mirror of
https://github.com/microsoft/vcpkg.git
synced 2024-12-27 18:31:15 +08:00
[vcpkg] Add build scripts to produce signed vcpkg binaries. (#13508)
This commit is contained in:
Billy O'Neal
GitHub
parent
2a6442cb93
commit
0890b5a25f
@ -41,7 +41,7 @@ jobs:
|
||||
inputs:
|
||||
failOnStderr: true
|
||||
filePath: 'scripts/azure-pipelines/test-modified-ports.ps1'
|
||||
arguments: '-Triplet x64-linux -BuildReason $(Build.Reason) -ArchivesRoot /archives -WorkingRoot ${{ variables.WORKING_ROOT }} -ArtifactsDirectory $(System.ArtifactsDirectory)'
|
||||
arguments: '-Triplet x64-linux -BuildReason $(Build.Reason) -ArchivesRoot /archives -WorkingRoot ${{ variables.WORKING_ROOT }} -ArtifactStagingDirectory $(Build.ArtifactStagingDirectory)'
|
||||
- bash: |
|
||||
df -h
|
||||
displayName: 'Report on Disk Space After Build'
|
||||
@ -49,7 +49,7 @@ jobs:
|
||||
- task: PublishBuildArtifacts@1
|
||||
displayName: 'Publish Artifact: failure logs for x64-linux'
|
||||
inputs:
|
||||
PathtoPublish: '$(System.ArtifactsDirectory)/failure-logs'
|
||||
PathtoPublish: '$(Build.ArtifactStagingDirectory)/failure-logs'
|
||||
ArtifactName: 'failure logs for x64-linux'
|
||||
condition: failed()
|
||||
- bash: |
|
||||
|
||||
@ -51,7 +51,7 @@ jobs:
|
||||
inputs:
|
||||
failOnStderr: true
|
||||
filePath: 'scripts/azure-pipelines/test-modified-ports.ps1'
|
||||
arguments: '-Triplet x64-osx -BuildReason $(Build.Reason) -ArchivesRoot ${{ variables.WORKING_ROOT }}/archives -WorkingRoot ${{ variables.WORKING_ROOT }} -ArtifactsDirectory $(System.ArtifactsDirectory)'
|
||||
arguments: '-Triplet x64-osx -BuildReason $(Build.Reason) -ArchivesRoot ${{ variables.WORKING_ROOT }}/archives -WorkingRoot ${{ variables.WORKING_ROOT }} -ArtifactStagingDirectory $(Build.ArtifactStagingDirectory)'
|
||||
- bash: |
|
||||
df -h
|
||||
displayName: 'Report on Disk Space After Build'
|
||||
@ -59,7 +59,7 @@ jobs:
|
||||
- task: PublishBuildArtifacts@1
|
||||
displayName: 'Publish Artifact: failure logs for x64-osx'
|
||||
inputs:
|
||||
PathtoPublish: '$(System.ArtifactsDirectory)/failure-logs'
|
||||
PathtoPublish: '$(Build.ArtifactStagingDirectory)/failure-logs'
|
||||
ArtifactName: 'failure logs for x64-osx'
|
||||
condition: failed()
|
||||
- bash: |
|
||||
|
||||
109
scripts/azure-pipelines/signing.yml
Normal file
109
scripts/azure-pipelines/signing.yml
Normal file
@ -0,0 +1,109 @@
|
||||
# This script is used internally to produce signed vcpkg builds.
|
||||
# It uses machines / tasks that are not exposed here on GitHub, as
|
||||
# the hardware on which we allow signing is restricted.
|
||||
|
||||
trigger: none
|
||||
|
||||
variables:
|
||||
TeamName: vcpkg
|
||||
jobs:
|
||||
- job: windows
|
||||
displayName: "Windows"
|
||||
dependsOn:
|
||||
pool:
|
||||
name: 'VSEng-MicroBuildVS2019'
|
||||
demands:
|
||||
- CMAKE
|
||||
steps:
|
||||
- task: PoliCheck@1
|
||||
inputs:
|
||||
inputType: 'Basic'
|
||||
targetType: 'F'
|
||||
targetArgument: '$(Build.SourcesDirectory)'
|
||||
result: 'PoliCheck.xml'
|
||||
- task: CmdLine@2
|
||||
displayName: "Build vcpkg with CMake"
|
||||
inputs:
|
||||
failOnStderr: true
|
||||
script: |
|
||||
call "C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\Common7\Tools\VsDevCmd.bat" -arch=x86 -host_arch=x86
|
||||
cmake.exe -G Ninja -DCMAKE_BUILD_TYPE=Release -DBUILD_TESTING=OFF -DVCPKG_DEVELOPMENT_WARNINGS=ON -DVCPKG_WARNINGS_AS_ERRORS=ON -DVCPKG_BUILD_FUZZING=OFF -B "$(Build.StagingDirectory)" -S toolsrc
|
||||
ninja.exe -C "$(Build.StagingDirectory)"
|
||||
- task: MicroBuildSigningPlugin@2
|
||||
inputs:
|
||||
signType: 'real'
|
||||
feedSource: 'https://devdiv.pkgs.visualstudio.com/DefaultCollection/_packaging/MicroBuildToolset/nuget/v3/index.json'
|
||||
- task: NuGetToolInstaller@1
|
||||
inputs:
|
||||
versionSpec: 5.7
|
||||
- task: NuGetCommand@2
|
||||
displayName: 'NuGet Restore MicroBuild Signing Extension'
|
||||
inputs:
|
||||
command: 'restore'
|
||||
restoreSolution: 'scripts/azure-pipelines/windows/signing.signproj'
|
||||
feedsToUse: 'config'
|
||||
restoreDirectory: '$(Build.SourcesDirectory)\scripts\azure-pipelines\packages'
|
||||
- task: MSBuild@1
|
||||
displayName: 'Sign vcpkg.exe'
|
||||
inputs:
|
||||
solution: 'scripts\azure-pipelines\windows\signing.signproj'
|
||||
msbuildArguments: '/p:OutDir=$(Build.ArtifactStagingDirectory)\ /p:IntermediateOutputPath=$(Build.StagingDirectory)\'
|
||||
- task: BinSkim@3
|
||||
inputs:
|
||||
InputType: 'CommandLine'
|
||||
arguments: 'analyze "$(Build.StagingDirectory)\vcpkg.exe"'
|
||||
- task: PublishBuildArtifacts@1
|
||||
displayName: 'Publish vcpkg.exe'
|
||||
inputs:
|
||||
PathtoPublish: '$(Build.ArtifactStagingDirectory)\vcpkg.exe'
|
||||
ArtifactName: 'Windows'
|
||||
publishLocation: 'Container'
|
||||
- task: PublishBuildArtifacts@1
|
||||
displayName: 'Publish vcpkg.pdb'
|
||||
inputs:
|
||||
PathtoPublish: '$(Build.ArtifactStagingDirectory)\vcpkg.pdb'
|
||||
ArtifactName: 'Windows'
|
||||
publishLocation: 'Container'
|
||||
- task: MicroBuildCleanup@1
|
||||
condition: succeededOrFailed()
|
||||
displayName: MicroBuild Cleanup
|
||||
- job: macos_build
|
||||
displayName: 'MacOS Build'
|
||||
pool:
|
||||
vmImage: macOS-10.15
|
||||
steps:
|
||||
- task: CmdLine@2
|
||||
displayName: "Build vcpkg with CMake"
|
||||
inputs:
|
||||
failOnStderr: true
|
||||
script: |
|
||||
cmake -DCMAKE_CXX_COMPILER=clang++ -DCMAKE_BUILD_TYPE=Release -DBUILD_TESTING=OFF -DVCPKG_DEVELOPMENT_WARNINGS=ON -DVCPKG_WARNINGS_AS_ERRORS=ON -DVCPKG_BUILD_FUZZING=OFF -B "$(Build.StagingDirectory)" -S toolsrc
|
||||
make -j 8 -C "$(Build.StagingDirectory)"
|
||||
zip "$(Build.StagingDirectory)/vcpkg.zip" "$(Build.StagingDirectory)/vcpkg"
|
||||
- task: PublishBuildArtifacts@1
|
||||
displayName: "Publish Unsigned MacOS Binary"
|
||||
inputs:
|
||||
PathtoPublish: '$(Build.StagingDirectory)/vcpkg.zip'
|
||||
ArtifactName: 'staging'
|
||||
publishLocation: 'Container'
|
||||
- job: macos_sign
|
||||
displayName: 'MacOS Sign'
|
||||
dependsOn: macos_build
|
||||
pool:
|
||||
name: VSEng-MicroBuildVS2019
|
||||
steps:
|
||||
- checkout: none
|
||||
- task: DownloadBuildArtifacts@0
|
||||
displayName: 'Download Unsigned Binary'
|
||||
inputs:
|
||||
artifactName: staging
|
||||
- task: ms-vseng.MicroBuildTasks.7973a23b-33e3-4b00-a7d9-c06d90f8297f.MicroBuildSignMacFiles@1
|
||||
displayName: 'Sign Mac Files'
|
||||
inputs:
|
||||
SigningTarget: '$(Build.ArtifactStagingDirectory)\staging\vcpkg.zip'
|
||||
SigningCert: 8003
|
||||
- task: PublishBuildArtifacts@1
|
||||
displayName: 'Publish Signed Binary'
|
||||
inputs:
|
||||
PathtoPublish: '$(Build.ArtifactStagingDirectory)\staging\vcpkg.zip'
|
||||
ArtifactName: 'MacOS'
|
||||
@ -15,7 +15,7 @@ The location where the binary caching archives are stored. Shared across runs of
|
||||
.PARAMETER WorkingRoot
|
||||
The location used as scratch space for 'installed', 'packages', and 'buildtrees' vcpkg directories.
|
||||
|
||||
.PARAMETER ArtifactsDirectory
|
||||
.PARAMETER ArtifactStagingDirectory
|
||||
The Azure Pipelines artifacts directory. If not supplied, defaults to the current directory.
|
||||
|
||||
.PARAMETER BuildReason
|
||||
@ -35,7 +35,7 @@ Param(
|
||||
[ValidateNotNullOrEmpty()]
|
||||
$WorkingRoot,
|
||||
[ValidateNotNullOrEmpty()]
|
||||
$ArtifactsDirectory = '.',
|
||||
$ArtifactStagingDirectory = '.',
|
||||
$BuildReason = $null
|
||||
)
|
||||
|
||||
@ -83,11 +83,11 @@ else {
|
||||
$executableExtension = '.exe'
|
||||
}
|
||||
|
||||
$xmlResults = Join-Path $ArtifactsDirectory 'xml-results'
|
||||
$xmlResults = Join-Path $ArtifactStagingDirectory 'xml-results'
|
||||
mkdir $xmlResults
|
||||
$xmlFile = Join-Path $xmlResults "$Triplet.xml"
|
||||
|
||||
$failureLogs = Join-Path $ArtifactsDirectory 'failure-logs'
|
||||
$failureLogs = Join-Path $ArtifactStagingDirectory 'failure-logs'
|
||||
|
||||
& "./vcpkg$executableExtension" x-ci-clean @commonArgs
|
||||
$skipList = . "$PSScriptRoot/generate-skip-list.ps1" `
|
||||
|
||||
@ -57,7 +57,7 @@ jobs:
|
||||
inputs:
|
||||
failOnStderr: true
|
||||
filePath: 'scripts/azure-pipelines/test-modified-ports.ps1'
|
||||
arguments: '-Triplet ${{ parameters.triplet }} -BuildReason $(Build.Reason) -ArchivesRoot W:\ -WorkingRoot ${{ variables.WORKING_ROOT }} -ArtifactsDirectory $(System.ArtifactsDirectory)'
|
||||
arguments: '-Triplet ${{ parameters.triplet }} -BuildReason $(Build.Reason) -ArchivesRoot W:\ -WorkingRoot ${{ variables.WORKING_ROOT }} -ArtifactStagingDirectory $(Build.ArtifactStagingDirectory)'
|
||||
pwsh: true
|
||||
- task: PowerShell@2
|
||||
displayName: 'Report on Disk Space After Build'
|
||||
@ -68,7 +68,7 @@ jobs:
|
||||
- task: PublishBuildArtifacts@1
|
||||
displayName: 'Publish Artifact: failure logs for ${{ parameters.triplet }}'
|
||||
inputs:
|
||||
PathtoPublish: '$(System.ArtifactsDirectory)\failure-logs'
|
||||
PathtoPublish: '$(Build.ArtifactStagingDirectory)\failure-logs'
|
||||
ArtifactName: 'failure logs for ${{ parameters.triplet }}'
|
||||
condition: failed()
|
||||
- task: PowerShell@2
|
||||
|
||||
4
scripts/azure-pipelines/windows/packages.config
Normal file
4
scripts/azure-pipelines/windows/packages.config
Normal file
@ -0,0 +1,4 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<packages>
|
||||
<package id="Microsoft.VisualStudioEng.MicroBuild.Core" version="0.4.1" targetFramework="native" developmentDependency="true" />
|
||||
</packages>
|
||||
36
scripts/azure-pipelines/windows/signing.signproj
Normal file
36
scripts/azure-pipelines/windows/signing.signproj
Normal file
@ -0,0 +1,36 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
|
||||
|
||||
<Import Project="$(MSBuildThisFileDirectory)..\packages\Microsoft.VisualStudioEng.MicroBuild.Core.0.4.1\build\Microsoft.VisualStudioEng.MicroBuild.Core.props" Condition="Exists('..\packages\Microsoft.VisualStudioEng.MicroBuild.Core.0.4.1\build\Microsoft.VisualStudioEng.MicroBuild.Core.props')" />
|
||||
|
||||
<ItemGroup>
|
||||
<PackageReference Include="Microsoft.VisualStudioEng.MicroBuild.Core" Version="0.4.1">
|
||||
<PrivateAssets>all</PrivateAssets>
|
||||
<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
|
||||
</PackageReference>
|
||||
</ItemGroup>
|
||||
|
||||
<ItemGroup>
|
||||
<FilesToSign Include="$(IntermediateOutputPath)\vcpkg.exe">
|
||||
<Authenticode>Microsoft400</Authenticode>
|
||||
</FilesToSign>
|
||||
</ItemGroup>
|
||||
|
||||
<ImportGroup Label="ExtensionTargets">
|
||||
<Import Project="$(MSBuildThisFileDirectory)..\packages\Microsoft.VisualStudioEng.MicroBuild.Core.0.4.1\build\Microsoft.VisualStudioEng.MicroBuild.Core.targets" Condition="Exists('..\packages\Microsoft.VisualStudioEng.MicroBuild.Core.0.4.1\build\Microsoft.VisualStudioEng.MicroBuild.Core.targets')" />
|
||||
</ImportGroup>
|
||||
<Target Name="EnsureNuGetPackageBuildImports" BeforeTargets="Build">
|
||||
<PropertyGroup>
|
||||
<ErrorText>This project references NuGet package(s) that are missing on this computer. Use NuGet Package Restore to download them. For more information, see http://go.microsoft.com/fwlink/?LinkID=322105. The missing file is {0}.</ErrorText>
|
||||
</PropertyGroup>
|
||||
<Error Condition="!Exists('$(MSBuildThisFileDirectory)..\packages\Microsoft.VisualStudioEng.MicroBuild.Core.0.4.1\build\Microsoft.VisualStudioEng.MicroBuild.Core.props')" Text="$([System.String]::Format('$(ErrorText)', '$(MSBuildThisFileDirectory)..\packages\Microsoft.VisualStudioEng.MicroBuild.Core.0.4.1\build\Microsoft.VisualStudioEng.MicroBuild.Core.props'))" />
|
||||
<Error Condition="!Exists('$(MSBuildThisFileDirectory)..\packages\Microsoft.VisualStudioEng.MicroBuild.Core.0.4.1\build\Microsoft.VisualStudioEng.MicroBuild.Core.targets')" Text="$([System.String]::Format('$(ErrorText)', '$(MSBuildThisFileDirectory)..\packages\Microsoft.VisualStudioEng.MicroBuild.Core.0.4.1\build\Microsoft.VisualStudioEng.MicroBuild.Core.targets'))" />
|
||||
</Target>
|
||||
|
||||
<!-- Define an empty build target as we don't really build anything -->
|
||||
<Target Name="Build" />
|
||||
|
||||
<!-- Target AfterBuild is required to trigger signing -->
|
||||
<Target Name="AfterBuild" AfterTargets="Build" />
|
||||
|
||||
</Project>
|
||||
@ -56,6 +56,17 @@ set(CMAKE_CXX_STANDARD_REQUIRED ON)
|
||||
set(CMAKE_CXX_STANDARD 17)
|
||||
if(MSVC)
|
||||
string(REGEX REPLACE "[-/]W[0-4]" "" CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS}")
|
||||
if (CMAKE_BUILD_TYPE STREQUAL "Release")
|
||||
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} /Zi /guard:cf")
|
||||
set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} /DEBUG /debugtype:cv,fixup /guard:cf")
|
||||
endif()
|
||||
endif()
|
||||
|
||||
if(APPLE)
|
||||
SET(CMAKE_C_ARCHIVE_CREATE "<CMAKE_AR> Scr <TARGET> <LINK_FLAGS> <OBJECTS>")
|
||||
SET(CMAKE_CXX_ARCHIVE_CREATE "<CMAKE_AR> Scr <TARGET> <LINK_FLAGS> <OBJECTS>")
|
||||
SET(CMAKE_C_ARCHIVE_FINISH "<CMAKE_RANLIB> -no_warning_for_no_symbols -c <TARGET>")
|
||||
SET(CMAKE_CXX_ARCHIVE_FINISH "<CMAKE_RANLIB> -no_warning_for_no_symbols -c <TARGET>")
|
||||
endif()
|
||||
|
||||
# ===============
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user