From 4bb63dd2aaae32919342e55667b7818225ae7083 Mon Sep 17 00:00:00 2001 From: Wenbing Li <10278425+wenbingl@users.noreply.github.com> Date: Thu, 1 Aug 2024 09:57:59 -0700 Subject: [PATCH] Upgrade ESRP signing task from v2 to v5 (#780) * Upgrade ESRP signing task from v2 to v5 * Upgrade ESRP signing task from v2 to v5 in win --------- Co-authored-by: Sayan Shaw <52221015+sayanshaw24@users.noreply.github.com> --- .pipelines/templates/esrp_nuget.yml | 48 ++++++++++++++++----------- .pipelines/templates/win-esrp-dll.yml | 45 ++++++------------------- 2 files changed, 40 insertions(+), 53 deletions(-) diff --git a/.pipelines/templates/esrp_nuget.yml b/.pipelines/templates/esrp_nuget.yml index 081e7a809..adf30e992 100644 --- a/.pipelines/templates/esrp_nuget.yml +++ b/.pipelines/templates/esrp_nuget.yml @@ -5,27 +5,37 @@ parameters: steps: - ${{ if eq(parameters['DoEsrp'], 'true') }}: - - task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@2 - displayName: ${{ parameters.DisplayName }} + - task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@5 + displayName: 'ESRP CodeSigning' inputs: - ConnectedServiceName: 'OnnxRuntime CodeSign 20190817' + ConnectedServiceName: 'OnnxrunTimeCodeSign_20240611' + AppRegistrationClientId: '53d54d02-978d-4305-8572-583cf6711c4f' + AppRegistrationTenantId: '72f988bf-86f1-41af-91ab-2d7cd011db47' + AuthAKVName: 'buildkeyvault' + AuthCertName: '53d54d02-SSL-AutoRotate' + AuthSignCertName: '53d54d02-978d-4305-8572-583cf6711c4f' + FolderPath: ${{ parameters.FolderPath }} Pattern: '*.nupkg' + SessionTimeout: 90 + ServiceEndpointUrl: 'https://api.esrp.microsoft.com/api/v2' + MaxConcurrency: 25 + signConfigType: inlineSignParams inlineOperation: | - [ - { - "keyCode": "CP-401405", - "operationSetCode": "NuGetSign", - "parameters": [ ], - "toolName": "sign", - "toolVersion": "1.0" - }, - { - "keyCode": "CP-401405", - "operationSetCode": "NuGetVerify", - "parameters": [ ], - "toolName": "sign", - "toolVersion": "1.0" - } - ] \ No newline at end of file + [ + { + "keyCode": "CP-401405", + "operationSetCode": "NuGetSign", + "parameters": [ ], + "toolName": "sign", + "toolVersion": "6.2.9304.0" + }, + { + "keyCode": "CP-401405", + "operationSetCode": "NuGetVerify", + "parameters": [ ], + "toolName": "sign", + "toolVersion": "6.2.9304.0" + } + ] diff --git a/.pipelines/templates/win-esrp-dll.yml b/.pipelines/templates/win-esrp-dll.yml index ba4c55f2f..933abad11 100644 --- a/.pipelines/templates/win-esrp-dll.yml +++ b/.pipelines/templates/win-esrp-dll.yml @@ -16,42 +16,19 @@ parameters: default: '*.dll' steps: -- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@2 +- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@5 displayName: ${{ parameters.DisplayName }} condition: and(succeeded(), eq('${{ parameters.DoEsrp }}', true)) inputs: - ConnectedServiceName: 'OnnxRuntime CodeSign 20190817' + ConnectedServiceName: 'OnnxrunTimeCodeSign_20240611' + AppRegistrationClientId: '53d54d02-978d-4305-8572-583cf6711c4f' + AppRegistrationTenantId: '72f988bf-86f1-41af-91ab-2d7cd011db47' + AuthAKVName: 'buildkeyvault' + AuthCertName: '53d54d02-SSL-AutoRotate' + AuthSignCertName: '53d54d02-978d-4305-8572-583cf6711c4f' + FolderPath: ${{ parameters.FolderPath }} Pattern: ${{ parameters.Pattern }} - signConfigType: inlineSignParams - inlineOperation: | - [ - { - "keyCode": "CP-230012", - "operationSetCode": "SigntoolSign", - "parameters": [ - { - "parameterName": "OpusName", - "parameterValue": "Microsoft" - }, - { - "parameterName": "OpusInfo", - "parameterValue": "http://www.microsoft.com" - }, - { - "parameterName": "PageHash", - "parameterValue": "/NPH" - }, - { - "parameterName": "FileDigest", - "parameterValue": "/fd sha256" - }, - { - "parameterName": "TimeStamp", - "parameterValue": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256" - } - ], - "toolName": "signtool.exe", - "toolVersion": "6.2.9304.0" - } - ] + SessionTimeout: 90 + ServiceEndpointUrl: 'https://api.esrp.microsoft.com/api/v2' + MaxConcurrency: 25