From 711cea8c4b5cfc241537ab2e9cc088afb1925bad Mon Sep 17 00:00:00 2001
From: Joseph Flinn <joseph.s.flinn@gmail.com>
Date: Thu, 31 Dec 2020 22:09:00 +0000
Subject: [PATCH] Install and use latest AST (this will probably break when it
 is updated because Google won't tell me how to make a clean build of a .NET
 project)

---
 .az-pipelines/windows-build-sign.yml | 15 ++++++++++++---
 sign.js                              |  2 +-
 2 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/.az-pipelines/windows-build-sign.yml b/.az-pipelines/windows-build-sign.yml
index ee21e54a..6303b11d 100644
--- a/.az-pipelines/windows-build-sign.yml
+++ b/.az-pipelines/windows-build-sign.yml
@@ -17,10 +17,18 @@ steps:
     versionSpec: '10.x'
   displayName: 'Install Node.js'
 
+  #- script: |
+  #    set DOTNET_SKIP_FIRST_TIME_EXPERIENCE=true
+  #    dotnet tool install --global AzureSignTool --version 2.0.17
+  #  displayName: 'install AzureSignTool'
+
 - script: |
-    set DOTNET_SKIP_FIRST_TIME_EXPERIENCE=true
-    dotnet tool install --global AzureSignTool --version 2.0.17
-  displayName: 'install AzureSignTool'
+    git clone https://github.com/vcsjones/AzureSignTool.git
+    cd AzureSignTool
+    dotnet --version
+    dotnet pack --output ./nupkg
+    dotnet tool install --global --ignore-failed-sources --add-source ./nupkg --version 0.0.0-gce87e84a58 azuresigntool 
+  displayName: 'Install AST'
 
 - task: PowerShell@2 
   inputs:
@@ -50,6 +58,7 @@ steps:
     CSC_KEY_PASSWORD: $(ebSigningCertKey)
     SIGNING_VAULT_URL: $(SigningVaultURL)
     SIGNING_CLIENT_ID: $(SigningClientId)
+    SIGNING_TENTANT_ID: $(SigningTenantId)
     SIGNING_CLIENT_SECRET: $(SigningClientSecret)
     SIGNING_CERT_NAME: $(SigningCertName)
     SECRET_TEST: $(secretTest)
diff --git a/sign.js b/sign.js
index 45aef487..17664c13 100644
--- a/sign.js
+++ b/sign.js
@@ -3,7 +3,7 @@ exports.default = async function(configuration) {
   console.log(`env test - secret test ${process.env.SECRET_TEST}`)
 
   require("child_process").execSync(
-    `azuresigntool sign -kvu ${process.env.SIGNING_VAULT_URL} -kvi ${process.env.SIGNING_CLIENT_ID} -kvs ${process.env.SIGNING_CLIENT_SECRET} -kvc ${process.env.SIGNING_CERT_NAME} -fd ${configuration.hash} -du ${configuration.site} -tr http://timestamp.digicert.com ${configuration.path}`,
+    `azuresigntool sign -kvu ${process.env.SIGNING_VAULT_URL} -kvi ${process.env.SIGNING_CLIENT_ID} -kvt ${process.env.SIGNING_TENANT_ID} -kvs ${process.env.SIGNING_CLIENT_SECRET} -kvc ${process.env.SIGNING_CERT_NAME} -fd ${configuration.hash} -du ${configuration.site} -tr http://timestamp.digicert.com ${configuration.path}`,
     {
       stdio: "inherit"
     }