From b4be72aedb06727b898236cfab1e27e66b6b51e4 Mon Sep 17 00:00:00 2001
From: vlashch <vlashch@microsoft.com>
Date: Fri, 7 Dec 2018 11:55:15 -0800
Subject: [PATCH 01/11] ESRP codesign task

---
 CodeSignESRP.targets              | 138 ++++++++++++++++++++++++++++++
 build.proj                        |   4 +
 tools/RemoveCodeSignArtifacts.ps1 |  32 +++++++
 3 files changed, 174 insertions(+)
 create mode 100644 CodeSignESRP.targets
 create mode 100644 tools/RemoveCodeSignArtifacts.ps1

diff --git a/CodeSignESRP.targets b/CodeSignESRP.targets
new file mode 100644
index 000000000000..e0e6c5016d5b
--- /dev/null
+++ b/CodeSignESRP.targets
@@ -0,0 +1,138 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+
+	<UsingTask TaskName="ESRPSignTask" AssemblyFile="$(CISignRepoPath)\tools\sdkbuildtools\tasks\MS.Az.Sdk.OnPremise.Build.Tasks.dll" />
+
+	<PropertyGroup>
+		<!-- CISignRepo is an environment variable that points to ci-signing repo clone -->
+		<CISignRepoPath>$(CISignRepo)</CISignRepoPath>
+	</PropertyGroup>
+   
+	<Target Name="CodeSignBinariesESRP" DependsOnTargets="RestoreNugetPackages;BuildMsBuildTask">
+
+    <Message Text="====> Executing CodeSignBinariesESRP Target..." Importance="high"/>
+	
+    <PropertyGroup>
+		<!--public token associated with MSSharedLibKey.snk-->
+		<StrongNameToken Condition=" '$(StrongNameToken)' == '' ">31bf3856ad364e35</StrongNameToken>
+    </PropertyGroup>
+	
+	<Message Text="----> Dlls signing section" Importance="high"/>
+
+    <!-- Azure -->
+    <ItemGroup Condition="'$(Scope)' == 'All' or '$(Scope)' == 'Latest' or '$(Scope)' == 'Netcore'">
+		<DelaySignedAssembliesToSign Include="$(PackageDirectory)\$(Configuration)\**\Microsoft*Azure*Commands*.dll" Exclude="$(PackageDirectory)\$(Configuration)\**\Microsoft*Azure*Commands*Common*.dll" />
+		<DelaySignedAssembliesToSign Include="$(PackageDirectory)\$(Configuration)\**\Microsoft.Azure.Common.Extensions.dll" />
+		<DelaySignedAssembliesToSign Include="$(PackageDirectory)\$(Configuration)\**\Microsoft.Azure.Management.Sql.Legacy.dll" />
+    </ItemGroup>
+
+    <!-- Stack -->
+    <ItemGroup Condition="'$(Scope)' == 'All' or '$(Scope)' == 'Stack'">
+		<DelaySignedAssembliesToSign Include="$(StackPackageFolder)\$(Configuration)\**\Microsoft*Azure*Commands*.dll" Exclude="$(StackPackageFolder)\$(Configuration)\**\Microsoft*Azure*Commands*Common*.dll" />
+		<DelaySignedAssembliesToSign Include="$(StackPackageFolder)\$(Configuration)\**\Microsoft.Azure.Management.Storage.dll" />
+		<DelaySignedAssembliesToSign Include="$(StackPackageFolder)\$(Configuration)\**\Microsoft.Azure.Common.Extensions.dll" />
+		<DelaySignedAssembliesToSign Include="$(StackPackageFolder)\$(Configuration)\**\Microsoft.Azure.Management.Sql.Legacy.dll" />
+    </ItemGroup>
+
+    <Message Importance="high" Text="$(PackageDirectory)\$(Configuration) does not contains any files to sign. Code sign will skip."
+        Condition="'@(DelaySignedAssembliesToSign)' == ''" />
+    
+    <ESRPSignTask
+		CopyBackSignedFilesToOriginalLocation="true"
+        UnsignedFileList="@(DelaySignedAssembliesToSign)"
+        SignLogDirPath="$(LibraryRoot)signing-scripts.log" 
+        Condition="!$(DelaySign) and '@(DelaySignedAssembliesToSign)' != ''"/>
+
+    <Exec Command="$(PowerShellCommandPrefix) &quot;. $(LibraryToolsFolder)\UpdateModules.ps1 -BuildConfig $(Configuration) -Scope $(Scope) &quot;"/>
+
+    <!-- Copying shortcut to be signed -->
+    <Copy SourceFiles="$(LibraryRoot)tools\Az\Az.psm1"
+        DestinationFolder="$(PackageDirectory)\$(Configuration)" Condition="'$(Scope)' == 'Netcore'" />
+    <Copy SourceFiles="$(LibraryRoot)tools\AzureRM\AzureRM.psm1"
+        DestinationFolder="$(PackageDirectory)\$(Configuration)" Condition="'$(Scope)' == 'All' or '$(Scope)' == 'Latest'" />
+    <Copy SourceFiles="$(LibrarySourceFolder)\StackAdmin\AzureRM\AzureRM.psm1"
+        DestinationFolder="$(StackPackageFolder)\$(Configuration)" Condition="'$(Scope)' == 'All' or '$(Scope)' == 'Stack'" />
+    <Copy SourceFiles="$(LibrarySourceFolder)\StackAdmin\AzureStack\AzureStack.psm1"
+        DestinationFolder="$(StackPackageFolder)\$(Configuration)" Condition="'$(Scope)' == 'All' or '$(Scope)' == 'Stack'" />
+		  
+	<Message Text="----> Scripts signing section" Importance="high"/>
+
+    <!-- Azure -->
+    <ItemGroup Condition="'$(Scope)' == 'All' or '$(Scope)' == 'Latest' or '$(Scope)' == 'Netcore'">
+		<ScriptsToSign Include="$(PackageDirectory)\$(Configuration)\**\*.ps1"/>
+		<ScriptsToSign Include="$(PackageDirectory)\$(Configuration)\**\*.psm1"/>
+		<ScriptsToSign Include="$(PackageDirectory)\$(Configuration)\**\*.ps1xml"/>
+		<ScriptsToSign Include="$(PackageDirectory)\$(Configuration)\**\*.js"/>
+    </ItemGroup>
+
+    <!-- Stack -->
+    <ItemGroup Condition="'$(Scope)' == 'All' or '$(Scope)' == 'Stack'">
+		<ScriptsToSign Include="$(StackPackageFolder)\$(Configuration)\**\*.ps1"/>
+		<ScriptsToSign Include="$(StackPackageFolder)\$(Configuration)\**\*.psm1"/>
+		<ScriptsToSign Include="$(StackPackageFolder)\$(Configuration)\**\*.ps1xml"/>
+		<ScriptsToSign Include="$(StackPackageFolder)\$(Configuration)\**\*.js"/>
+    </ItemGroup>
+
+    <ESRPSignTask
+		CopyBackSignedFilesToOriginalLocation="true"
+		UnsignedFileList="@(ScriptsToSign)"
+		SignLogDirPath="$(LibraryRoot)signing-scripts.log" 
+		Condition="!$(DelaySign) and '@(ScriptsToSign)' != ''"/>
+		
+	<Message Text="----> Remove artifacts section" Importance="high"/>
+
+	<!-- RemoveCodeSignArtifacts.ps1 -->
+    <Exec Command="$(PowerShellCommandPrefix) &quot;. $(LibraryToolsFolder)\RemoveCodeSignArtifacts.ps1 -CustomPath $(PackageDirectory)\$(Configuration) &quot;"
+        ContinueOnError="ErrorAndContinue" />
+		
+	<Message Text="----> CheckSignature section" Importance="high"/>
+
+	<!-- CheckSignature.ps1 -->
+    <Exec Command="$(PowerShellCommandPrefix) &quot;. $(LibraryToolsFolder)\CheckSignature.ps1 -CustomPath $(PackageDirectory)\$(Configuration) &quot;"
+        Condition="'$(Scope)' != 'Stack'"
+        ContinueOnError="ErrorAndContinue" />
+		  
+	<!-- CheckSignature.ps1 -->
+    <Exec Command="$(PowerShellCommandPrefix) &quot;. $(LibraryToolsFolder)\CheckSignature.ps1 -CustomPath $(StackPackageFolder)\$(Configuration) &quot;"
+        Condition="'$(Scope)' == 'All' or '$(Scope)' == 'Stack'"
+        ContinueOnError="ErrorAndContinue" />
+
+    <!-- Copy files back after signing -->
+    <Copy SourceFiles="$(PackageDirectory)\$(Configuration)\Az.psm1"
+        DestinationFolder="$(LibraryRoot)tools\Az" Condition="'$(Scope)' == 'Netcore'" />
+    <Copy SourceFiles="$(PackageDirectory)\$(Configuration)\AzureRM.psm1"
+        DestinationFolder="$(LibraryRoot)tools\AzureRM" Condition="'$(Scope)' == 'All' or '$(Scope)' == 'Latest'" />
+    <Copy SourceFiles="$(StackPackageFolder)\$(Configuration)\AzureRM.psm1"
+        DestinationFolder="$(LibrarySourceFolder)\StackAdmin\AzureRM" Condition="'$(Scope)' == 'All' or '$(Scope)' == 'Stack'" />
+    <Copy SourceFiles="$(StackPackageFolder)\$(Configuration)\AzureStack.psm1"
+        DestinationFolder="$(LibrarySourceFolder)\StackAdmin\AzureStack" Condition="'$(Scope)' == 'All' or '$(Scope)' == 'Stack'" />
+  </Target>
+
+  <Target Name="CodeSignInstallerESRP">
+    <PropertyGroup>
+		<!--public token associated with MSSharedLibKey.snk-->
+		<StrongNameToken Condition=" '$(StrongNameToken)' == '' ">31bf3856ad364e35</StrongNameToken>
+    </PropertyGroup>
+    <GetFrameworkSdkPath>
+		<Output TaskParameter="Path" PropertyName="WindowsSdkPath"/>
+    </GetFrameworkSdkPath>
+
+    <ItemGroup>
+		<InstallersToSign Include="$(LibraryRoot)\setup\*.msi" />
+    </ItemGroup>
+
+    <Message Importance="high" Text="$(LibraryRoot)\setup does not contain any installers to sign. Code sign will skip."
+        Condition="'@(InstallersToSign)' == ''" />
+
+    <ESRPSignTask
+		SignedFilesRootDirPath="$(SignedOutputRootDir)"
+		UnsignedFileList="@(InstallersToSign)"
+		SignLogDirPath="$(LibraryRoot)\msi-signing.log" 
+		Condition="!$(DelaySign) and '@(InstallersToSign)' != ''"/>
+
+    <!--If we are testing locally then we copy the binaries and do not submit to the code sign server-->
+    <Copy SourceFiles="@(InstallersToSign)" DestinationFolder="signed" Condition="$(DelaySign)" />
+    <SetEnvVar EnvName="SignedMsiDir" EnvValue="$(SignedOutputRootDir)" />
+  </Target>
+
+</Project>
diff --git a/build.proj b/build.proj
index e53bff01832a..577ca6716492 100644
--- a/build.proj
+++ b/build.proj
@@ -52,6 +52,7 @@
     <PublishDirectory>$(LibrarySourceFolder)\Publish</PublishDirectory>
     <Configuration Condition=" '$(Configuration)' != 'Release'">Debug</Configuration>
     <CodeSign Condition=" '$(CodeSign)' == '' ">false</CodeSign>
+    <CodeSignESRP>false</CodeSignESRP>
     <!--Set this true only if you want to test the code sign workflow locally-->
     <DelaySign Condition =" '$(DelaySign)' == '' ">false</DelaySign>
     <SignedOutputRootDir>$(LibraryRoot)signed</SignedOutputRootDir>
@@ -124,6 +125,7 @@
   <UsingTask Condition=" $(OnPremiseBuild) " TaskName="CodeSigningTask" AssemblyFile="$(CIToolsPath)\Microsoft.WindowsAzure.Tools.Build.Tasks.OnPremise.dll" />
   <UsingTask Condition=" $(OnPremiseBuild) " TaskName="CorporateValidation" AssemblyFile="$(CIToolsPath)\Microsoft.WindowsAzure.Tools.Build.Tasks.OnPremise.dll" />
   <Import Condition=" $(OnPremiseBuild) " Project="$(CIToolsPath)\Microsoft.WindowsAzure.Build.OnPremise.msbuild" />
+  <Import Project="CodeSignESRP.targets"/>
 
   <UsingTask
     AssemblyFile="$(MSBuildProjectDirectory)\packages\xunit.runner.msbuild.2.1.0\build\portable-net45+win8+wp8+wpa81\xunit.runner.msbuild.dll"
@@ -277,6 +279,7 @@
           Condition="'$(CodeSign)' == 'false'"/>
 
     <CallTarget Targets="CodeSignBinaries" Condition="'$(CodeSign)' == 'true'" />
+    <CallTarget Targets="CodeSignBinariesESRP" Condition="'$(CodeSignESRP)' == 'true'" />
 
     <Exec ContinueOnError="false"
       Command="&quot;$(PowerShellCommand)&quot; -NonInteractive -NoLogo -NoProfile -Command &quot; . $(LibraryToolsFolder)\NewOutputTypeIndex.ps1 -OutputFile $(PackageDirectory)\outputtypes.json -BuildConfig $(Configuration) &quot;"
@@ -507,6 +510,7 @@
     <Exec Command="$(PowerShellCommandPrefix) &quot;. $(LibraryRoot)\setup\generate.ps1 -repository MSIcreationrepository &quot; "/>
     <Exec Command="$(PowerShellCommandPrefix) &quot;. Unregister-PSRepository -Name MSIcreationrepository &quot; "/>
     <CallTarget Targets="CodeSignInstaller" Condition=" '$(CodeSign)' == 'true'" />
+    <CallTarget Targets="CodeSignInstallerESRP" Condition=" '$(CodeSignESRP)' == 'true'" />
   </Target>
 
   <Target Name="CodeSignInstaller">
diff --git a/tools/RemoveCodeSignArtifacts.ps1 b/tools/RemoveCodeSignArtifacts.ps1
new file mode 100644
index 000000000000..f3e097cc29a1
--- /dev/null
+++ b/tools/RemoveCodeSignArtifacts.ps1
@@ -0,0 +1,32 @@
+param(
+    [Parameter(Position=0)]
+    [string]$Path
+)
+
+if ($Path -eq $null) {
+    $Path=$PSScriptRoot
+} else {
+    $Path = Resolve-Path $Path
+}
+
+Write-Output "Under the'$Path' folder"
+
+"Signed","Unsigned" | ForEach-Object {
+    Write-Output "'$_' artifacts deletion..."
+    $foldersToDelete = Get-ChildItem  -Path $Path -filter $_ -Directory -Recurse
+    $itemsQnty = $foldersToDelete.Count
+    Write-Output "Number of folders found: $itemsQnty"
+    if ($itemsQnty -gt 0) {
+        Write-Output "Folders list:"
+        $foldersToDelete | ForEach-Object {
+            $_.FullName
+        }
+        $foldersToDelete | ForEach-Object { 
+            Remove-Item (Join-Path $_.FullName *.*) -Force
+        }
+        $foldersToDelete | ForEach-Object {
+            Remove-Item $_.FullName -Force
+        }
+        Write-Output "Deleted"
+    }
+}
\ No newline at end of file

From c525b2ff2f180ec119f687e439ffeb527cbdd24d Mon Sep 17 00:00:00 2001
From: vlashch <vlashch@microsoft.com>
Date: Mon, 17 Dec 2018 13:58:16 -0800
Subject: [PATCH 02/11] Switch to ESRP codesign target

---
 CodeSignESRP.targets |  16 ++++--
 build.proj           | 126 ++++---------------------------------------
 2 files changed, 20 insertions(+), 122 deletions(-)

diff --git a/CodeSignESRP.targets b/CodeSignESRP.targets
index e0e6c5016d5b..c57aec9191ff 100644
--- a/CodeSignESRP.targets
+++ b/CodeSignESRP.targets
@@ -38,9 +38,9 @@
         Condition="'@(DelaySignedAssembliesToSign)' == ''" />
     
     <ESRPSignTask
-		CopyBackSignedFilesToOriginalLocation="true"
+	CopyBackSignedFilesToOriginalLocation="true"
         UnsignedFileList="@(DelaySignedAssembliesToSign)"
-        SignLogDirPath="$(LibraryRoot)signing-scripts.log" 
+        SignLogDirPath="$(LibraryRoot)dlls-signing.log" 
         Condition="!$(DelaySign) and '@(DelaySignedAssembliesToSign)' != ''"/>
 
     <Exec Command="$(PowerShellCommandPrefix) &quot;. $(LibraryToolsFolder)\UpdateModules.ps1 -BuildConfig $(Configuration) -Scope $(Scope) &quot;"/>
@@ -76,13 +76,14 @@
     <ESRPSignTask
 		CopyBackSignedFilesToOriginalLocation="true"
 		UnsignedFileList="@(ScriptsToSign)"
-		SignLogDirPath="$(LibraryRoot)signing-scripts.log" 
+		SignLogDirPath="$(LibraryRoot)scripts-signing.log" 
 		Condition="!$(DelaySign) and '@(ScriptsToSign)' != ''"/>
 		
-	<Message Text="----> Remove artifacts section" Importance="high"/>
+    <Message Text="----> Remove artifacts section" Importance="high"/>
 
 	<!-- RemoveCodeSignArtifacts.ps1 -->
-    <Exec Command="$(PowerShellCommandPrefix) &quot;. $(LibraryToolsFolder)\RemoveCodeSignArtifacts.ps1 -CustomPath $(PackageDirectory)\$(Configuration) &quot;"
+    <Exec Command="$(PowerShellCommandPrefix) &quot;. $(LibraryToolsFolder)\RemoveCodeSignArtifacts.ps1 -Path $(PackageDirectory)\$(Configuration) &quot;"
+		Condition="'$(Scope)' != 'Stack'"
         ContinueOnError="ErrorAndContinue" />
 		
 	<Message Text="----> CheckSignature section" Importance="high"/>
@@ -91,6 +92,11 @@
     <Exec Command="$(PowerShellCommandPrefix) &quot;. $(LibraryToolsFolder)\CheckSignature.ps1 -CustomPath $(PackageDirectory)\$(Configuration) &quot;"
         Condition="'$(Scope)' != 'Stack'"
         ContinueOnError="ErrorAndContinue" />
+		
+	<!-- RemoveCodeSignArtifacts.ps1 -->
+    <Exec Command="$(PowerShellCommandPrefix) &quot;. $(LibraryToolsFolder)\RemoveCodeSignArtifacts.ps1 -Path $(StackPackageFolder)\$(Configuration) &quot;"
+		Condition="'$(Scope)' == 'All' or '$(Scope)' == 'Stack'"
+        ContinueOnError="ErrorAndContinue" />
 		  
 	<!-- CheckSignature.ps1 -->
     <Exec Command="$(PowerShellCommandPrefix) &quot;. $(LibraryToolsFolder)\CheckSignature.ps1 -CustomPath $(StackPackageFolder)\$(Configuration) &quot;"
diff --git a/build.proj b/build.proj
index 583fcbead229..4cc460a85adb 100644
--- a/build.proj
+++ b/build.proj
@@ -16,10 +16,10 @@
     /t:Publish
       Creates local nuget packages and MSI
 
-    /p:CodeSign=True
+    /p:CodeSignESRP=True
       Code sign binaries, mainly for official release. Default is false.
 
-    /p:CodeSign=True;DelaySign=True
+    /p:CodeSignESRP=True;DelaySign=True
       Test the code sign workflow locally.
 
     /p:Scope
@@ -51,7 +51,6 @@
     <LocalFeedFolder>$(LibraryToolsFolder)\LocalFeed</LocalFeedFolder>
     <PublishDirectory>$(LibrarySourceFolder)\Publish</PublishDirectory>
     <Configuration Condition=" '$(Configuration)' != 'Release'">Debug</Configuration>
-    <CodeSign Condition=" '$(CodeSign)' == '' ">false</CodeSign>
     <CodeSignESRP>false</CodeSignESRP>
     <!--Set this true only if you want to test the code sign workflow locally-->
     <DelaySign Condition =" '$(DelaySign)' == '' ">false</DelaySign>
@@ -122,7 +121,6 @@
     <OnPremiseBuild Condition=" ! Exists($(OnPremiseBuildTasks)) ">false</OnPremiseBuild>
   </PropertyGroup>
 
-  <UsingTask Condition=" $(OnPremiseBuild) " TaskName="CodeSigningTask" AssemblyFile="$(CIToolsPath)\Microsoft.WindowsAzure.Tools.Build.Tasks.OnPremise.dll" />
   <UsingTask Condition=" $(OnPremiseBuild) " TaskName="CorporateValidation" AssemblyFile="$(CIToolsPath)\Microsoft.WindowsAzure.Tools.Build.Tasks.OnPremise.dll" />
   <Import Condition=" $(OnPremiseBuild) " Project="$(CIToolsPath)\Microsoft.WindowsAzure.Build.OnPremise.msbuild" />
   <Import Project="CodeSignESRP.targets"/>
@@ -270,13 +268,13 @@
 
 
     <!-- Update module manifests. -->
-    <Exec Command="$(PowerShellCoreCommandPrefix) &quot;. $(LibraryToolsFolder)\UpdateModules.ps1 -BuildConfig $(Configuration) -Scope $(Scope)&quot;" Condition="'$(CodeSign)' == 'false'" ContinueOnError="false" />
+    <Exec Command="$(PowerShellCoreCommandPrefix) &quot;. $(LibraryToolsFolder)\UpdateModules.ps1 -BuildConfig $(Configuration) -Scope $(Scope)&quot;" Condition="'$(CodeSignESRP)' == 'false'" ContinueOnError="false" />
     <!-- Generate the Help -->
     <Exec Command="$(PowerShellCoreCommandPrefix) &quot;Set-Variable -Name ProgressPreference -Value 'SilentlyContinue';. $(LibraryToolsFolder)\GenerateHelp.ps1 -ValidateMarkdownHelp -GenerateMamlHelp -BuildConfig $(Configuration)&quot;" Condition="'$(SkipHelp)' == 'false' And '$(RunStaticAnalysis)' == 'true'" ContinueOnError="false" />
 
     <Exec ContinueOnError="false"
       Command="$(PowerShellCoreCommandPrefix) &quot;. $(LibraryToolsFolder)\NewOutputTypeIndex.ps1 -OutputFile $(PackageDirectory)\outputtypes.json -BuildConfig $(Configuration) &quot;" 
-      Condition="'$(CodeSign)' == 'true'"/>
+      Condition="'$(CodeSignESRP)' == 'true'"/>
 
     <CallTarget targets="DependencyAnalysisNetcore" ContinueOnError="ErrorAndContinue" Condition="'$(RunStaticAnalysis)' == 'true'" />
     <Exec Command="$(PowerShellCommandPrefix) &quot;. $(LibraryToolsFolder)\CheckAssemblies.ps1 -BuildConfig $(Configuration) &quot;" Condition="'$(RunStaticAnalysis)' == 'true'" />
@@ -286,22 +284,22 @@
 
     <Exec ContinueOnError="false"
           Command="$(PowerShellCoreCommandPrefix) &quot; . $(LibraryToolsFolder)\NewHelpIndex.ps1 -OutputFile $(PackageDirectory)\index.json -BuildConfig $(Configuration) &quot;" 
-          Condition="'$(CodeSign)' == 'true'"/>
+          Condition="'$(CodeSignESRP)' == 'true'"/>
     
     <CallTarget Targets="BinScopeCheck" Condition="'$(OnPremiseBuild)'" />
 
     <CallTarget Targets="RunPoliCheck" Condition="'$(OnPremiseBuild)'" />
     
-    <CallTarget Targets="CodeSignBinaries" Condition="'$(CodeSign)' == 'true'" />
-
-    <Exec ContinueOnError="false" Command="$(PowerShellCoreCommandPrefix) &quot;. $(LibraryToolsFolder)\NewOutputTypeIndex.ps1 -OutputFile $(PackageDirectory)\outputtypes.json -BuildConfig $(Configuration)&quot;" Condition="('$(Scope)' == 'All' or '$(Scope)' == 'Latest') and $(CodeSign) == 'true'" />
+    <CallTarget Targets="CodeSignBinariesESRP" Condition="'$(CodeSignESRP)' == 'true'" />
+	
+    <Exec ContinueOnError="false" Command="$(PowerShellCoreCommandPrefix) &quot;. $(LibraryToolsFolder)\NewOutputTypeIndex.ps1 -OutputFile $(PackageDirectory)\outputtypes.json -BuildConfig $(Configuration)&quot;" Condition="('$(Scope)' == 'All' or '$(Scope)' == 'Latest') and $(CodeSignESRP) == 'true'" />
 
     <Message Importance="high" Text="Running Static Analyser" />
     <CallTarget targets="DependencyAnalysis" ContinueOnError="ErrorAndContinue" />
     <!-- TODO: Implement CheckAssemblies.ps1 for Az. -->
     <!-- <Exec Command="$(PowerShellCoreCommandPrefix) &quot;. $(LibraryToolsFolder)\CheckAssemblies.ps1 -BuildConfig $(Configuration) &quot;" /> -->
 
-    <Exec ContinueOnError="false" Command="$(PowerShellCoreCommandPrefix) &quot;. $(LibraryToolsFolder)\NewHelpIndex.ps1 -OutputFile $(PackageDirectory)\index.json -BuildConfig $(Configuration)&quot;" Condition="('$(Scope)' == 'All' or '$(Scope)' == 'Latest') and $(CodeSign) == 'true'" />
+    <Exec ContinueOnError="false" Command="$(PowerShellCoreCommandPrefix) &quot;. $(LibraryToolsFolder)\NewHelpIndex.ps1 -OutputFile $(PackageDirectory)\index.json -BuildConfig $(Configuration)&quot;" Condition="('$(Scope)' == 'All' or '$(Scope)' == 'Latest') and $(CodeSignESRP) == 'true'" />
   </Target>
 
   <!-- Do everything possible except Publish -->
@@ -312,119 +310,13 @@
     <MSBuild Projects="@(LocalBuildTasks)" Targets="Build" Properties="Configuration=$(Configuration);Platform=Any CPU" />
   </Target>
 
-  <Target Name="CodeSignBinaries" DependsOnTargets="RestoreNugetPackages;BuildMsBuildTask">
-    <PropertyGroup>
-      <!--public token associated with MSSharedLibKey.snk-->
-      <StrongNameToken Condition=" '$(StrongNameToken)' == '' ">31bf3856ad364e35</StrongNameToken>
-    </PropertyGroup>
-    <GetFrameworkSdkPath>
-      <Output TaskParameter="Path" PropertyName="WindowsSdkPath" />
-    </GetFrameworkSdkPath>
-
-    <!-- Azure -->
-    <ItemGroup Condition="'$(Scope)' == 'All' or '$(Scope)' == 'Latest' or '$(Scope)' == 'Netcore'">
-      <DelaySignedAssembliesToSign Include="$(PackageDirectory)\$(Configuration)\**\Microsoft*Azure*PowerShell*Cmdlets*.dll" />
-      <DelaySignedAssembliesToSign Include="$(PackageDirectory)\$(Configuration)\**\Microsoft.Azure.Management.Sql.Legacy.dll" />
-    </ItemGroup>
-
-    <Message Importance="high" Text="$(PackageDirectory)\$(Configuration) does not contains any files to sign. Code sign will skip." Condition="'@(DelaySignedAssembliesToSign)' == ''" />
-
-    <ValidateStrongNameSignatureTask
-      WindowsSdkPath="$(WindowsSdkPath)"
-      Assembly="%(DelaySignedAssembliesToSign.Identity)"
-      ExpectedTokenSignature="$(StrongNameToken)"
-      ExpectedDelaySigned="true"
-      ContinueOnError="false"
-      Condition="'@(DelaySignedAssembliesToSign)' != ''" />
-
-    <CodeSigningTask
-      Description="Microsoft Azure PowerShell"
-      Keywords="Microsoft Azure PowerShell"
-      UnsignedFiles="@(DelaySignedAssembliesToSign)"
-      DestinationPath="$(LibrarySourceFolder)"
-      BasePath="$(LibrarySourceFolder)"
-      Certificates="72, 400"
-      SigningLogPath="$(LibraryRoot)\signing.log"
-      ToolsPath="$(CIToolsPath)"
-      Condition="!$(DelaySign) and '@(DelaySignedAssembliesToSign)' != ''" />
-
-    <ValidateStrongNameSignatureTask
-        WindowsSdkPath="$(WindowsSdkPath)"
-        Assembly="%(DelaySignedAssembliesToSign.Identity)"
-        ExpectedTokenSignature="$(StrongNameToken)"
-        ExpectedDelaySigned="false"
-        ContinueOnError="false"
-        Condition="!$(DelaySign) and '@(DelaySignedAssembliesToSign)' != ''" />
-
-    <Exec Command="$(PowerShellCommandPrefix) &quot;. $(LibraryToolsFolder)\UpdateModules.ps1 -BuildConfig $(Configuration) -Scope $(Scope) &quot;" />
-
-    <!-- Copying shortcut to be signed -->
-    <Copy SourceFiles="$(LibraryRoot)tools\Az\Az.psm1" DestinationFolder="$(PackageDirectory)\$(Configuration)" Condition="'$(Scope)' == 'Netcore'" />
-
-    <!-- Azure -->
-    <ItemGroup Condition="'$(Scope)' == 'All' or '$(Scope)' == 'Latest' or '$(Scope)' == 'Netcore'">
-      <ScriptsToSign Include="$(PackageDirectory)\$(Configuration)\**\*.ps1" />
-      <ScriptsToSign Include="$(PackageDirectory)\$(Configuration)\**\*.psm1" />
-      <ScriptsToSign Include="$(PackageDirectory)\$(Configuration)\**\*.ps1xml" />
-      <ScriptsToSign Include="$(PackageDirectory)\$(Configuration)\**\*.js" />
-    </ItemGroup>
-
-    <CodeSigningTask
-      Description="Microsoft Azure PowerShell"
-      Keywords="Microsoft Azure PowerShell"
-      UnsignedFiles="@(ScriptsToSign)"
-      DestinationPath="$(LibrarySourceFolder)"
-      BasePath="$(LibrarySourceFolder)"
-      Certificates="400"
-      SigningLogPath="$(LibraryRoot)\signing-scripts.log"
-      ToolsPath="$(CIToolsPath)"
-      Condition="!$(DelaySign) and '@(ScriptsToSign)' != ''" />
-
-    <Exec Command="$(PowerShellCommandPrefix) &quot;. $(LibraryToolsFolder)\CheckSignature.ps1 -CustomPath $(PackageDirectory)\$(Configuration) &quot;" Condition="'$(Scope)' != 'Stack'" ContinueOnError="ErrorAndContinue" />
-
-    <!-- Copy files back after signing -->
-    <Copy SourceFiles="$(PackageDirectory)\$(Configuration)\Az.psm1" DestinationFolder="$(LibraryRoot)tools\Az" Condition="'$(Scope)' == 'Netcore'" />
-  </Target>
-
   <Target Name="BuildInstaller" Condition="'$(Scope)' == 'All' or '$(Scope)' == 'Latest'">
     <Exec Command="$(PowerShellCommandPrefix) &quot;. Register-PSRepository -Name MSIcreationrepository -SourceLocation $(PackageDirectory) -InstallationPolicy Trusted &quot; " />
     <Exec Command="$(PowerShellCommandPrefix) &quot;. $(LibraryRoot)\setup\generate.ps1 -repository MSIcreationrepository &quot; " />
     <Exec Command="$(PowerShellCommandPrefix) &quot;. Unregister-PSRepository -Name MSIcreationrepository &quot; " />
-    <CallTarget Targets="CodeSignInstaller" Condition=" '$(CodeSign)' == 'true'" />
     <CallTarget Targets="CodeSignInstallerESRP" Condition=" '$(CodeSignESRP)' == 'true'" />
   </Target>
 
-  <Target Name="CodeSignInstaller">
-    <PropertyGroup>
-      <!--public token associated with MSSharedLibKey.snk-->
-      <StrongNameToken Condition=" '$(StrongNameToken)' == '' ">31bf3856ad364e35</StrongNameToken>
-    </PropertyGroup>
-    <GetFrameworkSdkPath>
-      <Output TaskParameter="Path" PropertyName="WindowsSdkPath" />
-    </GetFrameworkSdkPath>
-
-    <ItemGroup>
-      <InstallersToSign Include="$(LibraryRoot)\setup\*.msi" />
-    </ItemGroup>
-
-    <Message Importance="high" Text="$(LibraryRoot)\setup does not contain any installers to sign. Code sign will skip."
-             Condition="'@(InstallersToSign)' == ''" />
-
-    <CodeSigningTask
-      Description="Microsoft Azure PowerShell"
-      Keywords="Microsoft Azure PowerShell"
-      UnsignedFiles="@(InstallersToSign)"
-      DestinationPath="$(SignedOutputRootDir)"
-      SigningLogPath="$(LibraryRoot)\msi-signing.log"
-      Certificates="402"
-      ToolsPath="$(CIToolsPath)"
-      Condition="!$(DelaySign) and '@(InstallersToSign)' != ''" />
-
-    <!--If we are testing locally then we copy the binaries and do not submit to the code sign server-->
-    <Copy SourceFiles="@(InstallersToSign)" DestinationFolder="signed" Condition="$(DelaySign)" />
-    <SetEnvVar EnvName="SignedMsiDir" EnvValue="$(SignedOutputRootDir)" />
-  </Target>
-
   <!-- Run Validation -->
   <Target Name="DependencyAnalysis" Condition="'$(SkipDependencyAnalysis)' == 'false'">
     <Message Importance="high" Text="Running dependency analysis..." />

From 2879a329e277457b7b7d5f5a05b758bc18beaee8 Mon Sep 17 00:00:00 2001
From: vlashch <vlashch@microsoft.com>
Date: Tue, 18 Dec 2018 12:04:43 -0800
Subject: [PATCH 03/11] master branch aligned

---
 CodeSignESRP.targets | 208 +++++++++++++++++--------------------------
 1 file changed, 81 insertions(+), 127 deletions(-)

diff --git a/CodeSignESRP.targets b/CodeSignESRP.targets
index c57aec9191ff..2073a63e382a 100644
--- a/CodeSignESRP.targets
+++ b/CodeSignESRP.targets
@@ -10,135 +10,89 @@
    
 	<Target Name="CodeSignBinariesESRP" DependsOnTargets="RestoreNugetPackages;BuildMsBuildTask">
 
-    <Message Text="====> Executing CodeSignBinariesESRP Target..." Importance="high"/>
-	
-    <PropertyGroup>
-		<!--public token associated with MSSharedLibKey.snk-->
-		<StrongNameToken Condition=" '$(StrongNameToken)' == '' ">31bf3856ad364e35</StrongNameToken>
-    </PropertyGroup>
-	
-	<Message Text="----> Dlls signing section" Importance="high"/>
-
-    <!-- Azure -->
-    <ItemGroup Condition="'$(Scope)' == 'All' or '$(Scope)' == 'Latest' or '$(Scope)' == 'Netcore'">
-		<DelaySignedAssembliesToSign Include="$(PackageDirectory)\$(Configuration)\**\Microsoft*Azure*Commands*.dll" Exclude="$(PackageDirectory)\$(Configuration)\**\Microsoft*Azure*Commands*Common*.dll" />
-		<DelaySignedAssembliesToSign Include="$(PackageDirectory)\$(Configuration)\**\Microsoft.Azure.Common.Extensions.dll" />
-		<DelaySignedAssembliesToSign Include="$(PackageDirectory)\$(Configuration)\**\Microsoft.Azure.Management.Sql.Legacy.dll" />
-    </ItemGroup>
-
-    <!-- Stack -->
-    <ItemGroup Condition="'$(Scope)' == 'All' or '$(Scope)' == 'Stack'">
-		<DelaySignedAssembliesToSign Include="$(StackPackageFolder)\$(Configuration)\**\Microsoft*Azure*Commands*.dll" Exclude="$(StackPackageFolder)\$(Configuration)\**\Microsoft*Azure*Commands*Common*.dll" />
-		<DelaySignedAssembliesToSign Include="$(StackPackageFolder)\$(Configuration)\**\Microsoft.Azure.Management.Storage.dll" />
-		<DelaySignedAssembliesToSign Include="$(StackPackageFolder)\$(Configuration)\**\Microsoft.Azure.Common.Extensions.dll" />
-		<DelaySignedAssembliesToSign Include="$(StackPackageFolder)\$(Configuration)\**\Microsoft.Azure.Management.Sql.Legacy.dll" />
-    </ItemGroup>
-
-    <Message Importance="high" Text="$(PackageDirectory)\$(Configuration) does not contains any files to sign. Code sign will skip."
-        Condition="'@(DelaySignedAssembliesToSign)' == ''" />
-    
-    <ESRPSignTask
-	CopyBackSignedFilesToOriginalLocation="true"
-        UnsignedFileList="@(DelaySignedAssembliesToSign)"
-        SignLogDirPath="$(LibraryRoot)dlls-signing.log" 
-        Condition="!$(DelaySign) and '@(DelaySignedAssembliesToSign)' != ''"/>
-
-    <Exec Command="$(PowerShellCommandPrefix) &quot;. $(LibraryToolsFolder)\UpdateModules.ps1 -BuildConfig $(Configuration) -Scope $(Scope) &quot;"/>
-
-    <!-- Copying shortcut to be signed -->
-    <Copy SourceFiles="$(LibraryRoot)tools\Az\Az.psm1"
-        DestinationFolder="$(PackageDirectory)\$(Configuration)" Condition="'$(Scope)' == 'Netcore'" />
-    <Copy SourceFiles="$(LibraryRoot)tools\AzureRM\AzureRM.psm1"
-        DestinationFolder="$(PackageDirectory)\$(Configuration)" Condition="'$(Scope)' == 'All' or '$(Scope)' == 'Latest'" />
-    <Copy SourceFiles="$(LibrarySourceFolder)\StackAdmin\AzureRM\AzureRM.psm1"
-        DestinationFolder="$(StackPackageFolder)\$(Configuration)" Condition="'$(Scope)' == 'All' or '$(Scope)' == 'Stack'" />
-    <Copy SourceFiles="$(LibrarySourceFolder)\StackAdmin\AzureStack\AzureStack.psm1"
-        DestinationFolder="$(StackPackageFolder)\$(Configuration)" Condition="'$(Scope)' == 'All' or '$(Scope)' == 'Stack'" />
-		  
-	<Message Text="----> Scripts signing section" Importance="high"/>
-
-    <!-- Azure -->
-    <ItemGroup Condition="'$(Scope)' == 'All' or '$(Scope)' == 'Latest' or '$(Scope)' == 'Netcore'">
-		<ScriptsToSign Include="$(PackageDirectory)\$(Configuration)\**\*.ps1"/>
-		<ScriptsToSign Include="$(PackageDirectory)\$(Configuration)\**\*.psm1"/>
-		<ScriptsToSign Include="$(PackageDirectory)\$(Configuration)\**\*.ps1xml"/>
-		<ScriptsToSign Include="$(PackageDirectory)\$(Configuration)\**\*.js"/>
-    </ItemGroup>
-
-    <!-- Stack -->
-    <ItemGroup Condition="'$(Scope)' == 'All' or '$(Scope)' == 'Stack'">
-		<ScriptsToSign Include="$(StackPackageFolder)\$(Configuration)\**\*.ps1"/>
-		<ScriptsToSign Include="$(StackPackageFolder)\$(Configuration)\**\*.psm1"/>
-		<ScriptsToSign Include="$(StackPackageFolder)\$(Configuration)\**\*.ps1xml"/>
-		<ScriptsToSign Include="$(StackPackageFolder)\$(Configuration)\**\*.js"/>
-    </ItemGroup>
-
-    <ESRPSignTask
-		CopyBackSignedFilesToOriginalLocation="true"
-		UnsignedFileList="@(ScriptsToSign)"
-		SignLogDirPath="$(LibraryRoot)scripts-signing.log" 
-		Condition="!$(DelaySign) and '@(ScriptsToSign)' != ''"/>
+		<Message Text="====> Executing CodeSignBinariesESRP Target..." Importance="high"/>
 		
-    <Message Text="----> Remove artifacts section" Importance="high"/>
-
-	<!-- RemoveCodeSignArtifacts.ps1 -->
-    <Exec Command="$(PowerShellCommandPrefix) &quot;. $(LibraryToolsFolder)\RemoveCodeSignArtifacts.ps1 -Path $(PackageDirectory)\$(Configuration) &quot;"
-		Condition="'$(Scope)' != 'Stack'"
-        ContinueOnError="ErrorAndContinue" />
+		<PropertyGroup>
+			<!--public token associated with MSSharedLibKey.snk-->
+			<StrongNameToken Condition=" '$(StrongNameToken)' == '' ">31bf3856ad364e35</StrongNameToken>
+		</PropertyGroup>
 		
-	<Message Text="----> CheckSignature section" Importance="high"/>
+		<Message Text="----> Dlls signing section" Importance="high"/>
 
-	<!-- CheckSignature.ps1 -->
-    <Exec Command="$(PowerShellCommandPrefix) &quot;. $(LibraryToolsFolder)\CheckSignature.ps1 -CustomPath $(PackageDirectory)\$(Configuration) &quot;"
-        Condition="'$(Scope)' != 'Stack'"
-        ContinueOnError="ErrorAndContinue" />
-		
-	<!-- RemoveCodeSignArtifacts.ps1 -->
-    <Exec Command="$(PowerShellCommandPrefix) &quot;. $(LibraryToolsFolder)\RemoveCodeSignArtifacts.ps1 -Path $(StackPackageFolder)\$(Configuration) &quot;"
-		Condition="'$(Scope)' == 'All' or '$(Scope)' == 'Stack'"
-        ContinueOnError="ErrorAndContinue" />
-		  
-	<!-- CheckSignature.ps1 -->
-    <Exec Command="$(PowerShellCommandPrefix) &quot;. $(LibraryToolsFolder)\CheckSignature.ps1 -CustomPath $(StackPackageFolder)\$(Configuration) &quot;"
-        Condition="'$(Scope)' == 'All' or '$(Scope)' == 'Stack'"
-        ContinueOnError="ErrorAndContinue" />
-
-    <!-- Copy files back after signing -->
-    <Copy SourceFiles="$(PackageDirectory)\$(Configuration)\Az.psm1"
-        DestinationFolder="$(LibraryRoot)tools\Az" Condition="'$(Scope)' == 'Netcore'" />
-    <Copy SourceFiles="$(PackageDirectory)\$(Configuration)\AzureRM.psm1"
-        DestinationFolder="$(LibraryRoot)tools\AzureRM" Condition="'$(Scope)' == 'All' or '$(Scope)' == 'Latest'" />
-    <Copy SourceFiles="$(StackPackageFolder)\$(Configuration)\AzureRM.psm1"
-        DestinationFolder="$(LibrarySourceFolder)\StackAdmin\AzureRM" Condition="'$(Scope)' == 'All' or '$(Scope)' == 'Stack'" />
-    <Copy SourceFiles="$(StackPackageFolder)\$(Configuration)\AzureStack.psm1"
-        DestinationFolder="$(LibrarySourceFolder)\StackAdmin\AzureStack" Condition="'$(Scope)' == 'All' or '$(Scope)' == 'Stack'" />
-  </Target>
-
-  <Target Name="CodeSignInstallerESRP">
-    <PropertyGroup>
-		<!--public token associated with MSSharedLibKey.snk-->
-		<StrongNameToken Condition=" '$(StrongNameToken)' == '' ">31bf3856ad364e35</StrongNameToken>
-    </PropertyGroup>
-    <GetFrameworkSdkPath>
-		<Output TaskParameter="Path" PropertyName="WindowsSdkPath"/>
-    </GetFrameworkSdkPath>
-
-    <ItemGroup>
-		<InstallersToSign Include="$(LibraryRoot)\setup\*.msi" />
-    </ItemGroup>
-
-    <Message Importance="high" Text="$(LibraryRoot)\setup does not contain any installers to sign. Code sign will skip."
-        Condition="'@(InstallersToSign)' == ''" />
-
-    <ESRPSignTask
-		SignedFilesRootDirPath="$(SignedOutputRootDir)"
-		UnsignedFileList="@(InstallersToSign)"
-		SignLogDirPath="$(LibraryRoot)\msi-signing.log" 
-		Condition="!$(DelaySign) and '@(InstallersToSign)' != ''"/>
-
-    <!--If we are testing locally then we copy the binaries and do not submit to the code sign server-->
-    <Copy SourceFiles="@(InstallersToSign)" DestinationFolder="signed" Condition="$(DelaySign)" />
-    <SetEnvVar EnvName="SignedMsiDir" EnvValue="$(SignedOutputRootDir)" />
-  </Target>
+		 <!-- Azure -->
+		<ItemGroup Condition="'$(Scope)' == 'All' or '$(Scope)' == 'Latest' or '$(Scope)' == 'Netcore'">
+			<DelaySignedAssembliesToSign Include="$(PackageDirectory)\$(Configuration)\**\Microsoft*Azure*PowerShell*Cmdlets*.dll" />
+			<DelaySignedAssembliesToSign Include="$(PackageDirectory)\$(Configuration)\**\Microsoft.Azure.Management.Sql.Legacy.dll" />
+		</ItemGroup>
 
+		<Message Importance="high" Text="$(PackageDirectory)\$(Configuration) does not contains any files to sign. Code sign will skip."
+			Condition="'@(DelaySignedAssembliesToSign)' == ''" />
+		
+		<ESRPSignTask
+			CopyBackSignedFilesToOriginalLocation="true"
+			UnsignedFileList="@(DelaySignedAssembliesToSign)"
+			SignLogDirPath="$(LibraryRoot)dlls-signing.log" 
+			Condition="!$(DelaySign) and '@(DelaySignedAssembliesToSign)' != ''"/>
+
+		<Exec Command="$(PowerShellCommandPrefix) &quot;. $(LibraryToolsFolder)\UpdateModules.ps1 -BuildConfig $(Configuration) -Scope $(Scope) &quot;" />
+
+		<!-- Copying shortcut to be signed -->
+		<Copy SourceFiles="$(LibraryRoot)tools\Az\Az.psm1" DestinationFolder="$(PackageDirectory)\$(Configuration)" Condition="'$(Scope)' == 'Netcore'" />
+			  
+		<Message Text="----> Scripts signing section" Importance="high"/>
+
+		 <!-- Azure -->
+		<ItemGroup Condition="'$(Scope)' == 'All' or '$(Scope)' == 'Latest' or '$(Scope)' == 'Netcore'">
+			<ScriptsToSign Include="$(PackageDirectory)\$(Configuration)\**\*.ps1" />
+			<ScriptsToSign Include="$(PackageDirectory)\$(Configuration)\**\*.psm1" />
+			<ScriptsToSign Include="$(PackageDirectory)\$(Configuration)\**\*.ps1xml" />
+			<ScriptsToSign Include="$(PackageDirectory)\$(Configuration)\**\*.js" />
+		</ItemGroup>
+
+		<ESRPSignTask
+			CopyBackSignedFilesToOriginalLocation="true"
+			UnsignedFileList="@(ScriptsToSign)"
+			SignLogDirPath="$(LibraryRoot)scripts-signing.log" 
+			Condition="!$(DelaySign) and '@(ScriptsToSign)' != ''"/>			
+
+		<!-- RemoveCodeSignArtifacts.ps1 -->
+		<Message Text="----> Remove artifacts section" Importance="high"/>		
+		<Exec Command="$(PowerShellCommandPrefix) &quot;. $(LibraryToolsFolder)\RemoveCodeSignArtifacts.ps1 -Path $(PackageDirectory)\$(Configuration) &quot;"
+			Condition="'$(Scope)' != 'Stack'"
+			ContinueOnError="ErrorAndContinue" />
+		
+		<!-- CheckSignature.ps1 -->	
+		<Message Text="----> CheckSignature section" Importance="high"/>		
+		<Exec Command="$(PowerShellCommandPrefix) &quot;. $(LibraryToolsFolder)\CheckSignature.ps1 -CustomPath $(PackageDirectory)\$(Configuration) &quot;" Condition="'$(Scope)' != 'Stack'" ContinueOnError="ErrorAndContinue" />
+
+		<!-- Copy files back after signing -->
+		<Copy SourceFiles="$(PackageDirectory)\$(Configuration)\Az.psm1" DestinationFolder="$(LibraryRoot)tools\Az" Condition="'$(Scope)' == 'Netcore'" />
+	</Target>
+
+	<Target Name="CodeSignInstallerESRP">
+		<PropertyGroup>
+			<!--public token associated with MSSharedLibKey.snk-->
+			<StrongNameToken Condition=" '$(StrongNameToken)' == '' ">31bf3856ad364e35</StrongNameToken>
+		</PropertyGroup>
+		<GetFrameworkSdkPath>
+			<Output TaskParameter="Path" PropertyName="WindowsSdkPath"/>
+		</GetFrameworkSdkPath>
+
+		<ItemGroup>
+			<InstallersToSign Include="$(LibraryRoot)\setup\*.msi" />
+		</ItemGroup>
+
+		<Message Importance="high" Text="$(LibraryRoot)\setup does not contain any installers to sign. Code sign will skip."
+			Condition="'@(InstallersToSign)' == ''" />
+
+		<ESRPSignTask
+			SignedFilesRootDirPath="$(SignedOutputRootDir)"
+			UnsignedFileList="@(InstallersToSign)"
+			SignLogDirPath="$(LibraryRoot)\msi-signing.log" 
+			Condition="!$(DelaySign) and '@(InstallersToSign)' != ''"/>
+
+		<!--If we are testing locally then we copy the binaries and do not submit to the code sign server-->
+		<Copy SourceFiles="@(InstallersToSign)" DestinationFolder="signed" Condition="$(DelaySign)" />
+		<SetEnvVar EnvName="SignedMsiDir" EnvValue="$(SignedOutputRootDir)" />
+	</Target>
 </Project>

From 60a1e6b7aec164439530a0fe67c240602e1c514e Mon Sep 17 00:00:00 2001
From: vlashch <vlashch@microsoft.com>
Date: Tue, 18 Dec 2018 13:33:26 -0800
Subject: [PATCH 04/11] Suffix ESRP removed

---
 CodeSignESRP.targets => CodeSign.targets |  6 +++---
 build.proj                               | 22 +++++++++++-----------
 2 files changed, 14 insertions(+), 14 deletions(-)
 rename CodeSignESRP.targets => CodeSign.targets (95%)

diff --git a/CodeSignESRP.targets b/CodeSign.targets
similarity index 95%
rename from CodeSignESRP.targets
rename to CodeSign.targets
index 2073a63e382a..f0bd66e87fb5 100644
--- a/CodeSignESRP.targets
+++ b/CodeSign.targets
@@ -8,9 +8,9 @@
 		<CISignRepoPath>$(CISignRepo)</CISignRepoPath>
 	</PropertyGroup>
    
-	<Target Name="CodeSignBinariesESRP" DependsOnTargets="RestoreNugetPackages;BuildMsBuildTask">
+	<Target Name="CodeSignBinaries" DependsOnTargets="RestoreNugetPackages;BuildMsBuildTask">
 
-		<Message Text="====> Executing CodeSignBinariesESRP Target..." Importance="high"/>
+		<Message Text="====> Executing CodeSignBinaries Target..." Importance="high"/>
 		
 		<PropertyGroup>
 			<!--public token associated with MSSharedLibKey.snk-->
@@ -69,7 +69,7 @@
 		<Copy SourceFiles="$(PackageDirectory)\$(Configuration)\Az.psm1" DestinationFolder="$(LibraryRoot)tools\Az" Condition="'$(Scope)' == 'Netcore'" />
 	</Target>
 
-	<Target Name="CodeSignInstallerESRP">
+	<Target Name="CodeSignInstaller">
 		<PropertyGroup>
 			<!--public token associated with MSSharedLibKey.snk-->
 			<StrongNameToken Condition=" '$(StrongNameToken)' == '' ">31bf3856ad364e35</StrongNameToken>
diff --git a/build.proj b/build.proj
index 4cc460a85adb..21abfe03cbc9 100644
--- a/build.proj
+++ b/build.proj
@@ -16,10 +16,10 @@
     /t:Publish
       Creates local nuget packages and MSI
 
-    /p:CodeSignESRP=True
+    /p:CodeSign=True
       Code sign binaries, mainly for official release. Default is false.
 
-    /p:CodeSignESRP=True;DelaySign=True
+    /p:CodeSign=True;DelaySign=True
       Test the code sign workflow locally.
 
     /p:Scope
@@ -51,7 +51,7 @@
     <LocalFeedFolder>$(LibraryToolsFolder)\LocalFeed</LocalFeedFolder>
     <PublishDirectory>$(LibrarySourceFolder)\Publish</PublishDirectory>
     <Configuration Condition=" '$(Configuration)' != 'Release'">Debug</Configuration>
-    <CodeSignESRP>false</CodeSignESRP>
+    <CodeSign>false</CodeSign>
     <!--Set this true only if you want to test the code sign workflow locally-->
     <DelaySign Condition =" '$(DelaySign)' == '' ">false</DelaySign>
     <SignedOutputRootDir>$(LibraryRoot)signed</SignedOutputRootDir>
@@ -123,7 +123,7 @@
 
   <UsingTask Condition=" $(OnPremiseBuild) " TaskName="CorporateValidation" AssemblyFile="$(CIToolsPath)\Microsoft.WindowsAzure.Tools.Build.Tasks.OnPremise.dll" />
   <Import Condition=" $(OnPremiseBuild) " Project="$(CIToolsPath)\Microsoft.WindowsAzure.Build.OnPremise.msbuild" />
-  <Import Project="CodeSignESRP.targets"/>
+  <Import Project="CodeSign.targets"/>
 
   <UsingTask AssemblyFile="$(MSBuildProjectDirectory)\packages\xunit.runner.msbuild.2.1.0\build\portable-net45+win8+wp8+wpa81\xunit.runner.msbuild.dll" TaskName="Xunit.Runner.MSBuild.xunit" />
 
@@ -268,13 +268,13 @@
 
 
     <!-- Update module manifests. -->
-    <Exec Command="$(PowerShellCoreCommandPrefix) &quot;. $(LibraryToolsFolder)\UpdateModules.ps1 -BuildConfig $(Configuration) -Scope $(Scope)&quot;" Condition="'$(CodeSignESRP)' == 'false'" ContinueOnError="false" />
+    <Exec Command="$(PowerShellCoreCommandPrefix) &quot;. $(LibraryToolsFolder)\UpdateModules.ps1 -BuildConfig $(Configuration) -Scope $(Scope)&quot;" Condition="'$(CodeSign)' == 'false'" ContinueOnError="false" />
     <!-- Generate the Help -->
     <Exec Command="$(PowerShellCoreCommandPrefix) &quot;Set-Variable -Name ProgressPreference -Value 'SilentlyContinue';. $(LibraryToolsFolder)\GenerateHelp.ps1 -ValidateMarkdownHelp -GenerateMamlHelp -BuildConfig $(Configuration)&quot;" Condition="'$(SkipHelp)' == 'false' And '$(RunStaticAnalysis)' == 'true'" ContinueOnError="false" />
 
     <Exec ContinueOnError="false"
       Command="$(PowerShellCoreCommandPrefix) &quot;. $(LibraryToolsFolder)\NewOutputTypeIndex.ps1 -OutputFile $(PackageDirectory)\outputtypes.json -BuildConfig $(Configuration) &quot;" 
-      Condition="'$(CodeSignESRP)' == 'true'"/>
+      Condition="'$(CodeSign)' == 'true'"/>
 
     <CallTarget targets="DependencyAnalysisNetcore" ContinueOnError="ErrorAndContinue" Condition="'$(RunStaticAnalysis)' == 'true'" />
     <Exec Command="$(PowerShellCommandPrefix) &quot;. $(LibraryToolsFolder)\CheckAssemblies.ps1 -BuildConfig $(Configuration) &quot;" Condition="'$(RunStaticAnalysis)' == 'true'" />
@@ -284,22 +284,22 @@
 
     <Exec ContinueOnError="false"
           Command="$(PowerShellCoreCommandPrefix) &quot; . $(LibraryToolsFolder)\NewHelpIndex.ps1 -OutputFile $(PackageDirectory)\index.json -BuildConfig $(Configuration) &quot;" 
-          Condition="'$(CodeSignESRP)' == 'true'"/>
+          Condition="'$(CodeSign)' == 'true'"/>
     
     <CallTarget Targets="BinScopeCheck" Condition="'$(OnPremiseBuild)'" />
 
     <CallTarget Targets="RunPoliCheck" Condition="'$(OnPremiseBuild)'" />
     
-    <CallTarget Targets="CodeSignBinariesESRP" Condition="'$(CodeSignESRP)' == 'true'" />
+    <CallTarget Targets="CodeSignBinaries" Condition="'$(CodeSign)' == 'true'" />
 	
-    <Exec ContinueOnError="false" Command="$(PowerShellCoreCommandPrefix) &quot;. $(LibraryToolsFolder)\NewOutputTypeIndex.ps1 -OutputFile $(PackageDirectory)\outputtypes.json -BuildConfig $(Configuration)&quot;" Condition="('$(Scope)' == 'All' or '$(Scope)' == 'Latest') and $(CodeSignESRP) == 'true'" />
+    <Exec ContinueOnError="false" Command="$(PowerShellCoreCommandPrefix) &quot;. $(LibraryToolsFolder)\NewOutputTypeIndex.ps1 -OutputFile $(PackageDirectory)\outputtypes.json -BuildConfig $(Configuration)&quot;" Condition="('$(Scope)' == 'All' or '$(Scope)' == 'Latest') and $(CodeSign) == 'true'" />
 
     <Message Importance="high" Text="Running Static Analyser" />
     <CallTarget targets="DependencyAnalysis" ContinueOnError="ErrorAndContinue" />
     <!-- TODO: Implement CheckAssemblies.ps1 for Az. -->
     <!-- <Exec Command="$(PowerShellCoreCommandPrefix) &quot;. $(LibraryToolsFolder)\CheckAssemblies.ps1 -BuildConfig $(Configuration) &quot;" /> -->
 
-    <Exec ContinueOnError="false" Command="$(PowerShellCoreCommandPrefix) &quot;. $(LibraryToolsFolder)\NewHelpIndex.ps1 -OutputFile $(PackageDirectory)\index.json -BuildConfig $(Configuration)&quot;" Condition="('$(Scope)' == 'All' or '$(Scope)' == 'Latest') and $(CodeSignESRP) == 'true'" />
+    <Exec ContinueOnError="false" Command="$(PowerShellCoreCommandPrefix) &quot;. $(LibraryToolsFolder)\NewHelpIndex.ps1 -OutputFile $(PackageDirectory)\index.json -BuildConfig $(Configuration)&quot;" Condition="('$(Scope)' == 'All' or '$(Scope)' == 'Latest') and $(CodeSign) == 'true'" />
   </Target>
 
   <!-- Do everything possible except Publish -->
@@ -314,7 +314,7 @@
     <Exec Command="$(PowerShellCommandPrefix) &quot;. Register-PSRepository -Name MSIcreationrepository -SourceLocation $(PackageDirectory) -InstallationPolicy Trusted &quot; " />
     <Exec Command="$(PowerShellCommandPrefix) &quot;. $(LibraryRoot)\setup\generate.ps1 -repository MSIcreationrepository &quot; " />
     <Exec Command="$(PowerShellCommandPrefix) &quot;. Unregister-PSRepository -Name MSIcreationrepository &quot; " />
-    <CallTarget Targets="CodeSignInstallerESRP" Condition=" '$(CodeSignESRP)' == 'true'" />
+    <CallTarget Targets="CodeSignInstaller" Condition=" '$(CodeSign)' == 'true'" />
   </Target>
 
   <!-- Run Validation -->

From f16444eef7190ed21622a7ee747e7cc8bcb39ae2 Mon Sep 17 00:00:00 2001
From: vlashch <vlashch@microsoft.com>
Date: Tue, 18 Dec 2018 15:46:23 -0800
Subject: [PATCH 05/11] debug message added

---
 CodeSign.targets | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CodeSign.targets b/CodeSign.targets
index f0bd66e87fb5..c9f7d0c187b6 100644
--- a/CodeSign.targets
+++ b/CodeSign.targets
@@ -70,6 +70,7 @@
 	</Target>
 
 	<Target Name="CodeSignInstaller">
+		<Message Text="----> CodeSignInstaller section" Importance="high"/>
 		<PropertyGroup>
 			<!--public token associated with MSSharedLibKey.snk-->
 			<StrongNameToken Condition=" '$(StrongNameToken)' == '' ">31bf3856ad364e35</StrongNameToken>

From 3a9393efdd20986193907daa4ba3fa376782e8d5 Mon Sep 17 00:00:00 2001
From: markcowl <markcowl@microsoft.com>
Date: Thu, 20 Dec 2018 10:52:19 -0800
Subject: [PATCH 06/11] Fix signing issues with build

---
 tools/GenerateHelp.ps1 | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tools/GenerateHelp.ps1 b/tools/GenerateHelp.ps1
index 1108c25b3033..87ec05f66cf6 100644
--- a/tools/GenerateHelp.ps1
+++ b/tools/GenerateHelp.ps1
@@ -11,7 +11,7 @@ Param(
     [string]$FilteredModules
 )
 
-$ResourceManagerFolders = Get-ChildItem -Path ".\src\ResourceManager"
+$ResourceManagerFolders = Get-ChildItem -Path "$PSScriptRoot\..\src\ResourceManager"
 Import-Module "$PSScriptRoot\HelpGeneration\HelpGeneration.psm1"
 $UnfilteredHelpFolders = Get-ChildItem "help" -Recurse -Directory | where { $_.FullName -like "*$BuildConfig*" -and $_.FullName -notlike "*Stack*" }
 $FilteredHelpFolders = $UnfilteredHelpFolders
@@ -40,7 +40,7 @@ if ($ValidateMarkdownHelp)
     $Exceptions = @()
     foreach ($ServiceFolder in $ResourceManagerFolders)
     {
-        $HelpFolder = Get-ChildItem -Path $ServiceFolder -Filter "help" -Recurse -Directory
+        $HelpFolder = (Get-ChildItem -Path $ServiceFolder -Filter "help" -Recurse -Directory)
         if ($HelpFolder -eq $null)
         {
             $Exceptions += $ServiceFolder.Name

From b55e2e9006c21d584d97ae30036135bc503fb7fa Mon Sep 17 00:00:00 2001
From: markcowl <markcowl@microsoft.com>
Date: Thu, 20 Dec 2018 11:30:34 -0800
Subject: [PATCH 07/11] Fix problem with directory search for help

---
 tools/GenerateHelp.ps1 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/GenerateHelp.ps1 b/tools/GenerateHelp.ps1
index 87ec05f66cf6..b35202ca1140 100644
--- a/tools/GenerateHelp.ps1
+++ b/tools/GenerateHelp.ps1
@@ -40,7 +40,7 @@ if ($ValidateMarkdownHelp)
     $Exceptions = @()
     foreach ($ServiceFolder in $ResourceManagerFolders)
     {
-        $HelpFolder = (Get-ChildItem -Path $ServiceFolder -Filter "help" -Recurse -Directory)
+        $HelpFolder = (Get-ChildItem -Path $ServiceFolder.FullName -Filter "help" -Recurse -Directory)
         if ($HelpFolder -eq $null)
         {
             $Exceptions += $ServiceFolder.Name

From f6d64490f1b9024bfe03eef8a14f8a1374318934 Mon Sep 17 00:00:00 2001
From: markcowl <markcowl@microsoft.com>
Date: Thu, 20 Dec 2018 14:49:07 -0800
Subject: [PATCH 08/11] Add signed installer build

---
 build.proj | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/build.proj b/build.proj
index b7e83f3dfdc2..8fcdf11c801d 100644
--- a/build.proj
+++ b/build.proj
@@ -310,7 +310,7 @@
     <MSBuild Projects="@(LocalBuildTasks)" Targets="Build" Properties="Configuration=$(Configuration);Platform=Any CPU" />
   </Target>
 
-  <Target Name="BuildInstaller" Condition="'$(Scope)' == 'All' or '$(Scope)' == 'Latest'">
+  <Target Name="BuildInstaller" Condition="'$(Scope)' == 'All' or '$(Scope)' == 'Latest' or '$(Scope)' == 'Netcore'">
     <Exec Command="$(PowerShellCommandPrefix) &quot;. Register-PSRepository -Name MSIcreationrepository -SourceLocation $(PackageDirectory) -InstallationPolicy Trusted &quot; " />
     <Exec Command="$(PowerShellCommandPrefix) &quot;. $(LibraryRoot)\setup\generate.ps1 -repository MSIcreationrepository &quot; " />
     <Exec Command="$(PowerShellCommandPrefix) &quot;. Unregister-PSRepository -Name MSIcreationrepository &quot; " />

From f419116b8c218efdf8d6efc6effee55adff843a7 Mon Sep 17 00:00:00 2001
From: vlashch <vlashch@microsoft.com>
Date: Thu, 20 Dec 2018 16:18:21 -0800
Subject: [PATCH 09/11] PR comments fix

---
 CodeSign.targets | 184 +++++++++++++++++++++++------------------------
 1 file changed, 91 insertions(+), 93 deletions(-)

diff --git a/CodeSign.targets b/CodeSign.targets
index c9f7d0c187b6..9cf31d97a873 100644
--- a/CodeSign.targets
+++ b/CodeSign.targets
@@ -1,99 +1,97 @@
 <?xml version="1.0" encoding="utf-8"?>
 <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 
-	<UsingTask TaskName="ESRPSignTask" AssemblyFile="$(CISignRepoPath)\tools\sdkbuildtools\tasks\MS.Az.Sdk.OnPremise.Build.Tasks.dll" />
+    <UsingTask TaskName="ESRPSignTask" AssemblyFile="$(CISignRepoPath)\tools\sdkbuildtools\tasks\MS.Az.Sdk.OnPremise.Build.Tasks.dll" />
 
-	<PropertyGroup>
-		<!-- CISignRepo is an environment variable that points to ci-signing repo clone -->
-		<CISignRepoPath>$(CISignRepo)</CISignRepoPath>
-	</PropertyGroup>
+    <PropertyGroup>
+        <!-- CISignRepo is an environment variable that points to ci-signing repo clone -->
+        <CISignRepoPath>$(CISignRepo)</CISignRepoPath>
+    </PropertyGroup>
    
-	<Target Name="CodeSignBinaries" DependsOnTargets="RestoreNugetPackages;BuildMsBuildTask">
-
-		<Message Text="====> Executing CodeSignBinaries Target..." Importance="high"/>
-		
-		<PropertyGroup>
-			<!--public token associated with MSSharedLibKey.snk-->
-			<StrongNameToken Condition=" '$(StrongNameToken)' == '' ">31bf3856ad364e35</StrongNameToken>
-		</PropertyGroup>
-		
-		<Message Text="----> Dlls signing section" Importance="high"/>
-
-		 <!-- Azure -->
-		<ItemGroup Condition="'$(Scope)' == 'All' or '$(Scope)' == 'Latest' or '$(Scope)' == 'Netcore'">
-			<DelaySignedAssembliesToSign Include="$(PackageDirectory)\$(Configuration)\**\Microsoft*Azure*PowerShell*Cmdlets*.dll" />
-			<DelaySignedAssembliesToSign Include="$(PackageDirectory)\$(Configuration)\**\Microsoft.Azure.Management.Sql.Legacy.dll" />
-		</ItemGroup>
-
-		<Message Importance="high" Text="$(PackageDirectory)\$(Configuration) does not contains any files to sign. Code sign will skip."
-			Condition="'@(DelaySignedAssembliesToSign)' == ''" />
-		
-		<ESRPSignTask
-			CopyBackSignedFilesToOriginalLocation="true"
-			UnsignedFileList="@(DelaySignedAssembliesToSign)"
-			SignLogDirPath="$(LibraryRoot)dlls-signing.log" 
-			Condition="!$(DelaySign) and '@(DelaySignedAssembliesToSign)' != ''"/>
-
-		<Exec Command="$(PowerShellCommandPrefix) &quot;. $(LibraryToolsFolder)\UpdateModules.ps1 -BuildConfig $(Configuration) -Scope $(Scope) &quot;" />
-
-		<!-- Copying shortcut to be signed -->
-		<Copy SourceFiles="$(LibraryRoot)tools\Az\Az.psm1" DestinationFolder="$(PackageDirectory)\$(Configuration)" Condition="'$(Scope)' == 'Netcore'" />
-			  
-		<Message Text="----> Scripts signing section" Importance="high"/>
-
-		 <!-- Azure -->
-		<ItemGroup Condition="'$(Scope)' == 'All' or '$(Scope)' == 'Latest' or '$(Scope)' == 'Netcore'">
-			<ScriptsToSign Include="$(PackageDirectory)\$(Configuration)\**\*.ps1" />
-			<ScriptsToSign Include="$(PackageDirectory)\$(Configuration)\**\*.psm1" />
-			<ScriptsToSign Include="$(PackageDirectory)\$(Configuration)\**\*.ps1xml" />
-			<ScriptsToSign Include="$(PackageDirectory)\$(Configuration)\**\*.js" />
-		</ItemGroup>
-
-		<ESRPSignTask
-			CopyBackSignedFilesToOriginalLocation="true"
-			UnsignedFileList="@(ScriptsToSign)"
-			SignLogDirPath="$(LibraryRoot)scripts-signing.log" 
-			Condition="!$(DelaySign) and '@(ScriptsToSign)' != ''"/>			
-
-		<!-- RemoveCodeSignArtifacts.ps1 -->
-		<Message Text="----> Remove artifacts section" Importance="high"/>		
-		<Exec Command="$(PowerShellCommandPrefix) &quot;. $(LibraryToolsFolder)\RemoveCodeSignArtifacts.ps1 -Path $(PackageDirectory)\$(Configuration) &quot;"
-			Condition="'$(Scope)' != 'Stack'"
-			ContinueOnError="ErrorAndContinue" />
-		
-		<!-- CheckSignature.ps1 -->	
-		<Message Text="----> CheckSignature section" Importance="high"/>		
-		<Exec Command="$(PowerShellCommandPrefix) &quot;. $(LibraryToolsFolder)\CheckSignature.ps1 -CustomPath $(PackageDirectory)\$(Configuration) &quot;" Condition="'$(Scope)' != 'Stack'" ContinueOnError="ErrorAndContinue" />
-
-		<!-- Copy files back after signing -->
-		<Copy SourceFiles="$(PackageDirectory)\$(Configuration)\Az.psm1" DestinationFolder="$(LibraryRoot)tools\Az" Condition="'$(Scope)' == 'Netcore'" />
-	</Target>
-
-	<Target Name="CodeSignInstaller">
-		<Message Text="----> CodeSignInstaller section" Importance="high"/>
-		<PropertyGroup>
-			<!--public token associated with MSSharedLibKey.snk-->
-			<StrongNameToken Condition=" '$(StrongNameToken)' == '' ">31bf3856ad364e35</StrongNameToken>
-		</PropertyGroup>
-		<GetFrameworkSdkPath>
-			<Output TaskParameter="Path" PropertyName="WindowsSdkPath"/>
-		</GetFrameworkSdkPath>
-
-		<ItemGroup>
-			<InstallersToSign Include="$(LibraryRoot)\setup\*.msi" />
-		</ItemGroup>
-
-		<Message Importance="high" Text="$(LibraryRoot)\setup does not contain any installers to sign. Code sign will skip."
-			Condition="'@(InstallersToSign)' == ''" />
-
-		<ESRPSignTask
-			SignedFilesRootDirPath="$(SignedOutputRootDir)"
-			UnsignedFileList="@(InstallersToSign)"
-			SignLogDirPath="$(LibraryRoot)\msi-signing.log" 
-			Condition="!$(DelaySign) and '@(InstallersToSign)' != ''"/>
-
-		<!--If we are testing locally then we copy the binaries and do not submit to the code sign server-->
-		<Copy SourceFiles="@(InstallersToSign)" DestinationFolder="signed" Condition="$(DelaySign)" />
-		<SetEnvVar EnvName="SignedMsiDir" EnvValue="$(SignedOutputRootDir)" />
-	</Target>
+    <Target Name="CodeSignBinaries" DependsOnTargets="RestoreNugetPackages;BuildMsBuildTask">
+
+        <Message Text="====> Executing CodeSignBinaries Target..." Importance="high"/>
+        
+        <PropertyGroup>
+            <!--public token associated with MSSharedLibKey.snk-->
+            <StrongNameToken Condition=" '$(StrongNameToken)' == '' ">31bf3856ad364e35</StrongNameToken>
+        </PropertyGroup>
+        
+        <Message Text="----> Dlls signing section" Importance="high"/>
+
+         <!-- Azure -->
+        <ItemGroup Condition="'$(Scope)' == 'All' or '$(Scope)' == 'Latest' or '$(Scope)' == 'Netcore'">
+            <DelaySignedAssembliesToSign Include="$(PackageDirectory)\$(Configuration)\**\Microsoft*Azure*PowerShell*Cmdlets*.dll" />
+            <DelaySignedAssembliesToSign Include="$(PackageDirectory)\$(Configuration)\**\Microsoft.Azure.Management.Sql.Legacy.dll" />
+        </ItemGroup>
+
+        <Message Importance="high" Text="$(PackageDirectory)\$(Configuration) does not contains any files to sign. Code sign will skip."
+            Condition="'@(DelaySignedAssembliesToSign)' == ''" />
+        
+        <ESRPSignTask
+            CopyBackSignedFilesToOriginalLocation="true"
+            UnsignedFileList="@(DelaySignedAssembliesToSign)"
+            SignLogDirPath="$(LibraryRoot)dlls-signing.log" 
+            Condition="!$(DelaySign) and '@(DelaySignedAssembliesToSign)' != ''"/>
+
+        <Exec Command="$(PowerShellCommandPrefix) &quot;. $(LibraryToolsFolder)\UpdateModules.ps1 -BuildConfig $(Configuration) -Scope $(Scope) &quot;" />
+
+        <!-- Copying shortcut to be signed -->
+        <Copy SourceFiles="$(LibraryRoot)tools\Az\Az.psm1" DestinationFolder="$(PackageDirectory)\$(Configuration)" Condition="'$(Scope)' == 'Netcore'" />
+              
+        <Message Text="----> Scripts signing section" Importance="high"/>
+
+         <!-- Azure -->
+        <ItemGroup Condition="'$(Scope)' == 'All' or '$(Scope)' == 'Latest' or '$(Scope)' == 'Netcore'">
+            <ScriptsToSign Include="$(PackageDirectory)\$(Configuration)\**\*.ps1" />
+            <ScriptsToSign Include="$(PackageDirectory)\$(Configuration)\**\*.psm1" />
+            <ScriptsToSign Include="$(PackageDirectory)\$(Configuration)\**\*.ps1xml" />
+            <ScriptsToSign Include="$(PackageDirectory)\$(Configuration)\**\*.js" />
+        </ItemGroup>
+
+        <ESRPSignTask
+            CopyBackSignedFilesToOriginalLocation="true"
+            UnsignedFileList="@(ScriptsToSign)"
+            SignLogDirPath="$(LibraryRoot)scripts-signing.log" 
+            Condition="!$(DelaySign) and '@(ScriptsToSign)' != ''"/>            
+
+        <!-- RemoveCodeSignArtifacts.ps1 -->
+        <Message Text="----> Remove artifacts section" Importance="high"/>
+        <Exec Command="$(PowerShellCoreCommandPrefix) &quot;Remove-Item -Path $(PackageDirectory)\$(Configuration)\Signed,$(PackageDirectory)\$(Configuration)\Unsigned -Recurse -Force -Confirm:$false -ErrorAction Ignore&quot;" ContinueOnError="WarnAndContinue" IgnoreExitCode="true" />
+        
+        <!-- CheckSignature.ps1 -->    
+        <Message Text="----> CheckSignature section" Importance="high"/>        
+        <Exec Command="$(PowerShellCommandPrefix) &quot;. $(LibraryToolsFolder)\CheckSignature.ps1 -CustomPath $(PackageDirectory)\$(Configuration) &quot;" Condition="'$(Scope)' != 'Stack'" ContinueOnError="ErrorAndContinue" />
+
+        <!-- Copy files back after signing -->
+        <Copy SourceFiles="$(PackageDirectory)\$(Configuration)\Az.psm1" DestinationFolder="$(LibraryRoot)tools\Az" Condition="'$(Scope)' == 'Netcore'" />
+    </Target>
+
+    <Target Name="CodeSignInstaller">
+        <Message Text="----> CodeSignInstaller section" Importance="high"/>
+        <PropertyGroup>
+            <!--public token associated with MSSharedLibKey.snk-->
+            <StrongNameToken Condition=" '$(StrongNameToken)' == '' ">31bf3856ad364e35</StrongNameToken>
+        </PropertyGroup>
+        <GetFrameworkSdkPath>
+            <Output TaskParameter="Path" PropertyName="WindowsSdkPath"/>
+        </GetFrameworkSdkPath>
+
+        <ItemGroup>
+            <InstallersToSign Include="$(LibraryRoot)\setup\*.msi" />
+        </ItemGroup>
+
+        <Message Importance="high" Text="$(LibraryRoot)\setup does not contain any installers to sign. Code sign will skip."
+            Condition="'@(InstallersToSign)' == ''" />
+
+        <ESRPSignTask
+            SignedFilesRootDirPath="$(SignedOutputRootDir)"
+            UnsignedFileList="@(InstallersToSign)"
+            SignLogDirPath="$(LibraryRoot)\msi-signing.log" 
+            Condition="!$(DelaySign) and '@(InstallersToSign)' != ''"/>
+
+        <!--If we are testing locally then we copy the binaries and do not submit to the code sign server-->
+        <Copy SourceFiles="@(InstallersToSign)" DestinationFolder="signed" Condition="$(DelaySign)" />
+        <SetEnvVar EnvName="SignedMsiDir" EnvValue="$(SignedOutputRootDir)" />
+    </Target>
 </Project>

From 707c14d5d266690b9028080f9f06ed4d7259ea7e Mon Sep 17 00:00:00 2001
From: vlashch <vlashch@microsoft.com>
Date: Thu, 20 Dec 2018 16:49:13 -0800
Subject: [PATCH 10/11] Right remove command added

---
 CodeSign.targets | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/CodeSign.targets b/CodeSign.targets
index 9cf31d97a873..475f01a472b5 100644
--- a/CodeSign.targets
+++ b/CodeSign.targets
@@ -50,14 +50,16 @@
         </ItemGroup>
 
         <ESRPSignTask
-            CopyBackSignedFilesToOriginalLocation="true"
+        	CopyBackSignedFilesToOriginalLocation="true"
             UnsignedFileList="@(ScriptsToSign)"
             SignLogDirPath="$(LibraryRoot)scripts-signing.log" 
             Condition="!$(DelaySign) and '@(ScriptsToSign)' != ''"/>            
 
         <!-- RemoveCodeSignArtifacts.ps1 -->
         <Message Text="----> Remove artifacts section" Importance="high"/>
-        <Exec Command="$(PowerShellCoreCommandPrefix) &quot;Remove-Item -Path $(PackageDirectory)\$(Configuration)\Signed,$(PackageDirectory)\$(Configuration)\Unsigned -Recurse -Force -Confirm:$false -ErrorAction Ignore&quot;" ContinueOnError="WarnAndContinue" IgnoreExitCode="true" />
+        <Exec Command="$(PowerShellCoreCommandPrefix) &quot;Get-ChildItem -Path $(PackageDirectory) -Recurse -Include 'Signed','Unsigned' | Remove-Item -Recurse -Force -Confirm:$false -ErrorAction Ignore&quot;" 
+       	  	ContinueOnError="WarnAndContinue" 
+          	IgnoreExitCode="true" />
         
         <!-- CheckSignature.ps1 -->    
         <Message Text="----> CheckSignature section" Importance="high"/>        

From 143a560e7a48787f7dc3b43a32d4ff2cee480552 Mon Sep 17 00:00:00 2001
From: Mark Cowlishaw <markcowl@microsoft.com>
Date: Thu, 20 Dec 2018 17:56:07 -0800
Subject: [PATCH 11/11] Delete unneeded script file

---
 tools/RemoveCodeSignArtifacts.ps1 | 32 -------------------------------
 1 file changed, 32 deletions(-)
 delete mode 100644 tools/RemoveCodeSignArtifacts.ps1

diff --git a/tools/RemoveCodeSignArtifacts.ps1 b/tools/RemoveCodeSignArtifacts.ps1
deleted file mode 100644
index f3e097cc29a1..000000000000
--- a/tools/RemoveCodeSignArtifacts.ps1
+++ /dev/null
@@ -1,32 +0,0 @@
-param(
-    [Parameter(Position=0)]
-    [string]$Path
-)
-
-if ($Path -eq $null) {
-    $Path=$PSScriptRoot
-} else {
-    $Path = Resolve-Path $Path
-}
-
-Write-Output "Under the'$Path' folder"
-
-"Signed","Unsigned" | ForEach-Object {
-    Write-Output "'$_' artifacts deletion..."
-    $foldersToDelete = Get-ChildItem  -Path $Path -filter $_ -Directory -Recurse
-    $itemsQnty = $foldersToDelete.Count
-    Write-Output "Number of folders found: $itemsQnty"
-    if ($itemsQnty -gt 0) {
-        Write-Output "Folders list:"
-        $foldersToDelete | ForEach-Object {
-            $_.FullName
-        }
-        $foldersToDelete | ForEach-Object { 
-            Remove-Item (Join-Path $_.FullName *.*) -Force
-        }
-        $foldersToDelete | ForEach-Object {
-            Remove-Item $_.FullName -Force
-        }
-        Write-Output "Deleted"
-    }
-}
\ No newline at end of file