Sign the DAC and build (and sign) the cross-OS DACs in the VMR (#46377)

Author: jkoritzinsky

eng/pipelines/templates/jobs/vmr-build.yml

@@ -212,6 +212,8 @@ jobs:
 
     ### Signing variables
     - ${{ if eq(parameters.sign, 'True') }}:
+      - name: _SignDiagnosticFilesArgs
+        value: ''
       - ${{ if or(eq(variables['System.TeamProject'], 'public'), in(variables['Build.Reason'], 'PullRequest')) }}:
         # The _SignType variable is used by microbuild installation
         - name: _SignType
@@ -223,9 +225,16 @@ jobs:
           value: real
         - name: signArguments
           value: -sign /p:DotNetSignType=real /p:TeamName=$(_TeamName)
+        - name: _EnableDacSigning
+          ${{ if and(eq(parameters.isBuiltFromVmr, true), ne(parameters.buildSourceOnly, 'True')) }}:
+            value: true
+          ${{ else }}:
+            value: false
     - ${{ else }}:
       - name: signArguments
         value: ''
+      - name: _SignDiagnosticFilesArgs
+        value: ''
 
     ### Build Pass
     - ${{ if ne(parameters.buildPass, '') }}:
@@ -384,16 +393,36 @@ jobs:
       inputs:
         versionSpec: 20.x
 
+    - ${{ if eq(variables['_EnableDacSigning'], 'true') }}:
+      # TODO: Once we turn off the dotnet/runtime official build, move these templates into the VMR's eng folder.
+      - template: ${{ variables['Build.SourcesDirectory'] }}/src/runtime/eng/pipelines/coreclr/templates/install-diagnostic-certs.yml
+        parameters:
+          isOfficialBuild: ${{ variables.isOfficialBuild }}
+          certNames:
+          - 'dotnetesrp-diagnostics-aad-ssl-cert'
+          - 'dotnet-diagnostics-esrp-pki-onecert'
+          vaultName: 'clrdiag-esrp-id'
+          azureSubscription: 'diagnostics-esrp-kvcertuser'
+          scriptRoot: '$(Build.SourcesDirectory)/src/runtime'
+
     - script: build.cmd
         $(baseArguments)
         $(targetArguments)
         $(signArguments)
         $(buildPassArguments)
         $(ibcArguments)
+        $(_SignDiagnosicFilesArgs)
         ${{ parameters.extraProperties }}
       displayName: Build
       workingDirectory: ${{ variables.sourcesPath }}
 
+    - ${{ if eq(variables['_EnableDacSigning'], 'true') }}:
+      # TODO: Once we turn off the dotnet/runtime official build, move these templates into the VMR's eng folder.
+      - template: ${{ variables['Build.SourcesDirectory'] }}/src/runtime/eng/pipelines/coreclr/templates/remove-diagnostic-certs.yml
+        parameters:
+          isOfficialBuild: ${{ variables.isOfficialBuild }}
+          scriptRoot: '$(Build.SourcesDirectory)/src/runtime'
+
     - ${{ if eq(parameters.runTests, 'True') }}:
       - script: build.cmd
           $(baseArguments)

eng/pipelines/templates/stages/vmr-build.yml

@@ -880,6 +880,23 @@ stages:
             - Windows_x86
             - Windows_arm64
 
+        - template: ../jobs/vmr-build.yml
+          parameters:
+            buildName: Windows
+            isBuiltFromVmr: ${{ parameters.isBuiltFromVmr }}
+            vmrBranch: ${{ variables.VmrBranch }}
+            pool: ${{ parameters.pool_Windows }}
+            targetOS: windows
+            targetArchitecture: x86
+            buildPass: 2
+            reuseBuildArtifactsFrom:
+            - AzureLinux_x64_Cross_x64
+            - AzureLinux_x64_Cross_Alpine_x64
+            - AzureLinux_x64_Cross_arm64
+            - AzureLinux_x64_Cross_Alpine_arm64
+            - AzureLinux_x64_Cross_arm
+            - AzureLinux_x64_Cross_Alpine_arm
+
 ### FINAL JOIN ###
 - ${{ if and(parameters.isBuiltFromVmr, not(parameters.isSourceOnlyBuild), ne(variables['Build.Reason'], 'PullRequest')) }}:
   - stage: VMR_Final_Join

src/SourceBuild/content/eng/tools/tasks/Microsoft.DotNet.UnifiedBuild.Tasks/UpdateNuGetConfigPackageSourcesMappings.cs

@@ -50,6 +50,9 @@ public class UpdateNuGetConfigPackageSourcesMappings : Task
         [Required]
         public string SourceBuiltSourceNamePrefix { get; set; }
 
+        [Required]
+        public string PreviousBuildPassSourceNamePrefix { get; set; }
+
         public string SbrpCacheSourceName { get; set; }
 
         public string ReferencePackagesSourceName { get; set; }
@@ -255,6 +258,7 @@ private XElement GetPackageMappingsElementForSource(string packageSource)
         {
             bool isCurrentSourceBuiltSource =
                 packageSource.StartsWith(SourceBuiltSourceNamePrefix) ||
+                packageSource.StartsWith(PreviousBuildPassSourceNamePrefix) ||
                 packageSource.Equals(SbrpCacheSourceName) ||
                 packageSource.Equals(ReferencePackagesSourceName);
 
@@ -328,6 +332,10 @@ private void DiscoverPackagesFromAllSourceBuildSources(XElement pkgSourcesElemen
                     {
                         AddToDictionary(currentPackages, id, version);
                     }
+                    else if (packageSource.StartsWith(PreviousBuildPassSourceNamePrefix))
+                    {
+                        AddToDictionary(currentPackages, id, version);
+                    }
                     else if (packageSource.Equals(ReferencePackagesSourceName))
                     {
                         AddToDictionary(referencePackages, id, version);

src/SourceBuild/content/repo-projects/Directory.Build.props

@@ -52,6 +52,7 @@
 
     <SbrpCacheNuGetSourceName>source-build-reference-package-cache</SbrpCacheNuGetSourceName>
     <SourceBuiltSourceNamePrefix>source-built-</SourceBuiltSourceNamePrefix>
+    <PreviousBuildPassSourceNamePrefix>previous-build-pass-</PreviousBuildPassSourceNamePrefix>
 
     <!-- Set the bootstrap version to the VMR's version if empty. (no bootstrap set). -->
     <ArcadeBootstrapVersion>$([MSBuild]::ValueOrDefault('$(ARCADE_BOOTSTRAP_VERSION)', '$(ArcadeSdkVersion)'))</ArcadeBootstrapVersion>

src/SourceBuild/content/repo-projects/Directory.Build.targets

@@ -117,6 +117,15 @@
       </RepositoryReferenceInfo>
     </ItemGroup>
 
+    <ItemGroup Condition="'$(DotNetBuildPass)' != '' and '$(DotNetBuildPass)' != '1'">
+      <RepositoryReferenceInfo Include="$(RepositoryName)">
+        <ShippingSourceName>$(PreviousBuildPassSourceNamePrefix)$(RepositoryName)</ShippingSourceName>
+        <NonShippingSourceName>$(PreviousBuildPassSourceNamePrefix)transport-$(RepositoryName)</NonShippingSourceName>
+        <ShippingPackagesPath>$(ArtifactsShippingPackagesDir)/$(RepositoryName)/</ShippingPackagesPath>
+        <NonShippingPackagesPath>$(ArtifactsNonShippingPackagesDir)/$(RepositoryName)/</NonShippingPackagesPath>
+      </RepositoryReferenceInfo>
+    </ItemGroup>
+
     <ItemGroup Condition="'@(RepositoryReferenceInfo)' != ''">
       <DependentRepoSourceName Include="@(RepositoryReferenceInfo->'%(ShippingSourceName)')" />
       <DependentRepoSourceName Include="@(RepositoryReferenceInfo->'%(NonShippingSourceName)')" />
@@ -236,6 +245,7 @@
       PreviouslySourceBuiltSourceName="$(PreviouslySourceBuiltNuGetSourceName)"
       PrebuiltSourceName="$(PrebuiltNuGetSourceName)"
       SourceBuiltSourceNamePrefix="$(SourceBuiltSourceNamePrefix)"
+      PreviousBuildPassSourceNamePrefix="$(PreviousBuildPassSourceNamePrefix)"
       CustomSources="$(NetSdkSupportingFeedName)" />
 
     <MakeDir Directories="$(BaseIntermediateOutputPath)" />

src/SourceBuild/content/repo-projects/dotnet.proj

@@ -14,9 +14,16 @@
     <RepositoryReference Include="sdk" />
   </ItemGroup>
 
-  <ItemGroup Condition="'$(DotNetBuildPass)' == '2'">
+  <ItemGroup Condition="'$(DotNetBuildPass)' == '2' and '$(TargetOS)' == 'windows' and '$(TargetArchitecture)' == 'x64'">
+    <!-- Building Windows Bundle Installers-->
     <RepositoryReference Remove="@(RepositoryReference)" />
     <RepositoryReference Include="sdk" DotNetBuildPass="2" />
   </ItemGroup>
 
+  <ItemGroup Condition="'$(DotNetBuildPass)' == '2' and '$(TargetOS)' == 'windows' and '$(TargetArchitecture)' == 'x86'">
+    <!-- Building the cross-OS DACs -->
+    <RepositoryReference Remove="@(RepositoryReference)" />
+    <RepositoryReference Include="runtime" DotNetBuildPass="2" />
+  </ItemGroup>
+
 </Project>

src/SourceBuild/content/repo-projects/runtime.proj

@@ -29,6 +29,9 @@
 
     <BuildArgs Condition="'$(UseSystemLibs)' != ''">$(BuildArgs) /p:UseSystemLibs=$(UseSystemLibs)</BuildArgs>
 
+    <!-- When we're actually doing signing and the ESRP tool is available, forward down the path to the repo builds. -->
+    <BuildArgs Condition="'$(Sign)' == 'true' and '$(ForceDryRunSigning)' != 'true' and '$(DotNetEsrpToolPath)' != ''">$(BuildArgs) /p:DotNetEsrpToolPath=$(DotNetEsrpToolPath)</BuildArgs>
+
     <!-- Needed until https://github.com/dotnet/runtime/issues/109329 is fixed. -->
     <BuildArgs>$(BuildArgs) /p:NetCoreAppToolCurrentVersion=10.0</BuildArgs>
   </PropertyGroup>

src/SourceBuild/content/test/Microsoft.DotNet.Tests/PackageSourceMappingsTests.cs

@@ -20,7 +20,7 @@ public class PackageSourceMappingsTests
 
         private const string NetSdkSupportingFeedName = "net-sdk-supporting-feed";
         private const string ArcadeSourceName = "source-built-arcade";
-        private const string RuntimeSourceName = "source-built-runtime";
+        private const string RuntimeSourceName = "previous-build-pass-runtime";
         private const string PrebuiltSourceName = "prebuilt";
         private const string PreviouslySourceBuiltSourceName = "previously-source-built";
         private const string ReferencePackagesSourceName = "reference-packages";
@@ -89,6 +89,7 @@ private static void RunTest(string nugetConfigFilename, bool useOnlineFeeds, str
                 SbrpCacheSourceName = "source-build-reference-package-cache",
                 SbrpRepoSrcPath = TestSetup.SourceBuildReferencePackagesRepo,
                 SourceBuiltSourceNamePrefix = "source-built-",
+                PreviousBuildPassSourceNamePrefix = "previous-build-pass-",
                 NuGetConfigFile = modifiedNugetConfig,
                 BuildWithOnlineFeeds = useOnlineFeeds,
                 SourceBuildSources = sources,

src/SourceBuild/content/test/Microsoft.DotNet.Tests/assets/PackageSourceMappingsTests/expected/sb-mappings-offline.config

@@ -2,7 +2,7 @@
 <configuration>
   <packageSources>
     <clear />
-    <add key="source-built-runtime" value="%runtime%" />
+    <add key="previous-build-pass-runtime" value="%runtime%" />
     <add key="source-built-arcade" value="%arcade%" />
     <add key="reference-packages" value="%reference-packages%" />
     <add key="previously-source-built" value="%previously-source-built%" />
@@ -25,7 +25,7 @@
   -->
   <packageSourceMapping>
     <clear />
-    <packageSource key="source-built-runtime">
+    <packageSource key="previous-build-pass-runtime">
       <package pattern="runtime.package1" />
       <package pattern="runtime.package2" />
     </packageSource>

src/SourceBuild/content/test/Microsoft.DotNet.Tests/assets/PackageSourceMappingsTests/expected/sb-mappings-online.config

@@ -2,7 +2,7 @@
 <configuration>
   <packageSources>
     <clear />
-    <add key="source-built-runtime" value="%runtime%" />
+    <add key="previous-build-pass-runtime" value="%runtime%" />
     <add key="source-built-arcade" value="%arcade%" />
     <add key="reference-packages" value="%reference-packages%" />
     <add key="previously-source-built" value="%previously-source-built%" />
@@ -38,7 +38,7 @@
   -->
   <packageSourceMapping>
     <clear />
-    <packageSource key="source-built-runtime">
+    <packageSource key="previous-build-pass-runtime">
       <package pattern="runtime.package1" />
       <package pattern="runtime.package2" />
     </packageSource>

src/SourceBuild/content/test/Microsoft.DotNet.Tests/assets/PackageSourceMappingsTests/expected/sb-nomappings-offline.config

@@ -3,7 +3,7 @@
 <configuration>
   <packageSources>
     <clear />
-    <add key="source-built-runtime" value="%runtime%" />
+    <add key="previous-build-pass-runtime" value="%runtime%" />
     <add key="source-built-arcade" value="%arcade%" />
     <add key="reference-packages" value="%reference-packages%" />
     <add key="previously-source-built" value="%previously-source-built%" />
@@ -14,7 +14,7 @@
   </disabledPackageSources>
   <packageSourceMapping>
     <clear />
-    <packageSource key="source-built-runtime">
+    <packageSource key="previous-build-pass-runtime">
       <package pattern="runtime.package1" />
       <package pattern="runtime.package2" />
     </packageSource>

src/SourceBuild/content/test/Microsoft.DotNet.Tests/assets/PackageSourceMappingsTests/expected/sb-nomappings-online.config

@@ -3,7 +3,7 @@
 <configuration>
   <packageSources>
     <clear />
-    <add key="source-built-runtime" value="%runtime%" />
+    <add key="previous-build-pass-runtime" value="%runtime%" />
     <add key="source-built-arcade" value="%arcade%" />
     <add key="reference-packages" value="%reference-packages%" />
     <add key="previously-source-built" value="%previously-source-built%" />
@@ -17,7 +17,7 @@
   </disabledPackageSources>
   <packageSourceMapping>
     <clear />
-    <packageSource key="source-built-runtime">
+    <packageSource key="previous-build-pass-runtime">
       <package pattern="runtime.package1" />
       <package pattern="runtime.package2" />
     </packageSource>

src/SourceBuild/content/test/Microsoft.DotNet.Tests/assets/PackageSourceMappingsTests/expected/ub-mappings.config

@@ -3,15 +3,15 @@
   <packageSources>
     <clear />
     <add key="net-sdk-supporting-feed" value="https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet9/nuget/v3/index.json" />
-    <add key="source-built-runtime" value="%runtime%" />
+    <add key="previous-build-pass-runtime" value="%runtime%" />
     <add key="source-built-arcade" value="%arcade%" />
     <add key="dotnet9" value="https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet9/nuget/v3/index.json" />
     <add key="dotnet-public" value="https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public/nuget/v3/index.json" />
     <add key="vssdk" value="https://pkgs.dev.azure.com/azure-public/vside/_packaging/vssdk/nuget/v3/index.json" />
   </packageSources>
   <packageSourceMapping>
     <clear />
-    <packageSource key="source-built-runtime">
+    <packageSource key="previous-build-pass-runtime">
       <package pattern="runtime.package1" />
       <package pattern="runtime.package2" />
     </packageSource>

src/SourceBuild/content/test/Microsoft.DotNet.Tests/assets/PackageSourceMappingsTests/expected/ub-nomappings.config

@@ -4,7 +4,7 @@
   <packageSources>
     <clear />
     <add key="net-sdk-supporting-feed" value="https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet9/nuget/v3/index.json" />
-    <add key="source-built-runtime" value="%runtime%" />
+    <add key="previous-build-pass-runtime" value="%runtime%" />
     <add key="source-built-arcade" value="%arcade%" />
     <add key="dotnet-eng" value="https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-eng/nuget/v3/index.json" />
     <add key="dotnet9" value="https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet9/nuget/v3/index.json" />
@@ -15,7 +15,7 @@
   </disabledPackageSources>
   <packageSourceMapping>
     <clear />
-    <packageSource key="source-built-runtime">
+    <packageSource key="previous-build-pass-runtime">
       <package pattern="runtime.package1" />
       <package pattern="runtime.package2" />
     </packageSource>

src/SourceBuild/content/test/Microsoft.DotNet.Tests/assets/PackageSourceMappingsTests/original/sb-mappings-offline.config

@@ -2,7 +2,7 @@
 <configuration>
   <packageSources>
     <clear />
-    <add key="source-built-runtime" value="%runtime%" />
+    <add key="previous-build-pass-runtime" value="%runtime%" />
     <add key="source-built-arcade" value="%arcade%" />
     <add key="reference-packages" value="%reference-packages%" />
     <add key="previously-source-built" value="%previously-source-built%" />
@@ -133,4 +133,4 @@
   <disabledPackageSources>
     <clear />
   </disabledPackageSources>
-</configuration>
+</configuration>

src/SourceBuild/content/test/Microsoft.DotNet.Tests/assets/PackageSourceMappingsTests/original/sb-mappings-online.config

@@ -2,7 +2,7 @@
 <configuration>
   <packageSources>
     <clear />
-    <add key="source-built-runtime" value="%runtime%" />
+    <add key="previous-build-pass-runtime" value="%runtime%" />
     <add key="source-built-arcade" value="%arcade%" />
     <add key="reference-packages" value="%reference-packages%" />
     <add key="previously-source-built" value="%previously-source-built%" />
@@ -146,4 +146,4 @@
   <disabledPackageSources>
     <clear />
   </disabledPackageSources>
-</configuration>
+</configuration>

src/SourceBuild/content/test/Microsoft.DotNet.Tests/assets/PackageSourceMappingsTests/original/sb-nomappings-offline.config

@@ -3,7 +3,7 @@
 <configuration>
   <packageSources>
     <clear />
-    <add key="source-built-runtime" value="%runtime%" />
+    <add key="previous-build-pass-runtime" value="%runtime%" />
     <add key="source-built-arcade" value="%arcade%" />
     <add key="reference-packages" value="%reference-packages%" />
     <add key="previously-source-built" value="%previously-source-built%" />
@@ -12,4 +12,4 @@
   <disabledPackageSources>
     <clear />
   </disabledPackageSources>
-</configuration>
+</configuration>

src/SourceBuild/content/test/Microsoft.DotNet.Tests/assets/PackageSourceMappingsTests/original/sb-nomappings-online.config

@@ -3,7 +3,7 @@
 <configuration>
   <packageSources>
     <clear />
-    <add key="source-built-runtime" value="%runtime%" />
+    <add key="previous-build-pass-runtime" value="%runtime%" />
     <add key="source-built-arcade" value="%arcade%" />
     <add key="reference-packages" value="%reference-packages%" />
     <add key="previously-source-built" value="%previously-source-built%" />
@@ -15,4 +15,4 @@
   <disabledPackageSources>
     <clear />
   </disabledPackageSources>
-</configuration>
+</configuration>

src/SourceBuild/content/test/Microsoft.DotNet.Tests/assets/PackageSourceMappingsTests/original/ub-mappings.config

@@ -3,7 +3,7 @@
   <packageSources>
     <clear />
     <add key="net-sdk-supporting-feed" value="https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet9/nuget/v3/index.json" />
-    <add key="source-built-runtime" value="%runtime%" />
+    <add key="previous-build-pass-runtime" value="%runtime%" />
     <add key="source-built-arcade" value="%arcade%" />
     <add key="dotnet9" value="https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet9/nuget/v3/index.json" />
     <add key="dotnet-public" value="https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public/nuget/v3/index.json" />
@@ -37,4 +37,4 @@
   <disabledPackageSources>
     <clear />
   </disabledPackageSources>
-</configuration>
+</configuration>

src/SourceBuild/content/test/Microsoft.DotNet.Tests/assets/PackageSourceMappingsTests/original/ub-nomappings.config

@@ -4,7 +4,7 @@
   <packageSources>
     <clear />
     <add key="net-sdk-supporting-feed" value="https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet9/nuget/v3/index.json" />
-    <add key="source-built-runtime" value="%runtime%" />
+    <add key="previous-build-pass-runtime" value="%runtime%" />
     <add key="source-built-arcade" value="%arcade%" />
     <add key="dotnet-eng" value="https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-eng/nuget/v3/index.json" />
     <add key="dotnet9" value="https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet9/nuget/v3/index.json" />