sign native dll with correct cert (#21854)

### Description Fixed #21775 ### Motivation and Context The dlls should be signed with Keycode CP-230012. The default is the test code sign.
2026-06-26 03:00:54 +00:00 · 2024-08-26 16:46:19 +08:00 · 2024-08-26 16:46:19 +08:00 · 2877de73e1
commit 2877de73e1
parent 983c4d57a4
1 changed files with 32 additions and 0 deletions
--- a/tools/ci_build/github/azure-pipelines/templates/win-esrp-dll.yml
+++ b/tools/ci_build/github/azure-pipelines/templates/win-esrp-dll.yml
@ -26,6 +26,38 @@ steps:
    AuthAKVName: 'buildkeyvault'
    AuthCertName: '53d54d02-SSL-AutoRotate'
    AuthSignCertName: '53d54d02-978d-4305-8572-583cf6711c4f'
+    signConfigType: inlineSignParams
+    inlineOperation: |
+      [
+        {
+          "keyCode": "CP-230012",
+          "operationSetCode": "SigntoolSign",
+          "parameters": [
+            {
+              "parameterName": "OpusName",
+              "parameterValue": "Microsoft"
+            },
+            {
+              "parameterName": "OpusInfo",
+              "parameterValue": "http://www.microsoft.com"
+            },
+            {
+              "parameterName": "PageHash",
+              "parameterValue": "/NPH"
+            },
+            {
+              "parameterName": "FileDigest",
+              "parameterValue": "/fd sha256"
+            },
+            {
+              "parameterName": "TimeStamp",
+              "parameterValue": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256"
+            }
+          ],
+          "toolName": "signtool.exe",
+          "toolVersion": "6.2.9304.0"
+        }
+      ]

    FolderPath: ${{ parameters.FolderPath }}
    Pattern: ${{ parameters.Pattern }}