Update the sign check to remove the exclusions but only check on sign… #48275
Conversation
ghost
added
|
I have a few internal builds running both signed and not to see if it passes the check as this is not testable locally. |
|
Confirmed with test CI builds that the target doesn't run unless the branch contains release so that'll exclude it from main and dev builds. It still might in some unrelated branch builds unless we have a better suggestion on how to condition this check. |
| Condition=" '$(OS)' == 'Windows_NT' and '$(Architecture)' != 'arm' "> | ||
| Condition=" '$(OS)' == 'Windows_NT' and | ||
| '$(Architecture)' != 'arm' and | ||
| $(BUILD_SOURCEBRANCH) != '' and |
There was a problem hiding this comment.
You can also check this based on OfficialBuild=true and DotNetSignType=real
|
The wasm and emsdk ones are built live in the VMR. If I check both those properties, will that be enough in the VMR to be confident it's the signed versions of those? |
Since signing happens after the sdk build part is done, and the manifests are built as part of the SDK now, i think you can just eliminate all this checking. Both SignTool as well as the post-build sign checking are going to verify this. |
|
/cc @ellahathaway |
|
@mmitche @ellahathaway are you suggesting I delete this code instead or just leave it in servicing and delete in main? |
Oh! this is 9.0.,.. thought this was main. The code can be removed in main. |
|
@mmitche this check still covers maui in main so isn't it still useful there or do we have a different signing check for those in main? |
…ed builds
Fixes #41081