certificado desde un almacén de certificados (VSIX)\n \n \n \n \n"
},
{
"path": "src/Sign.Cli/xlf/CertManagerResources.fr.xlf",
"content": "\n\n \n \n \n Cryptographic Service Provider containing the private key container. Requires /k or /km\n Fournisseur de services de chiffrement contenant le conteneur de clé privée. Nécessite /k ou /km\n \n \n \n Private key container in the user store\n Conteneur de clés privées dans le magasin d’utilisateurs\n \n \n \n Private key container in the machine store\n Conteneur de clés privées dans le magasin d’ordinateurs\n \n \n \n Multiple private key containers provided. Use either /k for user stores or /km for machine stores\n Plusieurs conteneurs de clé privée ont été fournis. Utiliser /k pour les magasins d’utilisateurs ou /km pour les magasins d’ordinateurs\n \n \n \n Private key container missing while using /csp. Use /k or /km to provide a key container.\n Le conteneur de clé privée est manquant lors de l’utilisation de /csp. Utilisez /k ou /km pour fournir un conteneur de clé.\n \n \n \n SHA1 thumprint used to access a certificate from a certificate store (VSIX)\n Empreinte SHA-1 utilisée pour accéder à un certificat à partir d’un magasin de certificats (VSIX)\n \n \n \n \n"
},
{
"path": "src/Sign.Cli/xlf/CertManagerResources.it.xlf",
"content": "\n\n \n \n \n Cryptographic Service Provider containing the private key container. Requires /k or /km\n Provider del servizio di crittografia contenente il contenitore di chiavi private. Richiede /k o /km\n \n \n \n Private key container in the user store\n Contenitore di chiavi private nell'archivio utenti\n \n \n \n Private key container in the machine store\n Contenitore di chiavi private nell'archivio computer\n \n \n \n Multiple private key containers provided. Use either /k for user stores or /km for machine stores\n Sono stati specificati più contenitori di chiavi private. Utilizzare /k per gli archivi utente o /km per gli archivi computer\n \n \n \n Private key container missing while using /csp. Use /k or /km to provide a key container.\n Contenitore di chiavi private mancante durante l'utilizzo di /csp. Usare /k o /km per specificare un contenitore di chiavi.\n \n \n \n SHA1 thumprint used to access a certificate from a certificate store (VSIX)\n Identificazione personale SHA1 usata per accedere a un certificato da un archivio certificati (VSIX)\n \n \n \n \n"
},
{
"path": "src/Sign.Cli/xlf/CertManagerResources.ja.xlf",
"content": "\n\n \n \n \n Cryptographic Service Provider containing the private key container. Requires /k or /km\n 秘密キー コンテナーを含む暗号化サービス プロバイダー。/k または /km が必要です\n \n \n \n Private key container in the user store\n ユーザー ストア内の秘密キー コンテナー\n \n \n \n Private key container in the machine store\n コンピューター ストア内の秘密キー コンテナー\n \n \n \n Multiple private key containers provided. Use either /k for user stores or /km for machine stores\n 複数の秘密キー コンテナーが提供されています。ユーザー ストアには /k、コンピューター ストアの場合は /km を使用します\n \n \n \n Private key container missing while using /csp. Use /k or /km to provide a key container.\n /csp の使用中に秘密キー コンテナーが見つかりません。キー コンテナーを指定するには、/k または /km を使用します。\n \n \n \n SHA1 thumprint used to access a certificate from a certificate store (VSIX)\n 証明書ストア (VSIX) から証明書にアクセスするために使用される SHA1 拇印\n \n \n \n \n"
},
{
"path": "src/Sign.Cli/xlf/CertManagerResources.ko.xlf",
"content": "\n\n \n \n \n Cryptographic Service Provider containing the private key container. Requires /k or /km\n 프라이빗 키 컨테이너를 포함하는 암호화 서비스 공급자입니다. /k 또는 /km 필요\n \n \n \n Private key container in the user store\n 사용자 저장소의 프라이빗 키 컨테이너\n \n \n \n Private key container in the machine store\n 컴퓨터 저장소의 프라이빗 키 컨테이너\n \n \n \n Multiple private key containers provided. Use either /k for user stores or /km for machine stores\n 여러 프라이빗 키 컨테이너가 제공되었습니다. 사용자 저장소에는 /k를, 컴퓨터 저장소에는 /km 사용\n \n \n \n Private key container missing while using /csp. Use /k or /km to provide a key container.\n /csp를 사용하는 동안 프라이빗 키 컨테이너가 없습니다. /k 또는 /km를 사용하여 키 컨테이너를 제공합니다.\n \n \n \n SHA1 thumprint used to access a certificate from a certificate store (VSIX)\n VSIX(인증서 저장소)에서 인증서에 액세스하는 데 사용되는 SHA1 지문\n \n \n \n \n"
},
{
"path": "src/Sign.Cli/xlf/CertManagerResources.pl.xlf",
"content": "\n\n \n \n \n Cryptographic Service Provider containing the private key container. Requires /k or /km\n Dostawca usług kryptograficznych zawierający kontener kluczy prywatnych. Wymaga opcji /k lub /km\n \n \n \n Private key container in the user store\n Kontener kluczy prywatnych w magazynie użytkowników\n \n \n \n Private key container in the machine store\n Kontener kluczy prywatnych w magazynie komputerów\n \n \n \n Multiple private key containers provided. Use either /k for user stores or /km for machine stores\n Podano wiele kontenerów kluczy prywatnych. Użyj opcji /k dla magazynów użytkowników lub opcji /km dla magazynów komputerów\n \n \n \n Private key container missing while using /csp. Use /k or /km to provide a key container.\n Brak kontenera kluczy prywatnych podczas używania opcji /csp. Użyj opcji /k lub /km, aby podać kontener kluczy.\n \n \n \n SHA1 thumprint used to access a certificate from a certificate store (VSIX)\n Odcisk palca SHA1 używany do uzyskiwania dostępu do certyfikatu z magazynu certyfikatów (VSIX)\n \n \n \n \n"
},
{
"path": "src/Sign.Cli/xlf/CertManagerResources.pt-BR.xlf",
"content": "\n\n \n \n \n Cryptographic Service Provider containing the private key container. Requires /k or /km\n Provedor de Serviços Criptográficos que contém o contêiner de chave privada. Requer /k ou /km\n \n \n \n Private key container in the user store\n Contêiner de chave privada no repositório do usuário\n \n \n \n Private key container in the machine store\n Contêiner de chave privada no repositório do computador\n \n \n \n Multiple private key containers provided. Use either /k for user stores or /km for machine stores\n Vários contêineres de chave privada fornecidos. Usar /k para repositórios de usuários ou /km para repositórios de computadores\n \n \n \n Private key container missing while using /csp. Use /k or /km to provide a key container.\n Contêiner de chave privada ausente ao usar /csp. Use /k ou /km para fornecer um contêiner de chave.\n \n \n \n SHA1 thumprint used to access a certificate from a certificate store (VSIX)\n Impressão digital SHA1 usada para acessar um certificado de um repositório de certificados (VSIX)\n \n \n \n \n"
},
{
"path": "src/Sign.Cli/xlf/CertManagerResources.ru.xlf",
"content": "\n\n \n \n \n Cryptographic Service Provider containing the private key container. Requires /k or /km\n Поставщик служб шифрования, содержащий контейнер закрытого ключа. Требуется /k или /km\n \n \n \n Private key container in the user store\n Контейнер закрытого ключа в хранилище пользователя\n \n \n \n Private key container in the machine store\n Контейнер закрытого ключа в хранилище компьютера\n \n \n \n Multiple private key containers provided. Use either /k for user stores or /km for machine stores\n Предоставлено несколько контейнеров закрытых ключей. Используйте /k для хранилищ пользователей или /km для хранилищ компьютеров\n \n \n \n Private key container missing while using /csp. Use /k or /km to provide a key container.\n Отсутствует контейнер закрытого ключа при использовании /csp. Используйте /k или /km для предоставления контейнера ключей.\n \n \n \n SHA1 thumprint used to access a certificate from a certificate store (VSIX)\n Отпечаток SHA1, используемый для доступа к сертификату из хранилища сертификатов (VSIX)\n \n \n \n \n"
},
{
"path": "src/Sign.Cli/xlf/CertManagerResources.tr.xlf",
"content": "\n\n \n \n \n Cryptographic Service Provider containing the private key container. Requires /k or /km\n Özel anahtar kapsayıcısını içeren Şifreleme Hizmeti Sağlayıcısı. /k veya /km gerektirir\n \n \n \n Private key container in the user store\n Kullanıcı deposundaki özel anahtar kapsayıcısı\n \n \n \n Private key container in the machine store\n Makine deposundaki özel anahtar kapsayıcısı\n \n \n \n Multiple private key containers provided. Use either /k for user stores or /km for machine stores\n Birden çok özel anahtar kapsayıcısı sağlandı. Kullanıcı depoları için /k veya makine depoları için /km kullanın\n \n \n \n Private key container missing while using /csp. Use /k or /km to provide a key container.\n /csp kullanılırken özel anahtar kapsayıcısı eksik. Anahtar kapsayıcısı sağlamak için /k veya /km kullanın.\n \n \n \n SHA1 thumprint used to access a certificate from a certificate store (VSIX)\n Sertifika deposundan (VSIX) bir sertifikaya erişmek için SHA1 parmak izi kullanıldı\n \n \n \n \n"
},
{
"path": "src/Sign.Cli/xlf/CertManagerResources.zh-Hans.xlf",
"content": "\n\n \n \n \n Cryptographic Service Provider containing the private key container. Requires /k or /km\n 包含私钥容器的加密服务提供程序。需要 /k 或 /km\n \n \n \n Private key container in the user store\n 用户存储中的私钥容器\n \n \n \n Private key container in the machine store\n 计算机存储中的私钥容器\n \n \n \n Multiple private key containers provided. Use either /k for user stores or /km for machine stores\n 提供了多个私钥容器。对用户存储使用 /k,或者对计算机存储使用 /km\n \n \n \n Private key container missing while using /csp. Use /k or /km to provide a key container.\n 使用 /csp 时缺少私钥容器。使用 /k 或 /km 提供密钥容器。\n \n \n \n SHA1 thumprint used to access a certificate from a certificate store (VSIX)\n 用于访问证书存储(VSIX)中的证书的 SHA1 直纹\n \n \n \n \n"
},
{
"path": "src/Sign.Cli/xlf/CertManagerResources.zh-Hant.xlf",
"content": "\n\n \n \n \n Cryptographic Service Provider containing the private key container. Requires /k or /km\n 包含私密金鑰容器的加密服務提供者。需要 /k 或 /km\n \n \n \n Private key container in the user store\n 使用者存放區中的私密金鑰\n \n \n \n Private key container in the machine store\n 機器存放區中的私密金鑰\n \n \n \n Multiple private key containers provided. Use either /k for user stores or /km for machine stores\n 已提供多個私密金鑰。使用者存放區使用 /k,機器存放區則使用 /km\n \n \n \n Private key container missing while using /csp. Use /k or /km to provide a key container.\n 使用 /csp 時遺漏私密金鑰容器。使用 /k 或 /km 來提供金鑰容器。\n \n \n \n SHA1 thumprint used to access a certificate from a certificate store (VSIX)\n 用以從憑證存放區 (VSIX) 存取憑證的 SHA1 指紋\n \n \n \n \n"
},
{
"path": "src/Sign.Cli/xlf/CertificateStoreResources.cs.xlf",
"content": "\n\n \n \n \n PFX, P7B, or CER file containing a certificate and potentially a private key.\n Soubor PFX, P7B nebo CER obsahující certifikát a potenciálně privátní klíč.\n {Locked=\"PFX\", \"P7B\", \"CER\"} are file extensions.\n \n \n SHA fingerprint used to identify a certificate.\n Otisk SHA sloužící k identifikaci certifikátu\n {Locked=\"SHA\"} is a cryptographic algorithm.\n \n \n Password for certificate file.\n Heslo pro soubor certifikátu.\n \n \n \n Sign container contents.\n Podepsat obsah kontejneru\n \n \n \n Cryptographic Service Provider containing the private key container. Requires /k and optionally /km.\n Zprostředkovatel kryptografických služeb obsahující kontejner privátního klíče. Vyžaduje /k a volitelně /km.\n {Locked=\"/k\", \"/km\"} are command line options.\n \n \n Allow user interactions (such as a dialog box) when a private key is accessed.\n Povolit interakce uživatelů (například dialogové okno) při přístupu k privátnímu klíči.\n \n \n \n Private key container name.\n Název kontejneru privátního klíče.\n \n \n \n Cryptographic Service Provider missing. Use /csp to specify a CSP.\n Chybí zprostředkovatel kryptografických služeb. K určení zprostředkovatele kryptografických služeb použijte /csp.\n {Locked=\"/csp\"} is a command line option.\n \n \n Private key container name missing. Use /k to specify a key container name.\n Chybí název kontejneru privátního klíče. Název kontejneru klíče zadejte pomocí /k.\n {Locked=\"/k\"} is a command line option.\n \n \n Use a machine-level private key container. (The default is user-level.)\n Použijte kontejner privátního klíče na úrovni počítače. (Výchozí hodnota je na úrovni uživatele.)\n \n \n \n \n"
},
{
"path": "src/Sign.Cli/xlf/CertificateStoreResources.de.xlf",
"content": "\n\n \n \n \n PFX, P7B, or CER file containing a certificate and potentially a private key.\n PFX-, P7B- oder CER-Datei, die ein Zertifikat und möglicherweise einen privaten Schlüssel enthält.\n {Locked=\"PFX\", \"P7B\", \"CER\"} are file extensions.\n \n \n SHA fingerprint used to identify a certificate.\n SHA-Fingerabdruck zum Identifizieren eines Zertifikats.\n {Locked=\"SHA\"} is a cryptographic algorithm.\n \n \n Password for certificate file.\n Kennwort für Zertifikatdatei.\n \n \n \n Sign container contents.\n Inhalt des Containers signieren.\n \n \n \n Cryptographic Service Provider containing the private key container. Requires /k and optionally /km.\n Kryptografiedienstanbieter, der den privaten Schlüsselcontainer enthält. Erfordert /k und optional /km.\n {Locked=\"/k\", \"/km\"} are command line options.\n \n \n Allow user interactions (such as a dialog box) when a private key is accessed.\n Benutzerinteraktionen (z. B. ein Dialogfeld) zulassen, wenn auf einen privaten Schlüssel zugegriffen wird.\n \n \n \n Private key container name.\n Name des privaten Schlüsselcontainers.\n \n \n \n Cryptographic Service Provider missing. Use /csp to specify a CSP.\n Kryptografiedienstanbieter fehlt. Verwenden Sie \"/csp\", um einen CSP anzugeben.\n {Locked=\"/csp\"} is a command line option.\n \n \n Private key container name missing. Use /k to specify a key container name.\n Der Name des privaten Schlüsselcontainers fehlt. Verwenden Sie /k, um einen Schlüsselcontainernamen anzugeben.\n {Locked=\"/k\"} is a command line option.\n \n \n Use a machine-level private key container. (The default is user-level.)\n Verwenden Sie einen Container mit privatem Schlüssel auf Computerebene. (Der Standardwert ist Benutzerebene.)\n \n \n \n \n"
},
{
"path": "src/Sign.Cli/xlf/CertificateStoreResources.es.xlf",
"content": "\n\n \n \n \n PFX, P7B, or CER file containing a certificate and potentially a private key.\n Archivo PFX, P7B o CER que contiene un certificado y una clave privada potencialmente.\n {Locked=\"PFX\", \"P7B\", \"CER\"} are file extensions.\n \n \n SHA fingerprint used to identify a certificate.\n Huella digital SHA usada para identificar un certificado.\n {Locked=\"SHA\"} is a cryptographic algorithm.\n \n \n Password for certificate file.\n Contraseña del archivo de certificado.\n \n \n \n Sign container contents.\n Firmar el contenido del contenedor.\n \n \n \n Cryptographic Service Provider containing the private key container. Requires /k and optionally /km.\n Proveedor de servicios criptográficos que contiene el contenedor de claves privadas. Requiere /k y, opcionalmente, /km.\n {Locked=\"/k\", \"/km\"} are command line options.\n \n \n Allow user interactions (such as a dialog box) when a private key is accessed.\n Permitir interacciones de usuario (como un cuadro de diálogo) cuando se tiene acceso a una clave privada.\n \n \n \n Private key container name.\n Nombre de contenedor de clave privada.\n \n \n \n Cryptographic Service Provider missing. Use /csp to specify a CSP.\n Falta el proveedor de servicios criptográficos. Use /csp para especificar un CSP.\n {Locked=\"/csp\"} is a command line option.\n \n \n Private key container name missing. Use /k to specify a key container name.\n Falta el nombre de contenedor de claves privadas. Use /k para especificar un nombre de contenedor de claves.\n {Locked=\"/k\"} is a command line option.\n \n \n Use a machine-level private key container. (The default is user-level.)\n Use un contenedor de claves privadas de nivel de máquina. (El valor predeterminado es de nivel de usuario).\n \n \n \n \n"
},
{
"path": "src/Sign.Cli/xlf/CertificateStoreResources.fr.xlf",
"content": "\n\n \n \n \n PFX, P7B, or CER file containing a certificate and potentially a private key.\n Fichier PFX, P7B ou CER contenant un certificat et éventuellement une clé privée.\n {Locked=\"PFX\", \"P7B\", \"CER\"} are file extensions.\n \n \n SHA fingerprint used to identify a certificate.\n Empreinte digitale SHA utilisée pour identifier un certificat.\n {Locked=\"SHA\"} is a cryptographic algorithm.\n \n \n Password for certificate file.\n Mot de passe du fichier du certificat.\n \n \n \n Sign container contents.\n Signer le contenu du conteneur.\n \n \n \n Cryptographic Service Provider containing the private key container. Requires /k and optionally /km.\n Fournisseur de services de chiffrement contenant le conteneur de clé privée. Nécessite /k et éventuellement /km.\n {Locked=\"/k\", \"/km\"} are command line options.\n \n \n Allow user interactions (such as a dialog box) when a private key is accessed.\n Autorisez les interactions utilisateur (par exemple, une boîte de dialogue) lorsqu’une clé privée est accessible.\n \n \n \n Private key container name.\n Nom de conteneur de clé privée.\n \n \n \n Cryptographic Service Provider missing. Use /csp to specify a CSP.\n Le fournisseur de services de chiffrement est manquant. Utilisez /csp pour spécifier un fournisseur de solutions Cloud.\n {Locked=\"/csp\"} is a command line option.\n \n \n Private key container name missing. Use /k to specify a key container name.\n Le nom de conteneur de clé privée est manquant. Utilisez /k pour spécifier un nom de conteneur de clé.\n {Locked=\"/k\"} is a command line option.\n \n \n Use a machine-level private key container. (The default is user-level.)\n Utilisez un conteneur de clé privée au niveau de l’ordinateur. (La valeur par défaut est au niveau de l’utilisateur.)\n \n \n \n \n"
},
{
"path": "src/Sign.Cli/xlf/CertificateStoreResources.it.xlf",
"content": "\n\n \n \n \n PFX, P7B, or CER file containing a certificate and potentially a private key.\n PFX, P7B o CER file contenente un certificato e potenzialmente una chiave privata.\n {Locked=\"PFX\", \"P7B\", \"CER\"} are file extensions.\n \n \n SHA fingerprint used to identify a certificate.\n Impronta digitale SHA usata per identificare un certificato.\n {Locked=\"SHA\"} is a cryptographic algorithm.\n \n \n Password for certificate file.\n Password per file certificato.\n \n \n \n Sign container contents.\n Contenuti contenitore firme.\n \n \n \n Cryptographic Service Provider containing the private key container. Requires /k and optionally /km.\n Provider del servizio di crittografia contenente il contenitore di chiavi private. Richiede /k e facoltativamente /km.\n {Locked=\"/k\", \"/km\"} are command line options.\n \n \n Allow user interactions (such as a dialog box) when a private key is accessed.\n Consenti interazioni utente (ad esempio una finestra di dialogo) quando si accede a una chiave privata.\n \n \n \n Private key container name.\n Nome del contenitore di chiavi private.\n \n \n \n Cryptographic Service Provider missing. Use /csp to specify a CSP.\n Provider del servizio di crittografia mancante. Utilizzare /csp per specificare un CSP.\n {Locked=\"/csp\"} is a command line option.\n \n \n Private key container name missing. Use /k to specify a key container name.\n Nome del contenitore di chiavi private mancante. Usare /k per specificare il nome di un contenitore di chiavi.\n {Locked=\"/k\"} is a command line option.\n \n \n Use a machine-level private key container. (The default is user-level.)\n Usare un contenitore di chiavi private a livello di computer. (Il valore predefinito è a livello di utente).\n \n \n \n \n"
},
{
"path": "src/Sign.Cli/xlf/CertificateStoreResources.ja.xlf",
"content": "\n\n \n \n \n PFX, P7B, or CER file containing a certificate and potentially a private key.\n 証明書と潜在的に秘密キーを含む PFX、P7B、または CER ファイル。\n {Locked=\"PFX\", \"P7B\", \"CER\"} are file extensions.\n \n \n SHA fingerprint used to identify a certificate.\n 証明書の識別に使用される SHA フィンガープリント。\n {Locked=\"SHA\"} is a cryptographic algorithm.\n \n \n Password for certificate file.\n 証明書ファイルのパスワード。\n \n \n \n Sign container contents.\n コンテナーの内容に署名します。\n \n \n \n Cryptographic Service Provider containing the private key container. Requires /k and optionally /km.\n 秘密キー コンテナーを含む暗号化サービス プロバイダー。/k および必要に応じて /km が必要です。\n {Locked=\"/k\", \"/km\"} are command line options.\n \n \n Allow user interactions (such as a dialog box) when a private key is accessed.\n 秘密キーにアクセスするときにユーザーの操作 (ダイアログ ボックスなど) を許可します。\n \n \n \n Private key container name.\n 秘密キー コンテナー名。\n \n \n \n Cryptographic Service Provider missing. Use /csp to specify a CSP.\n 暗号化サービス プロバイダーがありません。/csp を使用して CSP を指定します。\n {Locked=\"/csp\"} is a command line option.\n \n \n Private key container name missing. Use /k to specify a key container name.\n 秘密キー コンテナー名がありません。キー コンテナー名を指定するには、/k を使用します。\n {Locked=\"/k\"} is a command line option.\n \n \n Use a machine-level private key container. (The default is user-level.)\n コンピューター レベルの秘密キー コンテナーを使用します。(既定値はユーザー レベルです)。\n \n \n \n \n"
},
{
"path": "src/Sign.Cli/xlf/CertificateStoreResources.ko.xlf",
"content": "\n\n \n \n \n PFX, P7B, or CER file containing a certificate and potentially a private key.\n 인증서와 잠재적으로 프라이빗 키가 포함된 PFX, P7B 또는 CER 파일입니다.\n {Locked=\"PFX\", \"P7B\", \"CER\"} are file extensions.\n \n \n SHA fingerprint used to identify a certificate.\n 인증서를 식별하는 데 사용되는 SHA 지문입니다.\n {Locked=\"SHA\"} is a cryptographic algorithm.\n \n \n Password for certificate file.\n 인증서 파일의 암호입니다.\n \n \n \n Sign container contents.\n 컨테이너 내용 서명.\n \n \n \n Cryptographic Service Provider containing the private key container. Requires /k and optionally /km.\n 프라이빗 키 컨테이너를 포함하는 암호화 서비스 공급자입니다. /k 및 선택적으로 /km이 필요합니다.\n {Locked=\"/k\", \"/km\"} are command line options.\n \n \n Allow user interactions (such as a dialog box) when a private key is accessed.\n 프라이빗 키에 액세스할 때 사용자 상호 작용(예: 대화 상자)을 허용합니다.\n \n \n \n Private key container name.\n 프라이빗 키 컨테이너 이름입니다.\n \n \n \n Cryptographic Service Provider missing. Use /csp to specify a CSP.\n 암호화 서비스 공급자가 없습니다. /csp를 사용하여 CSP를 지정합니다.\n {Locked=\"/csp\"} is a command line option.\n \n \n Private key container name missing. Use /k to specify a key container name.\n 프라이빗 키 컨테이너 이름이 없습니다. /k를 사용하여 키 컨테이너 이름을 지정합니다.\n {Locked=\"/k\"} is a command line option.\n \n \n Use a machine-level private key container. (The default is user-level.)\n 컴퓨터 수준 프라이빗 키 컨테이너를 사용합니다. (기본값은 사용자 수준입니다.)\n \n \n \n \n"
},
{
"path": "src/Sign.Cli/xlf/CertificateStoreResources.pl.xlf",
"content": "\n\n \n \n \n PFX, P7B, or CER file containing a certificate and potentially a private key.\n Plik PFX, P7B lub CER zawierający certyfikat i potencjalnie klucz prywatny.\n {Locked=\"PFX\", \"P7B\", \"CER\"} are file extensions.\n \n \n SHA fingerprint used to identify a certificate.\n Odcisk palca SHA używany do identyfikowania certyfikatu.\n {Locked=\"SHA\"} is a cryptographic algorithm.\n \n \n Password for certificate file.\n Hasło dla pliku certyfikatu.\n \n \n \n Sign container contents.\n Podpisz zawartość kontenera.\n \n \n \n Cryptographic Service Provider containing the private key container. Requires /k and optionally /km.\n Dostawca usług kryptograficznych zawierający kontener kluczy prywatnych. Wymaga opcji /k i opcjonalnie /km.\n {Locked=\"/k\", \"/km\"} are command line options.\n \n \n Allow user interactions (such as a dialog box) when a private key is accessed.\n Zezwalaj na interakcje użytkownika (takie jak okno dialogowe) po uzyskaniu dostępu do klucza prywatnego.\n \n \n \n Private key container name.\n Nazwa kontenera kluczy prywatnych.\n \n \n \n Cryptographic Service Provider missing. Use /csp to specify a CSP.\n Brak dostawcy usług kryptograficznych. Użyj /csp, aby określić dostawcę CSP.\n {Locked=\"/csp\"} is a command line option.\n \n \n Private key container name missing. Use /k to specify a key container name.\n Brak nazwy kontenera kluczy prywatnych. Użyj opcji /k, aby określić nazwę kontenera kluczy.\n {Locked=\"/k\"} is a command line option.\n \n \n Use a machine-level private key container. (The default is user-level.)\n Użyj kontenera kluczy prywatnych na poziomie komputera. (Wartość domyślna to poziom użytkownika).\n \n \n \n \n"
},
{
"path": "src/Sign.Cli/xlf/CertificateStoreResources.pt-BR.xlf",
"content": "\n\n \n \n \n PFX, P7B, or CER file containing a certificate and potentially a private key.\n Arquivos PFX, P7B ou CER que contêm um certificado e, possivelmente, uma chave privada.\n {Locked=\"PFX\", \"P7B\", \"CER\"} are file extensions.\n \n \n SHA fingerprint used to identify a certificate.\n Impressão digital SHA usada para identificar um certificado.\n {Locked=\"SHA\"} is a cryptographic algorithm.\n \n \n Password for certificate file.\n Senha do arquivo do certificado.\n \n \n \n Sign container contents.\n Assinar o conteúdo do contêiner.\n \n \n \n Cryptographic Service Provider containing the private key container. Requires /k and optionally /km.\n Provedor de Serviços Criptográficos que contém o contêiner de chave privada. Requer /k e, opcionalmente, /km.\n {Locked=\"/k\", \"/km\"} are command line options.\n \n \n Allow user interactions (such as a dialog box) when a private key is accessed.\n Permitir interações do usuário (como uma caixa de diálogo) quando uma chave privada for acessada.\n \n \n \n Private key container name.\n Nome do contêiner de chave privada.\n \n \n \n Cryptographic Service Provider missing. Use /csp to specify a CSP.\n Provedor de Serviços Criptográficos ausente. Use /csp para especificar um CSP.\n {Locked=\"/csp\"} is a command line option.\n \n \n Private key container name missing. Use /k to specify a key container name.\n Nome do contêiner de chave privada ausente. Use /k para especificar um nome de contêiner de chave.\n {Locked=\"/k\"} is a command line option.\n \n \n Use a machine-level private key container. (The default is user-level.)\n Use um contêiner de chave privada no nível do computador. (O padrão é o nível do usuário.)\n \n \n \n \n"
},
{
"path": "src/Sign.Cli/xlf/CertificateStoreResources.ru.xlf",
"content": "\n\n \n \n \n PFX, P7B, or CER file containing a certificate and potentially a private key.\n Файл PFX, P7B или CER, содержащий сертификат и, возможно, закрытый ключ.\n {Locked=\"PFX\", \"P7B\", \"CER\"} are file extensions.\n \n \n SHA fingerprint used to identify a certificate.\n Отпечаток SHA, используемый для идентификации сертификата.\n {Locked=\"SHA\"} is a cryptographic algorithm.\n \n \n Password for certificate file.\n Пароль для файла сертификата.\n \n \n \n Sign container contents.\n Подписать содержимое контейнера.\n \n \n \n Cryptographic Service Provider containing the private key container. Requires /k and optionally /km.\n Поставщик служб шифрования, содержащий контейнер закрытого ключа. Требуется /k и /km (необязательно).\n {Locked=\"/k\", \"/km\"} are command line options.\n \n \n Allow user interactions (such as a dialog box) when a private key is accessed.\n Разрешить взаимодействие с пользователем (например, диалоговое окно) при доступе к закрытому ключу.\n \n \n \n Private key container name.\n Имя контейнера закрытого ключа.\n \n \n \n Cryptographic Service Provider missing. Use /csp to specify a CSP.\n Отсутствует поставщик служб шифрования. Используйте /csp, чтобы указать CSP.\n {Locked=\"/csp\"} is a command line option.\n \n \n Private key container name missing. Use /k to specify a key container name.\n Отсутствует имя контейнера закрытого ключа. Используйте /k, чтобы указать имя контейнера ключей.\n {Locked=\"/k\"} is a command line option.\n \n \n Use a machine-level private key container. (The default is user-level.)\n Используйте контейнер закрытого ключа на уровне компьютера. (По умолчанию используется уровень пользователя.)\n \n \n \n \n"
},
{
"path": "src/Sign.Cli/xlf/CertificateStoreResources.tr.xlf",
"content": "\n\n \n \n \n PFX, P7B, or CER file containing a certificate and potentially a private key.\n Bir sertifika ve potansiyel olarak özel anahtar içeren PFX, P7B veya CER dosyası.\n {Locked=\"PFX\", \"P7B\", \"CER\"} are file extensions.\n \n \n SHA fingerprint used to identify a certificate.\n Sertifikayı tanımlamak için kullanılan SHA parmak izi.\n {Locked=\"SHA\"} is a cryptographic algorithm.\n \n \n Password for certificate file.\n Sertifika dosyasının parolası.\n \n \n \n Sign container contents.\n Kapsayıcı içeriklerini imzalayın.\n \n \n \n Cryptographic Service Provider containing the private key container. Requires /k and optionally /km.\n Özel anahtar kapsayıcısını içeren Şifreleme Hizmeti Sağlayıcısı. /k ve alternatif olarak /km gerektirir.\n {Locked=\"/k\", \"/km\"} are command line options.\n \n \n Allow user interactions (such as a dialog box) when a private key is accessed.\n Özel anahtara erişildiğinde kullanıcı etkileşimlerine (iletişim kutusu gibi) izin ver.\n \n \n \n Private key container name.\n Özel anahtar kapsayıcısı adı.\n \n \n \n Cryptographic Service Provider missing. Use /csp to specify a CSP.\n Şifreleme Hizmeti Sağlayıcısı eksik. CSP belirtmek için /csp kullanın.\n {Locked=\"/csp\"} is a command line option.\n \n \n Private key container name missing. Use /k to specify a key container name.\n Özel anahtar kapsayıcısı adı eksik. Anahtar kapsayıcısı adı belirtmek için /k kullanın.\n {Locked=\"/k\"} is a command line option.\n \n \n Use a machine-level private key container. (The default is user-level.)\n Makine düzeyinde özel anahtar kapsayıcısı kullanın. (Varsayılan, kullanıcı düzeyidir.)\n \n \n \n \n"
},
{
"path": "src/Sign.Cli/xlf/CertificateStoreResources.zh-Hans.xlf",
"content": "\n\n \n \n \n PFX, P7B, or CER file containing a certificate and potentially a private key.\n 包含证书和可能包含私钥的 PFX、P7B 或 CER 文件。\n {Locked=\"PFX\", \"P7B\", \"CER\"} are file extensions.\n \n \n SHA fingerprint used to identify a certificate.\n 用于标识证书的 SHA 指纹。\n {Locked=\"SHA\"} is a cryptographic algorithm.\n \n \n Password for certificate file.\n 证书文件的密码。\n \n \n \n Sign container contents.\n 对容器内容进行签名。\n \n \n \n Cryptographic Service Provider containing the private key container. Requires /k and optionally /km.\n 包含私钥容器的加密服务提供程序。需要 /k 和 /km (可选)。\n {Locked=\"/k\", \"/km\"} are command line options.\n \n \n Allow user interactions (such as a dialog box) when a private key is accessed.\n 访问私钥时允许用户交互(如对话框)。\n \n \n \n Private key container name.\n 私钥容器名称。\n \n \n \n Cryptographic Service Provider missing. Use /csp to specify a CSP.\n 缺少加密服务提供程序。使用 /csp 指定 CSP。\n {Locked=\"/csp\"} is a command line option.\n \n \n Private key container name missing. Use /k to specify a key container name.\n 缺少私钥容器名称。使用 /k 指定密钥容器名称。\n {Locked=\"/k\"} is a command line option.\n \n \n Use a machine-level private key container. (The default is user-level.)\n 使用计算机级私钥容器。(默认值为用户级别。)\n \n \n \n \n"
},
{
"path": "src/Sign.Cli/xlf/CertificateStoreResources.zh-Hant.xlf",
"content": "\n\n \n \n \n PFX, P7B, or CER file containing a certificate and potentially a private key.\n 包含憑證和潛在的私用金鑰的 PFX、P7B 或 CER 檔案。\n {Locked=\"PFX\", \"P7B\", \"CER\"} are file extensions.\n \n \n SHA fingerprint used to identify a certificate.\n 用以識別憑證的 SHA 指紋。\n {Locked=\"SHA\"} is a cryptographic algorithm.\n \n \n Password for certificate file.\n 憑證檔案的密碼。\n \n \n \n Sign container contents.\n 簽署容器內容。\n \n \n \n Cryptographic Service Provider containing the private key container. Requires /k and optionally /km.\n 包含私密金鑰容器的加密服務提供者。需要 /k 並選擇性地 /km。\n {Locked=\"/k\", \"/km\"} are command line options.\n \n \n Allow user interactions (such as a dialog box) when a private key is accessed.\n 當存取私密金鑰時,允許使用者互動 (例如對話方塊)。\n \n \n \n Private key container name.\n 私密金鑰容器名稱。\n \n \n \n Cryptographic Service Provider missing. Use /csp to specify a CSP.\n 遺漏密碼編譯服務提供者。使用 /csp 來指定雲端解決方案提供者。\n {Locked=\"/csp\"} is a command line option.\n \n \n Private key container name missing. Use /k to specify a key container name.\n 遺漏私密金鑰容器名稱。使用 /k 來指定金鑰容器名稱。\n {Locked=\"/k\"} is a command line option.\n \n \n Use a machine-level private key container. (The default is user-level.)\n 使用機器層級私密金鑰容器。(預設為使用者等級。)\n \n \n \n \n"
},
{
"path": "src/Sign.Cli/xlf/Resources.cs.xlf",
"content": "\n\n \n \n \n Application name (ClickOnce).\n Název aplikace (ClickOnce).\n \n \n \n Base directory for files. Overrides the current working directory.\n Základní adresář pro soubory Přepíše aktuální pracovní adresář.\n \n \n \n Use Windows Certificate Store or a local certificate file.\n Použijte úložiště certifikátů systému Windows nebo místní soubor certifikátu.\n \n \n \n Client ID to authenticate to Azure.\n ID klienta pro ověření v Azure.\n \n \n \n Client secret to authenticate to Azure.\n Tajný kód klienta pro ověření v Azure.\n \n \n \n The client secret options are obsolete and should no longer be specified.\n Možnosti tajného kódu klienta jsou zastaralé a již by neměly být zadány.\n \n \n \n Sign binaries and containers.\n Podepisovat binární soubory a kontejnery.\n \n \n \n Azure credential type that will be used. This defaults to DefaultAzureCredential.\n Typ přihlašovacího údaje Azure, který se použije. Výchozí hodnota je DefaultAzureCredential.\n \n \n \n Description of the signing certificate.\n Popis podpisového certifikátu.\n \n \n \n Description URL of the signing certificate.\n Popis adresy URL podpisového certifikátu.\n \n \n \n Digest algorithm to hash files with. Allowed values are 'sha256', 'sha384', and 'sha512'.\n Algoritmus hodnoty hash pro hash souborů. Povolené hodnoty jsou sha256, sha384 a sha512.\n {Locked=\"sha256\", \"sha384\", \"sha512\"} are cryptographic hash algorithm names and should not be localized.\n \n \n Path to file containing paths of files to sign or to exclude from signing.\n Cesta k souboru obsahujícímu cesty k souborům, které se mají podepsat nebo vyloučit z podepisování.\n \n \n \n File(s) to sign.\n Soubor nebo soubory, které se mají podepsat.\n \n \n \n Invalid value for {0}. The value must be a fully rooted directory path.\n Neplatná hodnota pro {0}. Hodnota musí být plně kořenová cesta k adresáři.\n {NumberedPlaceholder=\"{0}\"} is an option name (e.g.: --base-directory) and should not be localized.\n \n \n Invalid value for {0}. The value must be a SHA-256, SHA-384, or SHA-512 certificate fingerprint (in hexadecimal).\n Neplatná hodnota pro {0}. Hodnotou musí být otisk certifikátu SHA-256, SHA-384 nebo SHA-512 (v šestnáctkovém tvaru).\n {NumberedPlaceholder=\"{0}\"} is the option name (e.g.: --certificate-fingerprint). {Locked=\"SHA-256\", \"SHA-384\", \"SHA-512\"} are cryptographic hash algorithms.\n \n \n Invalid value for {0}. The value must be 'sha256', 'sha384', or 'sha512'.\n Neplatná hodnota pro {0}. Hodnota musí být sha256, sha384 nebo sha512.\n {Locked=\"sha256\", \"sha384\", \"sha512\"} are cryptographic hash algorithm names and should not be localized. {NumberedPlaceholder=\"{0}\"} is an option name (e.g.: --file-digest) and should not be localized.\n \n \n The file path cannot be rooted when using a glob. Use a path relative to the working directory (or base directory, if used).\n Cestu k souboru nelze při použití glob zakořenit. Použijte relativní cestu k pracovnímu adresáři (nebo základnímu adresáři, pokud se používá).\n \n \n \n Invalid value for {0}. The value must be an absolute HTTPS URL.\n Invalid value for {0}. The value must be an absolute HTTPS URL.\n {NumberedPlaceholder=\"{0}\"} is an option name (e.g.: --artifact-signing-endpoint) and should not be localized.\n \n \n Invalid value for {0}. The value must be a number value greater than or equal to 1.\n Neplatná hodnota pro {0}. Hodnota musí být číselná hodnota větší nebo rovna 1.\n {NumberedPlaceholder=\"{0}\"} is an option name (e.g.: --max-concurrency) and should not be localized.\n \n \n Invalid value for {0}. The value must be an absolute HTTP or HTTPS URL.\n Neplatná hodnota pro {0}. Hodnota musí být absolutní adresa URL protokolu HTTP nebo HTTPS.\n {NumberedPlaceholder=\"{0}\"} is an option name (e.g.: --timestamp-url) and should not be localized.\n \n \n The client id of a user assigned ManagedIdentity.\n ID klienta Spravované identity přiřazené uživatelem.\n \n \n \n Managed identity to authenticate to Azure Key. (obsolete)\n Spravovaná identita pro ověření ve službě Azure Key. (zastaralé)\n \n \n \n The -kvm and --azure-key-vault-managed-identity options are obsolete and should no longer be specified.\n Možnosti -kvm a --azure-key-vault-managed-identity jsou zastaralé a už by se neměly zadávat.\n \n \n \n The resource id of a user assigned ManagedIdentity.\n ID prostředku Spravované identity přiřazené uživatelem.\n \n \n \n Maximum concurrency.\n Maximální souběžnost.\n \n \n \n A file or glob is required.\n Vyžaduje se soubor nebo glob.\n \n \n \n Warning: The Microsoft Visual C++ 14 runtime is required but was not detected on your system. Download and install from https://aka.ms/vs/17/release/vc_redist.x64.exe\n Upozornění: Modul runtime Microsoft Visual C++ 14 je povinný, ale ve vašem systému nebyl zjištěn. Stáhnout a nainstalovat z https://aka.ms/vs/17/release/vc_redist.x64.exe\n {Locked=\"https://aka.ms/vs/17/release/vc_redist.x64.exe\"} is a URL.\n \n \n No inputs found to sign.\n Nenašly se žádné vstupy, které by bylo možné podepsat.\n \n \n \n Output file or directory. If omitted, input files will be overwritten.\n Výstupní soubor nebo adresář. Pokud je tento parametr vynechán, vstupní soubory budou přepsány.\n \n \n \n Publisher name (ClickOnce).\n Název vydavatele (ClickOnce)\n ClickOnce is a Microsoft deployment technology.\n \n \n Sign CLI\n Podepsat rozhraní příkazového řádku\n \n \n \n Some files do not exist. Try using a different {0} value or a fully qualified file path.\n Některé soubory neexistují. Zkuste použít jinou hodnotu {0} nebo plně kvalifikovanou cestu k souboru.\n {NumberedPlaceholder=\"{0}\"} is an option name (e.g.: --base-directory) and should not be localized.\n \n \n Tenant ID to authenticate to Azure.\n ID tenanta pro ověření v Azure.\n \n \n \n Digest algorithm for the RFC 3161 timestamp server. Allowed values are sha256, sha384, and sha512.\n Algoritmus hodnoty hash pro server časového razítka RFC 3161. Povolené hodnoty jsou sha256, sha384 a sha512.\n {Locked=\"RFC 3161\"} is an Internet standard (https://www.rfc-editor.org/info/rfc3161), and {Locked=\"sha256\", \"sha384\", \"sha512\"} are cryptographic hash algorithm names should not be localized.\n \n \n RFC 3161 timestamp server URL.\n Adresa URL serveru časového razítka RFC 3161.\n {Locked=\"RFC 3161\"} is an Internet standard (https://www.rfc-editor.org/info/rfc3161) and should not be localized.\n \n \n The trusted-signing command is obsolete. Use the artifact-signing command instead.\n Příkaz trusted-signing je zastaralý. Místo toho použijte příkaz artifact-signing.\n \n \n \n Sets the verbosity level. Allowed values are 'none', 'critical', 'error', 'warning', 'information', 'debug', and 'trace'.\n Nastaví úroveň podrobností. Povolené hodnoty jsou none, critical, error, warning, information, debug a trace.\n {Locked=\"none\", \"critical\", \"error\", \"warning\", \"information\", \"debug\", \"trace\"} are option values and should not be localized.\n \n \n Only Windows x64 is supported at this time. See https://github.com/dotnet/sign/issues/474 regarding Windows x86 support.\n V současné době je podporován pouze systém Windows x64. Podívejte se na https://github.com/dotnet/sign/issues/474 týkající se podpory windows x86.\n \n \n \n \n"
},
{
"path": "src/Sign.Cli/xlf/Resources.de.xlf",
"content": "\n\n \n \n \n Application name (ClickOnce).\n Anwendungsname (ClickOnce).\n \n \n \n Base directory for files. Overrides the current working directory.\n Basisverzeichnis für Dateien. Überschreibt das aktuelle Arbeitsverzeichnis.\n \n \n \n Use Windows Certificate Store or a local certificate file.\n Verwenden Sie den Windows-Zertifikatspeicher oder eine lokale Zertifikatdatei.\n \n \n \n Client ID to authenticate to Azure.\n Client-ID für die Authentifizierung bei Azure.\n \n \n \n Client secret to authenticate to Azure.\n Geheimer Clientschlüssel für die Authentifizierung bei Azure.\n \n \n \n The client secret options are obsolete and should no longer be specified.\n Die Optionen für geheime Clientschlüssel sind veraltet und sollten nicht mehr angegeben werden.\n \n \n \n Sign binaries and containers.\n Signieren Sie Binärdateien und Container.\n \n \n \n Azure credential type that will be used. This defaults to DefaultAzureCredential.\n Azure-Anmeldeinformationstyp, der verwendet wird. Standardmäßig ist dies DefaultAzureCredential.\n \n \n \n Description of the signing certificate.\n Beschreibung des Signaturzertifikats.\n \n \n \n Description URL of the signing certificate.\n Beschreibungs-URL des Signaturzertifikats.\n \n \n \n Digest algorithm to hash files with. Allowed values are 'sha256', 'sha384', and 'sha512'.\n Digestalgorithmus zum Hashen von Dateien. Zulässige Werte sind \"sha256\", \"sha384\" und \"sha512\".\n {Locked=\"sha256\", \"sha384\", \"sha512\"} are cryptographic hash algorithm names and should not be localized.\n \n \n Path to file containing paths of files to sign or to exclude from signing.\n Pfad zur Datei mit Pfaden von Dateien, die signiert oder von der Signierung ausgeschlossen werden sollen.\n \n \n \n File(s) to sign.\n Zu signierende Datei(en).\n \n \n \n Invalid value for {0}. The value must be a fully rooted directory path.\n Ungültiger Wert für {0}. Der Wert muss ein vollständiger Stammverzeichnispfad sein.\n {NumberedPlaceholder=\"{0}\"} is an option name (e.g.: --base-directory) and should not be localized.\n \n \n Invalid value for {0}. The value must be a SHA-256, SHA-384, or SHA-512 certificate fingerprint (in hexadecimal).\n Ungültiger Wert für {0}. Der Wert muss ein SHA-256-, SHA-384- oder SHA-512-Zertifikatfingerabdruck (hexadezimal) sein.\n {NumberedPlaceholder=\"{0}\"} is the option name (e.g.: --certificate-fingerprint). {Locked=\"SHA-256\", \"SHA-384\", \"SHA-512\"} are cryptographic hash algorithms.\n \n \n Invalid value for {0}. The value must be 'sha256', 'sha384', or 'sha512'.\n Ungültiger Wert für {0}. Der Wert muss \"sha256\", \"sha384\" oder \"sha512\" sein.\n {Locked=\"sha256\", \"sha384\", \"sha512\"} are cryptographic hash algorithm names and should not be localized. {NumberedPlaceholder=\"{0}\"} is an option name (e.g.: --file-digest) and should not be localized.\n \n \n The file path cannot be rooted when using a glob. Use a path relative to the working directory (or base directory, if used).\n Der Dateipfad kann keinem Stamm zugewiesen werden, wenn ein Glob verwendet wird. Verwenden Sie einen Pfad relativ zum Arbeitsverzeichnis (oder Basisverzeichnis, falls verwendet).\n \n \n \n Invalid value for {0}. The value must be an absolute HTTPS URL.\n Invalid value for {0}. The value must be an absolute HTTPS URL.\n {NumberedPlaceholder=\"{0}\"} is an option name (e.g.: --artifact-signing-endpoint) and should not be localized.\n \n \n Invalid value for {0}. The value must be a number value greater than or equal to 1.\n Ungültiger Wert für {0}. Der Wert muss ein Zahlenwert größer oder gleich 1 sein.\n {NumberedPlaceholder=\"{0}\"} is an option name (e.g.: --max-concurrency) and should not be localized.\n \n \n Invalid value for {0}. The value must be an absolute HTTP or HTTPS URL.\n Ungültiger Wert für {0}. Der Wert muss eine absolute HTTP- oder HTTPS-URL sein.\n {NumberedPlaceholder=\"{0}\"} is an option name (e.g.: --timestamp-url) and should not be localized.\n \n \n The client id of a user assigned ManagedIdentity.\n Die Client-ID einer benutzerzugewiesenen ManagedIdentity.\n \n \n \n Managed identity to authenticate to Azure Key. (obsolete)\n Verwaltete Identität für die Authentifizierung bei Azure Key. (veraltet)\n \n \n \n The -kvm and --azure-key-vault-managed-identity options are obsolete and should no longer be specified.\n Die Optionen „-kvm“ und „--azure-key-vault-managed-identity“ sind veraltet und sollten nicht mehr angegeben werden.\n \n \n \n The resource id of a user assigned ManagedIdentity.\n Die Ressourcen-ID einer vom Benutzer zugewiesenen ManagedIdentity.\n \n \n \n Maximum concurrency.\n Maximale Parallelität.\n \n \n \n A file or glob is required.\n Eine Datei oder ein Glob ist erforderlich.\n \n \n \n Warning: The Microsoft Visual C++ 14 runtime is required but was not detected on your system. Download and install from https://aka.ms/vs/17/release/vc_redist.x64.exe\n Warnung: Die Microsoft Visual C++ 14-Runtime ist erforderlich, wurde jedoch auf ihrem System nicht erkannt. Von „https://aka.ms/vs/17/release/vc_redist.x64.exe“ herunterladen und installieren\n {Locked=\"https://aka.ms/vs/17/release/vc_redist.x64.exe\"} is a URL.\n \n \n No inputs found to sign.\n Es wurden keine Eingaben zum Signieren gefunden.\n \n \n \n Output file or directory. If omitted, input files will be overwritten.\n Ausgabedatei oder -verzeichnis. Wenn dies weggelassen wird, werden Eingabedateien überschrieben.\n \n \n \n Publisher name (ClickOnce).\n Herausgebername (ClickOnce).\n ClickOnce is a Microsoft deployment technology.\n \n \n Sign CLI\n CLI signieren\n \n \n \n Some files do not exist. Try using a different {0} value or a fully qualified file path.\n Einige Dateien sind nicht vorhanden. Versuchen Sie, einen anderen {0}-Wert oder einen vollqualifizierten Dateipfad zu verwenden.\n {NumberedPlaceholder=\"{0}\"} is an option name (e.g.: --base-directory) and should not be localized.\n \n \n Tenant ID to authenticate to Azure.\n Mandanten-ID für die Authentifizierung bei Azure.\n \n \n \n Digest algorithm for the RFC 3161 timestamp server. Allowed values are sha256, sha384, and sha512.\n Digest-Algorithmus für den RFC 3161-Zeitstempelserver. Zulässige Werte sind sha256, sha384 und sha512.\n {Locked=\"RFC 3161\"} is an Internet standard (https://www.rfc-editor.org/info/rfc3161), and {Locked=\"sha256\", \"sha384\", \"sha512\"} are cryptographic hash algorithm names should not be localized.\n \n \n RFC 3161 timestamp server URL.\n URL für RFC 3161-Zeitstempelserver.\n {Locked=\"RFC 3161\"} is an Internet standard (https://www.rfc-editor.org/info/rfc3161) and should not be localized.\n \n \n The trusted-signing command is obsolete. Use the artifact-signing command instead.\n Der vertrauenswürdige Signaturbefehl ist veraltet. Verwenden Sie stattdessen den Artefaktsignaturbefehl.\n \n \n \n Sets the verbosity level. Allowed values are 'none', 'critical', 'error', 'warning', 'information', 'debug', and 'trace'.\n Legt den Ausführlichkeitsgrad fest. Zulässige Werte sind \"none\", \"critical\", \"error\", \"warning\", \"information\", \"debug\" und \"trace\".\n {Locked=\"none\", \"critical\", \"error\", \"warning\", \"information\", \"debug\", \"trace\"} are option values and should not be localized.\n \n \n Only Windows x64 is supported at this time. See https://github.com/dotnet/sign/issues/474 regarding Windows x86 support.\n Derzeit wird nur Windows x64 unterstützt. Weitere Informationen hinsichtlich Windows x86-Support finden Sie unter https://github.com/dotnet/sign/issues/474.\n \n \n \n \n"
},
{
"path": "src/Sign.Cli/xlf/Resources.es.xlf",
"content": "\n\n \n \n \n Application name (ClickOnce).\n Nombre de la aplicación (ClickOnce).\n \n \n \n Base directory for files. Overrides the current working directory.\n Directorio base para los archivos. Invalida el directorio de trabajo actual.\n \n \n \n Use Windows Certificate Store or a local certificate file.\n Use el Almacén de certificados de Windows o un archivo de certificados local.\n \n \n \n Client ID to authenticate to Azure.\n Id. de cliente para autenticarse en Azure.\n \n \n \n Client secret to authenticate to Azure.\n Secreto de cliente para autenticarse en Azure.\n \n \n \n The client secret options are obsolete and should no longer be specified.\n Las opciones de secreto de cliente están obsoletas y ya no deben especificarse.\n \n \n \n Sign binaries and containers.\n Firmar archivos binarios y contenedores.\n \n \n \n Azure credential type that will be used. This defaults to DefaultAzureCredential.\n Tipo de credencial de Azure que se usará. El valor predeterminado es DefaultAzureCredential.\n \n \n \n Description of the signing certificate.\n Descripción del certificado de firma.\n \n \n \n Description URL of the signing certificate.\n Descripción de URL del certificado de firma.\n \n \n \n Digest algorithm to hash files with. Allowed values are 'sha256', 'sha384', and 'sha512'.\n Algoritmo de resumen con el que se van a aplicar algoritmos hash a los archivos. Los valores permitidos son 'sha256', 'sha384', y 'sha512'.\n {Locked=\"sha256\", \"sha384\", \"sha512\"} are cryptographic hash algorithm names and should not be localized.\n \n \n Path to file containing paths of files to sign or to exclude from signing.\n Ruta de acceso al archivo que contiene las rutas de acceso de los archivos que se van a firmar o que se van a excluir de la firma.\n \n \n \n File(s) to sign.\n Archivos para firmar.\n \n \n \n Invalid value for {0}. The value must be a fully rooted directory path.\n Valor no válido para {0}. El valor debe ser una ruta de acceso de directorio totalmente raíz.\n {NumberedPlaceholder=\"{0}\"} is an option name (e.g.: --base-directory) and should not be localized.\n \n \n Invalid value for {0}. The value must be a SHA-256, SHA-384, or SHA-512 certificate fingerprint (in hexadecimal).\n Valor no válido para {0}. El valor debe ser una huella de certificado SHA-256, SHA-384 o SHA-512 (en hexadecimal).\n {NumberedPlaceholder=\"{0}\"} is the option name (e.g.: --certificate-fingerprint). {Locked=\"SHA-256\", \"SHA-384\", \"SHA-512\"} are cryptographic hash algorithms.\n \n \n Invalid value for {0}. The value must be 'sha256', 'sha384', or 'sha512'.\n Valor no válido para {0}. El valor debe ser 'sha256', 'sha384' o 'sha512'.\n {Locked=\"sha256\", \"sha384\", \"sha512\"} are cryptographic hash algorithm names and should not be localized. {NumberedPlaceholder=\"{0}\"} is an option name (e.g.: --file-digest) and should not be localized.\n \n \n The file path cannot be rooted when using a glob. Use a path relative to the working directory (or base directory, if used).\n La ruta de acceso del archivo no se puede rootear cuando se usa un glob. Use una ruta de acceso relativa al directorio de trabajo (o directorio base, si se usa).\n \n \n \n Invalid value for {0}. The value must be an absolute HTTPS URL.\n Invalid value for {0}. The value must be an absolute HTTPS URL.\n {NumberedPlaceholder=\"{0}\"} is an option name (e.g.: --artifact-signing-endpoint) and should not be localized.\n \n \n Invalid value for {0}. The value must be a number value greater than or equal to 1.\n Valor no válido para {0}. El valor debe ser un valor numérico mayor o igual que 1.\n {NumberedPlaceholder=\"{0}\"} is an option name (e.g.: --max-concurrency) and should not be localized.\n \n \n Invalid value for {0}. The value must be an absolute HTTP or HTTPS URL.\n Valor no válido para {0}. El valor debe ser una dirección URL HTTP o HTTPS absoluta.\n {NumberedPlaceholder=\"{0}\"} is an option name (e.g.: --timestamp-url) and should not be localized.\n \n \n The client id of a user assigned ManagedIdentity.\n El identificador de cliente de un ManagedIdentity asignado por el usuario.\n \n \n \n Managed identity to authenticate to Azure Key. (obsolete)\n Identidad administrada para autenticarse en Azure Key. (obsoleto)\n \n \n \n The -kvm and --azure-key-vault-managed-identity options are obsolete and should no longer be specified.\n Las opciones -kvm y --azure-key-vault-managed-identity están obsoletas y ya no deben especificarse.\n \n \n \n The resource id of a user assigned ManagedIdentity.\n El identificador de recurso de un ManagedIdentity asignado por el usuario.\n \n \n \n Maximum concurrency.\n Simultaneidad máxima.\n \n \n \n A file or glob is required.\n Se requiere un archivo o glob.\n \n \n \n Warning: The Microsoft Visual C++ 14 runtime is required but was not detected on your system. Download and install from https://aka.ms/vs/17/release/vc_redist.x64.exe\n Advertencia: se requiere el runtime Microsoft Visual C++ 14, pero no se detectó en el sistema. Descargar e instalar desde https://aka.ms/vs/17/release/vc_redist.x64.exe\n {Locked=\"https://aka.ms/vs/17/release/vc_redist.x64.exe\"} is a URL.\n \n \n No inputs found to sign.\n No se encontraron entradas para firmar.\n \n \n \n Output file or directory. If omitted, input files will be overwritten.\n Archivo o directorio de salida. Si se omite, se sobrescribirán los archivos de entrada.\n \n \n \n Publisher name (ClickOnce).\n Nombre del publicador (ClickOnce).\n ClickOnce is a Microsoft deployment technology.\n \n \n Sign CLI\n Firma de la CLI\n \n \n \n Some files do not exist. Try using a different {0} value or a fully qualified file path.\n Algunos archivos no existen. Pruebe a usar otro valor {0} o una ruta de acceso de archivo completa.\n {NumberedPlaceholder=\"{0}\"} is an option name (e.g.: --base-directory) and should not be localized.\n \n \n Tenant ID to authenticate to Azure.\n Id. de inquilino para autenticarse en Azure.\n \n \n \n Digest algorithm for the RFC 3161 timestamp server. Allowed values are sha256, sha384, and sha512.\n Algoritmo de resumen para el servidor de marca de tiempo RFC 3161. Los valores permitidos son sha256, sha384 y sha512.\n {Locked=\"RFC 3161\"} is an Internet standard (https://www.rfc-editor.org/info/rfc3161), and {Locked=\"sha256\", \"sha384\", \"sha512\"} are cryptographic hash algorithm names should not be localized.\n \n \n RFC 3161 timestamp server URL.\n Dirección URL del servidor de marca de tiempo RFC 3161.\n {Locked=\"RFC 3161\"} is an Internet standard (https://www.rfc-editor.org/info/rfc3161) and should not be localized.\n \n \n The trusted-signing command is obsolete. Use the artifact-signing command instead.\n El comando trusted-signing está obsoleto. En su lugar, use el comando artifact-signing.\n \n \n \n Sets the verbosity level. Allowed values are 'none', 'critical', 'error', 'warning', 'information', 'debug', and 'trace'.\n Establece el nivel de detalle. Los valores permitidos son \"none\", \"critical\", \"error\", \"warning\", \"information\", \"debug\" y \"trace\".\n {Locked=\"none\", \"critical\", \"error\", \"warning\", \"information\", \"debug\", \"trace\"} are option values and should not be localized.\n \n \n Only Windows x64 is supported at this time. See https://github.com/dotnet/sign/issues/474 regarding Windows x86 support.\n En este momento solo se admite Windows x64. Consulta https://github.com/dotnet/sign/issues/474 sobre la compatibilidad con Windows x86.\n \n \n \n \n"
},
{
"path": "src/Sign.Cli/xlf/Resources.fr.xlf",
"content": "\n\n \n \n \n Application name (ClickOnce).\n Nom de l’application (ClickOnce).\n \n \n \n Base directory for files. Overrides the current working directory.\n Répertoire de base pour les fichiers. Remplace le répertoire de travail actuel.\n \n \n \n Use Windows Certificate Store or a local certificate file.\n Utilisez le magasin de certificats Windows ou un fichier local du certificat.\n \n \n \n Client ID to authenticate to Azure.\n ID client pour l’authentification auprès d’Azure.\n \n \n \n Client secret to authenticate to Azure.\n Clé secrète client pour s’authentifier auprès d’Azure.\n \n \n \n The client secret options are obsolete and should no longer be specified.\n Les options de secret du client sont obsolètes et ne doivent plus être spécifiées.\n \n \n \n Sign binaries and containers.\n Signer les fichiers binaires et les conteneurs.\n \n \n \n Azure credential type that will be used. This defaults to DefaultAzureCredential.\n Type d’informations d’identification Azure à utiliser. Cela par défaut à DefaultAzureCredential.\n \n \n \n Description of the signing certificate.\n Description du certificat de signature.\n \n \n \n Description URL of the signing certificate.\n URL de description du certificat de signature.\n \n \n \n Digest algorithm to hash files with. Allowed values are 'sha256', 'sha384', and 'sha512'.\n Algorithme Digest pour hacher les fichiers avec. Les valeurs autorisées sont 'sha256', 'sha384' et 'sha512'.\n {Locked=\"sha256\", \"sha384\", \"sha512\"} are cryptographic hash algorithm names and should not be localized.\n \n \n Path to file containing paths of files to sign or to exclude from signing.\n Chemin du fichier contenant les chemins des fichiers à signer ou à exclure de la signature.\n \n \n \n File(s) to sign.\n Fichier(s) à signer.\n \n \n \n Invalid value for {0}. The value must be a fully rooted directory path.\n Valeur non valide pour {0}. La valeur doit être un chemin d’accès de répertoire entièrement rooté.\n {NumberedPlaceholder=\"{0}\"} is an option name (e.g.: --base-directory) and should not be localized.\n \n \n Invalid value for {0}. The value must be a SHA-256, SHA-384, or SHA-512 certificate fingerprint (in hexadecimal).\n Valeur non valide pour {0}. La valeur doit être une empreinte digitale de certificat SHA-256, SHA-384 ou SHA-512 (en hexadécimal).\n {NumberedPlaceholder=\"{0}\"} is the option name (e.g.: --certificate-fingerprint). {Locked=\"SHA-256\", \"SHA-384\", \"SHA-512\"} are cryptographic hash algorithms.\n \n \n Invalid value for {0}. The value must be 'sha256', 'sha384', or 'sha512'.\n Valeur invalide pour {0}. La valeur doit être 'sha256', 'sha384' ou 'sha512'.\n {Locked=\"sha256\", \"sha384\", \"sha512\"} are cryptographic hash algorithm names and should not be localized. {NumberedPlaceholder=\"{0}\"} is an option name (e.g.: --file-digest) and should not be localized.\n \n \n The file path cannot be rooted when using a glob. Use a path relative to the working directory (or base directory, if used).\n Le chemin d’accès du fichier ne peut pas être rooté lors de l’utilisation d’un glob. Utilisez un chemin d’accès relatif au répertoire de travail (ou au répertoire de base, s’il est utilisé).\n \n \n \n Invalid value for {0}. The value must be an absolute HTTPS URL.\n Invalid value for {0}. The value must be an absolute HTTPS URL.\n {NumberedPlaceholder=\"{0}\"} is an option name (e.g.: --artifact-signing-endpoint) and should not be localized.\n \n \n Invalid value for {0}. The value must be a number value greater than or equal to 1.\n Valeur non valide pour {0}. La valeur doit être une valeur numérique supérieure ou égale à 1.\n {NumberedPlaceholder=\"{0}\"} is an option name (e.g.: --max-concurrency) and should not be localized.\n \n \n Invalid value for {0}. The value must be an absolute HTTP or HTTPS URL.\n Valeur non valide pour {0}. La valeur doit être une URL HTTP ou HTTPS absolue.\n {NumberedPlaceholder=\"{0}\"} is an option name (e.g.: --timestamp-url) and should not be localized.\n \n \n The client id of a user assigned ManagedIdentity.\n L’ID client d’un utilisateur à qui a été attribuée ManagedIdentity.\n \n \n \n Managed identity to authenticate to Azure Key. (obsolete)\n Identité managée pour s’authentifier auprès d’Azure Key. (obsolète)\n \n \n \n The -kvm and --azure-key-vault-managed-identity options are obsolete and should no longer be specified.\n Les options -kvm et --azure-key-vault-managed-identity sont obsolètes et ne doivent plus être spécifiées.\n \n \n \n The resource id of a user assigned ManagedIdentity.\n L’ID de ressource d’une ManagedIdentity attribuée à un utilisateur.\n \n \n \n Maximum concurrency.\n Concurrence maximale.\n \n \n \n A file or glob is required.\n Un fichier ou un glob est requis.\n \n \n \n Warning: The Microsoft Visual C++ 14 runtime is required but was not detected on your system. Download and install from https://aka.ms/vs/17/release/vc_redist.x64.exe\n Avertissement : le runtime Microsoft Visual C++ 14 est requis mais n’a pas été détecté sur votre système. Télécharger et installer à partir de https://aka.ms/vs/17/release/vc_redist.x64.exe\n {Locked=\"https://aka.ms/vs/17/release/vc_redist.x64.exe\"} is a URL.\n \n \n No inputs found to sign.\n Aucune entrée à signer.\n \n \n \n Output file or directory. If omitted, input files will be overwritten.\n Fichier ou répertoire de sortie. En cas d’omission, les fichiers d’entrée sont remplacés.\n \n \n \n Publisher name (ClickOnce).\n Nom du serveur de publication (ClickOnce).\n ClickOnce is a Microsoft deployment technology.\n \n \n Sign CLI\n Signer l’interface CLI\n \n \n \n Some files do not exist. Try using a different {0} value or a fully qualified file path.\n Certains fichiers n’existent pas. Essayez d’utiliser une autre valeur {0} ou un chemin de fichier complet.\n {NumberedPlaceholder=\"{0}\"} is an option name (e.g.: --base-directory) and should not be localized.\n \n \n Tenant ID to authenticate to Azure.\n ID du locataire pour s’authentifier auprès d’Azure.\n \n \n \n Digest algorithm for the RFC 3161 timestamp server. Allowed values are sha256, sha384, and sha512.\n Algorithme de hachage pour le serveur d’horodatage RFC 3161. Les valeurs autorisées sont sha256, sha384 et sha512.\n {Locked=\"RFC 3161\"} is an Internet standard (https://www.rfc-editor.org/info/rfc3161), and {Locked=\"sha256\", \"sha384\", \"sha512\"} are cryptographic hash algorithm names should not be localized.\n \n \n RFC 3161 timestamp server URL.\n URL du serveur d'horodatage conforme au document RFC 3161.\n {Locked=\"RFC 3161\"} is an Internet standard (https://www.rfc-editor.org/info/rfc3161) and should not be localized.\n \n \n The trusted-signing command is obsolete. Use the artifact-signing command instead.\n La commande de signature de confiance est obsolète. Utilisez plutôt la commande de signature d'artefacts.\n \n \n \n Sets the verbosity level. Allowed values are 'none', 'critical', 'error', 'warning', 'information', 'debug', and 'trace'.\n Définit le niveau de verbosité. Les valeurs autorisées sont 'none', 'critical', 'error', 'warning', 'information', 'debug', et 'trace'\n {Locked=\"none\", \"critical\", \"error\", \"warning\", \"information\", \"debug\", \"trace\"} are option values and should not be localized.\n \n \n Only Windows x64 is supported at this time. See https://github.com/dotnet/sign/issues/474 regarding Windows x86 support.\n Seul Windows x64 est pris en charge pour l’instant. Consultez https://github.com/dotnet/sign/issues/474 concernant la prise en charge de Windows x86.\n \n \n \n \n"
},
{
"path": "src/Sign.Cli/xlf/Resources.it.xlf",
"content": "\n\n \n \n \n Application name (ClickOnce).\n Nome applicazione (ClickOnce).\n \n \n \n Base directory for files. Overrides the current working directory.\n Directory di base per i file. Esegue l'override della directory di lavoro corrente.\n \n \n \n Use Windows Certificate Store or a local certificate file.\n Utilizzare l'archivio certificati di Windows o un file di certificato locale.\n \n \n \n Client ID to authenticate to Azure.\n ID client da autenticare in Azure.\n \n \n \n Client secret to authenticate to Azure.\n Segreto client da autenticare in Azure.\n \n \n \n The client secret options are obsolete and should no longer be specified.\n Le opzioni del segreto client sono obsolete e non devono essere più specificate.\n \n \n \n Sign binaries and containers.\n Consente di firmare file binari e contenitori.\n \n \n \n Azure credential type that will be used. This defaults to DefaultAzureCredential.\n Tipo di credenziale di Azure che verrà utilizzato. Verrà utilizzata l'impostazione predefinita DefaultAzureCredential.\n \n \n \n Description of the signing certificate.\n Descrizione del certificato di firma.\n \n \n \n Description URL of the signing certificate.\n URL descrizione del certificato di firma.\n \n \n \n Digest algorithm to hash files with. Allowed values are 'sha256', 'sha384', and 'sha512'.\n Algoritmo di digest con cui eseguire l'hashing dei file. I valori consentiti sono 'sha256', 'sha384' e 'sha512'.\n {Locked=\"sha256\", \"sha384\", \"sha512\"} are cryptographic hash algorithm names and should not be localized.\n \n \n Path to file containing paths of files to sign or to exclude from signing.\n Percorso del file contenente i percorsi dei file da firmare o escludere dalla firma.\n \n \n \n File(s) to sign.\n File da firmare.\n \n \n \n Invalid value for {0}. The value must be a fully rooted directory path.\n Valore non valido per {0}. Il valore deve essere un percorso di directory completo.\n {NumberedPlaceholder=\"{0}\"} is an option name (e.g.: --base-directory) and should not be localized.\n \n \n Invalid value for {0}. The value must be a SHA-256, SHA-384, or SHA-512 certificate fingerprint (in hexadecimal).\n Valore non valido per {0}. Il valore deve essere un’impronta digitale del certificato SHA-256, SHA-384 o SHA-512 (in formato esadecimale).\n {NumberedPlaceholder=\"{0}\"} is the option name (e.g.: --certificate-fingerprint). {Locked=\"SHA-256\", \"SHA-384\", \"SHA-512\"} are cryptographic hash algorithms.\n \n \n Invalid value for {0}. The value must be 'sha256', 'sha384', or 'sha512'.\n Valore non valido per {0}. Il valore deve essere 'sha256', 'sha384' o 'sha512'.\n {Locked=\"sha256\", \"sha384\", \"sha512\"} are cryptographic hash algorithm names and should not be localized. {NumberedPlaceholder=\"{0}\"} is an option name (e.g.: --file-digest) and should not be localized.\n \n \n The file path cannot be rooted when using a glob. Use a path relative to the working directory (or base directory, if used).\n Il percorso del file non può avere accesso root quando si utilizza un GLOB. Usare un percorso relativo alla directory di lavoro (o alla directory di base, se usata).\n \n \n \n Invalid value for {0}. The value must be an absolute HTTPS URL.\n Invalid value for {0}. The value must be an absolute HTTPS URL.\n {NumberedPlaceholder=\"{0}\"} is an option name (e.g.: --artifact-signing-endpoint) and should not be localized.\n \n \n Invalid value for {0}. The value must be a number value greater than or equal to 1.\n Valore non valido per {0}. Il valore deve essere un numero maggiore o uguale a 1.\n {NumberedPlaceholder=\"{0}\"} is an option name (e.g.: --max-concurrency) and should not be localized.\n \n \n Invalid value for {0}. The value must be an absolute HTTP or HTTPS URL.\n Valore non valido per {0}. Il valore deve essere un URL HTTP o HTTPS assoluto.\n {NumberedPlaceholder=\"{0}\"} is an option name (e.g.: --timestamp-url) and should not be localized.\n \n \n The client id of a user assigned ManagedIdentity.\n ID client di un elemento ManagedIdentity assegnato dall'utente.\n \n \n \n Managed identity to authenticate to Azure Key. (obsolete)\n Identità gestita da autenticare in Azure Key. (obsoleto)\n \n \n \n The -kvm and --azure-key-vault-managed-identity options are obsolete and should no longer be specified.\n Le opzioni -kvm e --azure-key-vault-managed-identity sono obsolete e non devono più essere specificate.\n \n \n \n The resource id of a user assigned ManagedIdentity.\n ID risorsa di un elemento ManagedIdentity assegnato dall'utente.\n \n \n \n Maximum concurrency.\n Concorrenza massima.\n \n \n \n A file or glob is required.\n È necessario specificare un file o un GLOB.\n \n \n \n Warning: The Microsoft Visual C++ 14 runtime is required but was not detected on your system. Download and install from https://aka.ms/vs/17/release/vc_redist.x64.exe\n Avviso: il runtime di Microsoft Visual C++ 14 è obbligatorio ma non è stato rilevato nel sistema. Scarica e installa da https://aka.ms/vs/17/release/vc_redist.x64.exe\n {Locked=\"https://aka.ms/vs/17/release/vc_redist.x64.exe\"} is a URL.\n \n \n No inputs found to sign.\n Non sono stati trovati input da firmare.\n \n \n \n Output file or directory. If omitted, input files will be overwritten.\n File o directory di output. Se omessi, i file di input verranno sovrascritti.\n \n \n \n Publisher name (ClickOnce).\n Nome autore (ClickOnce).\n ClickOnce is a Microsoft deployment technology.\n \n \n Sign CLI\n Consente di firmare l'interfaccia della riga di comando\n \n \n \n Some files do not exist. Try using a different {0} value or a fully qualified file path.\n Alcuni file non esistono. Provare a usare un valore di {0} diverso o un percorso di file completo.\n {NumberedPlaceholder=\"{0}\"} is an option name (e.g.: --base-directory) and should not be localized.\n \n \n Tenant ID to authenticate to Azure.\n ID tenant da autenticare in Azure.\n \n \n \n Digest algorithm for the RFC 3161 timestamp server. Allowed values are sha256, sha384, and sha512.\n Algoritmo di digest per il server di timestamp RFC 3161. I valori consentiti sono sha256, sha384 e sha512.\n {Locked=\"RFC 3161\"} is an Internet standard (https://www.rfc-editor.org/info/rfc3161), and {Locked=\"sha256\", \"sha384\", \"sha512\"} are cryptographic hash algorithm names should not be localized.\n \n \n RFC 3161 timestamp server URL.\n URL del server di timestamp RFC 3161.\n {Locked=\"RFC 3161\"} is an Internet standard (https://www.rfc-editor.org/info/rfc3161) and should not be localized.\n \n \n The trusted-signing command is obsolete. Use the artifact-signing command instead.\n Il comando di firma attendibile è obsoleto. Usare il comando di firma artefatti.\n \n \n \n Sets the verbosity level. Allowed values are 'none', 'critical', 'error', 'warning', 'information', 'debug', and 'trace'.\n Imposta il livello di dettaglio. I valori consentiti sono 'none', 'critical', 'error', 'warning', 'information', 'debug' e 'trace'.\n {Locked=\"none\", \"critical\", \"error\", \"warning\", \"information\", \"debug\", \"trace\"} are option values and should not be localized.\n \n \n Only Windows x64 is supported at this time. See https://github.com/dotnet/sign/issues/474 regarding Windows x86 support.\n Al momento è supportato solo Windows x64. Vedere https://github.com/dotnet/sign/issues/474 sul supporto per Windows x86.\n \n \n \n \n"
},
{
"path": "src/Sign.Cli/xlf/Resources.ja.xlf",
"content": "\n\n \n \n \n Application name (ClickOnce).\n アプリケーション名 (ClickOnce)。\n \n \n \n Base directory for files. Overrides the current working directory.\n ファイルのベース ディレクトリ。 現在の作業ディレクトリをオーバーライドします。\n \n \n \n Use Windows Certificate Store or a local certificate file.\n Windows 証明書ストアまたはローカル証明書ファイルを使用します。\n \n \n \n Client ID to authenticate to Azure.\n Azure に対して認証するクライアント ID。\n \n \n \n Client secret to authenticate to Azure.\n Azure に対して認証するクライアント シークレット。\n \n \n \n The client secret options are obsolete and should no longer be specified.\n クライアント シークレットのオプションは廃止されているため、指定しないでください。\n \n \n \n Sign binaries and containers.\n バイナリとコンテナーに署名します。\n \n \n \n Azure credential type that will be used. This defaults to DefaultAzureCredential.\n 使用される Azure 資格情報の種類。この既定値は DefaultAzureCredential です。\n \n \n \n Description of the signing certificate.\n 署名証明書の説明。\n \n \n \n Description URL of the signing certificate.\n 署名証明書の説明 URL。\n \n \n \n Digest algorithm to hash files with. Allowed values are 'sha256', 'sha384', and 'sha512'.\n ファイルのハッシュに使用するダイジェスト アルゴリズム。使用できる値は、'sha256'、'sha384'、および 'sha512' です。\n {Locked=\"sha256\", \"sha384\", \"sha512\"} are cryptographic hash algorithm names and should not be localized.\n \n \n Path to file containing paths of files to sign or to exclude from signing.\n 署名するファイルまたは署名から除外するファイルのパスを含むファイルへのパス。\n \n \n \n File(s) to sign.\n 署名するファイル。\n \n \n \n Invalid value for {0}. The value must be a fully rooted directory path.\n {0} の値が無効です。値は、完全にルート化されたディレクトリ パスである必要があります。\n {NumberedPlaceholder=\"{0}\"} is an option name (e.g.: --base-directory) and should not be localized.\n \n \n Invalid value for {0}. The value must be a SHA-256, SHA-384, or SHA-512 certificate fingerprint (in hexadecimal).\n {0} の値が無効です。値は SHA-256、SHA-384、または SHA-512 証明書フィンガープリント (16 進数) である必要があります。\n {NumberedPlaceholder=\"{0}\"} is the option name (e.g.: --certificate-fingerprint). {Locked=\"SHA-256\", \"SHA-384\", \"SHA-512\"} are cryptographic hash algorithms.\n \n \n Invalid value for {0}. The value must be 'sha256', 'sha384', or 'sha512'.\n {0} の値が無効です。値は 'sha256'、'sha384'、または 'sha512' である必要があります。\n {Locked=\"sha256\", \"sha384\", \"sha512\"} are cryptographic hash algorithm names and should not be localized. {NumberedPlaceholder=\"{0}\"} is an option name (e.g.: --file-digest) and should not be localized.\n \n \n The file path cannot be rooted when using a glob. Use a path relative to the working directory (or base directory, if used).\n glob を使用している場合、ファイル パスをルート化できません。作業ディレクトリへの相対パス (または使用されている場合はベース ディレクトリ) を使用してください。\n \n \n \n Invalid value for {0}. The value must be an absolute HTTPS URL.\n Invalid value for {0}. The value must be an absolute HTTPS URL.\n {NumberedPlaceholder=\"{0}\"} is an option name (e.g.: --artifact-signing-endpoint) and should not be localized.\n \n \n Invalid value for {0}. The value must be a number value greater than or equal to 1.\n {0} の値が無効です。値は、1 以上の数値である必要があります。\n {NumberedPlaceholder=\"{0}\"} is an option name (e.g.: --max-concurrency) and should not be localized.\n \n \n Invalid value for {0}. The value must be an absolute HTTP or HTTPS URL.\n {0}の値が無効です。値は HTTP または HTTPS の絶対 URL である必要があります。\n {NumberedPlaceholder=\"{0}\"} is an option name (e.g.: --timestamp-url) and should not be localized.\n \n \n The client id of a user assigned ManagedIdentity.\n ユーザー割り当て済み ManagedIdentity のクライアント ID。\n \n \n \n Managed identity to authenticate to Azure Key. (obsolete)\n Azure Key に対して認証するマネージド ID。(旧形式)\n \n \n \n The -kvm and --azure-key-vault-managed-identity options are obsolete and should no longer be specified.\n -kvm オプションと --azure-key-vault-managed-identity オプションは旧形式であるため、指定しないでください。\n \n \n \n The resource id of a user assigned ManagedIdentity.\n ユーザー割り当て済み ManagedIdentity のリソース ID。\n \n \n \n Maximum concurrency.\n 最大コンカレンシー。\n \n \n \n A file or glob is required.\n ファイルまたは glob が必要です。\n \n \n \n Warning: The Microsoft Visual C++ 14 runtime is required but was not detected on your system. Download and install from https://aka.ms/vs/17/release/vc_redist.x64.exe\n 警告: Microsoft Visual C++ 14 ランタイムが必要ですが、システムで検出されませんでした。https://aka.ms/vs/17/release/vc_redist.x64.exe からダウンロードしてインストールしてください\n {Locked=\"https://aka.ms/vs/17/release/vc_redist.x64.exe\"} is a URL.\n \n \n No inputs found to sign.\n 署名する入力が見つかりません。\n \n \n \n Output file or directory. If omitted, input files will be overwritten.\n 出力ファイルまたはディレクトリ。省略すると、入力ファイルが上書きされます。\n \n \n \n Publisher name (ClickOnce).\n パブリッシャー名 (ClickOnce)。\n ClickOnce is a Microsoft deployment technology.\n \n \n Sign CLI\n CLI に署名\n \n \n \n Some files do not exist. Try using a different {0} value or a fully qualified file path.\n 一部のファイルが存在しません。別の {0} 値または完全修飾ファイル パスを使用してみてください。\n {NumberedPlaceholder=\"{0}\"} is an option name (e.g.: --base-directory) and should not be localized.\n \n \n Tenant ID to authenticate to Azure.\n Azure に対して認証するテナント ID。\n \n \n \n Digest algorithm for the RFC 3161 timestamp server. Allowed values are sha256, sha384, and sha512.\n RFC 3161 タイムスタンプ サーバーのダイジェスト アルゴリズム。使用できる値は、sha256、sha384、および sha512 です。\n {Locked=\"RFC 3161\"} is an Internet standard (https://www.rfc-editor.org/info/rfc3161), and {Locked=\"sha256\", \"sha384\", \"sha512\"} are cryptographic hash algorithm names should not be localized.\n \n \n RFC 3161 timestamp server URL.\n RFC 3161 タイムスタンプ サーバーの URL。\n {Locked=\"RFC 3161\"} is an Internet standard (https://www.rfc-editor.org/info/rfc3161) and should not be localized.\n \n \n The trusted-signing command is obsolete. Use the artifact-signing command instead.\n trusted-signing コマンドは廃止されています。代わりに artifact-signing コマンドを使用してください。\n \n \n \n Sets the verbosity level. Allowed values are 'none', 'critical', 'error', 'warning', 'information', 'debug', and 'trace'.\n 詳細レベルを設定します。指定できる値は、'none'、'critical'、'error'、'warning'、'information'、'debug'、'trace' です。\n {Locked=\"none\", \"critical\", \"error\", \"warning\", \"information\", \"debug\", \"trace\"} are option values and should not be localized.\n \n \n Only Windows x64 is supported at this time. See https://github.com/dotnet/sign/issues/474 regarding Windows x86 support.\n 現時点でサポートされているのは Windows x64 のみです。Windows x86 のサポートに関する https://github.com/dotnet/sign/issues/474 を参照してください。\n \n \n \n \n"
},
{
"path": "src/Sign.Cli/xlf/Resources.ko.xlf",
"content": "\n\n \n \n \n Application name (ClickOnce).\n 애플리케이션 이름(ClickOnce).\n \n \n \n Base directory for files. Overrides the current working directory.\n 파일의 기본 디렉터리입니다. 현재 작업 디렉터리를 재정의합니다.\n \n \n \n Use Windows Certificate Store or a local certificate file.\n Windows 인증서 저장소 또는 로컬 인증서 파일을 사용합니다.\n \n \n \n Client ID to authenticate to Azure.\n Azure에 인증할 클라이언트 ID입니다.\n \n \n \n Client secret to authenticate to Azure.\n Azure에 인증하는 클라이언트 암호입니다.\n \n \n \n The client secret options are obsolete and should no longer be specified.\n 클라이언트 비밀 옵션은 사용되지 않으므로 더 이상 지정하지 않아야 합니다.\n \n \n \n Sign binaries and containers.\n 이진 파일 및 컨테이너에 서명합니다.\n \n \n \n Azure credential type that will be used. This defaults to DefaultAzureCredential.\n 사용할 Azure 자격 증명 형식입니다. 기본값은 DefaultAzureCredential입니다.\n \n \n \n Description of the signing certificate.\n 서명 인증서에 대한 설명입니다.\n \n \n \n Description URL of the signing certificate.\n 서명 인증서의 설명 URL입니다.\n \n \n \n Digest algorithm to hash files with. Allowed values are 'sha256', 'sha384', and 'sha512'.\n 파일을 해시하는 다이제스트 알고리즘입니다. 허용되는 값은 'sha256', 'sha384' 및 'sha512'입니다.\n {Locked=\"sha256\", \"sha384\", \"sha512\"} are cryptographic hash algorithm names and should not be localized.\n \n \n Path to file containing paths of files to sign or to exclude from signing.\n 서명하거나 서명에서 제외할 파일의 경로가 포함된 파일 경로입니다.\n \n \n \n File(s) to sign.\n 서명할 파일입니다.\n \n \n \n Invalid value for {0}. The value must be a fully rooted directory path.\n {0}에 대한 값이 잘못되었습니다. 값은 완전한 루트 디렉터리 경로여야 합니다.\n {NumberedPlaceholder=\"{0}\"} is an option name (e.g.: --base-directory) and should not be localized.\n \n \n Invalid value for {0}. The value must be a SHA-256, SHA-384, or SHA-512 certificate fingerprint (in hexadecimal).\n {0}의 값이 잘못되었습니다. 값은 SHA-256, SHA-384 또는 SHA-512 인증서 지문(16진수)이어야 합니다.\n {NumberedPlaceholder=\"{0}\"} is the option name (e.g.: --certificate-fingerprint). {Locked=\"SHA-256\", \"SHA-384\", \"SHA-512\"} are cryptographic hash algorithms.\n \n \n Invalid value for {0}. The value must be 'sha256', 'sha384', or 'sha512'.\n {0}에 대한 값이 잘못되었습니다. 값은 'sha256', 'sha384' 또는 'sha512'.여야 합니다.\n {Locked=\"sha256\", \"sha384\", \"sha512\"} are cryptographic hash algorithm names and should not be localized. {NumberedPlaceholder=\"{0}\"} is an option name (e.g.: --file-digest) and should not be localized.\n \n \n The file path cannot be rooted when using a glob. Use a path relative to the working directory (or base directory, if used).\n glob을 사용할 때 파일 경로를 루팅할 수 없습니다. 작업 디렉터리(또는 사용되는 경우 기본 디렉터리)에 상대적인 경로를 사용하세요.\n \n \n \n Invalid value for {0}. The value must be an absolute HTTPS URL.\n Invalid value for {0}. The value must be an absolute HTTPS URL.\n {NumberedPlaceholder=\"{0}\"} is an option name (e.g.: --artifact-signing-endpoint) and should not be localized.\n \n \n Invalid value for {0}. The value must be a number value greater than or equal to 1.\n {0}에 대한 값이 잘못되었습니다. 값은 1보다 크거나 같은 숫자 값이어야 합니다.\n {NumberedPlaceholder=\"{0}\"} is an option name (e.g.: --max-concurrency) and should not be localized.\n \n \n Invalid value for {0}. The value must be an absolute HTTP or HTTPS URL.\n {0}에 대한 값이 잘못되었습니다. 값은 절대 HTTP 또는 HTTPS URL이어야 합니다.\n {NumberedPlaceholder=\"{0}\"} is an option name (e.g.: --timestamp-url) and should not be localized.\n \n \n The client id of a user assigned ManagedIdentity.\n ManagedIdentity가 할당된 사용자의 클라이언트 ID입니다.\n \n \n \n Managed identity to authenticate to Azure Key. (obsolete)\n Azure Key에 인증할 관리 ID입니다. (사용되지 않음)\n \n \n \n The -kvm and --azure-key-vault-managed-identity options are obsolete and should no longer be specified.\n -kvm 및 --azure-key-vault-managed-identity 옵션은 사용되지 않으므로 더 이상 지정하지 않아야 합니다.\n \n \n \n The resource id of a user assigned ManagedIdentity.\n 사용자가 할당한 ManagedIdentity의 리소스 ID입니다.\n \n \n \n Maximum concurrency.\n 최대 동시성입니다.\n \n \n \n A file or glob is required.\n 파일 또는 글로브가 필요합니다.\n \n \n \n Warning: The Microsoft Visual C++ 14 runtime is required but was not detected on your system. Download and install from https://aka.ms/vs/17/release/vc_redist.x64.exe\n 경고: Microsoft Visual C++ 14 런타임이 필요하지만 시스템에서 검색되지 않았습니다. https://aka.ms/vs/17/release/vc_redist.x64.exe 다운로드 및 설치\n {Locked=\"https://aka.ms/vs/17/release/vc_redist.x64.exe\"} is a URL.\n \n \n No inputs found to sign.\n 서명할 입력이 없습니다.\n \n \n \n Output file or directory. If omitted, input files will be overwritten.\n 출력 파일 또는 디렉터리입니다. 생략하면 입력 파일을 덮어씁니다.\n \n \n \n Publisher name (ClickOnce).\n 게시자 이름(ClickOnce).\n ClickOnce is a Microsoft deployment technology.\n \n \n Sign CLI\n CLI 서명\n \n \n \n Some files do not exist. Try using a different {0} value or a fully qualified file path.\n 일부 파일이 존재하지 않습니다. 다른 {0} 값 또는 정규화된 파일 경로를 사용해 보세요.\n {NumberedPlaceholder=\"{0}\"} is an option name (e.g.: --base-directory) and should not be localized.\n \n \n Tenant ID to authenticate to Azure.\n Azure에 인증할 테넌트 ID입니다.\n \n \n \n Digest algorithm for the RFC 3161 timestamp server. Allowed values are sha256, sha384, and sha512.\n RFC 3161 타임스탬프 서버용 다이제스트 알고리즘입니다. 허용되는 값은 sha256, sha384 및 sha512입니다.\n {Locked=\"RFC 3161\"} is an Internet standard (https://www.rfc-editor.org/info/rfc3161), and {Locked=\"sha256\", \"sha384\", \"sha512\"} are cryptographic hash algorithm names should not be localized.\n \n \n RFC 3161 timestamp server URL.\n RFC 3161 타임스탬프 서버 URL.\n {Locked=\"RFC 3161\"} is an Internet standard (https://www.rfc-editor.org/info/rfc3161) and should not be localized.\n \n \n The trusted-signing command is obsolete. Use the artifact-signing command instead.\n trusted-signing 명령은 더 이상 사용되지 않습니다. 대신 artifact-signing 명령을 사용하세요.\n \n \n \n Sets the verbosity level. Allowed values are 'none', 'critical', 'error', 'warning', 'information', 'debug', and 'trace'.\n 세부 정보 표시 수준을 설정합니다. 허용되는 값은 'none', 'critical', 'error', 'warning', 'information', 'debug' 및 'trace'입니다.\n {Locked=\"none\", \"critical\", \"error\", \"warning\", \"information\", \"debug\", \"trace\"} are option values and should not be localized.\n \n \n Only Windows x64 is supported at this time. See https://github.com/dotnet/sign/issues/474 regarding Windows x86 support.\n 현재 Windows x64만 지원됩니다. Windows x86 지원에 대해서는 https://github.com/dotnet/sign/issues/474를 참조하세요.\n \n \n \n \n"
},
{
"path": "src/Sign.Cli/xlf/Resources.pl.xlf",
"content": "\n\n \n \n \n Application name (ClickOnce).\n Nazwa aplikacji (ClickOnce).\n \n \n \n Base directory for files. Overrides the current working directory.\n Katalog podstawowy dla plików. Zastępuje bieżący katalog roboczy.\n \n \n \n Use Windows Certificate Store or a local certificate file.\n Użyj magazynu certyfikatów systemu Windows lub lokalnego pliku certyfikatów.\n \n \n \n Client ID to authenticate to Azure.\n Identyfikator klienta do uwierzytelniania na platformie Azure.\n \n \n \n Client secret to authenticate to Azure.\n Klucz tajny klienta do uwierzytelniania na platformie Azure.\n \n \n \n The client secret options are obsolete and should no longer be specified.\n Opcje klucza tajnego klienta są przestarzałe i nie należy ich już określać.\n \n \n \n Sign binaries and containers.\n Podpisz pliki binarne i kontenery.\n \n \n \n Azure credential type that will be used. This defaults to DefaultAzureCredential.\n Typ poświadczeń platformy Azure, który będzie używany. Wartość domyślna to DefaultAzureCredential.\n \n \n \n Description of the signing certificate.\n Opis certyfikatu podpisywania.\n \n \n \n Description URL of the signing certificate.\n Adres URL opisu certyfikatu podpisywania.\n \n \n \n Digest algorithm to hash files with. Allowed values are 'sha256', 'sha384', and 'sha512'.\n Algorytm skrótu, za pomocą którego jest tworzony skrót plików. Dozwolonymi wartościami są: „sha256”, „sha384”, lub „sha512”.\n {Locked=\"sha256\", \"sha384\", \"sha512\"} are cryptographic hash algorithm names and should not be localized.\n \n \n Path to file containing paths of files to sign or to exclude from signing.\n Ścieżka do pliku zawierającego ścieżki plików do podpisania lub wykluczenia z podpisywania.\n \n \n \n File(s) to sign.\n Pliki do podpisania.\n \n \n \n Invalid value for {0}. The value must be a fully rooted directory path.\n Nieprawidłowa wartość dla {0}. Wartość musi być w pełni główną ścieżką katalogu.\n {NumberedPlaceholder=\"{0}\"} is an option name (e.g.: --base-directory) and should not be localized.\n \n \n Invalid value for {0}. The value must be a SHA-256, SHA-384, or SHA-512 certificate fingerprint (in hexadecimal).\n Nieprawidłowa wartość dla algorytmu {0}. Wartość musi być odciskiem palca certyfikatu z algorytmem SHA-256, SHA-384 lub SHA-512 (w formacie szesnastkowym).\n {NumberedPlaceholder=\"{0}\"} is the option name (e.g.: --certificate-fingerprint). {Locked=\"SHA-256\", \"SHA-384\", \"SHA-512\"} are cryptographic hash algorithms.\n \n \n Invalid value for {0}. The value must be 'sha256', 'sha384', or 'sha512'.\n Nieprawidłowa wartość dla {0}. Wartością musi być „sha256”, „sha384”, lub „sha512”.\n {Locked=\"sha256\", \"sha384\", \"sha512\"} are cryptographic hash algorithm names and should not be localized. {NumberedPlaceholder=\"{0}\"} is an option name (e.g.: --file-digest) and should not be localized.\n \n \n The file path cannot be rooted when using a glob. Use a path relative to the working directory (or base directory, if used).\n Ścieżka pliku nie może być z dostępem do konta root, gdy jest używany element globalny. Użyj ścieżki odnoszącej się do katalogu roboczego (lub katalogu podstawowego, jeśli jest używany).\n \n \n \n Invalid value for {0}. The value must be an absolute HTTPS URL.\n Invalid value for {0}. The value must be an absolute HTTPS URL.\n {NumberedPlaceholder=\"{0}\"} is an option name (e.g.: --artifact-signing-endpoint) and should not be localized.\n \n \n Invalid value for {0}. The value must be a number value greater than or equal to 1.\n Nieprawidłowa wartość dla {0}. Wartość musi być większa lub równa 1.\n {NumberedPlaceholder=\"{0}\"} is an option name (e.g.: --max-concurrency) and should not be localized.\n \n \n Invalid value for {0}. The value must be an absolute HTTP or HTTPS URL.\n Nieprawidłowa wartość dla {0}. Wartość musi być bezwzględnym adresem URL protokołu HTTP lub HTTPS.\n {NumberedPlaceholder=\"{0}\"} is an option name (e.g.: --timestamp-url) and should not be localized.\n \n \n The client id of a user assigned ManagedIdentity.\n Identyfikator klienta elementu ManagedIdentity przypisanego przez użytkownika.\n \n \n \n Managed identity to authenticate to Azure Key. (obsolete)\n Tożsamość zarządzana do uwierzytelnienia w usłudze Azure Key. (przestarzały)\n \n \n \n The -kvm and --azure-key-vault-managed-identity options are obsolete and should no longer be specified.\n Opcje -kvm i --azure-key-vault-managed-identity są przestarzałe i nie należy ich już określać.\n \n \n \n The resource id of a user assigned ManagedIdentity.\n Identyfikator zasobu elementu ManagedIdentity przypisanego przez użytkownika.\n \n \n \n Maximum concurrency.\n Maksymalna współbieżność.\n \n \n \n A file or glob is required.\n Wymagany jest plik lub element globalny.\n \n \n \n Warning: The Microsoft Visual C++ 14 runtime is required but was not detected on your system. Download and install from https://aka.ms/vs/17/release/vc_redist.x64.exe\n Ostrzeżenie: środowisko uruchomieniowe Microsoft Visual C++ 14 jest wymagane, ale nie zostało wykryte w systemie. Pobierz i zainstaluj z witryny https://aka.ms/vs/17/release/vc_redist.x64.exe\n {Locked=\"https://aka.ms/vs/17/release/vc_redist.x64.exe\"} is a URL.\n \n \n No inputs found to sign.\n Nie znaleziono danych wejściowych do podpisania.\n \n \n \n Output file or directory. If omitted, input files will be overwritten.\n Plik wyjściowy lub katalog. W przypadku pominięcia pliki wejściowe zostaną zastąpione.\n \n \n \n Publisher name (ClickOnce).\n Nazwa wydawcy (ClickOnce).\n ClickOnce is a Microsoft deployment technology.\n \n \n Sign CLI\n Interfejs wiersza polecenia podpisywania\n \n \n \n Some files do not exist. Try using a different {0} value or a fully qualified file path.\n Niektóre pliki nie istnieją. Spróbuj użyć innej wartości {0} lub w pełni kwalifikowanej ścieżki pliku.\n {NumberedPlaceholder=\"{0}\"} is an option name (e.g.: --base-directory) and should not be localized.\n \n \n Tenant ID to authenticate to Azure.\n Identyfikator dzierżawy na potrzeby uwierzytelniania na platformie Azure.\n \n \n \n Digest algorithm for the RFC 3161 timestamp server. Allowed values are sha256, sha384, and sha512.\n Algorytm skrótu dla serwera znacznika czasu RFC 3161. Dozwolonymi wartościami są: sha256, sha384 i sha512.\n {Locked=\"RFC 3161\"} is an Internet standard (https://www.rfc-editor.org/info/rfc3161), and {Locked=\"sha256\", \"sha384\", \"sha512\"} are cryptographic hash algorithm names should not be localized.\n \n \n RFC 3161 timestamp server URL.\n Adres URL serwera znacznika czasu RFC 3161.\n {Locked=\"RFC 3161\"} is an Internet standard (https://www.rfc-editor.org/info/rfc3161) and should not be localized.\n \n \n The trusted-signing command is obsolete. Use the artifact-signing command instead.\n Polecenie zaufanego podpisywania jest przestarzałe. Zamiast tego użyj polecenia podpisywania artefaktu.\n \n \n \n Sets the verbosity level. Allowed values are 'none', 'critical', 'error', 'warning', 'information', 'debug', and 'trace'.\n Ustawia poziom szczegółowości. Dozwolone wartości to „none”, „critical”, „error”, „warning”, „information”, „debug” i „trace”.\n {Locked=\"none\", \"critical\", \"error\", \"warning\", \"information\", \"debug\", \"trace\"} are option values and should not be localized.\n \n \n Only Windows x64 is supported at this time. See https://github.com/dotnet/sign/issues/474 regarding Windows x86 support.\n Obecnie obsługiwany jest tylko system Windows x64. Zobacz stronę https://github.com/dotnet/sign/issues/474 odnośnie pomocy technicznej systemu Windows x86.\n \n \n \n \n"
},
{
"path": "src/Sign.Cli/xlf/Resources.pt-BR.xlf",
"content": "\n\n \n \n \n Application name (ClickOnce).\n Nome do aplicativo (ClickOnce).\n \n \n \n Base directory for files. Overrides the current working directory.\n Diretório base para arquivos. Substitui o diretório de trabalho atual.\n \n \n \n Use Windows Certificate Store or a local certificate file.\n Use o Repositório de Certificados do Windows ou um arquivo de certificado local.\n \n \n \n Client ID to authenticate to Azure.\n ID do cliente a ser autenticada no Azure.\n \n \n \n Client secret to authenticate to Azure.\n Segredo do cliente a ser autenticado no Azure.\n \n \n \n The client secret options are obsolete and should no longer be specified.\n As opções de segredo do cliente são obsoletas e não devem mais ser especificadas.\n \n \n \n Sign binaries and containers.\n Autenticar contêineres e binários.\n \n \n \n Azure credential type that will be used. This defaults to DefaultAzureCredential.\n Tipo de credencial do Azure que será usada. O padrão é DefaultAzureCredential.\n \n \n \n Description of the signing certificate.\n Descrição do certificado de autenticação.\n \n \n \n Description URL of the signing certificate.\n URL de descrição do certificado de autenticação.\n \n \n \n Digest algorithm to hash files with. Allowed values are 'sha256', 'sha384', and 'sha512'.\n Algoritmo de código hash para arquivos de hash. Os valores permitidos são 'sha256', 'sha384' e 'sha512'.\n {Locked=\"sha256\", \"sha384\", \"sha512\"} are cryptographic hash algorithm names and should not be localized.\n \n \n Path to file containing paths of files to sign or to exclude from signing.\n Caminho para o arquivo que contém os caminhos dos arquivos a serem assinados ou excluídos da assinatura.\n \n \n \n File(s) to sign.\n Arquivo(s) para autenticar.\n \n \n \n Invalid value for {0}. The value must be a fully rooted directory path.\n Valor inválido para {0}. O valor deve ser um caminho de diretório totalmente desbloqueado por rooting.\n {NumberedPlaceholder=\"{0}\"} is an option name (e.g.: --base-directory) and should not be localized.\n \n \n Invalid value for {0}. The value must be a SHA-256, SHA-384, or SHA-512 certificate fingerprint (in hexadecimal).\n Valor inválido para {0}. O valor deve ser uma impressão digital de certificado SHA-256, SHA-384 ou SHA-512 (em hexadecimal).\n {NumberedPlaceholder=\"{0}\"} is the option name (e.g.: --certificate-fingerprint). {Locked=\"SHA-256\", \"SHA-384\", \"SHA-512\"} are cryptographic hash algorithms.\n \n \n Invalid value for {0}. The value must be 'sha256', 'sha384', or 'sha512'.\n Valor inválido para {0}. O valor deve ser 'sha256', 'sha384' ou 'sha512'.\n {Locked=\"sha256\", \"sha384\", \"sha512\"} are cryptographic hash algorithm names and should not be localized. {NumberedPlaceholder=\"{0}\"} is an option name (e.g.: --file-digest) and should not be localized.\n \n \n The file path cannot be rooted when using a glob. Use a path relative to the working directory (or base directory, if used).\n O caminho do arquivo não pode estar desbloqueado por rooting ao usar um glob. Use um caminho relativo ao diretório de trabalho (ou diretório base, se usado).\n \n \n \n Invalid value for {0}. The value must be an absolute HTTPS URL.\n Invalid value for {0}. The value must be an absolute HTTPS URL.\n {NumberedPlaceholder=\"{0}\"} is an option name (e.g.: --artifact-signing-endpoint) and should not be localized.\n \n \n Invalid value for {0}. The value must be a number value greater than or equal to 1.\n Valor inválido para {0}. O valor deve ser um valor numérico maior ou igual a 1.\n {NumberedPlaceholder=\"{0}\"} is an option name (e.g.: --max-concurrency) and should not be localized.\n \n \n Invalid value for {0}. The value must be an absolute HTTP or HTTPS URL.\n Valor inválido para {0}. O valor deve ser uma URL HTTP ou HTTPS absoluta.\n {NumberedPlaceholder=\"{0}\"} is an option name (e.g.: --timestamp-url) and should not be localized.\n \n \n The client id of a user assigned ManagedIdentity.\n A ID do cliente de um ManagedIdentity atribuído pelo usuário.\n \n \n \n Managed identity to authenticate to Azure Key. (obsolete)\n Identidade gerenciada a ser autenticada na Chave do Azure Key. (obsoleta)\n \n \n \n The -kvm and --azure-key-vault-managed-identity options are obsolete and should no longer be specified.\n As opções -kvm e --azure-key-vault-managed-identity são obsoletas e não devem mais ser especificadas.\n \n \n \n The resource id of a user assigned ManagedIdentity.\n A ID de recurso de um ManagedIdentity atribuído pelo usuário.\n \n \n \n Maximum concurrency.\n Simultaneidade máxima.\n \n \n \n A file or glob is required.\n É necessário um arquivo ou um glob.\n \n \n \n Warning: The Microsoft Visual C++ 14 runtime is required but was not detected on your system. Download and install from https://aka.ms/vs/17/release/vc_redist.x64.exe\n Aviso: o runtime do Microsoft Visual C++ 14 é necessário, mas não foi detectado no sistema. Baixar e instalar de https://aka.ms/vs/17/release/vc_redist.x64.exe\n {Locked=\"https://aka.ms/vs/17/release/vc_redist.x64.exe\"} is a URL.\n \n \n No inputs found to sign.\n Nenhuma entrada encontrada para autenticar.\n \n \n \n Output file or directory. If omitted, input files will be overwritten.\n Arquivo ou diretório de saída. Se omitido, os arquivos de entrada serão substituídos.\n \n \n \n Publisher name (ClickOnce).\n Nome do editor (ClickOnce).\n ClickOnce is a Microsoft deployment technology.\n \n \n Sign CLI\n Autenticar CLI\n \n \n \n Some files do not exist. Try using a different {0} value or a fully qualified file path.\n Alguns arquivos não existem. Tente usar um valor diferente de {0} ou um caminho de arquivo totalmente qualificado.\n {NumberedPlaceholder=\"{0}\"} is an option name (e.g.: --base-directory) and should not be localized.\n \n \n Tenant ID to authenticate to Azure.\n ID do locatário a ser autenticada no Azure.\n \n \n \n Digest algorithm for the RFC 3161 timestamp server. Allowed values are sha256, sha384, and sha512.\n Resumo do algoritmo para o servidor de carimbo de data/hora RFC 3161. Os valores permitidos são sha256, sha384 e sha512.\n {Locked=\"RFC 3161\"} is an Internet standard (https://www.rfc-editor.org/info/rfc3161), and {Locked=\"sha256\", \"sha384\", \"sha512\"} are cryptographic hash algorithm names should not be localized.\n \n \n RFC 3161 timestamp server URL.\n URL do servidor de carimbo de data/hora do RFC 3161.\n {Locked=\"RFC 3161\"} is an Internet standard (https://www.rfc-editor.org/info/rfc3161) and should not be localized.\n \n \n The trusted-signing command is obsolete. Use the artifact-signing command instead.\n O comando de assinatura confiável está obsoleto. Em vez disso, use o comando de assinatura de artefato.\n \n \n \n Sets the verbosity level. Allowed values are 'none', 'critical', 'error', 'warning', 'information', 'debug', and 'trace'.\n Define o nível de detalhamento. Os valores permitidos são 'none', 'critical', 'error', 'warning', 'information', 'debug' e 'trace'.\n {Locked=\"none\", \"critical\", \"error\", \"warning\", \"information\", \"debug\", \"trace\"} are option values and should not be localized.\n \n \n Only Windows x64 is supported at this time. See https://github.com/dotnet/sign/issues/474 regarding Windows x86 support.\n No momento, somente o Windows x64 é compatível. Consulte https://github.com/dotnet/sign/issues/474 para obter suporte com o Windows x86.\n \n \n \n \n"
},
{
"path": "src/Sign.Cli/xlf/Resources.ru.xlf",
"content": "\n\n \n \n \n Application name (ClickOnce).\n Имя приложения (ClickOnce).\n \n \n \n Base directory for files. Overrides the current working directory.\n Базовый каталог для файлов. Переопределяет текущий рабочий каталог.\n \n \n \n Use Windows Certificate Store or a local certificate file.\n Используйте хранилище сертификатов Windows или локальный файл сертификата.\n \n \n \n Client ID to authenticate to Azure.\n ИД клиента для проверки подлинности в Azure.\n \n \n \n Client secret to authenticate to Azure.\n Секрет клиента для проверки подлинности в Azure.\n \n \n \n The client secret options are obsolete and should no longer be specified.\n Параметры секрета клиента устарели и больше не должны указываться.\n \n \n \n Sign binaries and containers.\n Подписывание двоичных файлов и контейнеров.\n \n \n \n Azure credential type that will be used. This defaults to DefaultAzureCredential.\n Тип учетных данных Azure, который будет использоваться. По умолчанию: DefaultAzureCredential.\n \n \n \n Description of the signing certificate.\n Описание сертификата для подписи\n \n \n \n Description URL of the signing certificate.\n Описание URL-адреса сертификата для подписи\n \n \n \n Digest algorithm to hash files with. Allowed values are 'sha256', 'sha384', and 'sha512'.\n Алгоритм дайджеста для хэширования файлов. Допустимые значения: \"sha256\", \"sha384\" и \"sha512\".\n {Locked=\"sha256\", \"sha384\", \"sha512\"} are cryptographic hash algorithm names and should not be localized.\n \n \n Path to file containing paths of files to sign or to exclude from signing.\n Путь к файлу, содержащему пути к файлам, которые нужно подписать или исключить из подписания.\n \n \n \n File(s) to sign.\n Файлы для подписи.\n \n \n \n Invalid value for {0}. The value must be a fully rooted directory path.\n Недопустимое значение для {0}. Значение должно быть полным корневым путем к каталогу.\n {NumberedPlaceholder=\"{0}\"} is an option name (e.g.: --base-directory) and should not be localized.\n \n \n Invalid value for {0}. The value must be a SHA-256, SHA-384, or SHA-512 certificate fingerprint (in hexadecimal).\n Недопустимое значение для {0}. Значение должно быть отпечатком сертификата SHA-256, SHA-384 или SHA-512 (в шестнадцатеричном формате).\n {NumberedPlaceholder=\"{0}\"} is the option name (e.g.: --certificate-fingerprint). {Locked=\"SHA-256\", \"SHA-384\", \"SHA-512\"} are cryptographic hash algorithms.\n \n \n Invalid value for {0}. The value must be 'sha256', 'sha384', or 'sha512'.\n Недопустимое значение для {0}. Необходимо использовать \"sha256\", \"sha384\" или \"sha512\".\n {Locked=\"sha256\", \"sha384\", \"sha512\"} are cryptographic hash algorithm names and should not be localized. {NumberedPlaceholder=\"{0}\"} is an option name (e.g.: --file-digest) and should not be localized.\n \n \n The file path cannot be rooted when using a glob. Use a path relative to the working directory (or base directory, if used).\n Путь к файлу не может быть корневым при использовании стандартной маски. Используйте путь относительно рабочего каталога (или базового каталога, если он используется).\n \n \n \n Invalid value for {0}. The value must be an absolute HTTPS URL.\n Invalid value for {0}. The value must be an absolute HTTPS URL.\n {NumberedPlaceholder=\"{0}\"} is an option name (e.g.: --artifact-signing-endpoint) and should not be localized.\n \n \n Invalid value for {0}. The value must be a number value greater than or equal to 1.\n Недопустимое значение для \"{0}\". Значение должно быть числом, большим или равным 1.\n {NumberedPlaceholder=\"{0}\"} is an option name (e.g.: --max-concurrency) and should not be localized.\n \n \n Invalid value for {0}. The value must be an absolute HTTP or HTTPS URL.\n Недопустимое значение для {0}. Значение должно быть абсолютным URL-адресом HTTP или HTTPS.\n {NumberedPlaceholder=\"{0}\"} is an option name (e.g.: --timestamp-url) and should not be localized.\n \n \n The client id of a user assigned ManagedIdentity.\n Идентификатор клиента для управляемого удостоверения, назначаемого пользователем.\n \n \n \n Managed identity to authenticate to Azure Key. (obsolete)\n Управляемое удостоверение для проверки подлинности в Azure Key. (устарело)\n \n \n \n The -kvm and --azure-key-vault-managed-identity options are obsolete and should no longer be specified.\n Параметры -kvm и --azure-key-vault-managed-identity устарели и больше не должны указываться.\n \n \n \n The resource id of a user assigned ManagedIdentity.\n ИД ресурса для управляемого удостоверения, назначаемого пользователем.\n \n \n \n Maximum concurrency.\n Максимальный параллелизм.\n \n \n \n A file or glob is required.\n Требуется файл или стандартная маска.\n \n \n \n Warning: The Microsoft Visual C++ 14 runtime is required but was not detected on your system. Download and install from https://aka.ms/vs/17/release/vc_redist.x64.exe\n Внимание! Среда выполнения Microsoft Visual C++ 14 является обязательной, но не обнаружена в вашей системе. Скачайте и установите ее: https://aka.ms/vs/17/release/vc_redist.x64.exe\n {Locked=\"https://aka.ms/vs/17/release/vc_redist.x64.exe\"} is a URL.\n \n \n No inputs found to sign.\n Не найдены входящие данные для подписи.\n \n \n \n Output file or directory. If omitted, input files will be overwritten.\n Выходной файл или каталог. Если этот параметр опущен, входные файлы будут перезаписаны.\n \n \n \n Publisher name (ClickOnce).\n Имя издателя (ClickOnce).\n ClickOnce is a Microsoft deployment technology.\n \n \n Sign CLI\n Подписывание CLI\n \n \n \n Some files do not exist. Try using a different {0} value or a fully qualified file path.\n Некоторые файлы не существуют. Попробуйте использовать другое значение {0} или полный путь к файлу.\n {NumberedPlaceholder=\"{0}\"} is an option name (e.g.: --base-directory) and should not be localized.\n \n \n Tenant ID to authenticate to Azure.\n ИД клиента для проверки подлинности в Azure.\n \n \n \n Digest algorithm for the RFC 3161 timestamp server. Allowed values are sha256, sha384, and sha512.\n Алгоритм дайджеста для сервера меток времени RFC 3161. Допустимые значения: sha256, sha384 и sha512.\n {Locked=\"RFC 3161\"} is an Internet standard (https://www.rfc-editor.org/info/rfc3161), and {Locked=\"sha256\", \"sha384\", \"sha512\"} are cryptographic hash algorithm names should not be localized.\n \n \n RFC 3161 timestamp server URL.\n URL-адрес сервера меток времени RFC 3161.\n {Locked=\"RFC 3161\"} is an Internet standard (https://www.rfc-editor.org/info/rfc3161) and should not be localized.\n \n \n The trusted-signing command is obsolete. Use the artifact-signing command instead.\n Команда доверенного подписания устарела. Вместо нее применяйте команду подписания артефактов.\n \n \n \n Sets the verbosity level. Allowed values are 'none', 'critical', 'error', 'warning', 'information', 'debug', and 'trace'.\n Задает уровень детализации. Допустимые значения: \"none\" (нет), \"critical\" (критическое), \"error\" (ошибки), \"warning\" (предупреждения), \"information\" (информация), \"debug\" (отладка) и \"trace\" (трассировка).\n {Locked=\"none\", \"critical\", \"error\", \"warning\", \"information\", \"debug\", \"trace\"} are option values and should not be localized.\n \n \n Only Windows x64 is supported at this time. See https://github.com/dotnet/sign/issues/474 regarding Windows x86 support.\n Сейчас поддерживается только Windows x64. Сведения о поддержке Windows x86 см. на странице https://github.com/dotnet/sign/issues/474.\n \n \n \n \n"
},
{
"path": "src/Sign.Cli/xlf/Resources.tr.xlf",
"content": "\n\n \n \n \n Application name (ClickOnce).\n Uygulama adı (ClickOnce).\n \n \n \n Base directory for files. Overrides the current working directory.\n Dosyalar için temel dizin. Geçerli çalışma dizinini geçersiz kılar.\n \n \n \n Use Windows Certificate Store or a local certificate file.\n Windows Sertifika Deposu veya yerel bir sertifika dosyası kullanın.\n \n \n \n Client ID to authenticate to Azure.\n Azure için kimlik doğrulamak amacıyla kullanılan istemci kimliği.\n \n \n \n Client secret to authenticate to Azure.\n Azure için kimlik doğrulamak amacıyla kullanılan gizli anahtar.\n \n \n \n The client secret options are obsolete and should no longer be specified.\n Gizli anahtar seçenekleri kullanımdan kaldırıldı ve artık belirtilmemelidir.\n \n \n \n Sign binaries and containers.\n İkili dosyaları ve kapsayıcıları imzalayın.\n \n \n \n Azure credential type that will be used. This defaults to DefaultAzureCredential.\n Kullanılacak Azure kimlik bilgisi türü. Bu varsayılan DefaultAzureCredential değerine ayarlanır.\n \n \n \n Description of the signing certificate.\n İmzalama sertifikasının açıklaması.\n \n \n \n Description URL of the signing certificate.\n İmzalama sertifikasının açıklama URL’si.\n \n \n \n Digest algorithm to hash files with. Allowed values are 'sha256', 'sha384', and 'sha512'.\n Dosyaların karmasını oluşturmak için kullanılan karma algoritması. İzin verilen değerler şunlardır: 'sha256', 'sha384' ve 'sha512'.\n {Locked=\"sha256\", \"sha384\", \"sha512\"} are cryptographic hash algorithm names and should not be localized.\n \n \n Path to file containing paths of files to sign or to exclude from signing.\n İmzalanacak veya imzalamadan dışlanacak dosyaların yollarını içeren dosya yolu.\n \n \n \n File(s) to sign.\n İmzalanacak dosyalar.\n \n \n \n Invalid value for {0}. The value must be a fully rooted directory path.\n {0} için geçersiz değer. Değer, tam olarak kök erişim izni verilmiş bir dizin yolu olmalıdır.\n {NumberedPlaceholder=\"{0}\"} is an option name (e.g.: --base-directory) and should not be localized.\n \n \n Invalid value for {0}. The value must be a SHA-256, SHA-384, or SHA-512 certificate fingerprint (in hexadecimal).\n {0} için geçersiz değer. Değer bir SHA-256, SHA-384 veya SHA-512 sertifikası parmak izi (onaltılı olarak) olmalıdır.\n {NumberedPlaceholder=\"{0}\"} is the option name (e.g.: --certificate-fingerprint). {Locked=\"SHA-256\", \"SHA-384\", \"SHA-512\"} are cryptographic hash algorithms.\n \n \n Invalid value for {0}. The value must be 'sha256', 'sha384', or 'sha512'.\n {0} için geçersiz değer. Değer 'sha256', 'sha384' veya 'sha512' olmalıdır.\n {Locked=\"sha256\", \"sha384\", \"sha512\"} are cryptographic hash algorithm names and should not be localized. {NumberedPlaceholder=\"{0}\"} is an option name (e.g.: --file-digest) and should not be localized.\n \n \n The file path cannot be rooted when using a glob. Use a path relative to the working directory (or base directory, if used).\n Glob kullanılırken dosya yoluna kök erişim izni verilemez. Çalışma diziniyle (veya kullanılıyorsa, temel dizinle) ilişkili bir yol kullanın.\n \n \n \n Invalid value for {0}. The value must be an absolute HTTPS URL.\n Invalid value for {0}. The value must be an absolute HTTPS URL.\n {NumberedPlaceholder=\"{0}\"} is an option name (e.g.: --artifact-signing-endpoint) and should not be localized.\n \n \n Invalid value for {0}. The value must be a number value greater than or equal to 1.\n {0} için geçersiz değer. Değer, 1’den büyük veya buna eşit bir sayı değeri olmalıdır.\n {NumberedPlaceholder=\"{0}\"} is an option name (e.g.: --max-concurrency) and should not be localized.\n \n \n Invalid value for {0}. The value must be an absolute HTTP or HTTPS URL.\n {0} için geçersiz değer. Değer mutlak bir HTTP veya HTTPS URL’si olmalıdır.\n {NumberedPlaceholder=\"{0}\"} is an option name (e.g.: --timestamp-url) and should not be localized.\n \n \n The client id of a user assigned ManagedIdentity.\n Kullanıcı tarafından atanan yönetilen kimliğin istemci kimliği.\n \n \n \n Managed identity to authenticate to Azure Key. (obsolete)\n Azure Key Vault için kimlik doğrulamak amacıyla kullanılan yönetilen kimlik. (kullanımdan kaldırıldı)\n \n \n \n The -kvm and --azure-key-vault-managed-identity options are obsolete and should no longer be specified.\n -kvm ve --azure-key-vault-managed-identity seçenekleri kullanımdan kaldırıldı ve artık belirtilmemelidir.\n \n \n \n The resource id of a user assigned ManagedIdentity.\n Kullanıcı tarafından atanan yönetilen kimliğin kaynak kimliği.\n \n \n \n Maximum concurrency.\n Maksimum eşzamanlılık.\n \n \n \n A file or glob is required.\n Dosya veya glob gerekiyor.\n \n \n \n Warning: The Microsoft Visual C++ 14 runtime is required but was not detected on your system. Download and install from https://aka.ms/vs/17/release/vc_redist.x64.exe\n Uyarı: Microsoft Visual C++ 14 çalışma zamanı gerekiyor ancak sisteminiz üzerinde algılanmadı. İndirme ve yükleme için https://aka.ms/vs/17/release/vc_redist.x64.exe\n {Locked=\"https://aka.ms/vs/17/release/vc_redist.x64.exe\"} is a URL.\n \n \n No inputs found to sign.\n İmzalanacak giriş dosyası yok.\n \n \n \n Output file or directory. If omitted, input files will be overwritten.\n Çıkış dosyası veya dizini. Atlanırsa, giriş dosyalarının üzerine yazılır.\n \n \n \n Publisher name (ClickOnce).\n Yayımcı adı (ClickOnce).\n ClickOnce is a Microsoft deployment technology.\n \n \n Sign CLI\n CLI’yı imzala\n \n \n \n Some files do not exist. Try using a different {0} value or a fully qualified file path.\n Bazı dosyalar mevcut değil. Farklı bir {0} değeri veya tam bir dosya yolu kullanmayı deneyin.\n {NumberedPlaceholder=\"{0}\"} is an option name (e.g.: --base-directory) and should not be localized.\n \n \n Tenant ID to authenticate to Azure.\n Azure için kimlik doğrulamak amacıyla kullanılan kiracı kimliği.\n \n \n \n Digest algorithm for the RFC 3161 timestamp server. Allowed values are sha256, sha384, and sha512.\n RFC 3161 zaman damgası sunucusu için karma algoritması. İzin verilen değerler şunlardır. sha256, sha384 ve sha512.\n {Locked=\"RFC 3161\"} is an Internet standard (https://www.rfc-editor.org/info/rfc3161), and {Locked=\"sha256\", \"sha384\", \"sha512\"} are cryptographic hash algorithm names should not be localized.\n \n \n RFC 3161 timestamp server URL.\n RFC 3161 zaman damgası sunucusu URL’si.\n {Locked=\"RFC 3161\"} is an Internet standard (https://www.rfc-editor.org/info/rfc3161) and should not be localized.\n \n \n The trusted-signing command is obsolete. Use the artifact-signing command instead.\n Güvenilen imzalama komutu artık kullanılmıyor. Bunun yerine yapıt imzalama komutunu kullanın.\n \n \n \n Sets the verbosity level. Allowed values are 'none', 'critical', 'error', 'warning', 'information', 'debug', and 'trace'.\n Ayrıntı düzeyini ayarlar. İzin verilen değerler: 'none', 'critical', 'error', 'warning', 'information', 'debug' ve 'trace'.\n {Locked=\"none\", \"critical\", \"error\", \"warning\", \"information\", \"debug\", \"trace\"} are option values and should not be localized.\n \n \n Only Windows x64 is supported at this time. See https://github.com/dotnet/sign/issues/474 regarding Windows x86 support.\n Şu anda yalnızca Windows x64 destekleniyor. Windows x86 desteği için https://github.com/dotnet/sign/issues/474 sayfasına bakın.\n \n \n \n \n"
},
{
"path": "src/Sign.Cli/xlf/Resources.zh-Hans.xlf",
"content": "\n\n \n \n \n Application name (ClickOnce).\n 应用程序名称(ClickOnce)。\n \n \n \n Base directory for files. Overrides the current working directory.\n 文件的基目录。替代当前工作目录。\n \n \n \n Use Windows Certificate Store or a local certificate file.\n 使用 Windows 证书存储或本地证书文件。\n \n \n \n Client ID to authenticate to Azure.\n 要向 Azure 进行身份验证的客户端 ID。\n \n \n \n Client secret to authenticate to Azure.\n 要向 Azure 进行身份验证的客户端密码。\n \n \n \n The client secret options are obsolete and should no longer be specified.\n 客户端密码选项已过时,不应再指定。\n \n \n \n Sign binaries and containers.\n 对二进制文件和容器进行签名。\n \n \n \n Azure credential type that will be used. This defaults to DefaultAzureCredential.\n 将使用的 Azure 凭据类型。此项默认为 DefaultAzureCredential。\n \n \n \n Description of the signing certificate.\n 签名证书的说明。\n \n \n \n Description URL of the signing certificate.\n 签名证书的说明 URL。\n \n \n \n Digest algorithm to hash files with. Allowed values are 'sha256', 'sha384', and 'sha512'.\n 用于对文件进行哈希处理的摘要算法。允许的值为 \"sha256\"、\"sha384\" 和 \"sha512\"。\n {Locked=\"sha256\", \"sha384\", \"sha512\"} are cryptographic hash algorithm names and should not be localized.\n \n \n Path to file containing paths of files to sign or to exclude from signing.\n 包含要签名或从签名中排除的文件路径的文件的路径。\n \n \n \n File(s) to sign.\n 要签名的文件。\n \n \n \n Invalid value for {0}. The value must be a fully rooted directory path.\n {0} 的值无效。该值必须是完整的根目录路径。\n {NumberedPlaceholder=\"{0}\"} is an option name (e.g.: --base-directory) and should not be localized.\n \n \n Invalid value for {0}. The value must be a SHA-256, SHA-384, or SHA-512 certificate fingerprint (in hexadecimal).\n {0} 的值无效。该值必须是 SHA-256、SHA-384 或 SHA-512 证书指纹(十六进制)。\n {NumberedPlaceholder=\"{0}\"} is the option name (e.g.: --certificate-fingerprint). {Locked=\"SHA-256\", \"SHA-384\", \"SHA-512\"} are cryptographic hash algorithms.\n \n \n Invalid value for {0}. The value must be 'sha256', 'sha384', or 'sha512'.\n {0} 的值无效。值必须为 \"sha256\"、\"sha384\" 或 \"sha512\"。\n {Locked=\"sha256\", \"sha384\", \"sha512\"} are cryptographic hash algorithm names and should not be localized. {NumberedPlaceholder=\"{0}\"} is an option name (e.g.: --file-digest) and should not be localized.\n \n \n The file path cannot be rooted when using a glob. Use a path relative to the working directory (or base directory, if used).\n 使用 glob 时,文件路径不能为根路径。请使用相对于工作目录(或基目录,如果使用)的路径。\n \n \n \n Invalid value for {0}. The value must be an absolute HTTPS URL.\n Invalid value for {0}. The value must be an absolute HTTPS URL.\n {NumberedPlaceholder=\"{0}\"} is an option name (e.g.: --artifact-signing-endpoint) and should not be localized.\n \n \n Invalid value for {0}. The value must be a number value greater than or equal to 1.\n {0} 的值无效。该值必须是大于或等于 1 的数值。\n {NumberedPlaceholder=\"{0}\"} is an option name (e.g.: --max-concurrency) and should not be localized.\n \n \n Invalid value for {0}. The value must be an absolute HTTP or HTTPS URL.\n {0} 的值无效。值必须是绝对 HTTP 或 HTTPS URL。\n {NumberedPlaceholder=\"{0}\"} is an option name (e.g.: --timestamp-url) and should not be localized.\n \n \n The client id of a user assigned ManagedIdentity.\n 用户分配的 ManagedIdentity 的客户端 ID。\n \n \n \n Managed identity to authenticate to Azure Key. (obsolete)\n 要向 Azure Key 进行身份验证的托管标识。(已过时)\n \n \n \n The -kvm and --azure-key-vault-managed-identity options are obsolete and should no longer be specified.\n -kvm 和 --azure-key-vault-managed-identity 选项已过时,不应再指定。\n \n \n \n The resource id of a user assigned ManagedIdentity.\n 用户分配的 ManagedIdentity 的资源 ID。\n \n \n \n Maximum concurrency.\n 最大并发。\n \n \n \n A file or glob is required.\n 文件或 glob 是必需的。\n \n \n \n Warning: The Microsoft Visual C++ 14 runtime is required but was not detected on your system. Download and install from https://aka.ms/vs/17/release/vc_redist.x64.exe\n 警告: Microsoft Visual C++ 14 运行时是必需项,但在系统上未检测到。从 https://aka.ms/vs/17/release/vc_redist.x64.exe 下载并安装\n {Locked=\"https://aka.ms/vs/17/release/vc_redist.x64.exe\"} is a URL.\n \n \n No inputs found to sign.\n 找不到要签名的输入。\n \n \n \n Output file or directory. If omitted, input files will be overwritten.\n 输出文件或目录。如果省略,则输入文件将被覆盖。\n \n \n \n Publisher name (ClickOnce).\n 发布服务器名称(ClickOnce)。\n ClickOnce is a Microsoft deployment technology.\n \n \n Sign CLI\n 对 CLI 进行签名\n \n \n \n Some files do not exist. Try using a different {0} value or a fully qualified file path.\n 某些文件不存在。请尝试使用其他 {0} 值或完全限定的文件路径。\n {NumberedPlaceholder=\"{0}\"} is an option name (e.g.: --base-directory) and should not be localized.\n \n \n Tenant ID to authenticate to Azure.\n 要向 Azure 进行身份验证的租户 ID。\n \n \n \n Digest algorithm for the RFC 3161 timestamp server. Allowed values are sha256, sha384, and sha512.\n RFC 3161 时间戳服务器的摘要算法。允许的值为 sha256、sha384 和 sha512。\n {Locked=\"RFC 3161\"} is an Internet standard (https://www.rfc-editor.org/info/rfc3161), and {Locked=\"sha256\", \"sha384\", \"sha512\"} are cryptographic hash algorithm names should not be localized.\n \n \n RFC 3161 timestamp server URL.\n RFC 3161 时间戳服务器 URL。\n {Locked=\"RFC 3161\"} is an Internet standard (https://www.rfc-editor.org/info/rfc3161) and should not be localized.\n \n \n The trusted-signing command is obsolete. Use the artifact-signing command instead.\n 受信任签名命令已过时。请改用工件签名命令。\n \n \n \n Sets the verbosity level. Allowed values are 'none', 'critical', 'error', 'warning', 'information', 'debug', and 'trace'.\n 设置详细级别。允许的值为 \"none\"、\"critical\"、\"error\"、\"warning\"、\"information\"、\"debug\" 和 \"trace\"。\n {Locked=\"none\", \"critical\", \"error\", \"warning\", \"information\", \"debug\", \"trace\"} are option values and should not be localized.\n \n \n Only Windows x64 is supported at this time. See https://github.com/dotnet/sign/issues/474 regarding Windows x86 support.\n 目前仅支持 Windows x64。有关 Windows x86 支持,请参阅 https://github.com/dotnet/sign/issues/474。\n \n \n \n \n"
},
{
"path": "src/Sign.Cli/xlf/Resources.zh-Hant.xlf",
"content": "\n\n \n \n \n Application name (ClickOnce).\n 應用程式名稱 (ClickOnce)。\n \n \n \n Base directory for files. Overrides the current working directory.\n 檔案的基底目錄。覆寫目前的工作目錄。\n \n \n \n Use Windows Certificate Store or a local certificate file.\n 使用 Windows 憑證存放區或本機憑證檔案。\n \n \n \n Client ID to authenticate to Azure.\n 要向 Azure 進行驗證的用戶端識別碼。\n \n \n \n Client secret to authenticate to Azure.\n 要向 Azure 進行驗證的用戶端密碼。\n \n \n \n The client secret options are obsolete and should no longer be specified.\n 用戶端密碼選項已過時,應不再指定。\n \n \n \n Sign binaries and containers.\n 簽署二進位檔和容器。\n \n \n \n Azure credential type that will be used. This defaults to DefaultAzureCredential.\n 將使用的 Azure 認證類型。這會預設為 DefaultAzureCredential。\n \n \n \n Description of the signing certificate.\n 簽署憑證的描述。\n \n \n \n Description URL of the signing certificate.\n 簽署憑證的描述 URL。\n \n \n \n Digest algorithm to hash files with. Allowed values are 'sha256', 'sha384', and 'sha512'.\n 用於雜湊檔案的摘要演算法。允許的值為 'sha256'、'sha384' 和 'sha512'。\n {Locked=\"sha256\", \"sha384\", \"sha512\"} are cryptographic hash algorithm names and should not be localized.\n \n \n Path to file containing paths of files to sign or to exclude from signing.\n 包含要簽署或從簽署排除之檔案路徑的檔案路徑。\n \n \n \n File(s) to sign.\n 要簽署的檔案。\n \n \n \n Invalid value for {0}. The value must be a fully rooted directory path.\n {0} 的值無效。值必須是完整的根目錄路徑。\n {NumberedPlaceholder=\"{0}\"} is an option name (e.g.: --base-directory) and should not be localized.\n \n \n Invalid value for {0}. The value must be a SHA-256, SHA-384, or SHA-512 certificate fingerprint (in hexadecimal).\n {0} 的值無效。該值必須是 SHA-256、SHA-384 或 SHA-512 憑證指紋 (十六進位格式)。\n {NumberedPlaceholder=\"{0}\"} is the option name (e.g.: --certificate-fingerprint). {Locked=\"SHA-256\", \"SHA-384\", \"SHA-512\"} are cryptographic hash algorithms.\n \n \n Invalid value for {0}. The value must be 'sha256', 'sha384', or 'sha512'.\n {0} 的值無效。值必須是 'sha256'、'sha384' 或 'sha512'。\n {Locked=\"sha256\", \"sha384\", \"sha512\"} are cryptographic hash algorithm names and should not be localized. {NumberedPlaceholder=\"{0}\"} is an option name (e.g.: --file-digest) and should not be localized.\n \n \n The file path cannot be rooted when using a glob. Use a path relative to the working directory (or base directory, if used).\n 使用 Glob 時,檔案路徑不可為根目錄。請使用工作目錄或基底目錄 (若使用該目錄) 的相對路徑。\n \n \n \n Invalid value for {0}. The value must be an absolute HTTPS URL.\n Invalid value for {0}. The value must be an absolute HTTPS URL.\n {NumberedPlaceholder=\"{0}\"} is an option name (e.g.: --artifact-signing-endpoint) and should not be localized.\n \n \n Invalid value for {0}. The value must be a number value greater than or equal to 1.\n {0} 的值無效。值必須是大或等於 1 的數值。\n {NumberedPlaceholder=\"{0}\"} is an option name (e.g.: --max-concurrency) and should not be localized.\n \n \n Invalid value for {0}. The value must be an absolute HTTP or HTTPS URL.\n {0} 的值無效。值必須是絕對 HTTP 或 HTTPS URL。\n {NumberedPlaceholder=\"{0}\"} is an option name (e.g.: --timestamp-url) and should not be localized.\n \n \n The client id of a user assigned ManagedIdentity.\n 使用者指派 ManagedIdentity 的用戶端識別碼。\n \n \n \n Managed identity to authenticate to Azure Key. (obsolete)\n 要向 Azure Key 進行驗證的受控識別。(已過時)\n \n \n \n The -kvm and --azure-key-vault-managed-identity options are obsolete and should no longer be specified.\n -kvm 和 --azure-key-vault-managed-identity 選項已過時,不應再指定。\n \n \n \n The resource id of a user assigned ManagedIdentity.\n 使用者指派 ManagedIdentity 的資源識別碼。\n \n \n \n Maximum concurrency.\n 並行最大值。\n \n \n \n A file or glob is required.\n 需要檔案或 Glob。\n \n \n \n Warning: The Microsoft Visual C++ 14 runtime is required but was not detected on your system. Download and install from https://aka.ms/vs/17/release/vc_redist.x64.exe\n 警告: 需要 Microsoft Visual C++ 14 執行階段,但在您的系統上偵測不到。從 https://aka.ms/vs/17/release/vc_redist.x64.exe 下載並安裝\n {Locked=\"https://aka.ms/vs/17/release/vc_redist.x64.exe\"} is a URL.\n \n \n No inputs found to sign.\n 找不到要簽署的輸入。\n \n \n \n Output file or directory. If omitted, input files will be overwritten.\n 輸出檔案或目錄。如果省略,則會覆寫輸入檔案。\n \n \n \n Publisher name (ClickOnce).\n 發行者名稱 (ClickOnce)。\n ClickOnce is a Microsoft deployment technology.\n \n \n Sign CLI\n 簽署 CLI\n \n \n \n Some files do not exist. Try using a different {0} value or a fully qualified file path.\n 某些檔案不存在。請嘗試使用不同的 {0} 值或完整檔案路徑。\n {NumberedPlaceholder=\"{0}\"} is an option name (e.g.: --base-directory) and should not be localized.\n \n \n Tenant ID to authenticate to Azure.\n 要向 Azure 進行驗證的租用戶識別碼。\n \n \n \n Digest algorithm for the RFC 3161 timestamp server. Allowed values are sha256, sha384, and sha512.\n RFC 3161 時間戳記伺服器的摘要演算法。允許的值為 sha256、sha384 和 sha512。\n {Locked=\"RFC 3161\"} is an Internet standard (https://www.rfc-editor.org/info/rfc3161), and {Locked=\"sha256\", \"sha384\", \"sha512\"} are cryptographic hash algorithm names should not be localized.\n \n \n RFC 3161 timestamp server URL.\n RFC 3161 時間戳記伺服器 URL。\n {Locked=\"RFC 3161\"} is an Internet standard (https://www.rfc-editor.org/info/rfc3161) and should not be localized.\n \n \n The trusted-signing command is obsolete. Use the artifact-signing command instead.\n 信任簽署命令已過時。請改為使用成品簽署命令。\n \n \n \n Sets the verbosity level. Allowed values are 'none', 'critical', 'error', 'warning', 'information', 'debug', and 'trace'.\n 設定詳細資訊層級。允許的值為 'none'、'critical'、'error'、'warning'、'information'、'debug' 和 'trace'。\n {Locked=\"none\", \"critical\", \"error\", \"warning\", \"information\", \"debug\", \"trace\"} are option values and should not be localized.\n \n \n Only Windows x64 is supported at this time. See https://github.com/dotnet/sign/issues/474 regarding Windows x86 support.\n 目前只支援 Windows x64。如需 Windows x86 支援,請參閱 https://github.com/dotnet/sign/issues/474 (英文)。\n \n \n \n \n"
},
{
"path": "src/Sign.Cli/xlf/TrustedSigningResources.cs.xlf",
"content": "\n\n \n \n \n The Trusted Signing Account name.\n Název účtu pro důvěryhodné podepisování\n \n \n \n The Certificate Profile name.\n Název profilu certifikátu\n \n \n \n Use Trusted Signing. (obsolete, use artifact-signing instead)\n Použijte důvěryhodné podepisování. (zastaralé, místo toho použít artifact-signing)\n \n \n \n The Trusted Signing Account endpoint. The value must be a URI that aligns to the region that your Trusted Signing Account and Certificate Profile were created in.\n Koncový bod důvěryhodného podpisového účtu Hodnota musí být identifikátor URI, který odpovídá oblasti, ve které jste vytvořili důvěryhodný podpisový účet a profil certifikátu.\n \n \n \n \n"
},
{
"path": "src/Sign.Cli/xlf/TrustedSigningResources.de.xlf",
"content": "\n\n \n \n \n The Trusted Signing Account name.\n Der Kontoname der vertrauensvollen Signatur.\n \n \n \n The Certificate Profile name.\n Der Zertifikatprofilname.\n \n \n \n Use Trusted Signing. (obsolete, use artifact-signing instead)\n Verwenden Sie die vertrauenswürdige Signatur. (veraltet, stattdessen Artefaktsignierung verwenden)\n \n \n \n The Trusted Signing Account endpoint. The value must be a URI that aligns to the region that your Trusted Signing Account and Certificate Profile were created in.\n Der Endpunkt des Kontos der vertrauensvollen Signatur. Der Wert muss ein URI sein, der der Region entspricht, in der Ihr Konto der vertrauensvollen Signatur und das Zertifikatprofil erstellt wurden.\n \n \n \n \n"
},
{
"path": "src/Sign.Cli/xlf/TrustedSigningResources.es.xlf",
"content": "\n\n \n \n \n The Trusted Signing Account name.\n Nombre de la cuenta de firma de confianza.\n \n \n \n The Certificate Profile name.\n Nombre del perfil de certificado.\n \n \n \n Use Trusted Signing. (obsolete, use artifact-signing instead)\n Use la firma de confianza. (obsoleto, use la firma de artefactos en su lugar)\n \n \n \n The Trusted Signing Account endpoint. The value must be a URI that aligns to the region that your Trusted Signing Account and Certificate Profile were created in.\n Punto de conexión de la cuenta de firma de confianza. El valor debe ser un identificador URI que se alinee con la región en la que se han creado la cuenta de firma de confianza y el perfil de certificado.\n \n \n \n \n"
},
{
"path": "src/Sign.Cli/xlf/TrustedSigningResources.fr.xlf",
"content": "\n\n \n \n \n The Trusted Signing Account name.\n Nom de compte Signatures de confiance.\n \n \n \n The Certificate Profile name.\n Nom du profil de certificat.\n \n \n \n Use Trusted Signing. (obsolete, use artifact-signing instead)\n Utilisez le service Signatures de confiance. (obsolète, utilisez plutôt la signature d’artefact)\n \n \n \n The Trusted Signing Account endpoint. The value must be a URI that aligns to the region that your Trusted Signing Account and Certificate Profile were created in.\n Point de terminaison du compte Signatures de confiance. La valeur doit être un URI qui s’aligne sur la région dans laquelle votre compte Signatures de confiance et votre profil de certificat ont été créés.\n \n \n \n \n"
},
{
"path": "src/Sign.Cli/xlf/TrustedSigningResources.it.xlf",
"content": "\n\n \n \n \n The Trusted Signing Account name.\n Nome dell'account di firma attendibile.\n \n \n \n The Certificate Profile name.\n Nome profilo certificato.\n \n \n \n Use Trusted Signing. (obsolete, use artifact-signing instead)\n Usare Firma attendibile. (obsoleto, usare la firma artefatti)\n \n \n \n The Trusted Signing Account endpoint. The value must be a URI that aligns to the region that your Trusted Signing Account and Certificate Profile were created in.\n Endpoint dell'account di firma attendibile. Il valore deve essere un URI allineato all'area in cui sono stati creati l'account di firma attendibile e il profilo certificato.\n \n \n \n \n"
},
{
"path": "src/Sign.Cli/xlf/TrustedSigningResources.ja.xlf",
"content": "\n\n \n \n \n The Trusted Signing Account name.\n 信頼された署名のアカウント名。\n \n \n \n The Certificate Profile name.\n 証明書プロファイル名。\n \n \n \n Use Trusted Signing. (obsolete, use artifact-signing instead)\n 信頼された署名を使用します。(廃止されています。代わりに artifact-signing を使用してください)\n \n \n \n The Trusted Signing Account endpoint. The value must be a URI that aligns to the region that your Trusted Signing Account and Certificate Profile were created in.\n 信頼された署名アカウントのエンドポイント。値は、信頼された署名アカウントと証明書プロファイルが作成されたリージョンに合った URI である必要があります。\n \n \n \n \n"
},
{
"path": "src/Sign.Cli/xlf/TrustedSigningResources.ko.xlf",
"content": "\n\n \n \n \n The Trusted Signing Account name.\n 신뢰할 수 있는 서명 계정 이름입니다.\n \n \n \n The Certificate Profile name.\n 인증서 프로필 이름입니다.\n \n \n \n Use Trusted Signing. (obsolete, use artifact-signing instead)\n 신뢰할 수 있는 서명을 사용합니다. (사용되지 않음, 대신 아티팩트 서명 사용)\n \n \n \n The Trusted Signing Account endpoint. The value must be a URI that aligns to the region that your Trusted Signing Account and Certificate Profile were created in.\n 신뢰할 수 있는 서명 계정 엔드포인트입니다. 값은 신뢰할 수 있는 서명 계정 및 인증서 프로필이 생성된 지역에 맞는 URI여야 합니다.\n \n \n \n \n"
},
{
"path": "src/Sign.Cli/xlf/TrustedSigningResources.pl.xlf",
"content": "\n\n \n \n \n The Trusted Signing Account name.\n Nazwa konta usługi Zaufane podpisywanie.\n \n \n \n The Certificate Profile name.\n Nazwa profilu certyfikatu.\n \n \n \n Use Trusted Signing. (obsolete, use artifact-signing instead)\n Użyj usługi Zaufane podpisywanie. (przestarzałe, zamiast tego użyj rozwiązania Artifact Signing)\n \n \n \n The Trusted Signing Account endpoint. The value must be a URI that aligns to the region that your Trusted Signing Account and Certificate Profile were created in.\n Punkt końcowy konta usługi Zaufane podpisywanie. Wartość musi być identyfikatorem URI, który jest zgodny z regionem, w ramach którego utworzono konto usługi Zaufane podpisywanie i profil certyfikatu.\n \n \n \n \n"
},
{
"path": "src/Sign.Cli/xlf/TrustedSigningResources.pt-BR.xlf",
"content": "\n\n \n \n \n The Trusted Signing Account name.\n O nome da Conta de Assinatura Confiável.\n \n \n \n The Certificate Profile name.\n O nome do Perfil de Certificado.\n \n \n \n Use Trusted Signing. (obsolete, use artifact-signing instead)\n Use a Assinatura Confiável. (obsoleto, use a assinatura de artefatos)\n \n \n \n The Trusted Signing Account endpoint. The value must be a URI that aligns to the region that your Trusted Signing Account and Certificate Profile were created in.\n O ponto de extremidade da Conta de Assinatura Confiável. O valor deve ser uma URI que se alinhe à região em que sua Conta de Assinatura Confiável e o Perfil de Certificado foram criados.\n \n \n \n \n"
},
{
"path": "src/Sign.Cli/xlf/TrustedSigningResources.ru.xlf",
"content": "\n\n \n \n \n The Trusted Signing Account name.\n Имя учетной записи для доверенного подписания.\n \n \n \n The Certificate Profile name.\n Имя профиля сертификата.\n \n \n \n Use Trusted Signing. (obsolete, use artifact-signing instead)\n Используйте доверенное подписание. (устарело, вместо этого применяйте подписание артефактов)\n \n \n \n The Trusted Signing Account endpoint. The value must be a URI that aligns to the region that your Trusted Signing Account and Certificate Profile were created in.\n Конечная точка учетной записи для доверенного подписания. Значением должен быть URI, соответствующий региону, в котором созданы учетная запись для доверенного подписания и профиль сертификата.\n \n \n \n \n"
},
{
"path": "src/Sign.Cli/xlf/TrustedSigningResources.tr.xlf",
"content": "\n\n \n \n \n The Trusted Signing Account name.\n Güvenilir İmzalama Hesabı adı.\n \n \n \n The Certificate Profile name.\n Sertifika Profili adı.\n \n \n \n Use Trusted Signing. (obsolete, use artifact-signing instead)\n Güvenilen İmzalama hizmetini kullanın. (artık kullanılmıyor, bunun yerine yapıt imzalama kullanın)\n \n \n \n The Trusted Signing Account endpoint. The value must be a URI that aligns to the region that your Trusted Signing Account and Certificate Profile were created in.\n Güvenilir İmzalama Hesabı uç noktası. De, Güvenilir İmzalama Hesabınızın ve Sertifika Profilinin oluşturulduğu bölgeyle uyumlu bir URI olmalıdır.\n \n \n \n \n"
},
{
"path": "src/Sign.Cli/xlf/TrustedSigningResources.zh-Hans.xlf",
"content": "\n\n \n \n \n The Trusted Signing Account name.\n 受信任签名帐户名称。\n \n \n \n The Certificate Profile name.\n 证书配置文件名称。\n \n \n \n Use Trusted Signing. (obsolete, use artifact-signing instead)\n 使用受信任签名。(已过时,请改用工件签名)\n \n \n \n The Trusted Signing Account endpoint. The value must be a URI that aligns to the region that your Trusted Signing Account and Certificate Profile were created in.\n 受信任签名帐户终结点。该值必须是与创建受信任签名帐户和证书配置文件的区域相对应的 URI。\n \n \n \n \n"
},
{
"path": "src/Sign.Cli/xlf/TrustedSigningResources.zh-Hant.xlf",
"content": "\n\n \n \n \n The Trusted Signing Account name.\n 信任簽署帳戶名稱。\n \n \n \n The Certificate Profile name.\n 憑證設定檔名稱。\n \n \n \n Use Trusted Signing. (obsolete, use artifact-signing instead)\n 使用信任簽署。(已過時,請改用成品簽署)\n \n \n \n The Trusted Signing Account endpoint. The value must be a URI that aligns to the region that your Trusted Signing Account and Certificate Profile were created in.\n 信任簽署帳戶端點。值必須是 URI,且與您的信任簽署帳戶和憑證設定檔建立區域一致。\n \n \n \n \n"
},
{
"path": "src/Sign.Core/AppInitializer.cs",
"content": "// Licensed to the .NET Foundation under one or more agreements.\n// The .NET Foundation licenses this file to you under the MIT license.\n// See the LICENSE.txt file in the project root for more information.\n\nnamespace Sign.Core\n{\n internal static class AppInitializer\n {\n internal static void Initialize()\n {\n AppRootDirectoryLocator locator = new();\n DirectoryInfo appRootDirectory = locator.Directory;\n\n string baseDirectory = Path.Combine(appRootDirectory.FullName, \"tools\", \"SDK\", \"x64\");\n\n //\n // Ensure we invoke wintrust!DllMain before we get too far.\n // This will call wintrust!RegisterSipsFromIniFile and read in wintrust.dll.ini\n // to swap out some local SIPs. Internally, wintrust will call LoadLibraryW\n // on each DLL= entry, so we need to also adjust our DLL search path or we'll\n // load unwanted system-provided copies.\n //\n Kernel32.SetDllDirectoryW(baseDirectory);\n Kernel32.LoadLibraryW(Path.Combine(baseDirectory, \"wintrust.dll\"));\n Kernel32.LoadLibraryW(Path.Combine(baseDirectory, \"mssign32.dll\"));\n\n // This is here because we need to P/Invoke into clr.dll for _AxlPublicKeyBlobToPublicKeyToken.\n string windir = Environment.GetEnvironmentVariable(\"windir\")!;\n string netfxDir = Path.Combine(windir, \"Microsoft.NET\", \"Framework64\", \"v4.0.30319\");\n\n AddEnvironmentPath(netfxDir);\n }\n\n private static void AddEnvironmentPath(string path)\n {\n const string name = \"PATH\";\n\n string paths = Environment.GetEnvironmentVariable(name) ?? string.Empty;\n string newPaths = string.Join(Path.PathSeparator, paths, path);\n\n Environment.SetEnvironmentVariable(name, newPaths);\n }\n }\n}\n"
},
{
"path": "src/Sign.Core/Certificates/CertificateVerifier.cs",
"content": "// Licensed to the .NET Foundation under one or more agreements.\n// The .NET Foundation licenses this file to you under the MIT license.\n// See the LICENSE.txt file in the project root for more information.\n\nusing System.Security.Cryptography.X509Certificates;\nusing Microsoft.Extensions.Logging;\n\nnamespace Sign.Core\n{\n internal sealed class CertificateVerifier : ICertificateVerifier\n {\n private readonly ILogger _logger;\n\n // Dependency injection requires a public constructor.\n public CertificateVerifier(ILogger logger)\n {\n ArgumentNullException.ThrowIfNull(logger, nameof(logger));\n\n _logger = logger;\n }\n\n public void Verify(X509Certificate2 certificate)\n {\n ArgumentNullException.ThrowIfNull(certificate, nameof(certificate));\n\n DateTime now = DateTime.Now;\n\n if (now < certificate.NotBefore)\n {\n // See https://github.com/dotnet/roslyn-analyzers/issues/5626\n#pragma warning disable CA2254 // Template should be a static expression\n _logger.LogError(Resources.CertificateIsNotYetTimeValid);\n throw new SigningException(Resources.CertificateIsNotYetTimeValid);\n }\n else if (certificate.NotAfter < now)\n {\n _logger.LogError(Resources.CertificateIsExpired);\n throw new SigningException(Resources.CertificateIsExpired);\n#pragma warning restore CA2254 // Template should be a static expression\n }\n }\n }\n}"
},
{
"path": "src/Sign.Core/Certificates/ICertificateVerifier.cs",
"content": "// Licensed to the .NET Foundation under one or more agreements.\n// The .NET Foundation licenses this file to you under the MIT license.\n// See the LICENSE.txt file in the project root for more information.\n\nusing System.Security.Cryptography.X509Certificates;\n\nnamespace Sign.Core\n{\n internal interface ICertificateVerifier\n {\n void Verify(X509Certificate2 certificate);\n }\n}"
},
{
"path": "src/Sign.Core/Containers/AppxBundleContainer.cs",
"content": "// Licensed to the .NET Foundation under one or more agreements.\n// The .NET Foundation licenses this file to you under the MIT license.\n// See the LICENSE.txt file in the project root for more information.\n\nusing System.Xml.Linq;\nusing Microsoft.Extensions.Logging;\n\nnamespace Sign.Core\n{\n internal sealed class AppxBundleContainer : Container\n {\n private readonly FileInfo _appxBundle;\n private string? _bundleVersion;\n private readonly IDirectoryService _directoryService;\n private readonly ILogger _logger;\n private readonly IMakeAppxCli _makeAppxCli;\n\n public AppxBundleContainer(\n FileInfo appxBundle,\n IDirectoryService directoryService,\n IFileMatcher fileMatcher,\n IMakeAppxCli makeAppxCli,\n ILogger logger)\n : base(fileMatcher)\n {\n ArgumentNullException.ThrowIfNull(appxBundle, nameof(appxBundle));\n ArgumentNullException.ThrowIfNull(directoryService, nameof(directoryService));\n ArgumentNullException.ThrowIfNull(makeAppxCli, nameof(makeAppxCli));\n ArgumentNullException.ThrowIfNull(logger, nameof(logger));\n\n _appxBundle = appxBundle;\n _directoryService = directoryService;\n _makeAppxCli = makeAppxCli;\n _logger = logger;\n }\n\n public override async ValueTask OpenAsync()\n {\n if (TemporaryDirectory is not null)\n {\n throw new InvalidOperationException();\n }\n\n TemporaryDirectory = new TemporaryDirectory(_directoryService);\n\n var args = $@\"unbundle /p \"\"{_appxBundle.FullName}\"\" /d \"\"{TemporaryDirectory!.Directory.FullName}\"\" /o\";\n\n await _makeAppxCli.RunAsync(args);\n\n _bundleVersion = GetBundleVersion();\n }\n\n public override async ValueTask SaveAsync()\n {\n if (TemporaryDirectory is null)\n {\n throw new InvalidOperationException();\n }\n\n using (TemporaryDirectory temporaryDirectory = new(_directoryService))\n {\n FileInfo newAppxBundle = new(Path.Combine(temporaryDirectory.Directory.FullName, _appxBundle.Name));\n\n var args = $@\"bundle /d \"\"{TemporaryDirectory.Directory.FullName}\"\" /p \"\"{newAppxBundle.FullName}\"\" /bv {_bundleVersion} /o\";\n\n await _makeAppxCli.RunAsync(args);\n\n _appxBundle.Delete();\n\n File.Move(newAppxBundle.FullName, _appxBundle.FullName, overwrite: true);\n\n _appxBundle.Refresh();\n }\n }\n\n private string? GetBundleVersion()\n {\n string fileName = Path.Combine(TemporaryDirectory!.Directory.FullName, \"AppxMetadata\", \"AppxBundleManifest.xml\");\n\n using (FileStream stream = File.OpenRead(fileName))\n {\n XDocument manifest = XDocument.Load(stream, LoadOptions.PreserveWhitespace);\n XNamespace ns = \"http://schemas.microsoft.com/appx/2013/bundle\";\n\n return manifest.Root?.Element(ns + \"Identity\")?.Attribute(\"Version\")?.Value;\n }\n }\n }\n}"
},
{
"path": "src/Sign.Core/Containers/AppxContainer.cs",
"content": "// Licensed to the .NET Foundation under one or more agreements.\n// The .NET Foundation licenses this file to you under the MIT license.\n// See the LICENSE.txt file in the project root for more information.\n\nusing System.Security.Cryptography.X509Certificates;\nusing System.Xml.Linq;\nusing Microsoft.Extensions.Logging;\n\nnamespace Sign.Core\n{\n // Unpacking and repacking an appx will strip it of its signature\n // We can also update the publisher of the appxmanifest\n internal sealed class AppxContainer : Container\n {\n private readonly FileInfo _appx;\n private readonly IDirectoryService _directoryService;\n private readonly ICertificateProvider _certificateProvider;\n private readonly ILogger _logger;\n private readonly IMakeAppxCli _makeAppxCli;\n\n public AppxContainer(\n FileInfo appx,\n ICertificateProvider certificateProvider,\n IDirectoryService directoryService,\n IFileMatcher fileMatcher,\n IMakeAppxCli makeAppxCli,\n ILogger logger)\n : base(fileMatcher)\n {\n ArgumentNullException.ThrowIfNull(appx, nameof(appx));\n ArgumentNullException.ThrowIfNull(certificateProvider, nameof(certificateProvider));\n ArgumentNullException.ThrowIfNull(directoryService, nameof(directoryService));\n ArgumentNullException.ThrowIfNull(makeAppxCli, nameof(makeAppxCli));\n ArgumentNullException.ThrowIfNull(logger, nameof(logger));\n\n _appx = appx;\n _directoryService = directoryService;\n _certificateProvider = certificateProvider;\n _makeAppxCli = makeAppxCli;\n _logger = logger;\n }\n\n public override async ValueTask OpenAsync()\n {\n if (TemporaryDirectory is not null)\n {\n throw new InvalidOperationException();\n }\n\n TemporaryDirectory = new TemporaryDirectory(_directoryService);\n\n _logger.LogInformation(\n Resources.OpeningContainer,\n _appx.FullName,\n TemporaryDirectory.Directory.FullName);\n\n var args = $@\"unpack /p \"\"{_appx.FullName}\"\" /d \"\"{TemporaryDirectory!.Directory.FullName}\"\" /l /o\";\n\n await _makeAppxCli.RunAsync(args);\n\n await UpdateManifestPublisherAsync();\n }\n\n public override async ValueTask SaveAsync()\n {\n if (TemporaryDirectory is null)\n {\n throw new InvalidOperationException();\n }\n\n using (TemporaryDirectory temporaryDirectory = new(_directoryService))\n {\n FileInfo newAppx = new(Path.Combine(temporaryDirectory.Directory.FullName, _appx.Name));\n\n var args = $@\"pack /d \"\"{TemporaryDirectory!.Directory.FullName}\"\" /p \"\"{newAppx.FullName}\"\" /o /l\";\n\n await _makeAppxCli.RunAsync(args);\n\n _appx.Delete();\n\n File.Move(newAppx.FullName, _appx.FullName, overwrite: true);\n\n _appx.Refresh();\n }\n }\n\n private async Task UpdateManifestPublisherAsync()\n {\n FileInfo appxManifest = new(Path.Combine(TemporaryDirectory!.Directory.FullName, \"AppxManifest.xml\"));\n XDocument manifest;\n\n using (FileStream stream = appxManifest.OpenRead())\n {\n manifest = XDocument.Load(stream, LoadOptions.PreserveWhitespace);\n XNamespace ns = \"http://schemas.microsoft.com/appx/manifest/foundation/windows10\";\n\n XElement? idElement = manifest.Root?.Element(ns + \"Identity\");\n\n if (idElement is not null)\n {\n using (X509Certificate2 certificate = await _certificateProvider.GetCertificateAsync())\n {\n string publisher = certificate.SubjectName.Name;\n\n idElement.SetAttributeValue(\"Publisher\", publisher);\n }\n }\n }\n\n using (FileStream stream = appxManifest.Open(FileMode.Create, FileAccess.Write, FileShare.None))\n {\n manifest.Save(stream);\n }\n }\n }\n}"
},
{
"path": "src/Sign.Core/Containers/Container.cs",
"content": "// Licensed to the .NET Foundation under one or more agreements.\n// The .NET Foundation licenses this file to you under the MIT license.\n// See the LICENSE.txt file in the project root for more information.\n\nusing Microsoft.Extensions.FileSystemGlobbing;\nusing Microsoft.Extensions.FileSystemGlobbing.Abstractions;\n\nnamespace Sign.Core\n{\n internal abstract class Container : IContainer\n {\n private readonly IFileMatcher _fileMatcher;\n\n protected TemporaryDirectory? TemporaryDirectory { get; set; }\n\n protected Container(IFileMatcher fileMatcher)\n {\n ArgumentNullException.ThrowIfNull(fileMatcher, nameof(fileMatcher));\n\n _fileMatcher = fileMatcher;\n }\n\n public virtual void Dispose()\n {\n TemporaryDirectory?.Dispose();\n }\n\n public IEnumerable GetFiles()\n {\n if (TemporaryDirectory is null)\n {\n throw new InvalidOperationException();\n }\n\n return TemporaryDirectory.Directory.EnumerateFiles(\"*\", SearchOption.AllDirectories);\n }\n\n public IEnumerable GetFiles(Matcher matcher)\n {\n ArgumentNullException.ThrowIfNull(matcher, nameof(matcher));\n\n if (TemporaryDirectory is null)\n {\n throw new InvalidOperationException();\n }\n\n DirectoryInfoWrapper directoryInfo = new(TemporaryDirectory.Directory);\n\n return _fileMatcher.EnumerateMatches(directoryInfo, matcher);\n }\n\n public abstract ValueTask OpenAsync();\n public abstract ValueTask SaveAsync();\n }\n}"
},
{
"path": "src/Sign.Core/Containers/ContainerProvider.cs",
"content": "// Licensed to the .NET Foundation under one or more agreements.\n// The .NET Foundation licenses this file to you under the MIT license.\n// See the LICENSE.txt file in the project root for more information.\n\nusing Microsoft.Extensions.Logging;\n\nnamespace Sign.Core\n{\n internal sealed class ContainerProvider : IContainerProvider\n {\n private readonly HashSet _appxBundleExtensions;\n private readonly HashSet _appxExtensions;\n private readonly IDirectoryService _directoryService;\n private readonly IFileMatcher _fileMatcher;\n private readonly ICertificateProvider _certificateProvider;\n private readonly ILogger _logger;\n private readonly IMakeAppxCli _makeAppxCli;\n private readonly HashSet _nuGetExtensions;\n private readonly HashSet _zipExtensions;\n\n // Dependency injection requires a public constructor.\n public ContainerProvider(\n ICertificateProvider certificateProvider,\n IDirectoryService directoryService,\n IFileMatcher fileMatcher,\n IMakeAppxCli makeAppxCli,\n ILogger logger)\n {\n ArgumentNullException.ThrowIfNull(certificateProvider, nameof(certificateProvider));\n ArgumentNullException.ThrowIfNull(directoryService, nameof(directoryService));\n ArgumentNullException.ThrowIfNull(fileMatcher, nameof(fileMatcher));\n ArgumentNullException.ThrowIfNull(makeAppxCli, nameof(makeAppxCli));\n ArgumentNullException.ThrowIfNull(logger, nameof(logger));\n\n _certificateProvider = certificateProvider;\n _directoryService = directoryService;\n _fileMatcher = fileMatcher;\n _makeAppxCli = makeAppxCli;\n _logger = logger;\n\n _appxBundleExtensions = new HashSet(StringComparer.OrdinalIgnoreCase)\n {\n \".appxbundle\",\n \".eappxbundle\",\n \".emsixbundle\",\n \".msixbundle\"\n };\n\n _appxExtensions = new HashSet(StringComparer.OrdinalIgnoreCase)\n {\n \".appx\",\n \".eappx\",\n \".emsix\",\n \".msix\"\n };\n\n _nuGetExtensions = new HashSet(StringComparer.OrdinalIgnoreCase)\n {\n \".nupkg\",\n \".snupkg\"\n };\n\n _zipExtensions = new HashSet(StringComparer.OrdinalIgnoreCase)\n {\n \".appxupload\",\n \".clickonce\",\n \".msixupload\",\n \".vsix\",\n \".zip\"\n };\n }\n\n public bool IsAppxBundleContainer(FileInfo file)\n {\n ArgumentNullException.ThrowIfNull(file, nameof(file));\n\n return _appxBundleExtensions.Contains(file.Extension);\n }\n\n public bool IsAppxContainer(FileInfo file)\n {\n ArgumentNullException.ThrowIfNull(file, nameof(file));\n\n return _appxExtensions.Contains(file.Extension);\n }\n\n public bool IsNuGetContainer(FileInfo file)\n {\n ArgumentNullException.ThrowIfNull(file, nameof(file));\n\n return _nuGetExtensions.Contains(file.Extension);\n }\n\n public bool IsZipContainer(FileInfo file)\n {\n ArgumentNullException.ThrowIfNull(file, nameof(file));\n\n return _zipExtensions.Contains(file.Extension);\n }\n\n public IContainer? GetContainer(FileInfo file)\n {\n ArgumentNullException.ThrowIfNull(file, nameof(file));\n\n if (IsAppxBundleContainer(file))\n {\n return new AppxBundleContainer(file, _directoryService, _fileMatcher, _makeAppxCli, _logger);\n }\n\n if (IsAppxContainer(file))\n {\n return new AppxContainer(file, _certificateProvider, _directoryService, _fileMatcher, _makeAppxCli, _logger);\n }\n\n if (IsZipContainer(file))\n {\n return new ZipContainer(file, _directoryService, _fileMatcher, _logger);\n }\n\n if (IsNuGetContainer(file))\n {\n return new NuGetContainer(file, _directoryService, _fileMatcher, _logger);\n }\n\n return null;\n }\n }\n}"
},
{
"path": "src/Sign.Core/Containers/IContainer.cs",
"content": "// Licensed to the .NET Foundation under one or more agreements.\n// The .NET Foundation licenses this file to you under the MIT license.\n// See the LICENSE.txt file in the project root for more information.\n\nusing Microsoft.Extensions.FileSystemGlobbing;\n\nnamespace Sign.Core\n{\n internal interface IContainer : IDisposable\n {\n IEnumerable GetFiles();\n IEnumerable GetFiles(Matcher matcher);\n\n ValueTask OpenAsync();\n ValueTask SaveAsync();\n }\n}"
},
{
"path": "src/Sign.Core/Containers/IContainerProvider.cs",
"content": "// Licensed to the .NET Foundation under one or more agreements.\n// The .NET Foundation licenses this file to you under the MIT license.\n// See the LICENSE.txt file in the project root for more information.\n\nnamespace Sign.Core\n{\n internal interface IContainerProvider\n {\n bool IsAppxBundleContainer(FileInfo file);\n bool IsAppxContainer(FileInfo file);\n bool IsNuGetContainer(FileInfo file);\n bool IsZipContainer(FileInfo file);\n IContainer? GetContainer(FileInfo file);\n }\n}"
},
{
"path": "src/Sign.Core/Containers/NuGetContainer.cs",
"content": "// Licensed to the .NET Foundation under one or more agreements.\n// The .NET Foundation licenses this file to you under the MIT license.\n// See the LICENSE.txt file in the project root for more information.\n\nusing Microsoft.Extensions.Logging;\nusing NuGet.Packaging.Signing;\n\nnamespace Sign.Core\n{\n internal sealed class NuGetContainer : ZipContainer\n {\n internal NuGetContainer(\n FileInfo zipFile,\n IDirectoryService directoryService,\n IFileMatcher fileMatcher,\n ILogger logger)\n : base(zipFile, directoryService, fileMatcher, logger)\n {\n }\n\n public override ValueTask SaveAsync()\n {\n if (TemporaryDirectory is null)\n {\n throw new InvalidOperationException();\n }\n\n FileInfo signatureFile = new(\n Path.Combine(\n TemporaryDirectory.Directory.FullName,\n SigningSpecifications.V1.SignaturePath));\n\n if (signatureFile.Exists)\n {\n signatureFile.Delete();\n }\n\n return base.SaveAsync();\n }\n }\n}"
},
{
"path": "src/Sign.Core/Containers/ZipContainer.cs",
"content": "// Licensed to the .NET Foundation under one or more agreements.\n// The .NET Foundation licenses this file to you under the MIT license.\n// See the LICENSE.txt file in the project root for more information.\n\nusing System.IO.Compression;\nusing Microsoft.Extensions.Logging;\n\nnamespace Sign.Core\n{\n internal class ZipContainer : Container\n {\n private readonly IDirectoryService _directoryService;\n private readonly ILogger _logger;\n private readonly FileInfo _zipFile;\n\n internal ZipContainer(\n FileInfo zipFile,\n IDirectoryService directoryService,\n IFileMatcher fileMatcher,\n ILogger logger)\n : base(fileMatcher)\n {\n ArgumentNullException.ThrowIfNull(zipFile, nameof(zipFile));\n ArgumentNullException.ThrowIfNull(directoryService, nameof(directoryService));\n ArgumentNullException.ThrowIfNull(logger, nameof(logger));\n\n _directoryService = directoryService;\n _logger = logger;\n _zipFile = zipFile;\n }\n\n public override ValueTask OpenAsync()\n {\n if (TemporaryDirectory is not null)\n {\n throw new InvalidOperationException();\n }\n\n TemporaryDirectory = new TemporaryDirectory(_directoryService);\n\n _logger.LogInformation(\n Resources.OpeningContainer,\n _zipFile.FullName,\n TemporaryDirectory.Directory.FullName);\n\n ZipFile.ExtractToDirectory(_zipFile.FullName, TemporaryDirectory.Directory.FullName);\n\n return ValueTask.CompletedTask;\n }\n\n public override ValueTask SaveAsync()\n {\n if (TemporaryDirectory is null)\n {\n throw new InvalidOperationException();\n }\n\n _logger.LogInformation(\n Resources.SavingContainer,\n _zipFile.FullName,\n TemporaryDirectory.Directory.FullName);\n\n using (TemporaryDirectory temporaryDirectory = new(_directoryService))\n {\n string destinationFilePath = Path.Combine(temporaryDirectory.Directory.FullName, _zipFile.Name);\n\n ZipFile.CreateFromDirectory(TemporaryDirectory.Directory.FullName, destinationFilePath, CompressionLevel.Optimal, false);\n\n _zipFile.Delete();\n\n File.Move(destinationFilePath, _zipFile.FullName, overwrite: true);\n\n _zipFile.Refresh();\n }\n\n return ValueTask.CompletedTask;\n }\n }\n}"
},
{
"path": "src/Sign.Core/DataFormatSigners/AggregatingSigner.cs",
"content": "// Licensed to the .NET Foundation under one or more agreements.\n// The .NET Foundation licenses this file to you under the MIT license.\n// See the LICENSE.txt file in the project root for more information.\n\nusing Microsoft.Extensions.FileSystemGlobbing;\n\nnamespace Sign.Core\n{\n internal sealed class AggregatingSigner : IAggregatingDataFormatSigner\n {\n private readonly IContainerProvider _containerProvider;\n private readonly IDefaultDataFormatSigner _defaultSigner;\n private readonly IFileMetadataService _fileMetadataService;\n private readonly IMatcherFactory _matcherFactory;\n private readonly IEnumerable _signers;\n\n // Dependency injection requires a public constructor.\n public AggregatingSigner(\n IEnumerable signers,\n IDefaultDataFormatSigner defaultSigner,\n IContainerProvider containerProvider,\n IFileMetadataService fileMetadataService,\n IMatcherFactory matcherFactory)\n {\n ArgumentNullException.ThrowIfNull(signers, nameof(signers));\n ArgumentNullException.ThrowIfNull(defaultSigner, nameof(defaultSigner));\n ArgumentNullException.ThrowIfNull(containerProvider, nameof(containerProvider));\n ArgumentNullException.ThrowIfNull(fileMetadataService, nameof(fileMetadataService));\n ArgumentNullException.ThrowIfNull(matcherFactory, nameof(matcherFactory));\n\n _signers = signers;\n _defaultSigner = defaultSigner;\n _containerProvider = containerProvider;\n _fileMetadataService = fileMetadataService;\n _matcherFactory = matcherFactory;\n }\n\n public bool CanSign(FileInfo file)\n {\n ArgumentNullException.ThrowIfNull(file, nameof(file));\n\n foreach (IDataFormatSigner signer in _signers)\n {\n if (signer.CanSign(file))\n {\n return true;\n }\n }\n\n string extension = file.Extension.ToLowerInvariant();\n\n return extension switch\n {\n // archives\n \".zip\" or \".appxupload\" or \".msixupload\" => true,\n _ => false\n };\n }\n\n public async Task SignAsync(IEnumerable files, SignOptions options)\n {\n ArgumentNullException.ThrowIfNull(files, nameof(files));\n ArgumentNullException.ThrowIfNull(options, nameof(options));\n\n if (options.RecurseContainers)\n {\n await SignContainerContentsAsync(files, options);\n }\n\n // split by code sign service and fallback to default\n\n var grouped = (from signer in _signers\n from file in files\n where signer.CanSign(file)\n group file by signer into groups\n select groups).ToList();\n\n // get all files and exclude existing; \n\n // This is to catch PE files that don't have the correct extension set\n var defaultFiles = files.Except(grouped.SelectMany(g => g))\n .Where(_fileMetadataService.IsPortableExecutable)\n .Select(f => new { _defaultSigner.Signer, f })\n .GroupBy(a => a.Signer, k => k.f)\n .SingleOrDefault(); // one group here\n\n if (defaultFiles != null)\n {\n grouped.Add(defaultFiles);\n }\n\n await Task.WhenAll(grouped.Select(g => g.Key.SignAsync(g.ToList(), options)));\n }\n\n private async Task SignContainerContentsAsync(IEnumerable files, SignOptions options)\n {\n // See if any of them are archives\n List archives = (from file in files\n where _containerProvider.IsZipContainer(file) || _containerProvider.IsNuGetContainer(file)\n select file).ToList();\n\n // expand the archives and sign recursively first\n List containers = new();\n\n try\n {\n foreach (FileInfo archive in archives)\n {\n IContainer container = _containerProvider.GetContainer(archive)!;\n\n await container.OpenAsync();\n\n containers.Add(container);\n }\n\n // See if there's any files in the expanded zip that we need to sign\n List allFiles = containers\n .SelectMany(container => GetFiles(container, options))\n .ToList();\n\n if (allFiles.Count > 0)\n {\n // Send the files from the archives through the aggregator to sign\n await SignAsync(allFiles, options);\n\n // After signing the contents, save the zip\n // For NuPkg, this step removes the signature too, but that's ok as it'll get signed below\n await Parallel.ForEachAsync(containers, (container, cancellationToken) => container.SaveAsync());\n }\n }\n finally\n {\n containers.ForEach(tz => tz.Dispose());\n containers.Clear();\n }\n\n // See if there's any appx's in here, process them recursively first to sign the inner files\n List appxs = (from file in files\n where _containerProvider.IsAppxContainer(file)\n select file).ToList();\n\n // See if there's any appxbundles here, process them recursively first\n // expand the archives and sign recursively first\n // This will also update the publisher information to get it ready for signing\n try\n {\n foreach (FileInfo appx in appxs)\n {\n IContainer container = _containerProvider.GetContainer(appx)!;\n\n await container.OpenAsync();\n\n containers.Add(container);\n }\n\n // See if there's any files in the expanded zip that we need to sign\n List allFiles = containers\n .SelectMany(container => GetFiles(container, options))\n .ToList();\n\n if (allFiles.Count > 0)\n {\n // Send the files from the archives through the aggregator to sign\n await SignAsync(allFiles, options);\n }\n\n // Save the appx with the updated publisher info\n await Parallel.ForEachAsync(containers, (container, cancellationToken) => container.SaveAsync());\n }\n finally\n {\n containers.ForEach(tz => tz.Dispose());\n containers.Clear();\n }\n\n List bundles = (from file in files\n where _containerProvider.IsAppxBundleContainer(file)\n select file).ToList();\n\n try\n {\n foreach (FileInfo bundle in bundles)\n {\n IContainer container = _containerProvider.GetContainer(bundle)!;\n\n await container.OpenAsync();\n\n containers.Add(container);\n }\n\n Matcher appxBundleFileMatcher = _matcherFactory.Create();\n\n appxBundleFileMatcher.AddInclude(\"**/*.appx\");\n appxBundleFileMatcher.AddInclude(\"**/*.msix\");\n\n // See if there's any files in the expanded zip that we need to sign\n List allFiles = containers.SelectMany(tz => tz.GetFiles(appxBundleFileMatcher)).ToList();\n\n if (allFiles.Count > 0)\n {\n // Send the files from the archives through the aggregator to sign\n await SignAsync(allFiles, options);\n\n // After signing the contents, save the zip\n await Parallel.ForEachAsync(containers, (container, cancellationToken) => container.SaveAsync());\n }\n }\n finally\n {\n containers.ForEach(tz => tz.Dispose());\n containers.Clear();\n }\n }\n\n\n public void CopySigningDependencies(FileInfo file, DirectoryInfo destination, SignOptions options)\n {\n // pass the handling for this down to the actual implementations\n foreach (IDataFormatSigner signer in _signers)\n {\n if (signer.CanSign(file))\n {\n signer.CopySigningDependencies(file, destination, options);\n }\n }\n }\n\n private static IEnumerable GetFiles(IContainer container, SignOptions options)\n {\n IEnumerable files;\n\n if (options.Matcher is null)\n {\n // If not filtered, default to all\n files = container.GetFiles();\n }\n else\n {\n files = container.GetFiles(options.Matcher);\n }\n\n if (options.AntiMatcher is not null)\n {\n IEnumerable antiFiles = container.GetFiles(options.AntiMatcher);\n\n files = files.Except(antiFiles, FileInfoComparer.Instance).ToList();\n }\n\n return files;\n }\n }\n}\n"
},
{
"path": "src/Sign.Core/DataFormatSigners/AppInstallerServiceSigner.cs",
"content": "// Licensed to the .NET Foundation under one or more agreements.\n// The .NET Foundation licenses this file to you under the MIT license.\n// See the LICENSE.txt file in the project root for more information.\n\nusing System.Diagnostics.CodeAnalysis;\nusing System.Security.Cryptography.X509Certificates;\nusing System.Xml.Linq;\nusing Microsoft.Extensions.Logging;\n\nnamespace Sign.Core\n{\n // Not really signing anything, but updates the manifest file with the\n // correct publisher information\n internal sealed class AppInstallerServiceSigner : IDataFormatSigner\n {\n // Windows 10, version 1709.\n internal static readonly XNamespace AppInstaller2017 = XNamespace.Get(\"http://schemas.microsoft.com/appx/appinstaller/2017\");\n // Windows 10, version 1803.\n internal static readonly XNamespace AppInstaller2017_2 = XNamespace.Get(\"http://schemas.microsoft.com/appx/appinstaller/2017/2\");\n // Windows 10, version 1809.\n internal static readonly XNamespace AppInstaller2018 = XNamespace.Get(\"http://schemas.microsoft.com/appx/appinstaller/2018\");\n // Windows version 21H2 build 22000\n internal static readonly XNamespace AppInstaller2021 = XNamespace.Get(\"http://schemas.microsoft.com/appx/appinstaller/2021\");\n\n private readonly ICertificateProvider _certificateProvider;\n private readonly ILogger _logger;\n\n // Dependency injection requires a public constructor.\n public AppInstallerServiceSigner(\n ICertificateProvider certificateProvider,\n ILogger logger)\n {\n ArgumentNullException.ThrowIfNull(certificateProvider, nameof(certificateProvider));\n ArgumentNullException.ThrowIfNull(logger, nameof(logger));\n\n _certificateProvider = certificateProvider;\n _logger = logger;\n }\n\n public bool CanSign(FileInfo file)\n {\n ArgumentNullException.ThrowIfNull(file, nameof(file));\n\n return string.Equals(file.Extension, \".appinstaller\", StringComparison.OrdinalIgnoreCase);\n }\n\n public async Task SignAsync(IEnumerable files, SignOptions options)\n {\n ArgumentNullException.ThrowIfNull(files, nameof(files));\n ArgumentNullException.ThrowIfNull(options, nameof(options));\n\n _logger.LogInformation(Resources.EditingAppInstaller, files.Count());\n\n using (X509Certificate2 certificate = await _certificateProvider.GetCertificateAsync().ConfigureAwait(false))\n {\n // We need to open the files, and update the publisher value\n foreach (FileInfo file in files)\n {\n XDocument manifest;\n using (FileStream stream = file.OpenRead())\n {\n manifest = XDocument.Load(stream, LoadOptions.PreserveWhitespace);\n\n if (TryGetMainElement(manifest, out XElement? mainElement))\n {\n string publisher = certificate.SubjectName.Name;\n\n mainElement.SetAttributeValue(\"Publisher\", publisher);\n }\n }\n\n using (FileStream stream = file.Open(FileMode.Create, FileAccess.Write, FileShare.None))\n {\n manifest.Save(stream);\n }\n }\n }\n }\n\n internal static bool TryGetMainElement(XDocument appInstallerManifest, [NotNullWhen(true)] out XElement? mainElement)\n {\n mainElement = null;\n\n XElement? rootElement = appInstallerManifest.Root;\n\n if (rootElement is null)\n {\n return false;\n }\n\n XNamespace[] xmlNamespaces = [AppInstaller2017, AppInstaller2017_2, AppInstaller2018, AppInstaller2021];\n\n foreach (XNamespace xmlNamespace in xmlNamespaces)\n {\n mainElement = rootElement.Element(xmlNamespace + \"MainBundle\") ?? rootElement.Element(xmlNamespace + \"MainPackage\");\n\n if (mainElement is not null)\n {\n return true;\n }\n }\n\n return false;\n }\n }\n}\n"
},
{
"path": "src/Sign.Core/DataFormatSigners/AzureSignToolSigner.cs",
"content": "// Licensed to the .NET Foundation under one or more agreements.\n// The .NET Foundation licenses this file to you under the MIT license.\n// See the LICENSE.txt file in the project root for more information.\n\nusing System.Globalization;\nusing System.Runtime.ExceptionServices;\nusing System.Security.Cryptography;\nusing System.Security.Cryptography.X509Certificates;\nusing AzureSign.Core;\nusing Microsoft.Extensions.Logging;\n\nnamespace Sign.Core\n{\n internal class AzureSignToolSigner : IAzureSignToolDataFormatSigner\n {\n // COM-based signing of .js and .vbs files requires an STA thread.\n // See https://github.com/dotnet/sign/issues/880\n private static readonly HashSet StaThreadExtensions = new(StringComparer.OrdinalIgnoreCase)\n {\n \".js\",\n \".vbs\"\n };\n\n internal const int S_OK = 0;\n\n private readonly ICertificateProvider _certificateProvider;\n private readonly ISignatureAlgorithmProvider _signatureAlgorithmProvider;\n private readonly ILogger _logger;\n private readonly IReadOnlyList _signableFileTypes;\n private readonly IToolConfigurationProvider _toolConfigurationProvider;\n\n // Dependency injection requires a public constructor.\n public AzureSignToolSigner(\n IToolConfigurationProvider toolConfigurationProvider,\n ISignatureAlgorithmProvider signatureAlgorithmProvider,\n ICertificateProvider certificateProvider,\n ILogger logger)\n {\n ArgumentNullException.ThrowIfNull(toolConfigurationProvider, nameof(toolConfigurationProvider));\n ArgumentNullException.ThrowIfNull(signatureAlgorithmProvider, nameof(signatureAlgorithmProvider));\n ArgumentNullException.ThrowIfNull(certificateProvider, nameof(certificateProvider));\n ArgumentNullException.ThrowIfNull(logger, nameof(logger));\n\n _signatureAlgorithmProvider = signatureAlgorithmProvider;\n _certificateProvider = certificateProvider;\n _signatureAlgorithmProvider = signatureAlgorithmProvider;\n _logger = logger;\n _toolConfigurationProvider = toolConfigurationProvider;\n\n _signableFileTypes = new List()\n {\n // For PowerShell file extensions, see https://github.com/PowerShell/PowerShell/blob/2f4f585e7fe075f5c1669397ae738c554fa18391/src/System.Management.Automation/security/SecurityManager.cs#L97C1-L106C10\n new SignableFileTypeByExtension(\n \".appx\",\n \".appxbundle\",\n \".cab\",\n \".cat\",\n \".cdxml\", // PowerShell cmdlet definition XML\n \".dll\",\n \".eappx\",\n \".eappxbundle\",\n \".emsix\",\n \".emsixbundle\",\n \".exe\",\n \".js\",\n \".msi\",\n \".msix\",\n \".msixbundle\",\n \".msm\",\n \".msp\",\n \".mst\",\n \".ocx\",\n \".ps1\", // PowerShell script files\n \".ps1xml\", // PowerShell display configuration files\n \".psd1\", // PowerShell data files\n \".psm1\", // PowerShell module files\n \".stl\",\n \".sys\",\n \".vbs\",\n \".vxd\",\n \".winmd\"\n ),\n new DynamicsBusinessCentralAppFileType()\n };\n }\n\n public bool CanSign(FileInfo file)\n {\n ArgumentNullException.ThrowIfNull(file, nameof(file));\n\n foreach (ISignableFileType signableFileType in _signableFileTypes)\n {\n if (signableFileType.IsMatch(file))\n {\n return true;\n }\n }\n\n return false;\n }\n\n public async Task SignAsync(IEnumerable files, SignOptions options)\n {\n ArgumentNullException.ThrowIfNull(files, nameof(files));\n ArgumentNullException.ThrowIfNull(options, nameof(options));\n\n _logger.LogInformation(Resources.AzureSignToolSignatureProviderSigning, files.Count());\n\n TimeStampConfiguration timestampConfiguration;\n\n if (options.TimestampService is null)\n {\n timestampConfiguration = TimeStampConfiguration.None;\n }\n else\n {\n timestampConfiguration = new(options.TimestampService.AbsoluteUri, options.TimestampHashAlgorithm, TimeStampType.RFC3161);\n }\n\n using (X509Certificate2 certificate = await _certificateProvider.GetCertificateAsync())\n using (RSA rsa = await _signatureAlgorithmProvider.GetRsaAsync())\n using (AuthenticodeKeyVaultSigner signer = new(\n rsa,\n certificate,\n options.FileHashAlgorithm,\n timestampConfiguration))\n {\n // Partition files: STA-required files (.js, .vbs) are signed sequentially\n // to avoid blocking ThreadPool threads (each STA call uses thread.Join()).\n // Non-STA files are signed in parallel as before.\n List staFiles = new();\n List nonStaFiles = new();\n\n foreach (FileInfo file in files)\n {\n if (StaThreadExtensions.Contains(file.Extension))\n {\n staFiles.Add(file);\n }\n else\n {\n nonStaFiles.Add(file);\n }\n }\n\n foreach (FileInfo file in staFiles)\n {\n if (!await SignAsync(signer, file, options))\n {\n string message = string.Format(CultureInfo.CurrentCulture, Resources.SigningFailed, file.FullName);\n\n throw new SigningException(message);\n }\n }\n\n await Parallel.ForEachAsync(nonStaFiles, async (file, state) =>\n {\n if (!await SignAsync(signer, file, options))\n {\n string message = string.Format(CultureInfo.CurrentCulture, Resources.SigningFailed, file.FullName);\n\n throw new SigningException(message);\n }\n });\n }\n }\n\n // Inspired from https://github.com/squaredup/bettersigntool/blob/master/bettersigntool/bettersigntool/SignCommand.cs\n private async Task SignAsync(\n AuthenticodeKeyVaultSigner signer,\n FileInfo file,\n SignOptions options)\n {\n TimeSpan retry = TimeSpan.FromSeconds(5);\n const int maxAttempts = 3;\n int attempt = 1;\n\n do\n {\n if (attempt > 1)\n {\n _logger.LogInformation(Resources.SigningAttempt, attempt, maxAttempts, retry.TotalSeconds);\n await Task.Delay(retry);\n retry = TimeSpan.FromSeconds(Math.Pow(retry.TotalSeconds, 1.5));\n }\n\n if (RunSignTool(signer, file, options))\n {\n return true;\n }\n\n ++attempt;\n\n } while (attempt <= maxAttempts);\n\n _logger.LogError(Resources.SigningFailedAfterAllAttempts);\n\n return false;\n }\n\n private bool RunSignTool(AuthenticodeKeyVaultSigner signer, FileInfo file, SignOptions options)\n {\n FileInfo manifestFile = _toolConfigurationProvider.SignToolManifest;\n\n _logger.LogInformation(Resources.SigningFile, file.FullName);\n\n bool success = false;\n int code = 0;\n\n try\n {\n if (StaThreadExtensions.Contains(file.Extension))\n {\n code = RunOnStaThread(() => SignFileCore(signer, file, options, manifestFile));\n }\n else\n {\n code = SignFileCore(signer, file, options, manifestFile);\n }\n\n success = code == S_OK;\n }\n catch (Exception e)\n {\n _logger.LogError(e, e.Message);\n }\n\n if (success)\n {\n _logger.LogInformation(Resources.SigningSucceeded, file.FullName);\n return true;\n }\n\n _logger.LogError(Resources.SigningFailedWithError, code);\n\n return false;\n }\n\n internal virtual int SignFileCore(\n AuthenticodeKeyVaultSigner signer,\n FileInfo file,\n SignOptions options,\n FileInfo manifestFile)\n {\n using (Kernel32.ActivationContext ctx = new(manifestFile))\n {\n return signer.SignFile(\n file.FullName,\n options.Description ?? string.Empty,\n options.DescriptionUrl?.AbsoluteUri ?? string.Empty,\n pageHashing: null,\n _logger);\n }\n }\n\n private static T RunOnStaThread(Func func)\n {\n if (!OperatingSystem.IsWindows())\n {\n throw new PlatformNotSupportedException();\n }\n\n T result = default!;\n Exception? exception = null;\n\n Thread thread = new(() =>\n {\n try\n {\n result = func();\n }\n catch (Exception ex)\n {\n exception = ex;\n }\n });\n\n thread.SetApartmentState(ApartmentState.STA);\n thread.Start();\n thread.Join();\n\n if (exception is not null)\n {\n ExceptionDispatchInfo.Capture(exception).Throw();\n }\n\n return result;\n }\n }\n}\n"
},
{
"path": "src/Sign.Core/DataFormatSigners/ClickOnceSigner.cs",
"content": "// Licensed to the .NET Foundation under one or more agreements.\n// The .NET Foundation licenses this file to you under the MIT license.\n// See the LICENSE.txt file in the project root for more information.\n\nusing System.Globalization;\nusing System.Security.Cryptography;\nusing System.Security.Cryptography.X509Certificates;\nusing Microsoft.Extensions.DependencyInjection;\nusing Microsoft.Extensions.FileSystemGlobbing.Abstractions;\nusing Microsoft.Extensions.Logging;\n\nnamespace Sign.Core\n{\n internal sealed class ClickOnceSigner : RetryingSigner, IDataFormatSigner\n {\n private readonly Lazy _aggregatingSigner;\n private readonly ICertificateProvider _certificateProvider;\n private readonly ISignatureAlgorithmProvider _signatureAlgorithmProvider;\n private readonly IMageCli _mageCli;\n private readonly IManifestSigner _manifestSigner;\n private readonly ParallelOptions _parallelOptions = new() { MaxDegreeOfParallelism = 4 };\n private readonly IFileMatcher _fileMatcher;\n\n // Dependency injection requires a public constructor.\n public ClickOnceSigner(\n ISignatureAlgorithmProvider signatureAlgorithmProvider,\n ICertificateProvider certificateProvider,\n IServiceProvider serviceProvider,\n IMageCli mageCli,\n IManifestSigner manifestSigner,\n ILogger logger,\n IFileMatcher fileMatcher)\n : base(logger)\n {\n ArgumentNullException.ThrowIfNull(signatureAlgorithmProvider, nameof(signatureAlgorithmProvider));\n ArgumentNullException.ThrowIfNull(certificateProvider, nameof(certificateProvider));\n ArgumentNullException.ThrowIfNull(serviceProvider, nameof(serviceProvider));\n ArgumentNullException.ThrowIfNull(mageCli, nameof(mageCli));\n ArgumentNullException.ThrowIfNull(manifestSigner, nameof(manifestSigner));\n ArgumentNullException.ThrowIfNull(fileMatcher, nameof(fileMatcher));\n\n _signatureAlgorithmProvider = signatureAlgorithmProvider;\n _certificateProvider = certificateProvider;\n _mageCli = mageCli;\n _manifestSigner = manifestSigner;\n _fileMatcher = fileMatcher;\n\n // Need to delay this as it'd create a dependency loop if directly in the ctor\n _aggregatingSigner = new Lazy(() => serviceProvider.GetService()!);\n }\n\n public bool CanSign(FileInfo file)\n {\n ArgumentNullException.ThrowIfNull(file, nameof(file));\n\n return file.Extension.ToLowerInvariant() switch\n {\n \".vsto\" or \".application\" => true,\n _ => false\n };\n }\n\n public async Task SignAsync(IEnumerable files, SignOptions options)\n {\n ArgumentNullException.ThrowIfNull(files, nameof(files));\n ArgumentNullException.ThrowIfNull(options, nameof(options));\n\n Logger.LogInformation(Resources.ClickOnceSignatureProviderSigning, files.Count());\n\n var args = \"-a sha256RSA\";\n if (!string.IsNullOrWhiteSpace(options.ApplicationName))\n {\n args += $@\" -n \"\"{options.ApplicationName}\"\"\";\n }\n\n Uri? timeStampUrl = options.TimestampService;\n\n using (X509Certificate2 certificate = await _certificateProvider.GetCertificateAsync())\n using (RSA rsaPrivateKey = await _signatureAlgorithmProvider.GetRsaAsync())\n {\n // This outer loop is for a deployment manifest file (.application/.vsto).\n await Parallel.ForEachAsync(files, _parallelOptions, async (file, state) =>\n {\n // We need to be explicit about the order these files are signed in. The data files must be signed first\n // Then the .manifest file\n // Then the nested clickonce/vsto file\n // finally the top-level clickonce/vsto file\n // It's possible that there might not actually be a .manifest file or any data files if the user just\n // wants to re-sign an existing deployment manifest because e.g. the update URL has changed but nothing\n // else has. In that case we don't need to touch the other files and we can just sign the deployment manifest.\n\n // Look for the data files first - these are .deploy files\n // we need to rename them, sign, then restore the name\n\n DirectoryInfo clickOnceDirectory = file.Directory!;\n\n // get the files, _including_ the SignOptions, so that we only actually try to sign the files specified.\n // this is useful if e.g. you don't want to sign third-party assemblies that your application depends on\n // but you do still want to sign your own assemblies.\n List filteredFiles = GetFiles(clickOnceDirectory, options).ToList();\n List deployFilesToSign = filteredFiles\n .Where(f => \".deploy\".Equals(f.Extension, StringComparison.OrdinalIgnoreCase))\n .ToList();\n List contentFiles = new();\n\n RemoveDeployExtension(deployFilesToSign, contentFiles);\n\n List filesToSign = contentFiles.ToList(); // copy it since we may add setup.exe\n IEnumerable setupExe = filteredFiles.Where(f => \".exe\".Equals(f.Extension, StringComparison.OrdinalIgnoreCase));\n filesToSign.AddRange(setupExe);\n\n // sign the inner files\n await _aggregatingSigner.Value.SignAsync(filesToSign!, options);\n\n // rename the rest of the deploy files since signing the manifest will need them.\n // this uses the overload of GetFiles() that ignores file matching options because we\n // require all files to be named correctly in order to generate valid manifests.\n List filesExceptFiltered = GetFiles(clickOnceDirectory).Except(filteredFiles, FileInfoComparer.Instance).ToList();\n List deployFiles = filesExceptFiltered\n .Where(f => \".deploy\".Equals(f.Extension, StringComparison.OrdinalIgnoreCase))\n .ToList();\n\n RemoveDeployExtension(deployFiles, contentFiles);\n\n // at this point contentFiles has all deploy files renamed\n\n // Inner files are now signed\n // now look for the manifest file and sign that if we have one\n\n FileInfo? manifestFile = filteredFiles.SingleOrDefault(f => \".manifest\".Equals(f.Extension, StringComparison.OrdinalIgnoreCase));\n\n string fileArgs = $@\"-update \"\"{manifestFile}\"\" {args}\";\n\n if (manifestFile is not null && !await SignAsync(fileArgs, manifestFile, rsaPrivateKey, certificate, options))\n {\n string message = string.Format(CultureInfo.CurrentCulture, Resources.SigningFailed, manifestFile.FullName);\n\n throw new SigningException(message);\n }\n\n string publisherParam = string.Empty;\n\n if (string.IsNullOrEmpty(options.PublisherName))\n {\n string publisherName = certificate.SubjectName.Name;\n\n // get the DN. it may be quoted\n publisherParam = $@\"-pub \"\"{publisherName.Replace(\"\\\"\", \"\")}\"\"\";\n }\n else\n {\n publisherParam = $\"-pub \\\"{options.PublisherName}\\\"\";\n }\n\n // Now sign deployment manifest files (.application/.vsto).\n // Order by desending length to put the inner one first\n List deploymentManifestFiles = filteredFiles\n .Where(f => \".vsto\".Equals(f.Extension, StringComparison.OrdinalIgnoreCase) ||\n \".application\".Equals(f.Extension, StringComparison.OrdinalIgnoreCase))\n .Select(f => new { file = f, f.FullName.Length })\n .OrderByDescending(f => f.Length)\n .Select(f => f.file)\n .ToList();\n\n foreach (FileInfo deploymentManifestFile in deploymentManifestFiles)\n {\n fileArgs = $@\"-update \"\"{deploymentManifestFile.FullName}\"\" {args} {publisherParam}\";\n if (manifestFile is not null)\n {\n fileArgs += $@\" -appm \"\"{manifestFile.FullName}\"\"\";\n }\n if (options.DescriptionUrl is not null)\n {\n fileArgs += $@\" -SupportURL {options.DescriptionUrl.AbsoluteUri}\";\n }\n\n if (!await SignAsync(fileArgs, deploymentManifestFile, rsaPrivateKey, certificate, options))\n {\n string message = string.Format(CultureInfo.CurrentCulture, Resources.SigningFailed, deploymentManifestFile.FullName);\n\n throw new SigningException(message);\n }\n }\n\n // restore the .deploy files\n foreach (FileInfo contentFile in contentFiles)\n {\n File.Move(contentFile.FullName, $\"{contentFile.FullName}.deploy\");\n }\n });\n }\n }\n\n private static void RemoveDeployExtension(List deployFilesToSign, List contentFiles)\n {\n foreach (FileInfo deployFileToSign in deployFilesToSign)\n {\n // Rename to file without .deploy extension\n // For example:\n // * MyApp.dll.deploy => MyApp.dll\n // * MyApp.exe.deploy => MyApp.exe\n string contentFilePath = Path.Combine(\n deployFileToSign.DirectoryName!,\n Path.GetFileNameWithoutExtension(deployFileToSign.Name));\n FileInfo contentFile = new(contentFilePath);\n\n File.Move(deployFileToSign.FullName, contentFile.FullName);\n\n contentFiles.Add(contentFile);\n }\n }\n\n protected override async Task SignCoreAsync(string? args, FileInfo file, RSA rsaPrivateKey, X509Certificate2 certificate, SignOptions options)\n {\n int exitCode = await _mageCli.RunAsync(args);\n\n if (exitCode == 0)\n {\n // Now add the signature\n _manifestSigner.Sign(file, certificate, rsaPrivateKey, options);\n\n return true;\n }\n\n Logger.LogError(Resources.SigningFailedWithError, exitCode);\n\n return false;\n }\n\n\n private IEnumerable GetFiles(DirectoryInfo clickOnceRoot)\n {\n return clickOnceRoot.EnumerateFiles(\"*\", SearchOption.AllDirectories);\n }\n\n private IEnumerable GetFiles(DirectoryInfo clickOnceRoot, SignOptions options)\n {\n IEnumerable files;\n\n if (options.Matcher is null)\n {\n // If not filtered, default to all\n files = GetFiles(clickOnceRoot);\n }\n else\n {\n files = _fileMatcher.EnumerateMatches(new DirectoryInfoWrapper(clickOnceRoot), options.Matcher);\n }\n\n if (options.AntiMatcher is not null)\n {\n IEnumerable antiFiles = _fileMatcher.EnumerateMatches(new DirectoryInfoWrapper(clickOnceRoot), options.AntiMatcher);\n\n files = files.Except(antiFiles, FileInfoComparer.Instance).ToList();\n }\n return files;\n }\n\n public void CopySigningDependencies(FileInfo deploymentManifestFile, DirectoryInfo destination, SignOptions signOptions)\n {\n // copy _all_ files, ignoring matching options, because we need them to be available to generate\n // valid manifests.\n foreach (FileInfo file in GetFiles(deploymentManifestFile.Directory!))\n {\n // don't copy the file itself because that's already taken care of (and we don't want a duplicate copy with the 'real' name)\n // lying around since it'll get copied back and overwrite the signed one.\n if (file.FullName != deploymentManifestFile.FullName)\n {\n string relativeDestPath = Path.GetRelativePath(deploymentManifestFile.Directory!.FullName, file.FullName);\n string fullDestPath = Path.Combine(destination.FullName, relativeDestPath);\n Directory.CreateDirectory(Path.GetDirectoryName(fullDestPath!)!);\n file.CopyTo(fullDestPath, overwrite: true);\n }\n }\n }\n }\n}\n"
},
{
"path": "src/Sign.Core/DataFormatSigners/DefaultSigner.cs",
"content": "// Licensed to the .NET Foundation under one or more agreements.\n// The .NET Foundation licenses this file to you under the MIT license.\n// See the LICENSE.txt file in the project root for more information.\n\nusing Microsoft.Extensions.DependencyInjection;\n\nnamespace Sign.Core\n{\n internal sealed class DefaultSigner : IDefaultDataFormatSigner\n {\n public IDataFormatSigner Signer { get; }\n\n // Dependency injection requires a public constructor.\n public DefaultSigner(IServiceProvider serviceProvider)\n {\n ArgumentNullException.ThrowIfNull(serviceProvider, nameof(serviceProvider));\n\n foreach (IDataFormatSigner signer in serviceProvider.GetServices())\n {\n if (signer is IAzureSignToolDataFormatSigner)\n {\n Signer = signer;\n\n return;\n }\n }\n\n Signer = new DoNothingDefaultDataFormatSigner();\n }\n\n public bool CanSign(FileInfo file)\n {\n return Signer.CanSign(file);\n }\n\n public Task SignAsync(IEnumerable files, SignOptions options)\n {\n return Signer.SignAsync(files, options);\n }\n\n private sealed class DoNothingDefaultDataFormatSigner : IDataFormatSigner\n {\n public bool CanSign(FileInfo file)\n {\n return false;\n }\n\n public Task SignAsync(IEnumerable files, SignOptions options)\n {\n throw new NotImplementedException();\n }\n }\n }\n}"
},
{
"path": "src/Sign.Core/DataFormatSigners/DistinguishedNameParser.cs",
"content": "#pragma warning disable IDE0073 // The file header does not match the required text\n// The MIT License (MIT)\n// \n// Copyright (c) 2015 Kevin Jones\n// \n// Permission is hereby granted, free of charge, to any person obtaining a copy\n// of this software and associated documentation files (the \"Software\"), to deal\n// in the Software without restriction, including without limitation the rights\n// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell\n// copies of the Software, and to permit persons to whom the Software is\n// furnished to do so, subject to the following conditions:\n// \n// The above copyright notice and this permission notice shall be included in all\n// copies or substantial portions of the Software.\n// \n// THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\n// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\n// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\n// SOFTWARE.\n\nusing System.Runtime.InteropServices;\n\nnamespace Sign.Core\n{\n // From https://github.com/vcsjones/FiddlerCert/blob/06642751314a9ff224cb37a1cd7c14b86062a119/VCSJones.FiddlerCert/DistinguishedNameParser.cs\n internal static class DistinguishedNameParser\n {\n internal static Dictionary> Parse(string distingishedName)\n {\n var result = new Dictionary>(StringComparer.CurrentCultureIgnoreCase);\n var distinguishedNamePtr = IntPtr.Zero;\n try\n {\n distinguishedNamePtr = Marshal.StringToCoTaskMemUni(distingishedName);\n //We need to copy the IntPtr.\n //The copy is necessary because DsGetRdnW modifies the pointer to advance it. We need to keep\n //The original so we can free it later, otherwise we'll leak memory.\n var distinguishedNamePtrCopy = distinguishedNamePtr;\n var pcDN = (uint)distingishedName.Length;\n while (pcDN != 0 && Ntdsapi.DsGetRdnW(ref distinguishedNamePtrCopy, ref pcDN, out var ppKey, out var pcKey, out var ppVal, out var pcVal) == 0)\n {\n if (pcKey == 0 || pcVal == 0)\n {\n continue;\n }\n\n var key = Marshal.PtrToStringUni(ppKey, (int)pcKey);\n var value = Marshal.PtrToStringUni(ppVal, (int)pcVal);\n if (result.ContainsKey(key))\n {\n result[key].Add(value);\n }\n else\n {\n result.Add(key, new List { value });\n }\n\n if (pcDN == 0)\n {\n break;\n }\n }\n\n return result;\n\n }\n finally\n {\n Marshal.FreeCoTaskMem(distinguishedNamePtr);\n }\n }\n }\n}"
},
{
"path": "src/Sign.Core/DataFormatSigners/DynamicsBusinessCentralAppFileType.cs",
"content": "// Licensed to the .NET Foundation under one or more agreements.\n// The .NET Foundation licenses this file to you under the MIT license.\n// See the LICENSE.txt file in the project root for more information.\n\nnamespace Sign.Core\n{\n internal sealed class DynamicsBusinessCentralAppFileType : ISignableFileType\n {\n private const string FileExtension = \".app\";\n\n private readonly byte[] _expectedHeader;\n\n internal DynamicsBusinessCentralAppFileType()\n {\n _expectedHeader = new byte[] { 0x4e, 0x41, 0x56, 0x58 }; // NAVX\n }\n\n public bool IsMatch(FileInfo file)\n {\n ArgumentNullException.ThrowIfNull(file, nameof(file));\n\n if (!FileExtension.Equals(file.Extension, StringComparison.OrdinalIgnoreCase))\n {\n return false;\n }\n\n using (FileStream stream = file.OpenRead())\n {\n var header = new byte[_expectedHeader.Length];\n\n if (stream.Read(header, offset: 0, header.Length) != header.Length)\n {\n return false;\n }\n\n return header.SequenceEqual(_expectedHeader);\n }\n }\n }\n}\n"
},
{
"path": "src/Sign.Core/DataFormatSigners/IAggregatingDataFormatSigner.cs",
"content": "// Licensed to the .NET Foundation under one or more agreements.\n// The .NET Foundation licenses this file to you under the MIT license.\n// See the LICENSE.txt file in the project root for more information.\n\nnamespace Sign.Core\n{\n internal interface IAggregatingDataFormatSigner : IDataFormatSigner\n {\n }\n}"
},
{
"path": "src/Sign.Core/DataFormatSigners/IAzureSignToolDataFormatSigner.cs",
"content": "// Licensed to the .NET Foundation under one or more agreements.\n// The .NET Foundation licenses this file to you under the MIT license.\n// See the LICENSE.txt file in the project root for more information.\n\nnamespace Sign.Core\n{\n internal interface IAzureSignToolDataFormatSigner : IDataFormatSigner\n {\n }\n}"
},
{
"path": "src/Sign.Core/DataFormatSigners/IDataFormatSigner.cs",
"content": "// Licensed to the .NET Foundation under one or more agreements.\n// The .NET Foundation licenses this file to you under the MIT license.\n// See the LICENSE.txt file in the project root for more information.\n\nnamespace Sign.Core\n{\n internal interface IDataFormatSigner\n {\n bool CanSign(FileInfo file);\n Task SignAsync(IEnumerable files, SignOptions options);\n // Some signature mechanisms (e.g. ClickOnce) require extra files alongside the main file to be signed.\n // We can't rely on the user specifying everything (and even if we did, we sign all inputs in parallel\n // so we'd have to add extra synchronisation) so this method instructs an implementation to grab all\n // dependencies of a file and copy them to the specified directory.\n void CopySigningDependencies(FileInfo file, DirectoryInfo destination, SignOptions options) { }\n }\n}"
},
{
"path": "src/Sign.Core/DataFormatSigners/IDefaultDataFormatSigner.cs",
"content": "// Licensed to the .NET Foundation under one or more agreements.\n// The .NET Foundation licenses this file to you under the MIT license.\n// See the LICENSE.txt file in the project root for more information.\n\nnamespace Sign.Core\n{\n internal interface IDefaultDataFormatSigner\n {\n IDataFormatSigner Signer { get; }\n }\n}"
},
{
"path": "src/Sign.Core/DataFormatSigners/IManifestSigner.cs",
"content": "// Licensed to the .NET Foundation under one or more agreements.\n// The .NET Foundation licenses this file to you under the MIT license.\n// See the LICENSE.txt file in the project root for more information.\n\nusing System.Security.Cryptography;\nusing System.Security.Cryptography.X509Certificates;\n\nnamespace Sign.Core\n{\n internal interface IManifestSigner\n {\n void Sign(FileInfo file, X509Certificate2 certificate, RSA rsaPrivateKey, SignOptions options);\n }\n}"
},
{
"path": "src/Sign.Core/DataFormatSigners/ISignableFileType.cs",
"content": "// Licensed to the .NET Foundation under one or more agreements.\n// The .NET Foundation licenses this file to you under the MIT license.\n// See the LICENSE.txt file in the project root for more information.\n\nnamespace Sign.Core\n{\n internal interface ISignableFileType\n {\n bool IsMatch(FileInfo file);\n }\n}\n"
},
{
"path": "src/Sign.Core/DataFormatSigners/ManifestSigner.cs",
"content": "// Licensed to the .NET Foundation under one or more agreements.\n// The .NET Foundation licenses this file to you under the MIT license.\n// See the LICENSE.txt file in the project root for more information.\n\nusing System.Deployment.Internal.CodeSigning;\nusing System.Runtime.InteropServices;\nusing System.Security.Cryptography;\nusing System.Security.Cryptography.X509Certificates;\nusing System.Xml;\n\nnamespace Sign.Core\n{\n internal sealed class ManifestSigner : IManifestSigner\n {\n public void Sign(FileInfo file, X509Certificate2 certificate, RSA rsaPrivateKey, SignOptions options)\n {\n try\n {\n XmlDocument manifestDom = new()\n {\n PreserveWhitespace = true\n };\n manifestDom.Load(file.FullName);\n SignedCmiManifest2 signedCmiManifest2 = new(manifestDom);\n CmiManifestSigner2 signer;\n\n if (rsaPrivateKey is RSACryptoServiceProvider rsaProvider)\n {\n signer = new CmiManifestSigner2(SignedCmiManifest2.GetFixedRSACryptoServiceProvider(rsaProvider), certificate);\n }\n else\n {\n signer = new CmiManifestSigner2(rsaPrivateKey, certificate);\n }\n\n if (options.TimestampService is null)\n {\n signedCmiManifest2.Sign(signer);\n }\n else\n {\n signedCmiManifest2.Sign(signer, options.TimestampService.AbsoluteUri);\n }\n\n manifestDom.Save(file.FullName);\n }\n catch (Exception ex)\n {\n throw Marshal.GetHRForException(ex) switch\n {\n -2147012889 or -2147012867 => new ApplicationException(\"TimestampUrlNotFound\", ex),\n _ => new ApplicationException(ex.Message, ex)\n };\n }\n }\n }\n}"
},
{
"path": "src/Sign.Core/DataFormatSigners/NuGetSigner.cs",
"content": "// Licensed to the .NET Foundation under one or more agreements.\n// The .NET Foundation licenses this file to you under the MIT license.\n// See the LICENSE.txt file in the project root for more information.\n\nusing System.Globalization;\nusing System.Security.Cryptography;\nusing System.Security.Cryptography.X509Certificates;\nusing Microsoft.Extensions.Logging;\n\nnamespace Sign.Core\n{\n internal sealed class NuGetSigner : RetryingSigner, IDataFormatSigner\n {\n private readonly ICertificateProvider _certificateProvider;\n private readonly ISignatureAlgorithmProvider _signatureAlgorithmProvider;\n private readonly INuGetSignTool _nuGetSignTool;\n\n // Dependency injection requires a public constructor.\n public NuGetSigner(\n ISignatureAlgorithmProvider signatureAlgorithmProvider,\n ICertificateProvider certificateProvider,\n INuGetSignTool nuGetSignTool,\n ILogger logger)\n : base(logger)\n {\n ArgumentNullException.ThrowIfNull(signatureAlgorithmProvider, nameof(signatureAlgorithmProvider));\n ArgumentNullException.ThrowIfNull(certificateProvider, nameof(certificateProvider));\n ArgumentNullException.ThrowIfNull(nuGetSignTool, nameof(nuGetSignTool));\n\n _signatureAlgorithmProvider = signatureAlgorithmProvider;\n _certificateProvider = certificateProvider;\n _nuGetSignTool = nuGetSignTool;\n }\n\n public bool CanSign(FileInfo file)\n {\n ArgumentNullException.ThrowIfNull(file, nameof(file));\n\n return string.Equals(file.Extension, \".nupkg\", StringComparison.OrdinalIgnoreCase)\n || string.Equals(file.Extension, \".snupkg\", StringComparison.OrdinalIgnoreCase);\n }\n\n public async Task SignAsync(IEnumerable files, SignOptions options)\n {\n ArgumentNullException.ThrowIfNull(files, nameof(files));\n ArgumentNullException.ThrowIfNull(options, nameof(options));\n\n using (X509Certificate2 certificate = await _certificateProvider.GetCertificateAsync())\n using (RSA rsa = await _signatureAlgorithmProvider.GetRsaAsync())\n {\n var fileTaskPairs = files\n .Select(file => new\n {\n File = file,\n Task = SignAsync(args: null, file, rsa, certificate, options)\n })\n .ToList();\n\n await Task.WhenAll(fileTaskPairs.Select(pair => pair.Task));\n\n List failedFiles = fileTaskPairs\n .Where(pair => !pair.Task.Result)\n .Select(pair => pair.File.FullName)\n .ToList();\n\n if (failedFiles.Count > 0)\n {\n string failedFilePaths = string.Join(\", \", failedFiles);\n string message = string.Format(CultureInfo.CurrentCulture, Resources.SigningFailed, failedFilePaths);\n\n throw new SigningException(message);\n }\n }\n }\n\n protected override Task SignCoreAsync(string? args, FileInfo file, RSA rsaPrivateKey, X509Certificate2 certificate, SignOptions options)\n {\n return _nuGetSignTool.SignAsync(file, rsaPrivateKey, certificate, options);\n }\n }\n}\n"
},
{
"path": "src/Sign.Core/DataFormatSigners/RSAPKCS1SHA256SignatureDescription.cs",
"content": "// Licensed to the .NET Foundation under one or more agreements.\n// The .NET Foundation licenses this file to you under the MIT license.\n// See the LICENSE.txt file in the project root for more information.\n\nusing System.Security.Cryptography;\n\nnamespace Sign.Core\n{\n // This type and its default constructor are public because:\n // \"Algorithms added to CryptoConfig must be accessible from outside their assembly.\"\n // See https://learn.microsoft.com/en-us/dotnet/api/system.security.cryptography.cryptoconfig.addalgorithm?view=net-7.0#exceptions\n public sealed class RSAPKCS1SHA256SignatureDescription : RSAPKCS1SignatureDescription\n {\n public RSAPKCS1SHA256SignatureDescription()\n : base(\"SHA256\")\n {\n }\n\n public sealed override HashAlgorithm CreateDigest()\n {\n return SHA256.Create();\n }\n }\n}"
},
{
"path": "src/Sign.Core/DataFormatSigners/RSAPKCS1SignatureDescription.cs",
"content": "// Licensed to the .NET Foundation under one or more agreements.\n// The .NET Foundation licenses this file to you under the MIT license.\n// See the LICENSE.txt file in the project root for more information.\n\nusing System.Security.Cryptography;\n\nnamespace Sign.Core\n{\n public abstract class RSAPKCS1SignatureDescription : SignatureDescription\n {\n public RSAPKCS1SignatureDescription(string hashAlgorithmName)\n {\n KeyAlgorithm = typeof(RSA).AssemblyQualifiedName;\n FormatterAlgorithm = typeof(RSAPKCS1SignatureFormatter).AssemblyQualifiedName;\n DeformatterAlgorithm = typeof(RSAPKCS1SignatureDeformatter).AssemblyQualifiedName;\n DigestAlgorithm = hashAlgorithmName;\n }\n\n public sealed override AsymmetricSignatureDeformatter CreateDeformatter(AsymmetricAlgorithm key)\n {\n var item = (AsymmetricSignatureDeformatter)CryptoConfig.CreateFromName(DeformatterAlgorithm!)!;\n item.SetKey(key);\n item.SetHashAlgorithm(DigestAlgorithm!);\n return item;\n }\n\n public sealed override AsymmetricSignatureFormatter CreateFormatter(AsymmetricAlgorithm key)\n {\n var item = (AsymmetricSignatureFormatter)CryptoConfig.CreateFromName(FormatterAlgorithm!)!;\n item.SetKey(key);\n item.SetHashAlgorithm(DigestAlgorithm!);\n return item;\n }\n\n public abstract override HashAlgorithm CreateDigest();\n }\n}"
},
{
"path": "src/Sign.Core/DataFormatSigners/RetryingSigner.cs",
"content": "// Licensed to the .NET Foundation under one or more agreements.\n// The .NET Foundation licenses this file to you under the MIT license.\n// See the LICENSE.txt file in the project root for more information.\n\nusing System.Security.Cryptography;\nusing System.Security.Cryptography.X509Certificates;\nusing Microsoft.Extensions.Logging;\n\nnamespace Sign.Core\n{\n internal abstract class RetryingSigner\n {\n protected ILogger Logger { get; }\n\n // Non-private for testing purposes.\n internal TimeSpan Retry { get; set; } = TimeSpan.FromSeconds(5);\n\n protected RetryingSigner(ILogger logger)\n {\n ArgumentNullException.ThrowIfNull(logger, nameof(logger));\n\n Logger = logger;\n }\n\n protected abstract Task SignCoreAsync(string? args, FileInfo file, RSA rsaPrivateKey, X509Certificate2 certificate, SignOptions options);\n\n // Inspired from https://github.com/squaredup/bettersigntool/blob/master/bettersigntool/bettersigntool/SignCommand.cs\n protected async Task SignAsync(string? args, FileInfo file, RSA rsaPrivateKey, X509Certificate2 publicCertificate, SignOptions options)\n {\n TimeSpan retry = Retry;\n const int maxAttempts = 3;\n var attempt = 1;\n\n do\n {\n if (attempt > 1)\n {\n Logger.LogInformation(Resources.SigningAttempt, attempt, maxAttempts, retry.TotalSeconds);\n await Task.Delay(retry);\n retry = TimeSpan.FromSeconds(Math.Pow(retry.TotalSeconds, 1.5));\n }\n\n if (await SignCoreAsync(args, file, rsaPrivateKey, publicCertificate, options))\n {\n Logger.LogInformation(Resources.SigningSucceeded, file.FullName);\n return true;\n }\n\n attempt++;\n\n } while (attempt <= maxAttempts);\n\n Logger.LogError(Resources.SigningFailedAfterAllAttempts);\n\n return false;\n }\n }\n}\n"
},
{
"path": "src/Sign.Core/DataFormatSigners/SignOptions.cs",
"content": "// Licensed to the .NET Foundation under one or more agreements.\n// The .NET Foundation licenses this file to you under the MIT license.\n// See the LICENSE.txt file in the project root for more information.\n\nusing System.Security.Cryptography;\nusing Microsoft.Extensions.FileSystemGlobbing;\n\nnamespace Sign.Core\n{\n internal sealed class SignOptions\n {\n internal string? ApplicationName { get; }\n internal string? PublisherName { get; }\n internal string? Description { get; }\n internal Uri? DescriptionUrl { get; }\n internal Matcher? Matcher { get; }\n internal Matcher? AntiMatcher { get; }\n internal HashAlgorithmName FileHashAlgorithm { get; } = HashAlgorithmName.SHA256;\n internal HashAlgorithmName TimestampHashAlgorithm { get; } = HashAlgorithmName.SHA256;\n internal Uri TimestampService { get; }\n internal bool RecurseContainers { get; }\n\n internal SignOptions(\n string? applicationName,\n string? publisherName,\n string? description,\n Uri? descriptionUrl,\n HashAlgorithmName fileHashAlgorithm,\n HashAlgorithmName timestampHashAlgorithm,\n Uri timestampService,\n Matcher? matcher,\n Matcher? antiMatcher,\n bool recurseContainers)\n {\n ApplicationName = applicationName;\n PublisherName = publisherName;\n Description = description;\n DescriptionUrl = descriptionUrl;\n FileHashAlgorithm = fileHashAlgorithm;\n TimestampHashAlgorithm = timestampHashAlgorithm;\n TimestampService = timestampService;\n Matcher = matcher;\n AntiMatcher = antiMatcher;\n RecurseContainers = recurseContainers;\n }\n\n internal SignOptions(HashAlgorithmName fileHashAlgorithm, Uri timestampService)\n : this(applicationName: null, publisherName: null, description: null, descriptionUrl: null,\n fileHashAlgorithm, HashAlgorithmName.SHA256, timestampService, matcher: null,\n antiMatcher: null, recurseContainers: true)\n {\n }\n }\n}\n"
},
{
"path": "src/Sign.Core/DataFormatSigners/SignableFileTypeByExtension.cs",
"content": "// Licensed to the .NET Foundation under one or more agreements.\n// The .NET Foundation licenses this file to you under the MIT license.\n// See the LICENSE.txt file in the project root for more information.\n\nnamespace Sign.Core\n{\n internal sealed class SignableFileTypeByExtension : ISignableFileType\n {\n private readonly HashSet _fileExtensions;\n\n internal SignableFileTypeByExtension(params string[] fileExtensions)\n {\n ArgumentNullException.ThrowIfNull(fileExtensions, nameof(fileExtensions));\n\n if (fileExtensions.Length == 0)\n {\n throw new ArgumentException(Resources.ArgumentCannotBeEmpty, nameof(fileExtensions));\n }\n\n _fileExtensions = new HashSet(fileExtensions, StringComparer.OrdinalIgnoreCase);\n }\n\n public bool IsMatch(FileInfo file)\n {\n ArgumentNullException.ThrowIfNull(file, nameof(file));\n\n return _fileExtensions.Contains(file.Extension);\n }\n }\n}\n"
},
{
"path": "src/Sign.Core/DataFormatSigners/VsixSigner.cs",
"content": "// Licensed to the .NET Foundation under one or more agreements.\n// The .NET Foundation licenses this file to you under the MIT license.\n// See the LICENSE.txt file in the project root for more information.\n\nusing System.Globalization;\nusing System.Security.Cryptography;\nusing System.Security.Cryptography.X509Certificates;\nusing Microsoft.Extensions.Logging;\n\nnamespace Sign.Core\n{\n internal sealed class VsixSigner : RetryingSigner, IDataFormatSigner\n {\n private readonly ICertificateProvider _certificateProvider;\n private readonly ISignatureAlgorithmProvider _signatureAlgorithmProvider;\n private readonly IVsixSignTool _vsixSignTool;\n\n // Dependency injection requires a public constructor.\n public VsixSigner(\n ISignatureAlgorithmProvider signatureAlgorithmProvider,\n ICertificateProvider certificateProvider,\n IVsixSignTool vsixSignTool,\n ILogger logger)\n : base(logger)\n {\n ArgumentNullException.ThrowIfNull(signatureAlgorithmProvider, nameof(signatureAlgorithmProvider));\n ArgumentNullException.ThrowIfNull(certificateProvider, nameof(certificateProvider));\n ArgumentNullException.ThrowIfNull(vsixSignTool, nameof(vsixSignTool));\n\n _signatureAlgorithmProvider = signatureAlgorithmProvider;\n _certificateProvider = certificateProvider;\n _vsixSignTool = vsixSignTool;\n }\n\n public bool CanSign(FileInfo file)\n {\n ArgumentNullException.ThrowIfNull(file, nameof(file));\n\n return string.Equals(file.Extension, \".vsix\", StringComparison.OrdinalIgnoreCase);\n }\n\n public async Task SignAsync(IEnumerable files, SignOptions options)\n {\n ArgumentNullException.ThrowIfNull(files, nameof(files));\n ArgumentNullException.ThrowIfNull(options, nameof(options));\n\n Logger.LogInformation(Resources.VsixSignatureProviderSigning, files.Count());\n\n using (X509Certificate2 certificate = await _certificateProvider.GetCertificateAsync())\n using (RSA rsa = await _signatureAlgorithmProvider.GetRsaAsync())\n {\n var fileTaskPairs = files\n .Select(file => new\n {\n File = file,\n Task = SignAsync(args: null, file, rsa, certificate, options)\n })\n .ToList();\n\n await Task.WhenAll(fileTaskPairs.Select(pair => pair.Task));\n\n List failedFiles = fileTaskPairs\n .Where(pair => !pair.Task.Result)\n .Select(pair => pair.File.FullName)\n .ToList();\n\n if (failedFiles.Count > 0)\n {\n string failedFilePaths = string.Join(\", \", failedFiles);\n string message = string.Format(CultureInfo.CurrentCulture, Resources.SigningFailed, failedFilePaths);\n\n throw new SigningException(message);\n }\n }\n }\n\n protected override async Task
![](\"https://xunit.net/images/dotnet-fdn-logo.png\"){kind=logo}
](https://www.dotnetfoundation.org/)\n\nThis project aims to make it easier to integrate secure code signing into a CI pipeline by using cloud-based hardware security module(HSM)-protected keys. This project is part of the [.NET Foundation](https://www.dotnetfoundation.org/) and operates under their [code of conduct](https://www.dotnetfoundation.org/code-of-conduct). It is licensed under [MIT](https://opensource.org/licenses/MIT) (an OSI approved license).\n\nYou can find the latest version of Sign CLI on [NuGet.org](https://www.nuget.org/packages/sign).\n\n## Prerequisites\n\n- An up-to-date x64-based version of Windows currently in [mainstream support](https://learn.microsoft.com/lifecycle/products/)\n- [.NET 8 SDK or later](https://dotnet.microsoft.com/download)\n- [Microsoft Visual C++ 14 runtime](https://aka.ms/vs/17/release/vc_redist.x64.exe)\n\n## Install\n\nTo install Sign CLI in the current directory, open a command prompt and execute:\n\n```\ndotnet tool install --tool-path . --prerelease sign\n```\n\nTo run Sign CLI, execute `sign` from the same directory.\n\n## Design\n\nGiven an initial file path or glob pattern, this tool recursively searches directories and containers to find signable files and containers. For each signable artifact, the tool uses an implementation of [`System.Security.Cryptography.RSA`](https://learn.microsoft.com/dotnet/api/system.security.cryptography.rsa?view=net-8.0) that delegates the signing operation to Azure Key Vault. The tool computes a digest (or hash) of the to-be-signed content and submits the digest --- not the original content --- to Azure Key Vault for digest signing. The returned raw signature value is then incorporated in whatever signature format is appropriate for the file type. Signable content is not sent to Azure Key Vault.\n\nWhile the current version is limited to RSA and Azure Key Vault, it is desirable to support ECDSA and other cloud providers in the future.\n\n## Supported File Types\n\n- `.msi`, `.msp`, `.msm`, `.cab`, `.dll`, `.exe`, `.appx`, `.appxbundle`, `.msix`, `.msixbundle`, `.sys`, `.vxd`, `.ps1`, `.psm1`, and any portable executable (PE) file (via [AzureSignTool](https://github.com/vcsjones/AzureSignTool))\n- `.vsix`\n- ClickOnce `.application` and `.vsto` (via `Mage`). Notes below.\n- `.nupkg`\n\n## ClickOnce\nThere are a couple of possibilities for signing ClickOnce packages.\n\nGenerally you will want to sign an entire package and all its contents i.e. the deployment manifest (`.application` or `.vsto`),\napplication manifest (`.exe.manifest` or `.dll.manifest`) and the underlying `.exe` and `.dll` files themselves.\nTo do this, ensure that the entire contents of the package are available (i.e. the whole `publish` folder from your build) and pass\nthe deployment manifest as the file to sign - the rest of the files will be detected and signed in the proper order automatically.\n\nYou can also re-sign just the deployment manifest in case you want to e.g. change the Deployment URL but leave the rest of the contents the\nsame. To do this, pass the deployment manifest as the file to sign as in the case above, but just don't have the rest of the files\npresent on-disk alongside it. This tool will detect that they're missing and just update the signature on the deployment manifest.\nNote that this is strictly for re-signing an already-signed deployment manifest - you cannot have a signed deployment manifest that\npoints to an un-signed application manifest. You must also take care to sign all manifests with the same certificate otherwise the application\nwill not install.\n\nYou should also use the `filter` parameter with the file list to sign, something like this:\n```\n**/ProjectAddIn1.*\n**/setup.exe\n```\n\n## Best Practices\n\n* Create a [ServicePrincipal with minimum permissions](https://learn.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal). Note that you do not need to assign any subscription-level roles to this identity. Only access to Key Vault is required.\n* Follow [Best practices for using Azure Key Vault](https://learn.microsoft.com/azure/key-vault/general/best-practices). The Premium SKU is required for code signing certificates to meet key storage requirements.\n * If using Azure role-based access control (RBAC), [configure your signing account to have these roles](https://learn.microsoft.com/azure/key-vault/general/rbac-guide?tabs=azure-portal):\n - Key Vault Reader\n - Key Vault Crypto User\n * If using Azure Key Vault access policies, [configure an access policy](https://learn.microsoft.com/azure/key-vault/general/assign-access-policy?tabs=azure-portal) for your signing account to have minimal permissions:\n - Key permissions\n - Cryptographic Operations\n - Sign\n - Key Management Operations\n - Get _(Note: this is only for the public key not the private key.)_\n - Certificate permissions\n - Certificate Management Operations\n - Get\n* Isolate signing operations in a separate leg of your build pipeline.\n* Ensure that this CLI and all input and output files are in a directory under your control.\n* Execute this CLI as a standard user. Elevation is not required.\n* Use [OIDC authentication from your GitHub Action to Azure](https://learn.microsoft.com/azure/developer/github/connect-from-azure?tabs=azure-portal%2Cwindows#use-the-azure-login-action-with-openid-connect).\n\n## Sample Workflows\n\n* [Azure DevOps Pipelines](./docs/azdo-build-and-sign.yml)\n* [GitHub Actions](./docs/gh-build-and-sign.yml)\n\nCode signing is a complex process that may involve multiple signing formats and artifact types. Some artifacts are containers that contain other signable file types. For example, NuGet Packages (`.nupkg`) frequently contain `.dll` files. The signing tool will sign all files inside-out, starting with the most nested files and then the outer files, ensuring everything is signed in the correct order.\n\nSigning `.exe`/`.dll` files, and other Authenticode file types is only possible on Windows at this time. The recommended solution is to build on one agent and sign on another using jobs or stages where the signing steps run on Windows. Running code signing on a separate stage to ensure secrets aren't exposed to the build stage.\n\n### Build Variables\n\nThe following information is needed for the signing build:\n\n* `Tenant Id` Azure AD tenant\n* `Client Id` / `Application Id` ServicePrincipal identifier\n* `Key Vault Url` Url to Key Vault. Must be a Premium Sku for EV code signing certificates and all certificates issued after June 2023\n* `Certificate Id` Id of the certificate in Key Vault.\n* `Client Secret` for Azure DevOps Pipelines\n* `Subscription Id` for GitHub Actions\n\n## Creating a code signing certificate in Azure Key Vault\n\nCode signing certificates must use the `RSA-HSM` key type to ensure the private keys are stored in a FIPS 140-2 compliant manner. While you can import a certificate from a PFX file, if available, the most secure option is to create a new Certificate Signing Request to provide to your certificate authority, and then merge in the public certificate they issue. Detailed steps are available [here](https://learn.microsoft.com/answers/questions/732422/ev-code-signing-with-azure-keyvault-and-azure-pipe).\n\n## Migrating from the legacy code signing service\n\nIf you've been using the legacy code signing service, using `SignClient.exe` to upload files for signing, you can use your existing certificate and Key Vault with this new tool. You will need to create a new ServicePrincipal and assign it permissions as described above.\n\n## FAQ\n\n### What signature algorithms are supported?\n\nAt this time, only RSA PKCS #1 v1.5 is supported.\n\nECDSA is not supported. Not only do some signature providers not support ECDSA, [the Microsoft Trusted Root Program does not support ECDSA code signing.](https://learn.microsoft.com/security/trusted-root/program-requirements#b-signature-requirements)\n\n> **Please Note**: Signatures using elliptical curve cryptography (ECC), such as ECDSA, aren't supported in Windows and newer Windows security features. Users utilizing these algorithms and certificates will face various errors and potential security risks. The Microsoft Trusted Root Program recommends that ECC/ECDSA certificates shouldn't be issued to subscribers due to this known incompatibility and risk.\n\n## Useful Links\n\n* [Issue Triage Policy](triage-policy.md)\n"
},
{
"path": "SECURITY.md",
"content": "\n\n## Security\n\nMicrosoft takes the security of our software products and services seriously, which includes all source code repositories managed through our GitHub organizations, which include [Microsoft](https://github.com/Microsoft), [Azure](https://github.com/Azure), [DotNet](https://github.com/dotnet), [AspNet](https://github.com/aspnet), [Xamarin](https://github.com/xamarin), and [our GitHub organizations](https://opensource.microsoft.com/).\n\nMicrosoft serves as the primary maintainer of this repository. If you believe you have found a security vulnerability that meets [Microsoft's definition of a security vulnerability](https://aka.ms/opensource/security/definition), please report it to us as described below.\n\n## Reporting Security Issues\n\n**Please do not report security vulnerabilities through public GitHub issues.**\n\nInstead, please report them to the Microsoft Security Response Center (MSRC) at [https://msrc.microsoft.com/create-report](https://aka.ms/opensource/security/create-report).\n\nIf you prefer to submit without logging in, send email to [secure@microsoft.com](mailto:secure@microsoft.com). If possible, encrypt your message with our PGP key; please download it from the [Microsoft Security Response Center PGP Key page](https://aka.ms/opensource/security/pgpkey).\n\nYou should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. Additional information can be found at [microsoft.com/msrc](https://aka.ms/opensource/security/msrc). \n\nPlease include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue:\n\n * Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)\n * Full paths of source file(s) related to the manifestation of the issue\n * The location of the affected source code (tag/branch/commit or direct URL)\n * Any special configuration required to reproduce the issue\n * Step-by-step instructions to reproduce the issue\n * Proof-of-concept or exploit code (if possible)\n * Impact of the issue, including how an attacker might exploit the issue\n\nThis information will help us triage your report more quickly.\n\nIf you are reporting for a bug bounty, more complete reports can contribute to a higher bounty award. Please visit our [Microsoft Bug Bounty Program](https://aka.ms/opensource/security/bounty) page for more details about our active programs.\n\n## Preferred Languages\n\nWe prefer all communications to be in English.\n\n## Policy\n\nMicrosoft follows the principle of [Coordinated Vulnerability Disclosure](https://aka.ms/opensource/security/cvd).\n\n\n"
},
{
"path": "SdkTools.props",
"content": "\n