Sign Django and Web template JS/TTF files with 3PartyScriptsSHA2#8485
Open
jesuszarate wants to merge 1 commit intomicrosoft:mainfrom
Open
Sign Django and Web template JS/TTF files with 3PartyScriptsSHA2#8485jesuszarate wants to merge 1 commit intomicrosoft:mainfrom
jesuszarate wants to merge 1 commit intomicrosoft:mainfrom
Conversation
The VS signing scan flags unsigned files in two PTVS template payloads: - mspythontoolsdjangotemplatesvsix170260206neutral: 15 files (14 JS + 1 TTF) - mspythontoolswebtemplatesvsix170260206neutral: 45 files (42 JS + 3 TTF) All are 3rd-party OSS files (jQuery, Bootstrap, Modernizr, Respond.js, Glyphicons) in the StarterDjangoProject and various Bottle/Flask web project templates. The existing signlayout.proj signs Pylance JS files but does not cover the Django or Web template directories. This change: - Stages all JS/TTF files from Python/Templates/ to a signing area - Signs them with 3PartyScriptsSHA2 (3rd-party scripts cert) - Copies signed files back to the source tree before SWIX packaging Fixes 60 unsigned files total across both payloads. AzDO bugs: 2949498, 2951790
jesuszarate
force-pushed
the
dev/jezarat/sign-django-template-files
branch
from
1f4ee22 to
5dd58bc
Compare
jesuszarate
changed the title
rchiodo
approved these changes
Apr 21, 2026
Contributor
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
Member
Author
|
/azp run |
|
Commenter does not have sufficient privileges for PR 8485 in repo microsoft/PTVS |
Contributor
|
/azp run |
|
Pull request is closed |
Contributor
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
The VS signing scan flags unsigned files in two PTVS template payloads:
mspythontoolsdjangotemplatesvsix170260206neutral: 15 files (14 JS + 1 TTF)mspythontoolswebtemplatesvsix170260206neutral: 45 files (42 JS + 3 TTF)All are 3rd-party OSS files (jQuery 1.10.2, Bootstrap 3.x, Modernizr 2.6.2, Respond.js, Glyphicons) in the StarterDjangoProject and Bottle/Flask web project templates.
Root Cause
Python/Setup/signlayout.projsigns Pylance JS via_AddPylanceFilesbut does not cover the Django or Web template directories. The swixprojs source fromPython/Templates/Django/andPython/Templates/Web/respectively, so these files flow into the VSIXes unsigned.Fix
Add 3 MSBuild targets to
signlayout.proj:_StageTemplateFiles- globs JS/TTF fromPython/Templates/(preserving Django/Web subdirectory structure) and copies to a signing staging area_AddTemplateFiles- registers them for MicroBuild signing with3PartyScriptsSHA2certificate_CopySignedTemplateFiles- copies signed files back to the source tree for SWIX packagingVerification
After merge + insertion, both payloads should show 0 unsigned files in the VS signing scan (60 files resolved total).
Related