Bump Arcade to 7.0.0-beta.22513.4

eng/Version.Details.xml

@@ -5,14 +5,14 @@
   </ProductDependencies>
 
   <ToolsetDependencies>
-    <Dependency Name="Microsoft.DotNet.Arcade.Sdk" Version="6.0.0-beta.21519.3">
+    <Dependency Name="Microsoft.DotNet.Arcade.Sdk" Version="7.0.0-beta.22513.4">
       <Uri>https://github.com/dotnet/arcade</Uri>
-      <Sha>85f3aa16d8797b5020f1fda11df1a958feb5f8df</Sha>
+      <Sha>02e28316bf35d1028683ee313f0794776bff18d1</Sha>
     </Dependency>
 
-    <Dependency Name="Microsoft.DotNet.Helix.Sdk" Version="6.0.0-beta.21519.3">
+    <Dependency Name="Microsoft.DotNet.Helix.Sdk" Version="7.0.0-beta.22513.4">
       <Uri>https://github.com/dotnet/arcade</Uri>
-      <Sha>85f3aa16d8797b5020f1fda11df1a958feb5f8df</Sha>
+      <Sha>02e28316bf35d1028683ee313f0794776bff18d1</Sha>
     </Dependency>
   </ToolsetDependencies>
 

eng/common/SetupNugetSources.ps1

@@ -146,22 +146,22 @@ $userName = "dn-bot"
 # Insert credential nodes for Maestro's private feeds
 InsertMaestroPrivateFeedCredentials -Sources $sources -Creds $creds -Username $userName -Password $Password
 
+# 3.1 uses a different feed url format so it's handled differently here
 $dotnet31Source = $sources.SelectSingleNode("add[@key='dotnet3.1']")
 if ($dotnet31Source -ne $null) {
     AddPackageSource -Sources $sources -SourceName "dotnet3.1-internal" -SourceEndPoint "https://pkgs.dev.azure.com/dnceng/_packaging/dotnet3.1-internal/nuget/v2" -Creds $creds -Username $userName -Password $Password
     AddPackageSource -Sources $sources -SourceName "dotnet3.1-internal-transport" -SourceEndPoint "https://pkgs.dev.azure.com/dnceng/_packaging/dotnet3.1-internal-transport/nuget/v2" -Creds $creds -Username $userName -Password $Password
 }
 
-$dotnet5Source = $sources.SelectSingleNode("add[@key='dotnet5']")
-if ($dotnet5Source -ne $null) {
-    AddPackageSource -Sources $sources -SourceName "dotnet5-internal" -SourceEndPoint "https://pkgs.dev.azure.com/dnceng/internal/_packaging/dotnet5-internal/nuget/v2" -Creds $creds -Username $userName -Password $Password
-    AddPackageSource -Sources $sources -SourceName "dotnet5-internal-transport" -SourceEndPoint "https://pkgs.dev.azure.com/dnceng/internal/_packaging/dotnet5-internal-transport/nuget/v2" -Creds $creds -Username $userName -Password $Password
-}
+$dotnetVersions = @('5','6','7')
 
-$dotnet6Source = $sources.SelectSingleNode("add[@key='dotnet6']")
-if ($dotnet6Source -ne $null) {
-    AddPackageSource -Sources $sources -SourceName "dotnet6-internal" -SourceEndPoint "https://pkgs.dev.azure.com/dnceng/internal/_packaging/dotnet6-internal/nuget/v2" -Creds $creds -Username $userName -Password $Password
-    AddPackageSource -Sources $sources -SourceName "dotnet6-internal-transport" -SourceEndPoint "https://pkgs.dev.azure.com/dnceng/internal/_packaging/dotnet6-internal-transport/nuget/v2" -Creds $creds -Username $userName -Password $Password
+foreach ($dotnetVersion in $dotnetVersions) {
+    $feedPrefix = "dotnet" + $dotnetVersion;
+    $dotnetSource = $sources.SelectSingleNode("add[@key='$feedPrefix']")
+    if ($dotnetSource -ne $null) {
+        AddPackageSource -Sources $sources -SourceName "$feedPrefix-internal" -SourceEndPoint "https://pkgs.dev.azure.com/dnceng/internal/_packaging/$feedPrefix-internal/nuget/v2" -Creds $creds -Username $userName -Password $Password
+        AddPackageSource -Sources $sources -SourceName "$feedPrefix-internal-transport" -SourceEndPoint "https://pkgs.dev.azure.com/dnceng/internal/_packaging/$feedPrefix-internal-transport/nuget/v2" -Creds $creds -Username $userName -Password $Password
+    }
 }
 
 $doc.Save($filename)

eng/common/SetupNugetSources.sh

@@ -105,53 +105,33 @@ if [ "$?" == "0" ]; then
     PackageSources+=('dotnet3.1-internal-transport')
 fi
 
-# Ensure dotnet5-internal and dotnet5-internal-transport are in the packageSources if the public dotnet5 feeds are present
-grep -i "<add key=\"dotnet5\"" $ConfigFile
-if [ "$?" == "0" ]; then
-    grep -i "<add key=\"dotnet5-internal\"" $ConfigFile
-    if [ "$?" != "0" ]; then
-        echo "Adding dotnet5-internal to the packageSources."
-        PackageSourcesNodeFooter="</packageSources>"
-        PackageSourceTemplate="${TB}<add key=\"dotnet5-internal\" value=\"https://pkgs.dev.azure.com/dnceng/internal/_packaging/dotnet5-internal/nuget/v2\" />"
-
-        sed -i.bak "s|$PackageSourcesNodeFooter|$PackageSourceTemplate${NL}$PackageSourcesNodeFooter|" $ConfigFile
-    fi
-    PackageSources+=('dotnet5-internal')
-
-    grep -i "<add key=\"dotnet5-internal-transport\">" $ConfigFile
-    if [ "$?" != "0" ]; then
-        echo "Adding dotnet5-internal-transport to the packageSources."
-        PackageSourcesNodeFooter="</packageSources>"
-        PackageSourceTemplate="${TB}<add key=\"dotnet5-internal-transport\" value=\"https://pkgs.dev.azure.com/dnceng/internal/_packaging/dotnet5-internal-transport/nuget/v2\" />"
-
-        sed -i.bak "s|$PackageSourcesNodeFooter|$PackageSourceTemplate${NL}$PackageSourcesNodeFooter|" $ConfigFile
-    fi
-    PackageSources+=('dotnet5-internal-transport')
-fi
-
-# Ensure dotnet6-internal and dotnet6-internal-transport are in the packageSources if the public dotnet6 feeds are present
-grep -i "<add key=\"dotnet6\"" $ConfigFile
-if [ "$?" == "0" ]; then
-    grep -i "<add key=\"dotnet6-internal\"" $ConfigFile
-    if [ "$?" != "0" ]; then
-        echo "Adding dotnet6-internal to the packageSources."
-        PackageSourcesNodeFooter="</packageSources>"
-        PackageSourceTemplate="${TB}<add key=\"dotnet6-internal\" value=\"https://pkgs.dev.azure.com/dnceng/internal/_packaging/dotnet6-internal/nuget/v2\" />"
+DotNetVersions=('5' '6' '7')
+
+for DotNetVersion in ${DotNetVersions[@]} ; do
+    FeedPrefix="dotnet${DotNetVersion}";
+    grep -i "<add key=\"$FeedPrefix\"" $ConfigFile
+    if [ "$?" == "0" ]; then
+        grep -i "<add key=\"$FeedPrefix-internal\"" $ConfigFile
+        if [ "$?" != "0" ]; then
+            echo "Adding $FeedPrefix-internal to the packageSources."
+            PackageSourcesNodeFooter="</packageSources>"
+            PackageSourceTemplate="${TB}<add key=\"$FeedPrefix-internal\" value=\"https://pkgs.dev.azure.com/dnceng/internal/_packaging/$FeedPrefix-internal/nuget/v2\" />"
+
+            sed -i.bak "s|$PackageSourcesNodeFooter|$PackageSourceTemplate${NL}$PackageSourcesNodeFooter|" $ConfigFile
+        fi
+        PackageSources+=("$FeedPrefix-internal")
 
-        sed -i.bak "s|$PackageSourcesNodeFooter|$PackageSourceTemplate${NL}$PackageSourcesNodeFooter|" $ConfigFile
-    fi
-    PackageSources+=('dotnet6-internal')
+        grep -i "<add key=\"$FeedPrefix-internal-transport\">" $ConfigFile
+        if [ "$?" != "0" ]; then
+            echo "Adding $FeedPrefix-internal-transport to the packageSources."
+            PackageSourcesNodeFooter="</packageSources>"
+            PackageSourceTemplate="${TB}<add key=\"$FeedPrefix-internal-transport\" value=\"https://pkgs.dev.azure.com/dnceng/internal/_packaging/$FeedPrefix-internal-transport/nuget/v2\" />"
 
-    grep -i "<add key=\"dotnet6-internal-transport\">" $ConfigFile
-    if [ "$?" != "0" ]; then
-        echo "Adding dotnet6-internal-transport to the packageSources."
-        PackageSourcesNodeFooter="</packageSources>"
-        PackageSourceTemplate="${TB}<add key=\"dotnet6-internal-transport\" value=\"https://pkgs.dev.azure.com/dnceng/internal/_packaging/dotnet6-internal-transport/nuget/v2\" />"
-
-        sed -i.bak "s|$PackageSourcesNodeFooter|$PackageSourceTemplate${NL}$PackageSourcesNodeFooter|" $ConfigFile
+            sed -i.bak "s|$PackageSourcesNodeFooter|$PackageSourceTemplate${NL}$PackageSourcesNodeFooter|" $ConfigFile
+        fi
+        PackageSources+=("$FeedPrefix-internal-transport")
     fi
-    PackageSources+=('dotnet6-internal-transport')
-fi
+done
 
 # I want things split line by line
 PrevIFS=$IFS

eng/common/build.ps1

@@ -26,6 +26,7 @@ Param(
   [string] $runtimeSourceFeed = '',
   [string] $runtimeSourceFeedKey = '',
   [switch] $excludePrereleaseVS,
+  [switch] $nativeToolsOnMachine,
   [switch] $help,
   [Parameter(ValueFromRemainingArguments=$true)][String[]]$properties
 )
@@ -66,6 +67,7 @@ function Print-Usage() {
   Write-Host "  -prepareMachine         Prepare machine for CI run, clean up processes after build"
   Write-Host "  -warnAsError <value>    Sets warnaserror msbuild parameter ('true' or 'false')"
   Write-Host "  -msbuildEngine <value>  Msbuild engine to use to run build ('dotnet', 'vs', or unspecified)."
+  Write-Host "  -nativeToolsOnMachine   Sets the native tools on machine environment variable (indicating that the script should use native tools on machine)"
   Write-Host "  -excludePrereleaseVS    Set to exclude build engines in prerelease versions of Visual Studio"
   Write-Host ""
 
@@ -146,6 +148,9 @@ try {
     $nodeReuse = $false
   }
 
+  if ($nativeToolsOnMachine) {
+    $env:NativeToolsOnMachine = $true
+  }
   if ($restore) {
     InitializeNativeTools
   }

eng/common/build.sh

@@ -19,6 +19,9 @@ usage()
   echo "Actions:"
   echo "  --restore                  Restore dependencies (short: -r)"
   echo "  --build                    Build solution (short: -b)"
+  echo "  --sourceBuild              Source-build the solution (short: -sb)"
+  echo "                             Will additionally trigger the following actions: --restore, --build, --pack"
+  echo "                             If --configuration is not set explicitly, will also set it to 'Release'"
   echo "  --rebuild                  Rebuild solution"
   echo "  --test                     Run all unit tests in the solution (short: -t)"
   echo "  --integrationTest          Run all integration tests in the solution"
@@ -55,6 +58,7 @@ scriptroot="$( cd -P "$( dirname "$source" )" && pwd )"
 
 restore=false
 build=false
+source_build=false
 rebuild=false
 test=false
 integration_test=false
@@ -73,7 +77,7 @@ exclude_ci_binary_log=false
 pipelines_log=false
 
 projects=''
-configuration='Debug'
+configuration=''
 prepare_machine=false
 verbosity='minimal'
 runtime_source_feed=''
@@ -119,6 +123,12 @@ while [[ $# > 0 ]]; do
     -pack)
       pack=true
       ;;
+    -sourcebuild|-sb)
+      build=true
+      source_build=true
+      restore=true
+      pack=true
+      ;;
     -test|-t)
       test=true
       ;;
@@ -168,6 +178,10 @@ while [[ $# > 0 ]]; do
   shift
 done
 
+if [[ -z "$configuration" ]]; then
+  if [[ "$source_build" = true ]]; then configuration="Release"; else configuration="Debug"; fi
+fi
+
 if [[ "$ci" == true ]]; then
   pipelines_log=true
   node_reuse=false
@@ -187,10 +201,6 @@ function InitializeCustomToolset {
 }
 
 function Build {
-
-  if [[ "$ci" == true ]]; then
-    TryLogClientIpAddress
-  fi
   InitializeToolset
   InitializeCustomToolset
 
@@ -209,6 +219,7 @@ function Build {
     /p:RepoRoot="$repo_root" \
     /p:Restore=$restore \
     /p:Build=$build \
+    /p:ArcadeBuildFromSource=$source_build \
     /p:Rebuild=$rebuild \
     /p:Test=$test \
     /p:Pack=$pack \

eng/common/cross/arm/sources.list.focal

@@ -0,0 +1,11 @@
+deb http://ports.ubuntu.com/ubuntu-ports/ focal main restricted universe
+deb-src http://ports.ubuntu.com/ubuntu-ports/ focal main restricted universe
+
+deb http://ports.ubuntu.com/ubuntu-ports/ focal-updates main restricted universe
+deb-src http://ports.ubuntu.com/ubuntu-ports/ focal-updates main restricted universe
+
+deb http://ports.ubuntu.com/ubuntu-ports/ focal-backports main restricted
+deb-src http://ports.ubuntu.com/ubuntu-ports/ focal-backports main restricted
+
+deb http://ports.ubuntu.com/ubuntu-ports/ focal-security main restricted universe multiverse
+deb-src http://ports.ubuntu.com/ubuntu-ports/ focal-security main restricted universe multiverse

eng/common/cross/arm/sources.list.jammy

@@ -0,0 +1,11 @@
+deb http://ports.ubuntu.com/ubuntu-ports/ jammy main restricted universe
+deb-src http://ports.ubuntu.com/ubuntu-ports/ jammy main restricted universe
+
+deb http://ports.ubuntu.com/ubuntu-ports/ jammy-updates main restricted universe
+deb-src http://ports.ubuntu.com/ubuntu-ports/ jammy-updates main restricted universe
+
+deb http://ports.ubuntu.com/ubuntu-ports/ jammy-backports main restricted
+deb-src http://ports.ubuntu.com/ubuntu-ports/ jammy-backports main restricted
+
+deb http://ports.ubuntu.com/ubuntu-ports/ jammy-security main restricted universe multiverse
+deb-src http://ports.ubuntu.com/ubuntu-ports/ jammy-security main restricted universe multiverse

eng/common/cross/arm/tizen-build-rootfs.sh

@@ -0,0 +1,35 @@
+#!/usr/bin/env bash
+set -e
+
+__ARM_HARDFP_CrossDir=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
+__TIZEN_CROSSDIR="$__ARM_HARDFP_CrossDir/tizen"
+
+if [[ -z "$ROOTFS_DIR" ]]; then
+    echo "ROOTFS_DIR is not defined."
+    exit 1;
+fi
+
+TIZEN_TMP_DIR=$ROOTFS_DIR/tizen_tmp
+mkdir -p $TIZEN_TMP_DIR
+
+# Download files
+echo ">>Start downloading files"
+VERBOSE=1 $__ARM_HARDFP_CrossDir/tizen-fetch.sh $TIZEN_TMP_DIR
+echo "<<Finish downloading files"
+
+echo ">>Start constructing Tizen rootfs"
+TIZEN_RPM_FILES=`ls $TIZEN_TMP_DIR/*.rpm`
+cd $ROOTFS_DIR
+for f in $TIZEN_RPM_FILES; do
+    rpm2cpio $f  | cpio -idm --quiet
+done
+echo "<<Finish constructing Tizen rootfs"
+
+# Cleanup tmp
+rm -rf $TIZEN_TMP_DIR
+
+# Configure Tizen rootfs
+echo ">>Start configuring Tizen rootfs"
+ln -sfn asm-arm ./usr/include/asm
+patch -p1 < $__TIZEN_CROSSDIR/tizen.patch
+echo "<<Finish configuring Tizen rootfs"

eng/common/cross/arm/tizen-fetch.sh

@@ -0,0 +1,170 @@
+#!/usr/bin/env bash
+set -e
+
+if [[ -z "${VERBOSE// }" ]] || [ "$VERBOSE" -ne "$VERBOSE" ] 2>/dev/null; then
+	VERBOSE=0
+fi
+
+Log()
+{
+	if [ $VERBOSE -ge $1 ]; then
+		echo ${@:2}
+	fi
+}
+
+Inform()
+{
+	Log 1 -e "\x1B[0;34m$@\x1B[m"
+}
+
+Debug()
+{
+	Log 2 -e "\x1B[0;32m$@\x1B[m"
+}
+
+Error()
+{
+	>&2 Log 0 -e "\x1B[0;31m$@\x1B[m"
+}
+
+Fetch()
+{
+	URL=$1
+	FILE=$2
+	PROGRESS=$3
+	if [ $VERBOSE -ge 1 ] && [ $PROGRESS ]; then
+		CURL_OPT="--progress-bar"
+	else
+		CURL_OPT="--silent"
+	fi
+	curl $CURL_OPT $URL > $FILE
+}
+
+hash curl 2> /dev/null || { Error "Require 'curl' Aborting."; exit 1; }
+hash xmllint 2> /dev/null || { Error "Require 'xmllint' Aborting."; exit 1; }
+hash sha256sum 2> /dev/null || { Error "Require 'sha256sum' Aborting."; exit 1; }
+
+TMPDIR=$1
+if [ ! -d $TMPDIR ]; then
+	TMPDIR=./tizen_tmp
+	Debug "Create temporary directory : $TMPDIR"
+	mkdir -p $TMPDIR 
+fi
+
+TIZEN_URL=http://download.tizen.org/snapshots/tizen
+BUILD_XML=build.xml
+REPOMD_XML=repomd.xml
+PRIMARY_XML=primary.xml
+TARGET_URL="http://__not_initialized"
+
+Xpath_get()
+{
+	XPATH_RESULT=''
+	XPATH=$1
+	XML_FILE=$2
+	RESULT=$(xmllint --xpath $XPATH $XML_FILE)
+	if [[ -z ${RESULT// } ]]; then
+		Error "Can not find target from $XML_FILE"
+		Debug "Xpath = $XPATH"
+		exit 1
+	fi
+	XPATH_RESULT=$RESULT
+}
+
+fetch_tizen_pkgs_init()
+{
+	TARGET=$1
+	PROFILE=$2
+	Debug "Initialize TARGET=$TARGET, PROFILE=$PROFILE"
+
+	TMP_PKG_DIR=$TMPDIR/tizen_${PROFILE}_pkgs
+	if [ -d $TMP_PKG_DIR ]; then rm -rf $TMP_PKG_DIR; fi
+	mkdir -p $TMP_PKG_DIR
+
+	PKG_URL=$TIZEN_URL/$PROFILE/latest
+
+	BUILD_XML_URL=$PKG_URL/$BUILD_XML
+	TMP_BUILD=$TMP_PKG_DIR/$BUILD_XML
+	TMP_REPOMD=$TMP_PKG_DIR/$REPOMD_XML
+	TMP_PRIMARY=$TMP_PKG_DIR/$PRIMARY_XML
+	TMP_PRIMARYGZ=${TMP_PRIMARY}.gz
+
+	Fetch $BUILD_XML_URL $TMP_BUILD
+
+	Debug "fetch $BUILD_XML_URL to $TMP_BUILD"
+
+	TARGET_XPATH="//build/buildtargets/buildtarget[@name=\"$TARGET\"]/repo[@type=\"binary\"]/text()"
+	Xpath_get $TARGET_XPATH $TMP_BUILD
+	TARGET_PATH=$XPATH_RESULT
+	TARGET_URL=$PKG_URL/$TARGET_PATH
+
+	REPOMD_URL=$TARGET_URL/repodata/repomd.xml
+	PRIMARY_XPATH='string(//*[local-name()="data"][@type="primary"]/*[local-name()="location"]/@href)'
+
+	Fetch $REPOMD_URL $TMP_REPOMD
+
+	Debug "fetch $REPOMD_URL to $TMP_REPOMD"
+
+	Xpath_get $PRIMARY_XPATH $TMP_REPOMD
+	PRIMARY_XML_PATH=$XPATH_RESULT
+	PRIMARY_URL=$TARGET_URL/$PRIMARY_XML_PATH
+
+	Fetch $PRIMARY_URL $TMP_PRIMARYGZ
+
+	Debug "fetch $PRIMARY_URL to $TMP_PRIMARYGZ"
+
+	gunzip $TMP_PRIMARYGZ 
+
+	Debug "unzip $TMP_PRIMARYGZ to $TMP_PRIMARY" 
+}
+
+fetch_tizen_pkgs()
+{
+	ARCH=$1
+	PACKAGE_XPATH_TPL='string(//*[local-name()="metadata"]/*[local-name()="package"][*[local-name()="name"][text()="_PKG_"]][*[local-name()="arch"][text()="_ARCH_"]]/*[local-name()="location"]/@href)'
+
+	PACKAGE_CHECKSUM_XPATH_TPL='string(//*[local-name()="metadata"]/*[local-name()="package"][*[local-name()="name"][text()="_PKG_"]][*[local-name()="arch"][text()="_ARCH_"]]/*[local-name()="checksum"]/text())'
+
+	for pkg in ${@:2}
+	do
+		Inform "Fetching... $pkg"
+		XPATH=${PACKAGE_XPATH_TPL/_PKG_/$pkg}
+		XPATH=${XPATH/_ARCH_/$ARCH}
+		Xpath_get $XPATH $TMP_PRIMARY
+		PKG_PATH=$XPATH_RESULT
+
+		XPATH=${PACKAGE_CHECKSUM_XPATH_TPL/_PKG_/$pkg}
+		XPATH=${XPATH/_ARCH_/$ARCH}
+		Xpath_get $XPATH $TMP_PRIMARY
+		CHECKSUM=$XPATH_RESULT
+
+		PKG_URL=$TARGET_URL/$PKG_PATH
+		PKG_FILE=$(basename $PKG_PATH)
+		PKG_PATH=$TMPDIR/$PKG_FILE
+
+		Debug "Download $PKG_URL to $PKG_PATH"
+		Fetch $PKG_URL $PKG_PATH true
+
+		echo "$CHECKSUM $PKG_PATH" | sha256sum -c - > /dev/null
+		if [ $? -ne 0 ]; then
+			Error "Fail to fetch $PKG_URL to $PKG_PATH"
+			Debug "Checksum = $CHECKSUM"
+			exit 1
+		fi
+	done
+}
+
+Inform "Initialize arm base"
+fetch_tizen_pkgs_init standard base
+Inform "fetch common packages"
+fetch_tizen_pkgs armv7hl gcc gcc-devel-static glibc glibc-devel libicu libicu-devel libatomic linux-glibc-devel keyutils keyutils-devel libkeyutils
+Inform "fetch coreclr packages"
+fetch_tizen_pkgs armv7hl lldb lldb-devel libgcc libstdc++ libstdc++-devel libunwind libunwind-devel lttng-ust-devel lttng-ust userspace-rcu-devel userspace-rcu
+Inform "fetch corefx packages"
+fetch_tizen_pkgs armv7hl libcom_err libcom_err-devel zlib zlib-devel libopenssl11 libopenssl1.1-devel krb5 krb5-devel
+
+Inform "Initialize standard unified"
+fetch_tizen_pkgs_init standard unified
+Inform "fetch corefx packages"
+fetch_tizen_pkgs armv7hl gssdp gssdp-devel tizen-release
+

eng/common/cross/arm/tizen/tizen.patch

@@ -0,0 +1,9 @@
+diff -u -r a/usr/lib/libc.so b/usr/lib/libc.so
+--- a/usr/lib/libc.so	2016-12-30 23:00:08.284951863 +0900
++++ b/usr/lib/libc.so	2016-12-30 23:00:32.140951815 +0900
+@@ -2,4 +2,4 @@
+    Use the shared library, but some functions are only in
+    the static library, so try that secondarily.  */
+ OUTPUT_FORMAT(elf32-littlearm)
+-GROUP ( /lib/libc.so.6 /usr/lib/libc_nonshared.a  AS_NEEDED ( /lib/ld-linux-armhf.so.3 ) )
++GROUP ( libc.so.6 libc_nonshared.a  AS_NEEDED ( ld-linux-armhf.so.3 ) )

eng/common/cross/arm64/sources.list.focal

@@ -0,0 +1,11 @@
+deb http://ports.ubuntu.com/ubuntu-ports/ focal main restricted universe
+deb-src http://ports.ubuntu.com/ubuntu-ports/ focal main restricted universe
+
+deb http://ports.ubuntu.com/ubuntu-ports/ focal-updates main restricted universe
+deb-src http://ports.ubuntu.com/ubuntu-ports/ focal-updates main restricted universe
+
+deb http://ports.ubuntu.com/ubuntu-ports/ focal-backports main restricted
+deb-src http://ports.ubuntu.com/ubuntu-ports/ focal-backports main restricted
+
+deb http://ports.ubuntu.com/ubuntu-ports/ focal-security main restricted universe multiverse
+deb-src http://ports.ubuntu.com/ubuntu-ports/ focal-security main restricted universe multiverse

eng/common/cross/arm64/sources.list.jammy

@@ -0,0 +1,11 @@
+deb http://ports.ubuntu.com/ubuntu-ports/ jammy main restricted universe
+deb-src http://ports.ubuntu.com/ubuntu-ports/ jammy main restricted universe
+
+deb http://ports.ubuntu.com/ubuntu-ports/ jammy-updates main restricted universe
+deb-src http://ports.ubuntu.com/ubuntu-ports/ jammy-updates main restricted universe
+
+deb http://ports.ubuntu.com/ubuntu-ports/ jammy-backports main restricted
+deb-src http://ports.ubuntu.com/ubuntu-ports/ jammy-backports main restricted
+
+deb http://ports.ubuntu.com/ubuntu-ports/ jammy-security main restricted universe multiverse
+deb-src http://ports.ubuntu.com/ubuntu-ports/ jammy-security main restricted universe multiverse

eng/common/cross/armv6/sources.list.buster

@@ -0,0 +1,2 @@
+deb http://raspbian.raspberrypi.org/raspbian/ buster main contrib non-free rpi
+deb-src http://raspbian.raspberrypi.org/raspbian/ buster main contrib non-free rpi

eng/common/cross/build-rootfs.sh

@@ -4,22 +4,27 @@ set -e
 
 usage()
 {
-    echo "Usage: $0 [BuildArch] [CodeName] [lldbx.y] [--skipunmount] --rootfsdir <directory>]"
-    echo "BuildArch can be: arm(default), armel, arm64, x86"
-    echo "CodeName - optional, Code name for Linux, can be: xenial(default), zesty, bionic, alpine, alpine3.9 or alpine3.13. If BuildArch is armel, LinuxCodeName is jessie(default) or tizen."
-    echo "                              for FreeBSD can be: freebsd11, freebsd12, freebsd13"
-    echo "                              for illumos can be: illumos."
+    echo "Usage: $0 [BuildArch] [CodeName] [lldbx.y] [llvmx[.y]] [--skipunmount] --rootfsdir <directory>]"
+    echo "BuildArch can be: arm(default), arm64, armel, armv6, ppc64le, riscv64, s390x, x64, x86"
+    echo "CodeName - optional, Code name for Linux, can be: xenial(default), zesty, bionic, alpine, alpine3.13 or alpine3.14. If BuildArch is armel, LinuxCodeName is jessie(default) or tizen."
+    echo "                              for FreeBSD can be: freebsd12, freebsd13"
+    echo "                              for illumos can be: illumos"
+    echo "                                for Haiku can be: haiku."
     echo "lldbx.y - optional, LLDB version, can be: lldb3.9(default), lldb4.0, lldb5.0, lldb6.0 no-lldb. Ignored for alpine and FreeBSD"
+    echo "llvmx[.y] - optional, LLVM version for LLVM related packages."
     echo "--skipunmount - optional, will skip the unmount of rootfs folder."
     echo "--use-mirror - optional, use mirror URL to fetch resources, when available."
+    echo "--jobs N - optional, restrict to N jobs."
     exit 1
 }
 
 __CodeName=xenial
 __CrossDir=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
-__InitialDir=$PWD
 __BuildArch=arm
 __AlpineArch=armv7
+__FreeBSDArch=arm
+__FreeBSDMachineArch=armv7
+__IllumosArch=arm7
 __QEMUArch=arm
 __UbuntuArch=armhf
 __UbuntuRepo="http://ports.ubuntu.com/"
@@ -32,14 +37,14 @@ __UbuntuPackages="build-essential"
 __AlpinePackages="alpine-base"
 __AlpinePackages+=" build-base"
 __AlpinePackages+=" linux-headers"
-__AlpinePackagesEdgeCommunity=" lldb-dev"
-__AlpinePackagesEdgeMain+=" python3"
-__AlpinePackagesEdgeMain+=" libedit"
+__AlpinePackages+=" lldb-dev"
+__AlpinePackages+=" python3"
+__AlpinePackages+=" libedit"
 
 # symlinks fixer
 __UbuntuPackages+=" symlinks"
 
-# CoreCLR and CoreFX dependencies
+# runtime dependencies
 __UbuntuPackages+=" libicu-dev"
 __UbuntuPackages+=" liblttng-ust-dev"
 __UbuntuPackages+=" libunwind8-dev"
@@ -48,8 +53,9 @@ __AlpinePackages+=" gettext-dev"
 __AlpinePackages+=" icu-dev"
 __AlpinePackages+=" libunwind-dev"
 __AlpinePackages+=" lttng-ust-dev"
+__AlpinePackages+=" compiler-rt-static"
 
-# CoreFX dependencies
+# runtime libraries' dependencies
 __UbuntuPackages+=" libcurl4-openssl-dev"
 __UbuntuPackages+=" libkrb5-dev"
 __UbuntuPackages+=" libssl-dev"
@@ -60,36 +66,48 @@ __AlpinePackages+=" krb5-dev"
 __AlpinePackages+=" openssl-dev"
 __AlpinePackages+=" zlib-dev"
 
-__FreeBSDBase="12.2-RELEASE"
-__FreeBSDPkg="1.12.0"
+__FreeBSDBase="12.3-RELEASE"
+__FreeBSDPkg="1.17.0"
 __FreeBSDABI="12"
 __FreeBSDPackages="libunwind"
 __FreeBSDPackages+=" icu"
 __FreeBSDPackages+=" libinotify"
-__FreeBSDPackages+=" lttng-ust"
+__FreeBSDPackages+=" openssl"
 __FreeBSDPackages+=" krb5"
 __FreeBSDPackages+=" terminfo-db"
 
-__IllumosPackages="icu-64.2nb2"
-__IllumosPackages+=" mit-krb5-1.16.2nb4"
-__IllumosPackages+=" openssl-1.1.1e"
-__IllumosPackages+=" zlib-1.2.11"
+__IllumosPackages="icu"
+__IllumosPackages+=" mit-krb5"
+__IllumosPackages+=" openssl"
+__IllumosPackages+=" zlib"
+
+__HaikuPackages="gmp"
+__HaikuPackages+=" gmp_devel"
+__HaikuPackages+=" krb5"
+__HaikuPackages+=" krb5_devel"
+__HaikuPackages+=" libiconv"
+__HaikuPackages+=" libiconv_devel"
+__HaikuPackages+=" llvm12_libunwind"
+__HaikuPackages+=" llvm12_libunwind_devel"
+__HaikuPackages+=" mpfr"
+__HaikuPackages+=" mpfr_devel"
 
 # ML.NET dependencies
 __UbuntuPackages+=" libomp5"
 __UbuntuPackages+=" libomp-dev"
 
+__Keyring=
 __UseMirror=0
 
 __UnprocessedBuildArgs=
 while :; do
-    if [ $# -le 0 ]; then
+    if [[ "$#" -le 0 ]]; then
         break
     fi
 
-    lowerI="$(echo $1 | tr "[:upper:]" "[:lower:]")"
+    lowerI="$(echo "$1" | tr "[:upper:]" "[:lower:]")"
     case $lowerI in
-        -?|-h|--help)
+        -\?|-h|--help)
             usage
             exit 1
             ;;
@@ -104,6 +122,8 @@ while :; do
             __UbuntuArch=arm64
             __AlpineArch=aarch64
             __QEMUArch=aarch64
+            __FreeBSDArch=arm64
+            __FreeBSDMachineArch=aarch64
             ;;
         armel)
             __BuildArch=armel
@@ -111,6 +131,39 @@ while :; do
             __UbuntuRepo="http://ftp.debian.org/debian/"
             __CodeName=jessie
             ;;
+        armv6)
+            __BuildArch=armv6
+            __UbuntuArch=armhf
+            __QEMUArch=arm
+            __UbuntuRepo="http://raspbian.raspberrypi.org/raspbian/"
+            __CodeName=buster
+            __LLDB_Package="liblldb-6.0-dev"
+
+            if [[ -e "/usr/share/keyrings/raspbian-archive-keyring.gpg" ]]; then
+                __Keyring="--keyring /usr/share/keyrings/raspbian-archive-keyring.gpg"
+            fi
+            ;;
+        ppc64le)
+            __BuildArch=ppc64le
+            __UbuntuArch=ppc64el
+            __UbuntuRepo="http://ports.ubuntu.com/ubuntu-ports/"
+            __UbuntuPackages=$(echo ${__UbuntuPackages} | sed 's/ libunwind8-dev//')
+            __UbuntuPackages=$(echo ${__UbuntuPackages} | sed 's/ libomp-dev//')
+            __UbuntuPackages=$(echo ${__UbuntuPackages} | sed 's/ libomp5//')
+            unset __LLDB_Package
+            ;;
+        riscv64)
+            __BuildArch=riscv64
+            __UbuntuArch=riscv64
+            __UbuntuRepo="http://deb.debian.org/debian-ports"
+            __CodeName=sid
+            __UbuntuPackages=$(echo ${__UbuntuPackages} | sed 's/ libunwind8-dev//')
+            unset __LLDB_Package
+
+            if [[ -e "/usr/share/keyrings/debian-ports-archive-keyring.gpg" ]]; then
+                __Keyring="--keyring /usr/share/keyrings/debian-ports-archive-keyring.gpg --include=debian-ports-archive-keyring"
+            fi
+            ;;
         s390x)
             __BuildArch=s390x
             __UbuntuArch=s390x
@@ -120,47 +173,69 @@ while :; do
             __UbuntuPackages=$(echo ${__UbuntuPackages} | sed 's/ libomp5//')
             unset __LLDB_Package
             ;;
+        x64)
+            __BuildArch=x64
+            __UbuntuArch=amd64
+            __FreeBSDArch=amd64
+            __FreeBSDMachineArch=amd64
+            __illumosArch=x86_64
+            __UbuntuRepo=
+            ;;
         x86)
             __BuildArch=x86
             __UbuntuArch=i386
             __UbuntuRepo="http://archive.ubuntu.com/ubuntu/"
             ;;
-        lldb3.6)
-            __LLDB_Package="lldb-3.6-dev"
-            ;;
-        lldb3.8)
-            __LLDB_Package="lldb-3.8-dev"
-            ;;
-        lldb3.9)
-            __LLDB_Package="liblldb-3.9-dev"
-            ;;
-        lldb4.0)
-            __LLDB_Package="liblldb-4.0-dev"
-            ;;
-        lldb5.0)
-            __LLDB_Package="liblldb-5.0-dev"
-            ;;
-        lldb6.0)
-            __LLDB_Package="liblldb-6.0-dev"
+        lldb*)
+            version="${lowerI/lldb/}"
+            parts=(${version//./ })
+
+            # for versions > 6.0, lldb has dropped the minor version
+            if [[ "${parts[0]}" -gt 6 ]]; then
+                version="${parts[0]}"
+            fi
+
+            __LLDB_Package="liblldb-${version}-dev"
             ;;
         no-lldb)
             unset __LLDB_Package
             ;;
+        llvm*)
+            version="${lowerI/llvm/}"
+            parts=(${version//./ })
+            __LLVM_MajorVersion="${parts[0]}"
+            __LLVM_MinorVersion="${parts[1]}"
+
+            # for versions > 6.0, llvm has dropped the minor version
+            if [[ -z "$__LLVM_MinorVersion" && "$__LLVM_MajorVersion" -le 6 ]]; then
+                __LLVM_MinorVersion=0;
+            fi
+            ;;
         xenial) # Ubuntu 16.04
-            if [ "$__CodeName" != "jessie" ]; then
+            if [[ "$__CodeName" != "jessie" ]]; then
                 __CodeName=xenial
             fi
             ;;
         zesty) # Ubuntu 17.04
-            if [ "$__CodeName" != "jessie" ]; then
+            if [[ "$__CodeName" != "jessie" ]]; then
                 __CodeName=zesty
             fi
             ;;
         bionic) # Ubuntu 18.04
-            if [ "$__CodeName" != "jessie" ]; then
+            if [[ "$__CodeName" != "jessie" ]]; then
                 __CodeName=bionic
             fi
             ;;
+        focal) # Ubuntu 20.04
+            if [[ "$__CodeName" != "jessie" ]]; then
+                __CodeName=focal
+            fi
+            ;;
+        jammy) # Ubuntu 22.04
+            if [[ "$__CodeName" != "jessie" ]]; then
+                __CodeName=jammy
+            fi
+            ;;
         jessie) # Debian 8
             __CodeName=jessie
             __UbuntuRepo="http://ftp.debian.org/debian/"
@@ -176,51 +251,38 @@ while :; do
             __LLDB_Package="liblldb-6.0-dev"
             ;;
         tizen)
-            if [ "$__BuildArch" != "armel" ] && [ "$__BuildArch" != "arm64" ]; then
-                echo "Tizen is available only for armel and arm64."
-                usage;
-                exit 1;
-            fi
             __CodeName=
             __UbuntuRepo=
             __Tizen=tizen
             ;;
-        alpine|alpine3.9)
+        alpine|alpine3.13)
             __CodeName=alpine
             __UbuntuRepo=
-            __AlpineVersion=3.9
-            __AlpinePackagesEdgeMain+=" llvm11-libs"
-            __AlpinePackagesEdgeMain+=" clang-libs"
+            __AlpineVersion=3.13
+            __AlpinePackages+=" llvm10-libs"
             ;;
-        alpine3.13)
+        alpine3.14)
             __CodeName=alpine
             __UbuntuRepo=
-            __AlpineVersion=3.13
-            # Alpine 3.13 has all the packages we need in the 3.13 repository
-            __AlpinePackages+=$__AlpinePackagesEdgeCommunity
-            __AlpinePackagesEdgeCommunity=
-            __AlpinePackages+=$__AlpinePackagesEdgeMain
-            __AlpinePackagesEdgeMain=
-            __AlpinePackages+=" llvm10-libs"
+            __AlpineVersion=3.14
+            __AlpinePackages+=" llvm11-libs"
             ;;
-        freebsd11)
-            __FreeBSDBase="11.3-RELEASE"
-            __FreeBSDABI="11"
-            ;&
         freebsd12)
             __CodeName=freebsd
-            __BuildArch=x64
             __SkipUnmount=1
             ;;
         freebsd13)
             __CodeName=freebsd
             __FreeBSDBase="13.0-RELEASE"
             __FreeBSDABI="13"
-            __BuildArch=x64
             __SkipUnmount=1
             ;;
         illumos)
             __CodeName=illumos
+            __SkipUnmount=1
+            ;;
+        haiku)
+            __CodeName=haiku
             __BuildArch=x64
             __SkipUnmount=1
             ;;
@@ -229,11 +291,15 @@ while :; do
             ;;
         --rootfsdir|-rootfsdir)
             shift
-            __RootfsDir=$1
+            __RootfsDir="$1"
             ;;
         --use-mirror)
             __UseMirror=1
             ;;
+        --use-jobs)
+            shift
+            MAXJOBS=$1
+            ;;
         *)
             __UnprocessedBuildArgs="$__UnprocessedBuildArgs $1"
             ;;
@@ -242,85 +308,76 @@ while :; do
     shift
 done
 
-if [ "$__BuildArch" == "armel" ]; then
+if [[ "$__BuildArch" == "armel" ]]; then
     __LLDB_Package="lldb-3.5-dev"
 fi
+
 __UbuntuPackages+=" ${__LLDB_Package:-}"
 
-if [ -z "$__RootfsDir" ] && [ ! -z "$ROOTFS_DIR" ]; then
-    __RootfsDir=$ROOTFS_DIR
+if [[ -n "$__LLVM_MajorVersion" ]]; then
+    __UbuntuPackages+=" libclang-common-${__LLVM_MajorVersion}${__LLVM_MinorVersion:+.$__LLVM_MinorVersion}-dev"
 fi
 
-if [ -z "$__RootfsDir" ]; then
+if [[ -z "$__RootfsDir" && -n "$ROOTFS_DIR" ]]; then
+    __RootfsDir="$ROOTFS_DIR"
+fi
+
+if [[ -z "$__RootfsDir" ]]; then
     __RootfsDir="$__CrossDir/../../../.tools/rootfs/$__BuildArch"
 fi
 
-if [ -d "$__RootfsDir" ]; then
-    if [ $__SkipUnmount == 0 ]; then
-        umount $__RootfsDir/* || true
+if [[ -d "$__RootfsDir" ]]; then
+    if [[ "$__SkipUnmount" == "0" ]]; then
+        umount "$__RootfsDir"/* || true
     fi
-    rm -rf $__RootfsDir
+    rm -rf "$__RootfsDir"
 fi
 
-mkdir -p $__RootfsDir
+mkdir -p "$__RootfsDir"
 __RootfsDir="$( cd "$__RootfsDir" && pwd )"
 
 if [[ "$__CodeName" == "alpine" ]]; then
     __ApkToolsVersion=2.9.1
-    __ApkToolsDir=$(mktemp -d)
-    wget https://github.com/alpinelinux/apk-tools/releases/download/v$__ApkToolsVersion/apk-tools-$__ApkToolsVersion-x86_64-linux.tar.gz -P $__ApkToolsDir
-    tar -xf $__ApkToolsDir/apk-tools-$__ApkToolsVersion-x86_64-linux.tar.gz -C $__ApkToolsDir
-    mkdir -p $__RootfsDir/usr/bin
-    cp -v /usr/bin/qemu-$__QEMUArch-static $__RootfsDir/usr/bin
-
-    $__ApkToolsDir/apk-tools-$__ApkToolsVersion/apk \
-      -X http://dl-cdn.alpinelinux.org/alpine/v$__AlpineVersion/main \
-      -X http://dl-cdn.alpinelinux.org/alpine/v$__AlpineVersion/community \
-      -U --allow-untrusted --root $__RootfsDir --arch $__AlpineArch --initdb \
-      add $__AlpinePackages
-
-    if [[ -n "$__AlpinePackagesEdgeMain" ]]; then
-      $__ApkToolsDir/apk-tools-$__ApkToolsVersion/apk \
-        -X http://dl-cdn.alpinelinux.org/alpine/edge/main \
-        -U --allow-untrusted --root $__RootfsDir --arch $__AlpineArch --initdb \
-        add $__AlpinePackagesEdgeMain
-    fi
+    __ApkToolsDir="$(mktemp -d)"
+    wget "https://github.com/alpinelinux/apk-tools/releases/download/v$__ApkToolsVersion/apk-tools-$__ApkToolsVersion-x86_64-linux.tar.gz" -P "$__ApkToolsDir"
+    tar -xf "$__ApkToolsDir/apk-tools-$__ApkToolsVersion-x86_64-linux.tar.gz" -C "$__ApkToolsDir"
+    mkdir -p "$__RootfsDir"/usr/bin
+    cp -v "/usr/bin/qemu-$__QEMUArch-static" "$__RootfsDir/usr/bin"
 
-    if [[ -n "$__AlpinePackagesEdgeCommunity" ]]; then
-      $__ApkToolsDir/apk-tools-$__ApkToolsVersion/apk \
-        -X http://dl-cdn.alpinelinux.org/alpine/edge/community \
-        -U --allow-untrusted --root $__RootfsDir --arch $__AlpineArch --initdb \
-        add $__AlpinePackagesEdgeCommunity
-    fi
+    "$__ApkToolsDir/apk-tools-$__ApkToolsVersion/apk" \
+      -X "http://dl-cdn.alpinelinux.org/alpine/v$__AlpineVersion/main" \
+      -X "http://dl-cdn.alpinelinux.org/alpine/v$__AlpineVersion/community" \
+      -U --allow-untrusted --root "$__RootfsDir" --arch "$__AlpineArch" --initdb \
+      add $__AlpinePackages
 
-    rm -r $__ApkToolsDir
+    rm -r "$__ApkToolsDir"
 elif [[ "$__CodeName" == "freebsd" ]]; then
-    mkdir -p $__RootfsDir/usr/local/etc
-    JOBS="$(getconf _NPROCESSORS_ONLN)"
-    wget -O - https://download.freebsd.org/ftp/releases/amd64/${__FreeBSDBase}/base.txz | tar -C $__RootfsDir -Jxf - ./lib ./usr/lib ./usr/libdata ./usr/include ./usr/share/keys ./etc ./bin/freebsd-version
-    echo "ABI = \"FreeBSD:${__FreeBSDABI}:amd64\"; FINGERPRINTS = \"${__RootfsDir}/usr/share/keys\"; REPOS_DIR = [\"${__RootfsDir}/etc/pkg\"]; REPO_AUTOUPDATE = NO; RUN_SCRIPTS = NO;" > ${__RootfsDir}/usr/local/etc/pkg.conf
-    echo "FreeBSD: { url: "pkg+http://pkg.FreeBSD.org/\${ABI}/quarterly", mirror_type: \"srv\", signature_type: \"fingerprints\", fingerprints: \"${__RootfsDir}/usr/share/keys/pkg\", enabled: yes }" > ${__RootfsDir}/etc/pkg/FreeBSD.conf
-    mkdir -p $__RootfsDir/tmp
+    mkdir -p "$__RootfsDir"/usr/local/etc
+    JOBS=${MAXJOBS:="$(getconf _NPROCESSORS_ONLN)"}
+    wget -O - "https://download.freebsd.org/ftp/releases/${__FreeBSDArch}/${__FreeBSDMachineArch}/${__FreeBSDBase}/base.txz" | tar -C "$__RootfsDir" -Jxf - ./lib ./usr/lib ./usr/libdata ./usr/include ./usr/share/keys ./etc ./bin/freebsd-version
+    echo "ABI = \"FreeBSD:${__FreeBSDABI}:${__FreeBSDMachineArch}\"; FINGERPRINTS = \"${__RootfsDir}/usr/share/keys\"; REPOS_DIR = [\"${__RootfsDir}/etc/pkg\"]; REPO_AUTOUPDATE = NO; RUN_SCRIPTS = NO;" > "${__RootfsDir}"/usr/local/etc/pkg.conf
+    echo "FreeBSD: { url: \"pkg+http://pkg.FreeBSD.org/\${ABI}/quarterly\", mirror_type: \"srv\", signature_type: \"fingerprints\", fingerprints: \"${__RootfsDir}/usr/share/keys/pkg\", enabled: yes }" > "${__RootfsDir}"/etc/pkg/FreeBSD.conf
+    mkdir -p "$__RootfsDir"/tmp
     # get and build package manager
-    wget -O -  https://github.com/freebsd/pkg/archive/${__FreeBSDPkg}.tar.gz  |  tar -C $__RootfsDir/tmp -zxf -
-    cd $__RootfsDir/tmp/pkg-${__FreeBSDPkg}
+    wget -O - "https://github.com/freebsd/pkg/archive/${__FreeBSDPkg}.tar.gz" | tar -C "$__RootfsDir"/tmp -zxf -
+    cd "$__RootfsDir/tmp/pkg-${__FreeBSDPkg}"
     # needed for install to succeed
-    mkdir -p $__RootfsDir/host/etc
-    ./autogen.sh && ./configure --prefix=$__RootfsDir/host && make -j "$JOBS" && make install
-    rm -rf $__RootfsDir/tmp/pkg-${__FreeBSDPkg}
+    mkdir -p "$__RootfsDir"/host/etc
+    ./autogen.sh && ./configure --prefix="$__RootfsDir"/host && make -j "$JOBS" && make install
+    rm -rf "$__RootfsDir/tmp/pkg-${__FreeBSDPkg}"
     # install packages we need.
-    INSTALL_AS_USER=$(whoami) $__RootfsDir/host/sbin/pkg -r $__RootfsDir -C $__RootfsDir/usr/local/etc/pkg.conf update
-    INSTALL_AS_USER=$(whoami) $__RootfsDir/host/sbin/pkg -r $__RootfsDir -C $__RootfsDir/usr/local/etc/pkg.conf install --yes $__FreeBSDPackages
+    INSTALL_AS_USER=$(whoami) "$__RootfsDir"/host/sbin/pkg -r "$__RootfsDir" -C "$__RootfsDir"/usr/local/etc/pkg.conf update
+    INSTALL_AS_USER=$(whoami) "$__RootfsDir"/host/sbin/pkg -r "$__RootfsDir" -C "$__RootfsDir"/usr/local/etc/pkg.conf install --yes $__FreeBSDPackages
 elif [[ "$__CodeName" == "illumos" ]]; then
     mkdir "$__RootfsDir/tmp"
     pushd "$__RootfsDir/tmp"
-    JOBS="$(getconf _NPROCESSORS_ONLN)"
+    JOBS=${MAXJOBS:="$(getconf _NPROCESSORS_ONLN)"}
     echo "Downloading sysroot."
     wget -O - https://github.com/illumos/sysroot/releases/download/20181213-de6af22ae73b-v1/illumos-sysroot-i386-20181213-de6af22ae73b-v1.tar.gz | tar -C "$__RootfsDir" -xzf -
     echo "Building binutils. Please wait.."
     wget -O - https://ftp.gnu.org/gnu/binutils/binutils-2.33.1.tar.bz2 | tar -xjf -
     mkdir build-binutils && cd build-binutils
-    ../binutils-2.33.1/configure --prefix="$__RootfsDir" --target="x86_64-sun-solaris2.10" --program-prefix="x86_64-illumos-" --with-sysroot="$__RootfsDir"
+    ../binutils-2.33.1/configure --prefix="$__RootfsDir" --target="${__illumosArch}-sun-solaris2.10" --program-prefix="${__illumosArch}-illumos-" --with-sysroot="$__RootfsDir"
     make -j "$JOBS" && make install && cd ..
     echo "Building gcc. Please wait.."
     wget -O - https://ftp.gnu.org/gnu/gcc/gcc-8.4.0/gcc-8.4.0.tar.xz | tar -xJf -
@@ -330,7 +387,7 @@ elif [[ "$__CodeName" == "illumos" ]]; then
     CFLAGS_FOR_TARGET="-fPIC"
     export CFLAGS CXXFLAGS CXXFLAGS_FOR_TARGET CFLAGS_FOR_TARGET
     mkdir build-gcc && cd build-gcc
-    ../gcc-8.4.0/configure --prefix="$__RootfsDir" --target="x86_64-sun-solaris2.10" --program-prefix="x86_64-illumos-" --with-sysroot="$__RootfsDir" --with-gnu-as       \
+    ../gcc-8.4.0/configure --prefix="$__RootfsDir" --target="${__illumosArch}-sun-solaris2.10" --program-prefix="${__illumosArch}-illumos-" --with-sysroot="$__RootfsDir" --with-gnu-as       \
         --with-gnu-ld --disable-nls --disable-libgomp --disable-libquadmath --disable-libssp --disable-libvtv --disable-libcilkrts --disable-libada --disable-libsanitizer \
         --disable-libquadmath-support --disable-shared --enable-tls
     make -j "$JOBS" && make install && cd ..
@@ -338,14 +395,18 @@ elif [[ "$__CodeName" == "illumos" ]]; then
     if [[ "$__UseMirror" == 1 ]]; then
         BaseUrl=http://pkgsrc.smartos.skylime.net
     fi
-    BaseUrl="$BaseUrl"/packages/SmartOS/2020Q1/x86_64/All
+    BaseUrl="$BaseUrl/packages/SmartOS/trunk/${__illumosArch}/All"
+    echo "Downloading manifest"
+    wget "$BaseUrl"
     echo "Downloading dependencies."
     read -ra array <<<"$__IllumosPackages"
     for package in "${array[@]}"; do
-       echo "Installing $package..."
+        echo "Installing '$package'"
+        package="$(grep ">$package-[0-9]" All | sed -En 's/.*href="(.*)\.tgz".*/\1/p')"
+        echo "Resolved name '$package'"
         wget "$BaseUrl"/"$package".tgz
         ar -x "$package".tgz
-        tar --skip-old-files -xzf "$package".tmp.tgz -C "$__RootfsDir" 2>/dev/null
+        tar --skip-old-files -xzf "$package".tmp.tg* -C "$__RootfsDir" 2>/dev/null
     done
     echo "Cleaning up temporary files."
     popd
@@ -356,26 +417,90 @@ elif [[ "$__CodeName" == "illumos" ]]; then
     wget -P "$__RootfsDir"/usr/include/net https://raw.githubusercontent.com/illumos/illumos-gate/master/usr/src/uts/common/io/bpf/net/dlt.h
     wget -P "$__RootfsDir"/usr/include/netpacket https://raw.githubusercontent.com/illumos/illumos-gate/master/usr/src/uts/common/inet/sockmods/netpacket/packet.h
     wget -P "$__RootfsDir"/usr/include/sys https://raw.githubusercontent.com/illumos/illumos-gate/master/usr/src/uts/common/sys/sdt.h
-elif [[ -n $__CodeName ]]; then
-    qemu-debootstrap --arch $__UbuntuArch $__CodeName $__RootfsDir $__UbuntuRepo
-    cp $__CrossDir/$__BuildArch/sources.list.$__CodeName $__RootfsDir/etc/apt/sources.list
-    chroot $__RootfsDir apt-get update
-    chroot $__RootfsDir apt-get -f -y install
-    chroot $__RootfsDir apt-get -y install $__UbuntuPackages
-    chroot $__RootfsDir symlinks -cr /usr
-    chroot $__RootfsDir apt-get clean
-
-    if [ $__SkipUnmount == 0 ]; then
-        umount $__RootfsDir/* || true
+elif [[ "$__CodeName" == "haiku" ]]; then
+    JOBS=${MAXJOBS:="$(getconf _NPROCESSORS_ONLN)"}
+
+    echo "Building Haiku sysroot for x86_64"
+    mkdir -p "$__RootfsDir/tmp"
+    cd "$__RootfsDir/tmp"
+    git clone -b hrev56235  https://review.haiku-os.org/haiku
+    git clone -b btrev43195 https://review.haiku-os.org/buildtools
+    cd "$__RootfsDir/tmp/buildtools" && git checkout 7487388f5110021d400b9f3b88e1a7f310dc066d
+
+    # Fetch some unmerged patches
+    cd "$__RootfsDir/tmp/haiku"
+    ## Add development build profile (slimmer than nightly)
+    git fetch origin refs/changes/64/4164/1 && git -c commit.gpgsign=false cherry-pick FETCH_HEAD
+
+    # Build jam
+    cd "$__RootfsDir/tmp/buildtools/jam"
+    make
+
+    # Configure cross tools
+    echo "Building cross-compiler"
+    mkdir -p "$__RootfsDir/generated"
+    cd "$__RootfsDir/generated"
+    "$__RootfsDir/tmp/haiku/configure" -j"$JOBS" --sysroot "$__RootfsDir" --cross-tools-source "$__RootfsDir/tmp/buildtools" --build-cross-tools x86_64
+
+    # Build Haiku packages
+    echo "Building Haiku"
+    echo 'HAIKU_BUILD_PROFILE = "development-raw" ;' > UserProfileConfig
+    "$__RootfsDir/tmp/buildtools/jam/jam0" -j"$JOBS" -q '<build>package' '<repository>Haiku'
+
+    BaseUrl="https://depot.haiku-os.org/__api/v2/pkg/get-pkg"
+
+    # Download additional packages
+    echo "Downloading additional required packages"
+    read -ra array <<<"$__HaikuPackages"
+    for package in "${array[@]}"; do
+        echo "Downloading $package..."
+        # API documented here: https://github.com/haiku/haikudepotserver/blob/master/haikudepotserver-api2/src/main/resources/api2/pkg.yaml#L60
+        # The schema here: https://github.com/haiku/haikudepotserver/blob/master/haikudepotserver-api2/src/main/resources/api2/pkg.yaml#L598
+        hpkgDownloadUrl="$(wget -qO- --post-data='{"name":"'"$package"'","repositorySourceCode":"haikuports_x86_64","versionType":"LATEST","naturalLanguageCode":"en"}' \
+            --header='Content-Type:application/json' "$BaseUrl" | jq -r '.result.versions[].hpkgDownloadURL')"
+        wget -P "$__RootfsDir/generated/download" "$hpkgDownloadUrl"
+    done
+
+    # Setup the sysroot
+    echo "Setting up sysroot and extracting needed packages"
+    mkdir -p "$__RootfsDir/boot/system"
+    for file in "$__RootfsDir/generated/objects/haiku/x86_64/packaging/packages/"*.hpkg; do
+        "$__RootfsDir/generated/objects/linux/x86_64/release/tools/package/package" extract -C "$__RootfsDir/boot/system" "$file"
+    done
+    for file in "$__RootfsDir/generated/download/"*.hpkg; do
+        "$__RootfsDir/generated/objects/linux/x86_64/release/tools/package/package" extract -C "$__RootfsDir/boot/system" "$file"
+    done
+
+    # Cleaning up temporary files
+    echo "Cleaning up temporary files"
+    rm -rf "$__RootfsDir/tmp"
+    for name in "$__RootfsDir/generated/"*; do
+        if [[ "$name" =~ "cross-tools-" ]]; then
+            : # Keep the cross-compiler
+        else
+            rm -rf "$name"
+        fi
+    done
+elif [[ -n "$__CodeName" ]]; then
+    qemu-debootstrap $__Keyring --arch "$__UbuntuArch" "$__CodeName" "$__RootfsDir" "$__UbuntuRepo"
+    cp "$__CrossDir/$__BuildArch/sources.list.$__CodeName" "$__RootfsDir/etc/apt/sources.list"
+    chroot "$__RootfsDir" apt-get update
+    chroot "$__RootfsDir" apt-get -f -y install
+    chroot "$__RootfsDir" apt-get -y install $__UbuntuPackages
+    chroot "$__RootfsDir" symlinks -cr /usr
+    chroot "$__RootfsDir" apt-get clean
+
+    if [[ "$__SkipUnmount" == "0" ]]; then
+        umount "$__RootfsDir"/* || true
     fi
 
     if [[ "$__BuildArch" == "armel" && "$__CodeName" == "jessie" ]]; then
-        pushd $__RootfsDir
-        patch -p1 < $__CrossDir/$__BuildArch/armel.jessie.patch
+        pushd "$__RootfsDir"
+        patch -p1 < "$__CrossDir/$__BuildArch/armel.jessie.patch"
         popd
     fi
 elif [[ "$__Tizen" == "tizen" ]]; then
-    ROOTFS_DIR=$__RootfsDir $__CrossDir/$__BuildArch/tizen-build-rootfs.sh
+    ROOTFS_DIR="$__RootfsDir" "$__CrossDir/$__BuildArch/tizen-build-rootfs.sh"
 else
     echo "Unsupported target platform."
     usage;

eng/common/cross/ppc64le/sources.list.bionic

@@ -0,0 +1,11 @@
+deb http://ports.ubuntu.com/ubuntu-ports/ bionic main restricted universe
+deb-src http://ports.ubuntu.com/ubuntu-ports/ bionic main restricted universe
+
+deb http://ports.ubuntu.com/ubuntu-ports/ bionic-updates main restricted universe
+deb-src http://ports.ubuntu.com/ubuntu-ports/ bionic-updates main restricted universe
+
+deb http://ports.ubuntu.com/ubuntu-ports/ bionic-backports main restricted
+deb-src http://ports.ubuntu.com/ubuntu-ports/ bionic-backports main restricted
+
+deb http://ports.ubuntu.com/ubuntu-ports/ bionic-security main restricted universe multiverse
+deb-src http://ports.ubuntu.com/ubuntu-ports/ bionic-security main restricted universe multiverse

eng/common/cross/riscv64/sources.list.sid

@@ -0,0 +1 @@
+deb http://deb.debian.org/debian-ports sid main

eng/common/cross/toolchain.cmake

@@ -3,21 +3,25 @@ set(CROSS_ROOTFS $ENV{ROOTFS_DIR})
 set(TARGET_ARCH_NAME $ENV{TARGET_BUILD_ARCH})
 if(EXISTS ${CROSS_ROOTFS}/bin/freebsd-version)
   set(CMAKE_SYSTEM_NAME FreeBSD)
+  set(FREEBSD 1)
 elseif(EXISTS ${CROSS_ROOTFS}/usr/platform/i86pc)
   set(CMAKE_SYSTEM_NAME SunOS)
   set(ILLUMOS 1)
+elseif(EXISTS ${CROSS_ROOTFS}/boot/system/develop/headers/config/HaikuConfig.h)
+  set(CMAKE_SYSTEM_NAME Haiku)
 else()
   set(CMAKE_SYSTEM_NAME Linux)
+  set(LINUX 1)
 endif()
 set(CMAKE_SYSTEM_VERSION 1)
 
-if(TARGET_ARCH_NAME STREQUAL "armel")
-  set(CMAKE_SYSTEM_PROCESSOR armv7l)
-  set(TOOLCHAIN "arm-linux-gnueabi")
-  if("$ENV{__DistroRid}" MATCHES "tizen.*")
-    set(TIZEN_TOOLCHAIN "armv7l-tizen-linux-gnueabi/9.2.0")
-  endif()
-elseif(TARGET_ARCH_NAME STREQUAL "arm")
+if(EXISTS ${CROSS_ROOTFS}/etc/tizen-release)
+  set(TIZEN 1)
+elseif(EXISTS ${CROSS_ROOTFS}/android_platform)
+  set(ANDROID 1)
+endif()
+
+if(TARGET_ARCH_NAME STREQUAL "arm")
   set(CMAKE_SYSTEM_PROCESSOR armv7l)
   if(EXISTS ${CROSS_ROOTFS}/usr/lib/gcc/armv7-alpine-linux-musleabihf)
     set(TOOLCHAIN "armv7-alpine-linux-musleabihf")
@@ -26,30 +30,65 @@ elseif(TARGET_ARCH_NAME STREQUAL "arm")
   else()
     set(TOOLCHAIN "arm-linux-gnueabihf")
   endif()
+  if(TIZEN)
+    set(TIZEN_TOOLCHAIN "armv7hl-tizen-linux-gnueabihf/9.2.0")
+  endif()
 elseif(TARGET_ARCH_NAME STREQUAL "arm64")
   set(CMAKE_SYSTEM_PROCESSOR aarch64)
   if(EXISTS ${CROSS_ROOTFS}/usr/lib/gcc/aarch64-alpine-linux-musl)
     set(TOOLCHAIN "aarch64-alpine-linux-musl")
-  else()
+  elseif(LINUX)
     set(TOOLCHAIN "aarch64-linux-gnu")
+    if(TIZEN)
+      set(TIZEN_TOOLCHAIN "aarch64-tizen-linux-gnu/9.2.0")
+    endif()
+  elseif(FREEBSD)
+    set(triple "aarch64-unknown-freebsd12")
+  endif()
+elseif(TARGET_ARCH_NAME STREQUAL "armel")
+  set(CMAKE_SYSTEM_PROCESSOR armv7l)
+  set(TOOLCHAIN "arm-linux-gnueabi")
+  if(TIZEN)
+    set(TIZEN_TOOLCHAIN "armv7l-tizen-linux-gnueabi/9.2.0")
   endif()
-  if("$ENV{__DistroRid}" MATCHES "tizen.*")
-    set(TIZEN_TOOLCHAIN "aarch64-tizen-linux-gnu/9.2.0")
+elseif(TARGET_ARCH_NAME STREQUAL "armv6")
+  set(CMAKE_SYSTEM_PROCESSOR armv6l)
+  if(EXISTS ${CROSS_ROOTFS}/usr/lib/gcc/armv6-alpine-linux-musleabihf)
+    set(TOOLCHAIN "armv6-alpine-linux-musleabihf")
+  else()
+    set(TOOLCHAIN "arm-linux-gnueabihf")
   endif()
+elseif(TARGET_ARCH_NAME STREQUAL "ppc64le")
+  set(CMAKE_SYSTEM_PROCESSOR ppc64le)
+  set(TOOLCHAIN "powerpc64le-linux-gnu")
+elseif(TARGET_ARCH_NAME STREQUAL "riscv64")
+  set(CMAKE_SYSTEM_PROCESSOR riscv64)
+  set(TOOLCHAIN "riscv64-linux-gnu")
 elseif(TARGET_ARCH_NAME STREQUAL "s390x")
   set(CMAKE_SYSTEM_PROCESSOR s390x)
   set(TOOLCHAIN "s390x-linux-gnu")
+elseif(TARGET_ARCH_NAME STREQUAL "x64")
+  set(CMAKE_SYSTEM_PROCESSOR x86_64)
+  if(LINUX)
+    set(TOOLCHAIN "x86_64-linux-gnu")
+    if(TIZEN)
+      set(TIZEN_TOOLCHAIN "x86_64-tizen-linux-gnu/9.2.0")
+    endif()
+  elseif(FREEBSD)
+    set(triple "x86_64-unknown-freebsd12")
+  elseif(ILLUMOS)
+    set(TOOLCHAIN "x86_64-illumos")
+  elseif(HAIKU)
+    set(TOOLCHAIN "x64_64-unknown-haiku")
+  endif()
 elseif(TARGET_ARCH_NAME STREQUAL "x86")
   set(CMAKE_SYSTEM_PROCESSOR i686)
   set(TOOLCHAIN "i686-linux-gnu")
-elseif (CMAKE_SYSTEM_NAME STREQUAL "FreeBSD")
-  set(CMAKE_SYSTEM_PROCESSOR "x86_64")
-  set(triple "x86_64-unknown-freebsd11")
-elseif (ILLUMOS)
-  set(CMAKE_SYSTEM_PROCESSOR "x86_64")
-  set(TOOLCHAIN "x86_64-illumos")
+  if(TIZEN)
+    set(TIZEN_TOOLCHAIN "i586-tizen-linux-gnu/9.2.0")
+  endif()
 else()
-  message(FATAL_ERROR "Arch is ${TARGET_ARCH_NAME}. Only armel, arm, arm64, s390x and x86 are supported!")
+  message(FATAL_ERROR "Arch is ${TARGET_ARCH_NAME}. Only arm, arm64, armel, armv6, ppc64le, riscv64, s390x, x64 and x86 are supported!")
 endif()
 
 if(DEFINED ENV{TOOLCHAIN})
@@ -57,7 +96,11 @@ if(DEFINED ENV{TOOLCHAIN})
 endif()
 
 # Specify include paths
-if(DEFINED TIZEN_TOOLCHAIN)
+if(TIZEN)
+  if(TARGET_ARCH_NAME STREQUAL "arm")
+    include_directories(SYSTEM ${CROSS_ROOTFS}/usr/lib/gcc/${TIZEN_TOOLCHAIN}/include/c++/)
+    include_directories(SYSTEM ${CROSS_ROOTFS}/usr/lib/gcc/${TIZEN_TOOLCHAIN}/include/c++/armv7hl-tizen-linux-gnueabihf)
+  endif()
   if(TARGET_ARCH_NAME STREQUAL "armel")
     include_directories(SYSTEM ${CROSS_ROOTFS}/usr/lib/gcc/${TIZEN_TOOLCHAIN}/include/c++/)
     include_directories(SYSTEM ${CROSS_ROOTFS}/usr/lib/gcc/${TIZEN_TOOLCHAIN}/include/c++/armv7l-tizen-linux-gnueabi)
@@ -66,9 +109,13 @@ if(DEFINED TIZEN_TOOLCHAIN)
     include_directories(SYSTEM ${CROSS_ROOTFS}/usr/lib64/gcc/${TIZEN_TOOLCHAIN}/include/c++/)
     include_directories(SYSTEM ${CROSS_ROOTFS}/usr/lib64/gcc/${TIZEN_TOOLCHAIN}/include/c++/aarch64-tizen-linux-gnu)
   endif()
+  if(TARGET_ARCH_NAME STREQUAL "x86")
+    include_directories(SYSTEM ${CROSS_ROOTFS}/usr/lib/gcc/${TIZEN_TOOLCHAIN}/include/c++/)
+    include_directories(SYSTEM ${CROSS_ROOTFS}/usr/lib/gcc/${TIZEN_TOOLCHAIN}/include/c++/i586-tizen-linux-gnu)
+  endif()
 endif()
 
-if("$ENV{__DistroRid}" MATCHES "android.*")
+if(ANDROID)
     if(TARGET_ARCH_NAME STREQUAL "arm")
         set(ANDROID_ABI armeabi-v7a)
     elseif(TARGET_ARCH_NAME STREQUAL "arm64")
@@ -76,7 +123,9 @@ if("$ENV{__DistroRid}" MATCHES "android.*")
     endif()
 
     # extract platform number required by the NDK's toolchain
-    string(REGEX REPLACE ".*\\.([0-9]+)-.*" "\\1" ANDROID_PLATFORM "$ENV{__DistroRid}")
+    file(READ "${CROSS_ROOTFS}/android_platform" RID_FILE_CONTENTS)
+    string(REPLACE "RID=" "" ANDROID_RID "${RID_FILE_CONTENTS}")
+    string(REGEX REPLACE ".*\\.([0-9]+)-.*" "\\1" ANDROID_PLATFORM "${ANDROID_RID}")
 
     set(ANDROID_TOOLCHAIN clang)
     set(FEATURE_EVENT_TRACE 0) # disable event trace as there is no lttng-ust package in termux repository
@@ -85,12 +134,15 @@ if("$ENV{__DistroRid}" MATCHES "android.*")
 
     # include official NDK toolchain script
     include(${CROSS_ROOTFS}/../build/cmake/android.toolchain.cmake)
-elseif(CMAKE_SYSTEM_NAME STREQUAL "FreeBSD")
+elseif(FREEBSD)
     # we cross-compile by instructing clang
     set(CMAKE_C_COMPILER_TARGET ${triple})
     set(CMAKE_CXX_COMPILER_TARGET ${triple})
     set(CMAKE_ASM_COMPILER_TARGET ${triple})
     set(CMAKE_SYSROOT "${CROSS_ROOTFS}")
+    set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -fuse-ld=lld")
+    set(CMAKE_SHARED_LINKER_FLAGS "${CMAKE_SHARED_LINKER_FLAGS} -fuse-ld=lld")
+    set(CMAKE_MODULE_LINKER_FLAGS "${CMAKE_MODULE_LINKER_FLAGS} -fuse-ld=lld")
 elseif(ILLUMOS)
     set(CMAKE_SYSROOT "${CROSS_ROOTFS}")
 
@@ -122,6 +174,41 @@ elseif(ILLUMOS)
 
     set(CMAKE_C_STANDARD_LIBRARIES "${CMAKE_C_STANDARD_LIBRARIES} -lssp")
     set(CMAKE_CXX_STANDARD_LIBRARIES "${CMAKE_CXX_STANDARD_LIBRARIES} -lssp")
+elseif(HAIKU)
+    set(CMAKE_SYSROOT "${CROSS_ROOTFS}")
+
+    set(TOOLSET_PREFIX ${TOOLCHAIN}-)
+    function(locate_toolchain_exec exec var)
+        string(TOUPPER ${exec} EXEC_UPPERCASE)
+        if(NOT "$ENV{CLR_${EXEC_UPPERCASE}}" STREQUAL "")
+            set(${var} "$ENV{CLR_${EXEC_UPPERCASE}}" PARENT_SCOPE)
+            return()
+        endif()
+
+        set(SEARCH_PATH "${CROSS_ROOTFS}/generated/cross-tools-x86_64/bin")
+
+        find_program(EXEC_LOCATION_${exec}
+            PATHS ${SEARCH_PATH}
+            NAMES
+            "${TOOLSET_PREFIX}${exec}${CLR_CMAKE_COMPILER_FILE_NAME_VERSION}"
+            "${TOOLSET_PREFIX}${exec}")
+
+        if (EXEC_LOCATION_${exec} STREQUAL "EXEC_LOCATION_${exec}-NOTFOUND")
+            message(FATAL_ERROR "Unable to find toolchain executable. Name: ${exec}, Prefix: ${TOOLSET_PREFIX}.")
+        endif()
+        set(${var} ${EXEC_LOCATION_${exec}} PARENT_SCOPE)
+    endfunction()
+
+    set(CMAKE_SYSTEM_PREFIX_PATH "${CROSS_ROOTFS}")
+
+    locate_toolchain_exec(gcc CMAKE_C_COMPILER)
+    locate_toolchain_exec(g++ CMAKE_CXX_COMPILER)
+
+    set(CMAKE_C_STANDARD_LIBRARIES "${CMAKE_C_STANDARD_LIBRARIES} -lssp")
+    set(CMAKE_CXX_STANDARD_LIBRARIES "${CMAKE_CXX_STANDARD_LIBRARIES} -lssp")
+
+    # let CMake set up the correct search paths
+    include(Platform/Haiku)
 else()
     set(CMAKE_SYSROOT "${CROSS_ROOTFS}")
 
@@ -142,20 +229,20 @@ function(add_toolchain_linker_flag Flag)
   set("CMAKE_SHARED_LINKER_FLAGS${CONFIG_SUFFIX}_INIT" "${CMAKE_SHARED_LINKER_FLAGS${CONFIG_SUFFIX}_INIT} ${Flag}" PARENT_SCOPE)
 endfunction()
 
-if(CMAKE_SYSTEM_NAME STREQUAL "Linux")
+if(LINUX)
   add_toolchain_linker_flag("-Wl,--rpath-link=${CROSS_ROOTFS}/lib/${TOOLCHAIN}")
   add_toolchain_linker_flag("-Wl,--rpath-link=${CROSS_ROOTFS}/usr/lib/${TOOLCHAIN}")
 endif()
 
-if(TARGET_ARCH_NAME STREQUAL "armel")
-  if(DEFINED TIZEN_TOOLCHAIN) # For Tizen only
+if(TARGET_ARCH_NAME MATCHES "^(arm|armel)$")
+  if(TIZEN)
     add_toolchain_linker_flag("-B${CROSS_ROOTFS}/usr/lib/gcc/${TIZEN_TOOLCHAIN}")
     add_toolchain_linker_flag("-L${CROSS_ROOTFS}/lib")
     add_toolchain_linker_flag("-L${CROSS_ROOTFS}/usr/lib")
     add_toolchain_linker_flag("-L${CROSS_ROOTFS}/usr/lib/gcc/${TIZEN_TOOLCHAIN}")
   endif()
 elseif(TARGET_ARCH_NAME STREQUAL "arm64")
-  if(DEFINED TIZEN_TOOLCHAIN) # For Tizen only
+  if(TIZEN)
     add_toolchain_linker_flag("-B${CROSS_ROOTFS}/usr/lib64/gcc/${TIZEN_TOOLCHAIN}")
     add_toolchain_linker_flag("-L${CROSS_ROOTFS}/lib64")
     add_toolchain_linker_flag("-L${CROSS_ROOTFS}/usr/lib64")
@@ -167,6 +254,13 @@ elseif(TARGET_ARCH_NAME STREQUAL "arm64")
   endif()
 elseif(TARGET_ARCH_NAME STREQUAL "x86")
   add_toolchain_linker_flag(-m32)
+
+  if(TIZEN)
+    add_toolchain_linker_flag("-B${CROSS_ROOTFS}/usr/lib/gcc/${TIZEN_TOOLCHAIN}")
+    add_toolchain_linker_flag("-L${CROSS_ROOTFS}/lib")
+    add_toolchain_linker_flag("-L${CROSS_ROOTFS}/usr/lib")
+    add_toolchain_linker_flag("-L${CROSS_ROOTFS}/usr/lib/gcc/${TIZEN_TOOLCHAIN}")
+  endif()
 elseif(ILLUMOS)
   add_toolchain_linker_flag("-L${CROSS_ROOTFS}/lib/amd64")
   add_toolchain_linker_flag("-L${CROSS_ROOTFS}/usr/amd64/lib")
@@ -174,7 +268,7 @@ endif()
 
 # Specify compile options
 
-if((TARGET_ARCH_NAME MATCHES "^(arm|armel|arm64|s390x)$" AND NOT "$ENV{__DistroRid}" MATCHES "android.*") OR ILLUMOS)
+if((TARGET_ARCH_NAME MATCHES "^(arm|arm64|armel|armv6|ppc64le|riscv64|s390x)$" AND NOT ANDROID AND NOT FREEBSD) OR ILLUMOS OR HAIKU)
   set(CMAKE_C_COMPILER_TARGET ${TOOLCHAIN})
   set(CMAKE_CXX_COMPILER_TARGET ${TOOLCHAIN})
   set(CMAKE_ASM_COMPILER_TARGET ${TOOLCHAIN})
@@ -201,8 +295,8 @@ elseif(TARGET_ARCH_NAME STREQUAL "x86")
   add_compile_options(-Wno-error=unused-command-line-argument)
 endif()
 
-if(DEFINED TIZEN_TOOLCHAIN)
-  if(TARGET_ARCH_NAME MATCHES "^(armel|arm64)$")
+if(TIZEN)
+  if(TARGET_ARCH_NAME MATCHES "^(arm|armel|arm64|x86)$")
     add_compile_options(-Wno-deprecated-declarations) # compile-time option
     add_compile_options(-D__extern_always_inline=inline) # compile-time option
   endif()

eng/common/cross/x86/sources.list.focal

@@ -0,0 +1,11 @@
+deb http://archive.ubuntu.com/ubuntu/ focal main restricted universe
+deb-src http://archive.ubuntu.com/ubuntu/ focal main restricted universe
+
+deb http://archive.ubuntu.com/ubuntu/ focal-updates main restricted universe
+deb-src http://archive.ubuntu.com/ubuntu/ focal-updates main restricted universe
+
+deb http://archive.ubuntu.com/ubuntu/ focal-backports main restricted
+deb-src http://archive.ubuntu.com/ubuntu/ focal-backports main restricted
+
+deb http://archive.ubuntu.com/ubuntu/ focal-security main restricted universe multiverse
+deb-src http://archive.ubuntu.com/ubuntu/ focal-security main restricted universe multiverse

eng/common/cross/x86/sources.list.jammy

@@ -0,0 +1,11 @@
+deb http://archive.ubuntu.com/ubuntu/ jammy main restricted universe
+deb-src http://archive.ubuntu.com/ubuntu/ jammy main restricted universe
+
+deb http://archive.ubuntu.com/ubuntu/ jammy-updates main restricted universe
+deb-src http://archive.ubuntu.com/ubuntu/ jammy-updates main restricted universe
+
+deb http://archive.ubuntu.com/ubuntu/ jammy-backports main restricted
+deb-src http://archive.ubuntu.com/ubuntu/ jammy-backports main restricted
+
+deb http://archive.ubuntu.com/ubuntu/ jammy-security main restricted universe multiverse
+deb-src http://archive.ubuntu.com/ubuntu/ jammy-security main restricted universe multiverse

eng/common/cross/x86/tizen-build-rootfs.sh

@@ -0,0 +1,35 @@
+#!/usr/bin/env bash
+set -e
+
+__X86_CrossDir=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
+__TIZEN_CROSSDIR="$__X86_CrossDir/tizen"
+
+if [[ -z "$ROOTFS_DIR" ]]; then
+    echo "ROOTFS_DIR is not defined."
+    exit 1;
+fi
+
+TIZEN_TMP_DIR=$ROOTFS_DIR/tizen_tmp
+mkdir -p $TIZEN_TMP_DIR
+
+# Download files
+echo ">>Start downloading files"
+VERBOSE=1 $__X86_CrossDir/tizen-fetch.sh $TIZEN_TMP_DIR
+echo "<<Finish downloading files"
+
+echo ">>Start constructing Tizen rootfs"
+TIZEN_RPM_FILES=`ls $TIZEN_TMP_DIR/*.rpm`
+cd $ROOTFS_DIR
+for f in $TIZEN_RPM_FILES; do
+    rpm2cpio $f  | cpio -idm --quiet
+done
+echo "<<Finish constructing Tizen rootfs"
+
+# Cleanup tmp
+rm -rf $TIZEN_TMP_DIR
+
+# Configure Tizen rootfs
+echo ">>Start configuring Tizen rootfs"
+ln -sfn asm-x86 ./usr/include/asm
+patch -p1 < $__TIZEN_CROSSDIR/tizen.patch
+echo "<<Finish configuring Tizen rootfs"

eng/common/cross/x86/tizen-fetch.sh

@@ -0,0 +1,170 @@
+#!/usr/bin/env bash
+set -e
+
+if [[ -z "${VERBOSE// }" ]] || [ "$VERBOSE" -ne "$VERBOSE" ] 2>/dev/null; then
+	VERBOSE=0
+fi
+
+Log()
+{
+	if [ $VERBOSE -ge $1 ]; then
+		echo ${@:2}
+	fi
+}
+
+Inform()
+{
+	Log 1 -e "\x1B[0;34m$@\x1B[m"
+}
+
+Debug()
+{
+	Log 2 -e "\x1B[0;32m$@\x1B[m"
+}
+
+Error()
+{
+	>&2 Log 0 -e "\x1B[0;31m$@\x1B[m"
+}
+
+Fetch()
+{
+	URL=$1
+	FILE=$2
+	PROGRESS=$3
+	if [ $VERBOSE -ge 1 ] && [ $PROGRESS ]; then
+		CURL_OPT="--progress-bar"
+	else
+		CURL_OPT="--silent"
+	fi
+	curl $CURL_OPT $URL > $FILE
+}
+
+hash curl 2> /dev/null || { Error "Require 'curl' Aborting."; exit 1; }
+hash xmllint 2> /dev/null || { Error "Require 'xmllint' Aborting."; exit 1; }
+hash sha256sum 2> /dev/null || { Error "Require 'sha256sum' Aborting."; exit 1; }
+
+TMPDIR=$1
+if [ ! -d $TMPDIR ]; then
+	TMPDIR=./tizen_tmp
+	Debug "Create temporary directory : $TMPDIR"
+	mkdir -p $TMPDIR 
+fi
+
+TIZEN_URL=http://download.tizen.org/snapshots/tizen
+BUILD_XML=build.xml
+REPOMD_XML=repomd.xml
+PRIMARY_XML=primary.xml
+TARGET_URL="http://__not_initialized"
+
+Xpath_get()
+{
+	XPATH_RESULT=''
+	XPATH=$1
+	XML_FILE=$2
+	RESULT=$(xmllint --xpath $XPATH $XML_FILE)
+	if [[ -z ${RESULT// } ]]; then
+		Error "Can not find target from $XML_FILE"
+		Debug "Xpath = $XPATH"
+		exit 1
+	fi
+	XPATH_RESULT=$RESULT
+}
+
+fetch_tizen_pkgs_init()
+{
+	TARGET=$1
+	PROFILE=$2
+	Debug "Initialize TARGET=$TARGET, PROFILE=$PROFILE"
+
+	TMP_PKG_DIR=$TMPDIR/tizen_${PROFILE}_pkgs
+	if [ -d $TMP_PKG_DIR ]; then rm -rf $TMP_PKG_DIR; fi
+	mkdir -p $TMP_PKG_DIR
+
+	PKG_URL=$TIZEN_URL/$PROFILE/latest
+
+	BUILD_XML_URL=$PKG_URL/$BUILD_XML
+	TMP_BUILD=$TMP_PKG_DIR/$BUILD_XML
+	TMP_REPOMD=$TMP_PKG_DIR/$REPOMD_XML
+	TMP_PRIMARY=$TMP_PKG_DIR/$PRIMARY_XML
+	TMP_PRIMARYGZ=${TMP_PRIMARY}.gz
+
+	Fetch $BUILD_XML_URL $TMP_BUILD
+
+	Debug "fetch $BUILD_XML_URL to $TMP_BUILD"
+
+	TARGET_XPATH="//build/buildtargets/buildtarget[@name=\"$TARGET\"]/repo[@type=\"binary\"]/text()"
+	Xpath_get $TARGET_XPATH $TMP_BUILD
+	TARGET_PATH=$XPATH_RESULT
+	TARGET_URL=$PKG_URL/$TARGET_PATH
+
+	REPOMD_URL=$TARGET_URL/repodata/repomd.xml
+	PRIMARY_XPATH='string(//*[local-name()="data"][@type="primary"]/*[local-name()="location"]/@href)'
+
+	Fetch $REPOMD_URL $TMP_REPOMD
+
+	Debug "fetch $REPOMD_URL to $TMP_REPOMD"
+
+	Xpath_get $PRIMARY_XPATH $TMP_REPOMD
+	PRIMARY_XML_PATH=$XPATH_RESULT
+	PRIMARY_URL=$TARGET_URL/$PRIMARY_XML_PATH
+
+	Fetch $PRIMARY_URL $TMP_PRIMARYGZ
+
+	Debug "fetch $PRIMARY_URL to $TMP_PRIMARYGZ"
+
+	gunzip $TMP_PRIMARYGZ 
+
+	Debug "unzip $TMP_PRIMARYGZ to $TMP_PRIMARY" 
+}
+
+fetch_tizen_pkgs()
+{
+	ARCH=$1
+	PACKAGE_XPATH_TPL='string(//*[local-name()="metadata"]/*[local-name()="package"][*[local-name()="name"][text()="_PKG_"]][*[local-name()="arch"][text()="_ARCH_"]]/*[local-name()="location"]/@href)'
+
+	PACKAGE_CHECKSUM_XPATH_TPL='string(//*[local-name()="metadata"]/*[local-name()="package"][*[local-name()="name"][text()="_PKG_"]][*[local-name()="arch"][text()="_ARCH_"]]/*[local-name()="checksum"]/text())'
+
+	for pkg in ${@:2}
+	do
+		Inform "Fetching... $pkg"
+		XPATH=${PACKAGE_XPATH_TPL/_PKG_/$pkg}
+		XPATH=${XPATH/_ARCH_/$ARCH}
+		Xpath_get $XPATH $TMP_PRIMARY
+		PKG_PATH=$XPATH_RESULT
+
+		XPATH=${PACKAGE_CHECKSUM_XPATH_TPL/_PKG_/$pkg}
+		XPATH=${XPATH/_ARCH_/$ARCH}
+		Xpath_get $XPATH $TMP_PRIMARY
+		CHECKSUM=$XPATH_RESULT
+
+		PKG_URL=$TARGET_URL/$PKG_PATH
+		PKG_FILE=$(basename $PKG_PATH)
+		PKG_PATH=$TMPDIR/$PKG_FILE
+
+		Debug "Download $PKG_URL to $PKG_PATH"
+		Fetch $PKG_URL $PKG_PATH true
+
+		echo "$CHECKSUM $PKG_PATH" | sha256sum -c - > /dev/null
+		if [ $? -ne 0 ]; then
+			Error "Fail to fetch $PKG_URL to $PKG_PATH"
+			Debug "Checksum = $CHECKSUM"
+			exit 1
+		fi
+	done
+}
+
+Inform "Initialize i686 base"
+fetch_tizen_pkgs_init standard base
+Inform "fetch common packages"
+fetch_tizen_pkgs i686 gcc gcc-devel-static glibc glibc-devel libicu libicu-devel libatomic linux-glibc-devel keyutils keyutils-devel libkeyutils
+Inform "fetch coreclr packages"
+fetch_tizen_pkgs i686 lldb lldb-devel libgcc libstdc++ libstdc++-devel libunwind libunwind-devel lttng-ust-devel lttng-ust userspace-rcu-devel userspace-rcu
+Inform "fetch corefx packages"
+fetch_tizen_pkgs i686 libcom_err libcom_err-devel zlib zlib-devel libopenssl11 libopenssl1.1-devel krb5 krb5-devel
+
+Inform "Initialize standard unified"
+fetch_tizen_pkgs_init standard unified
+Inform "fetch corefx packages"
+fetch_tizen_pkgs i686 gssdp gssdp-devel tizen-release
+

eng/common/cross/x86/tizen/tizen.patch

@@ -0,0 +1,9 @@
+diff -u -r a/usr/lib/libc.so b/usr/lib/libc.so
+--- a/usr/lib/libc.so	2016-12-30 23:00:08.284951863 +0900
++++ b/usr/lib/libc.so	2016-12-30 23:00:32.140951815 +0900
+@@ -2,4 +2,4 @@
+    Use the shared library, but some functions are only in
+    the static library, so try that secondarily.  */
+ OUTPUT_FORMAT(elf32-i386)
+-GROUP ( /lib/libc.so.6 /usr/lib/libc_nonshared.a  AS_NEEDED ( /lib/ld-linux.so.2 ) )
++GROUP ( libc.so.6 libc_nonshared.a  AS_NEEDED ( ld-linux.so.2 ) )

eng/common/darc-init.sh

@@ -53,7 +53,7 @@ fi
 function InstallDarcCli {
   local darc_cli_package_name="microsoft.dotnet.darc"
 
-  InitializeDotNetCli
+  InitializeDotNetCli true
   local dotnet_root=$_InitializeDotNetCli
 
   if [ -z "$toolpath" ]; then

eng/common/dotnet-install.sh

@@ -52,16 +52,19 @@ done
 # Use uname to determine what the CPU is, see https://en.wikipedia.org/wiki/Uname#Examples
 cpuname=$(uname -m)
 case $cpuname in
-  aarch64)
+  arm64|aarch64)
     buildarch=arm64
     ;;
+  loongarch64)
+    buildarch=loongarch64
+    ;;
   amd64|x86_64)
     buildarch=x64
     ;;
   armv*l)
     buildarch=arm
     ;;
-  i686)
+  i[3-6]86)
     buildarch=x86
     ;;
   *)

eng/common/generate-locproject.ps1

@@ -10,9 +10,7 @@ Param(
 
 Set-StrictMode -Version 2.0
 $ErrorActionPreference = "Stop"
-. $PSScriptRoot\tools.ps1
-
-Import-Module -Name (Join-Path $PSScriptRoot 'native\CommonLibrary.psm1')
+. $PSScriptRoot\pipeline-logging-functions.ps1
 
 $exclusionsFilePath = "$SourcesDirectory\eng\Localize\LocExclusions.json"
 $exclusions = @{ Exclusions = @() }
@@ -28,13 +26,15 @@ $jsonFiles = @()
 $jsonTemplateFiles = Get-ChildItem -Recurse -Path "$SourcesDirectory" | Where-Object { $_.FullName -Match "\.template\.config\\localize\\.+\.en\.json" } # .NET templating pattern
 $jsonTemplateFiles | ForEach-Object {
     $null = $_.Name -Match "(.+)\.[\w-]+\.json" # matches '[filename].[langcode].json
-    
+
     $destinationFile = "$($_.Directory.FullName)\$($Matches.1).json"
     $jsonFiles += Copy-Item "$($_.FullName)" -Destination $destinationFile -PassThru
 }
 
 $jsonWinformsTemplateFiles = Get-ChildItem -Recurse -Path "$SourcesDirectory" | Where-Object { $_.FullName -Match "en\\strings\.json" } # current winforms pattern
 
+$wxlFiles = Get-ChildItem -Recurse -Path "$SourcesDirectory" | Where-Object { $_.FullName -Match "\\.+\.wxl" -And -Not( $_.Directory.Name -Match "\d{4}" ) } # localized files live in four digit lang ID directories; this excludes them
+
 $xlfFiles = @()
 
 $allXlfFiles = Get-ChildItem -Recurse -Path "$SourcesDirectory\*\*.xlf"
@@ -46,7 +46,7 @@ if ($allXlfFiles) {
 }
 $langXlfFiles | ForEach-Object {
     $null = $_.Name -Match "(.+)\.[\w-]+\.xlf" # matches '[filename].[langcode].xlf
-    
+
     $destinationFile = "$($_.Directory.FullName)\$($Matches.1).xlf"
     $xlfFiles += Copy-Item "$($_.FullName)" -Destination $destinationFile -PassThru
 }
@@ -59,10 +59,10 @@ $locJson = @{
             LanguageSet = $LanguageSet
             LocItems = @(
                 $locFiles | ForEach-Object {
-                    $outputPath = "$(($_.DirectoryName | Resolve-Path -Relative) + "\")" 
+                    $outputPath = "$(($_.DirectoryName | Resolve-Path -Relative) + "\")"
                     $continue = $true
                     foreach ($exclusion in $exclusions.Exclusions) {
-                        if ($outputPath.Contains($exclusion))
+                        if ($_.FullName.Contains($exclusion))
                         {
                             $continue = $false
                         }
@@ -79,8 +79,7 @@ $locJson = @{
                                 CopyOption = "LangIDOnPath"
                                 OutputPath = "$($_.Directory.Parent.FullName | Resolve-Path -Relative)\"
                             }
-                        }
-                        else {
+                        } else {
                             return @{
                                 SourceFile = $sourceFile
                                 CopyOption = "LangIDOnName"
@@ -90,6 +89,32 @@ $locJson = @{
                     }
                 }
             )
+        },
+        @{
+            CloneLanguageSet = "WiX_CloneLanguages"
+            LssFiles = @( "wxl_loc.lss" )
+            LocItems = @(
+                $wxlFiles | ForEach-Object {
+                    $outputPath = "$($_.Directory.FullName | Resolve-Path -Relative)\"
+                    $continue = $true
+                    foreach ($exclusion in $exclusions.Exclusions) {
+                        if ($_.FullName.Contains($exclusion))
+                        {
+                            $continue = $false
+                        }
+                    }
+                    $sourceFile = ($_.FullName | Resolve-Path -Relative)
+                    if ($continue)
+                    {
+                        return @{
+                            SourceFile = $sourceFile
+                            CopyOption = "LangIDOnPath"
+                            OutputPath = $outputPath
+                            Languages = "cs-CZ;de-DE;es-ES;fr-FR;it-IT;ja-JP;ko-KR;pl-PL;pt-BR;ru-RU;tr-TR;zh-CN;zh-TW"
+                        }
+                    }
+                }
+            )
         }
     )
 }
@@ -108,10 +133,10 @@ else {
 
     if ((Get-FileHash "$SourcesDirectory\eng\Localize\LocProject-generated.json").Hash -ne (Get-FileHash "$SourcesDirectory\eng\Localize\LocProject.json").Hash) {
         Write-PipelineTelemetryError -Category "OneLocBuild" -Message "Existing LocProject.json differs from generated LocProject.json. Download LocProject-generated.json and compare them."
-        
+
         exit 1
     }
     else {
         Write-Host "Generated LocProject.json and current LocProject.json are identical."
     }
-}
+}

eng/common/generate-sbom-prep.ps1

@@ -0,0 +1,21 @@
+Param(
+    [Parameter(Mandatory=$true)][string] $ManifestDirPath    # Manifest directory where sbom will be placed
+)
+
+. $PSScriptRoot\pipeline-logging-functions.ps1
+
+Write-Host "Creating dir $ManifestDirPath"
+# create directory for sbom manifest to be placed
+if (!(Test-Path -path $ManifestDirPath))
+{
+  New-Item -ItemType Directory -path $ManifestDirPath
+  Write-Host "Successfully created directory $ManifestDirPath"
+}
+else{
+  Write-PipelineTelemetryError -category 'Build'  "Unable to create sbom folder."
+}
+
+Write-Host "Updating artifact name"
+$artifact_name = "${env:SYSTEM_STAGENAME}_${env:AGENT_JOBNAME}_SBOM" -replace '["/:<>\\|?@*"() ]', '_'
+Write-Host "Artifact name $artifact_name"
+Write-Host "##vso[task.setvariable variable=ARTIFACT_NAME]$artifact_name"

eng/common/generate-sbom-prep.sh

@@ -0,0 +1,34 @@
+#!/usr/bin/env bash
+
+source="${BASH_SOURCE[0]}"
+
+# resolve $SOURCE until the file is no longer a symlink
+while [[ -h $source ]]; do
+  scriptroot="$( cd -P "$( dirname "$source" )" && pwd )"
+  source="$(readlink "$source")"
+
+  # if $source was a relative symlink, we need to resolve it relative to the path where the
+  # symlink file was located
+  [[ $source != /* ]] && source="$scriptroot/$source"
+done
+scriptroot="$( cd -P "$( dirname "$source" )" && pwd )"
+. $scriptroot/pipeline-logging-functions.sh
+
+manifest_dir=$1
+
+if [ ! -d "$manifest_dir" ] ; then
+  mkdir -p "$manifest_dir"
+  echo "Sbom directory created." $manifest_dir
+else
+  Write-PipelineTelemetryError -category 'Build'  "Unable to create sbom folder."
+fi
+
+artifact_name=$SYSTEM_STAGENAME"_"$AGENT_JOBNAME"_SBOM"
+echo "Artifact name before : "$artifact_name
+# replace all special characters with _, some builds use special characters like : in Agent.Jobname, that is not a permissible name while uploading artifacts.
+safe_artifact_name="${artifact_name//["/:<>\\|?@*$" ]/_}"
+echo "Artifact name after : "$safe_artifact_name
+export ARTIFACT_NAME=$safe_artifact_name
+echo "##vso[task.setvariable variable=ARTIFACT_NAME]$safe_artifact_name"
+
+exit 0

eng/common/init-tools-native.ps1

@@ -31,6 +31,10 @@ Wait time between retry attempts in seconds
 .PARAMETER GlobalJsonFile
 File path to global.json file
 
+.PARAMETER PathPromotion
+Optional switch to enable either promote native tools specified in the global.json to the path (in Azure Pipelines)
+or break the build if a native tool is not found on the path (on a local dev machine)
+
 .NOTES
 #>
 [CmdletBinding(PositionalBinding=$false)]
@@ -41,7 +45,8 @@ Param (
   [switch] $Force = $False,
   [int] $DownloadRetries = 5,
   [int] $RetryWaitTimeInSeconds = 30,
-  [string] $GlobalJsonFile
+  [string] $GlobalJsonFile,
+  [switch] $PathPromotion
 )
 
 if (!$GlobalJsonFile) {
@@ -77,53 +82,102 @@ try {
                     ConvertFrom-Json |
                     Select-Object -Expand 'native-tools' -ErrorAction SilentlyContinue
   if ($NativeTools) {
-    $NativeTools.PSObject.Properties | ForEach-Object {
-      $ToolName = $_.Name
-      $ToolVersion = $_.Value
-      $LocalInstallerArguments =  @{ ToolName = "$ToolName" }
-      $LocalInstallerArguments += @{ InstallPath = "$InstallBin" }
-      $LocalInstallerArguments += @{ BaseUri = "$BaseUri" }
-      $LocalInstallerArguments += @{ CommonLibraryDirectory = "$EngCommonBaseDir" }
-      $LocalInstallerArguments += @{ Version = "$ToolVersion" }
-
-      if ($Verbose) {
-        $LocalInstallerArguments += @{ Verbose = $True }
-      }
-      if (Get-Variable 'Force' -ErrorAction 'SilentlyContinue') {
-        if($Force) {
-          $LocalInstallerArguments += @{ Force = $True }
-        }
-      }
-      if ($Clean) {
-        $LocalInstallerArguments += @{ Clean = $True }
-      }
-
-      Write-Verbose "Installing $ToolName version $ToolVersion"
-      Write-Verbose "Executing '$InstallerPath $($LocalInstallerArguments.Keys.ForEach({"-$_ '$($LocalInstallerArguments.$_)'"}) -join ' ')'"
-      & $InstallerPath @LocalInstallerArguments
-      if ($LASTEXITCODE -Ne "0") {
-        $errMsg = "$ToolName installation failed"
-        if ((Get-Variable 'DoNotAbortNativeToolsInstallationOnFailure' -ErrorAction 'SilentlyContinue') -and $DoNotAbortNativeToolsInstallationOnFailure) {
-            $showNativeToolsWarning = $true
-            if ((Get-Variable 'DoNotDisplayNativeToolsInstallationWarnings' -ErrorAction 'SilentlyContinue') -and $DoNotDisplayNativeToolsInstallationWarnings) {
-                $showNativeToolsWarning = $false
+    if ($PathPromotion -eq $True) {
+      if ($env:SYSTEM_TEAMPROJECT) { # check to see if we're in an Azure pipelines build
+        $NativeTools.PSObject.Properties | ForEach-Object {
+          $ToolName = $_.Name
+          $ToolVersion = $_.Value
+          $InstalledTools = @{}
+
+          if ((Get-Command "$ToolName" -ErrorAction SilentlyContinue) -eq $null) {
+            if ($ToolVersion -eq "latest") {
+              $ToolVersion = ""
+            }
+            $ArcadeToolsDirectory = "C:\arcade-tools"
+            if (-not (Test-Path $ArcadeToolsDirectory)) {
+              Write-Error "Arcade tools directory '$ArcadeToolsDirectory' was not found; artifacts were not properly installed."
+              exit 1
             }
-            if ($showNativeToolsWarning) {
-                Write-Warning $errMsg
+            $ToolDirectories = (Get-ChildItem -Path "$ArcadeToolsDirectory" -Filter "$ToolName-$ToolVersion*" | Sort-Object -Descending)
+            if ($ToolDirectories -eq $null) {
+              Write-Error "Unable to find directory for $ToolName $ToolVersion; please make sure the tool is installed on this image."
+              exit 1
             }
-            $toolInstallationFailure = $true
-        } else {
-            # We cannot change this to Write-PipelineTelemetryError because of https://github.com/dotnet/arcade/issues/4482
-            Write-Host $errMsg
-            exit 1
+            $ToolDirectory = $ToolDirectories[0]
+            $BinPathFile = "$($ToolDirectory.FullName)\binpath.txt"
+            if (-not (Test-Path -Path "$BinPathFile")) {
+              Write-Error "Unable to find binpath.txt in '$($ToolDirectory.FullName)' ($ToolName $ToolVersion); artifact is either installed incorrectly or is not a bootstrappable tool."
+              exit 1
+            }
+            $BinPath = Get-Content "$BinPathFile"
+            $ToolPath = Convert-Path -Path $BinPath
+            Write-Host "Adding $ToolName to the path ($ToolPath)..."
+            Write-Host "##vso[task.prependpath]$ToolPath"
+            $env:PATH = "$ToolPath;$env:PATH"
+            $InstalledTools += @{ $ToolName = $ToolDirectory.FullName }
+          }
+        }
+        return $InstalledTools
+      } else {
+        $NativeTools.PSObject.Properties | ForEach-Object {
+          $ToolName = $_.Name
+          $ToolVersion = $_.Value
+
+          if ((Get-Command "$ToolName" -ErrorAction SilentlyContinue) -eq $null) {
+            Write-PipelineTelemetryError -Category 'NativeToolsBootstrap' -Message "$ToolName not found on path. Please install $ToolName $ToolVersion before proceeding."
+          }
         }
+        exit 0
+      }
+    } else {
+      $NativeTools.PSObject.Properties | ForEach-Object {
+        $ToolName = $_.Name
+        $ToolVersion = $_.Value
+        $LocalInstallerArguments =  @{ ToolName = "$ToolName" }
+        $LocalInstallerArguments += @{ InstallPath = "$InstallBin" }
+        $LocalInstallerArguments += @{ BaseUri = "$BaseUri" }
+        $LocalInstallerArguments += @{ CommonLibraryDirectory = "$EngCommonBaseDir" }
+        $LocalInstallerArguments += @{ Version = "$ToolVersion" }
+  
+        if ($Verbose) {
+          $LocalInstallerArguments += @{ Verbose = $True }
+        }
+        if (Get-Variable 'Force' -ErrorAction 'SilentlyContinue') {
+          if($Force) {
+            $LocalInstallerArguments += @{ Force = $True }
+          }
+        }
+        if ($Clean) {
+          $LocalInstallerArguments += @{ Clean = $True }
+        }
+  
+        Write-Verbose "Installing $ToolName version $ToolVersion"
+        Write-Verbose "Executing '$InstallerPath $($LocalInstallerArguments.Keys.ForEach({"-$_ '$($LocalInstallerArguments.$_)'"}) -join ' ')'"
+        & $InstallerPath @LocalInstallerArguments
+        if ($LASTEXITCODE -Ne "0") {
+          $errMsg = "$ToolName installation failed"
+          if ((Get-Variable 'DoNotAbortNativeToolsInstallationOnFailure' -ErrorAction 'SilentlyContinue') -and $DoNotAbortNativeToolsInstallationOnFailure) {
+              $showNativeToolsWarning = $true
+              if ((Get-Variable 'DoNotDisplayNativeToolsInstallationWarnings' -ErrorAction 'SilentlyContinue') -and $DoNotDisplayNativeToolsInstallationWarnings) {
+                  $showNativeToolsWarning = $false
+              }
+              if ($showNativeToolsWarning) {
+                  Write-Warning $errMsg
+              }
+              $toolInstallationFailure = $true
+          } else {
+              # We cannot change this to Write-PipelineTelemetryError because of https://github.com/dotnet/arcade/issues/4482
+              Write-Host $errMsg
+              exit 1
+          }
+        }
+      }
+  
+      if ((Get-Variable 'toolInstallationFailure' -ErrorAction 'SilentlyContinue') -and $toolInstallationFailure) {
+          # We cannot change this to Write-PipelineTelemetryError because of https://github.com/dotnet/arcade/issues/4482
+          Write-Host 'Native tools bootstrap failed'
+          exit 1
       }
-    }
-
-    if ((Get-Variable 'toolInstallationFailure' -ErrorAction 'SilentlyContinue') -and $toolInstallationFailure) {
-        # We cannot change this to Write-PipelineTelemetryError because of https://github.com/dotnet/arcade/issues/4482
-        Write-Host 'Native tools bootstrap failed'
-        exit 1
     }
   }
   else {
@@ -139,7 +193,7 @@ try {
     Write-Host "##vso[task.prependpath]$(Convert-Path -Path $InstallBin)"
     return $InstallBin
   }
-  else {
+  elseif (-not ($PathPromotion)) {
     Write-PipelineTelemetryError -Category 'NativeToolsBootstrap' -Message 'Native tools install directory does not exist, installation failed'
     exit 1
   }

eng/common/internal/NuGet.config

@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="utf-8"?>
+<configuration>
+  <packageSources>
+    <clear />
+    <add key="dotnet-core-internal-tooling" value="https://pkgs.dev.azure.com/devdiv/_packaging/dotnet-core-internal-tooling/nuget/v3/index.json" />
+  </packageSources>
+</configuration>

eng/common/internal/Tools.csproj

@@ -8,6 +8,9 @@
   <ItemGroup>
     <!-- Clear references, the SDK may add some depending on UsuingToolXxx settings, but we only want to restore the following -->
     <PackageReference Remove="@(PackageReference)"/>
+    <PackageReference Include="Microsoft.ManifestTool.CrossPlatform" Version="$(MicrosoftManifestToolCrossPlatformVersion)" />
+    <PackageReference Include="Microsoft.VisualStudioEng.MicroBuild.Core" Version="$(MicrosoftVisualStudioEngMicroBuildCoreVersion)" />
+    <PackageReference Include="Microsoft.VisualStudioEng.MicroBuild.Plugins.SwixBuild" Version="$(MicrosoftVisualStudioEngMicroBuildPluginsSwixBuildVersion)" />
     <PackageReference Include="Microsoft.DotNet.IBCMerge" Version="$(MicrosoftDotNetIBCMergeVersion)" Condition="'$(UsingToolIbcOptimization)' == 'true'" />
     <PackageReference Include="Drop.App" Version="$(DropAppVersion)" ExcludeAssets="all" Condition="'$(UsingToolVisualStudioIbcTraining)' == 'true'"/>
   </ItemGroup>

eng/common/msbuild.ps1

@@ -6,6 +6,7 @@ Param(
   [switch] $ci,
   [switch] $prepareMachine,
   [switch] $excludePrereleaseVS,
+  [string] $msbuildEngine = $null,
   [Parameter(ValueFromRemainingArguments=$true)][String[]]$extraArgs
 )
 

eng/common/native/CommonLibrary.psm1

@@ -276,7 +276,8 @@ function Get-MachineArchitecture {
   }
   if (($ProcessorArchitecture -Eq "AMD64") -Or
       ($ProcessorArchitecture -Eq "IA64") -Or
-      ($ProcessorArchitecture -Eq "ARM64")) {
+      ($ProcessorArchitecture -Eq "ARM64") -Or
+      ($ProcessorArchitecture -Eq "LOONGARCH64")) {
     return "x64"
   }
   return "x86"

eng/common/native/init-compiler.sh

@@ -0,0 +1,144 @@
+#!/usr/bin/env bash
+#
+# This file detects the C/C++ compiler and exports it to the CC/CXX environment variables
+#
+# NOTE: some scripts source this file and rely on stdout being empty, make sure to not output anything here!
+
+if [[ "$#" -lt 3 ]]; then
+  echo "Usage..."
+  echo "init-compiler.sh <script directory> <Architecture> <compiler>"
+  echo "Specify the script directory."
+  echo "Specify the target architecture."
+  echo "Specify the name of compiler (clang or gcc)."
+  exit 1
+fi
+
+nativescriptroot="$1"
+build_arch="$2"
+compiler="$3"
+
+case "$compiler" in
+    clang*|-clang*|--clang*)
+        # clangx.y or clang-x.y
+        version="$(echo "$compiler" | tr -d '[:alpha:]-=')"
+        parts=(${version//./ })
+        majorVersion="${parts[0]}"
+        minorVersion="${parts[1]}"
+        if [[ -z "$minorVersion" && "$majorVersion" -le 6 ]]; then
+            minorVersion=0;
+        fi
+        compiler=clang
+        ;;
+
+    gcc*|-gcc*|--gcc*)
+        # gccx.y or gcc-x.y
+        version="$(echo "$compiler" | tr -d '[:alpha:]-=')"
+        parts=(${version//./ })
+        majorVersion="${parts[0]}"
+        minorVersion="${parts[1]}"
+        compiler=gcc
+        ;;
+esac
+
+cxxCompiler="$compiler++"
+
+. "$nativescriptroot"/../pipeline-logging-functions.sh
+
+# clear the existing CC and CXX from environment
+CC=
+CXX=
+LDFLAGS=
+
+if [[ "$compiler" == "gcc" ]]; then cxxCompiler="g++"; fi
+
+check_version_exists() {
+    desired_version=-1
+
+    # Set up the environment to be used for building with the desired compiler.
+    if command -v "$compiler-$1.$2" > /dev/null; then
+        desired_version="-$1.$2"
+    elif command -v "$compiler$1$2" > /dev/null; then
+        desired_version="$1$2"
+    elif command -v "$compiler-$1$2" > /dev/null; then
+        desired_version="-$1$2"
+    fi
+
+    echo "$desired_version"
+}
+
+if [[ -z "$CLR_CC" ]]; then
+
+    # Set default versions
+    if [[ -z "$majorVersion" ]]; then
+        # note: gcc (all versions) and clang versions higher than 6 do not have minor version in file name, if it is zero.
+        if [[ "$compiler" == "clang" ]]; then versions=( 15 14 13 12 11 10 9 8 7 6.0 5.0 4.0 3.9 3.8 3.7 3.6 3.5 )
+        elif [[ "$compiler" == "gcc" ]]; then versions=( 12 11 10 9 8 7 6 5 4.9 ); fi
+
+        for version in "${versions[@]}"; do
+            parts=(${version//./ })
+            desired_version="$(check_version_exists "${parts[0]}" "${parts[1]}")"
+            if [[ "$desired_version" != "-1" ]]; then majorVersion="${parts[0]}"; break; fi
+        done
+
+        if [[ -z "$majorVersion" ]]; then
+            if command -v "$compiler" > /dev/null; then
+                if [[ "$(uname)" != "Darwin" ]]; then
+                    Write-PipelineTelemetryError -category "Build" -type "warning" "Specific version of $compiler not found, falling back to use the one in PATH."
+                fi
+                CC="$(command -v "$compiler")"
+                CXX="$(command -v "$cxxCompiler")"
+            else
+                Write-PipelineTelemetryError -category "Build" "No usable version of $compiler found."
+                exit 1
+            fi
+        else
+            if [[ "$compiler" == "clang" && "$majorVersion" -lt 5 ]]; then
+                if [[ "$build_arch" == "arm" || "$build_arch" == "armel" ]]; then
+                    if command -v "$compiler" > /dev/null; then
+                        Write-PipelineTelemetryError -category "Build" -type "warning" "Found clang version $majorVersion which is not supported on arm/armel architectures, falling back to use clang from PATH."
+                        CC="$(command -v "$compiler")"
+                        CXX="$(command -v "$cxxCompiler")"
+                    else
+                        Write-PipelineTelemetryError -category "Build" "Found clang version $majorVersion which is not supported on arm/armel architectures, and there is no clang in PATH."
+                        exit 1
+                    fi
+                fi
+            fi
+        fi
+    else
+        desired_version="$(check_version_exists "$majorVersion" "$minorVersion")"
+        if [[ "$desired_version" == "-1" ]]; then
+            Write-PipelineTelemetryError -category "Build" "Could not find specific version of $compiler: $majorVersion $minorVersion."
+            exit 1
+        fi
+    fi
+
+    if [[ -z "$CC" ]]; then
+        CC="$(command -v "$compiler$desired_version")"
+        CXX="$(command -v "$cxxCompiler$desired_version")"
+        if [[ -z "$CXX" ]]; then CXX="$(command -v "$cxxCompiler")"; fi
+    fi
+else
+    if [[ ! -f "$CLR_CC" ]]; then
+        Write-PipelineTelemetryError -category "Build" "CLR_CC is set but path '$CLR_CC' does not exist"
+        exit 1
+    fi
+    CC="$CLR_CC"
+    CXX="$CLR_CXX"
+fi
+
+if [[ -z "$CC" ]]; then
+    Write-PipelineTelemetryError -category "Build" "Unable to find $compiler."
+    exit 1
+fi
+
+# Only lld version >= 9 can be considered stable
+if [[ "$compiler" == "clang" && "$majorVersion" -ge 9 ]]; then
+    if "$CC" -fuse-ld=lld -Wl,--version >/dev/null 2>&1; then
+        LDFLAGS="-fuse-ld=lld"
+    fi
+fi
+
+SCAN_BUILD_COMMAND="$(command -v "scan-build$desired_version")"
+
+export CC CXX LDFLAGS SCAN_BUILD_COMMAND

eng/common/post-build/publish-using-darc.ps1

@@ -5,13 +5,8 @@ param(
   [Parameter(Mandatory=$true)][string] $MaestroToken,
   [Parameter(Mandatory=$false)][string] $MaestroApiEndPoint = 'https://maestro-prod.westus2.cloudapp.azure.com',
   [Parameter(Mandatory=$true)][string] $WaitPublishingFinish,
-  [Parameter(Mandatory=$false)][string] $EnableSourceLinkValidation,
-  [Parameter(Mandatory=$false)][string] $EnableSigningValidation,
-  [Parameter(Mandatory=$false)][string] $EnableNugetValidation,
-  [Parameter(Mandatory=$false)][string] $PublishInstallersAndChecksums,
   [Parameter(Mandatory=$false)][string] $ArtifactsPublishingAdditionalParameters,
-  [Parameter(Mandatory=$false)][string] $SymbolPublishingAdditionalParameters,
-  [Parameter(Mandatory=$false)][string] $SigningValidationAdditionalParameters
+  [Parameter(Mandatory=$false)][string] $SymbolPublishingAdditionalParameters
 )
 
 try {
@@ -35,27 +30,6 @@ try {
     $optionalParams.Add("--no-wait") | Out-Null
   }
 
-  if ("false" -ne $PublishInstallersAndChecksums) {
-    $optionalParams.Add("--publish-installers-and-checksums") | Out-Null
-  }
-
-  if ("true" -eq $EnableNugetValidation) {
-    $optionalParams.Add("--validate-nuget") | Out-Null
-  }
-
-  if ("true" -eq $EnableSourceLinkValidation) {
-    $optionalParams.Add("--validate-sourcelinkchecksums") | Out-Null
-  }
-
-  if ("true" -eq $EnableSigningValidation) {
-    $optionalParams.Add("--validate-signingchecksums") | Out-Null
-
-    if ("" -ne $SigningValidationAdditionalParameters) {
-      $optionalParams.Add("--signing-validation-parameters") | Out-Null
-      $optionalParams.Add($SigningValidationAdditionalParameters) | Out-Null
-    }
-  }
-
   & $darc add-build-to-channel `
   --id $buildId `
   --publishing-infra-version $PublishingInfraVersion `

eng/common/post-build/sourcelink-validation.ps1

@@ -22,6 +22,11 @@ $RetryWaitTimeInSeconds = 30
 # Wait time between check for system load
 $SecondsBetweenLoadChecks = 10
 
+if (!$InputPath -or !(Test-Path $InputPath)){
+  Write-Host "No files to validate."
+  ExitWithExitCode 0
+}
+
 $ValidatePackage = {
   param( 
     [string] $PackagePath                                 # Full path to a Symbols.NuGet package

eng/common/post-build/symbols-validation.ps1

@@ -4,9 +4,11 @@ param(
   [Parameter(Mandatory = $true)][string] $DotnetSymbolVersion, # Version of dotnet symbol to use
   [Parameter(Mandatory = $false)][switch] $CheckForWindowsPdbs, # If we should check for the existence of windows pdbs in addition to portable PDBs
   [Parameter(Mandatory = $false)][switch] $ContinueOnError, # If we should keep checking symbols after an error
-  [Parameter(Mandatory = $false)][switch] $Clean                  # Clean extracted symbols directory after checking symbols
+  [Parameter(Mandatory = $false)][switch] $Clean,           # Clean extracted symbols directory after checking symbols
+  [Parameter(Mandatory = $false)][string] $SymbolExclusionFile  # Exclude the symbols in the file from publishing to symbol server
 )
 
+. $PSScriptRoot\..\tools.ps1
 # Maximum number of jobs to run in parallel
 $MaxParallelJobs = 16
 
@@ -25,14 +27,28 @@ if ($CheckForWindowsPdbs) {
   $WindowsPdbVerificationParam = "--windows-pdbs"
 }
 
+$ExclusionSet = New-Object System.Collections.Generic.HashSet[string];
+
+if (!$InputPath -or !(Test-Path $InputPath)){
+  Write-Host "No symbols to validate."
+  ExitWithExitCode 0
+}
+
+#Check if the path exists
+if ($SymbolExclusionFile -and (Test-Path $SymbolExclusionFile)){
+  [string[]]$Exclusions = Get-Content "$SymbolExclusionFile"
+  $Exclusions | foreach { if($_ -and $_.Trim()){$ExclusionSet.Add($_)} }
+}
+else{
+  Write-Host "Symbol Exclusion file does not exists. No symbols to exclude."
+}
+
 $CountMissingSymbols = {
   param( 
     [string] $PackagePath, # Path to a NuGet package
     [string] $WindowsPdbVerificationParam # If we should check for the existence of windows pdbs in addition to portable PDBs
   )
 
-  . $using:PSScriptRoot\..\tools.ps1
-
   Add-Type -AssemblyName System.IO.Compression.FileSystem
 
   Write-Host "Validating $PackagePath "
@@ -118,17 +134,17 @@ $CountMissingSymbols = {
         # Save the output and get diagnostic output
         $output = & $dotnetSymbolExe --symbols --modules $WindowsPdbVerificationParam $TargetServerParam $FullPath -o $SymbolsPath --diagnostics | Out-String
 
-        if (Test-Path $PdbPath) {
-          return 'PDB'
+        if ((Test-Path $PdbPath) -and (Test-path $SymbolPath)) {
+          return 'Module and PDB for Module'
         }
-        elseif (Test-Path $NGenPdb) {
-          return 'NGen PDB'
+        elseif ((Test-Path $NGenPdb) -and (Test-Path $PdbPath) -and (Test-Path $SymbolPath)) {
+          return 'Dll, PDB and NGen PDB'
         }
-        elseif (Test-Path $SODbg) {
-          return 'DBG for SO'
+        elseif ((Test-Path $SODbg) -and (Test-Path $SymbolPath)) {
+          return 'So and DBG for SO'
         }  
-        elseif (Test-Path $DylibDwarf) {
-          return 'Dwarf for Dylib'
+        elseif ((Test-Path $DylibDwarf) -and (Test-Path $SymbolPath)) {
+          return 'Dylib and Dwarf for Dylib'
         }  
         elseif (Test-Path $SymbolPath) {
           return 'Module'
@@ -142,37 +158,44 @@ $CountMissingSymbols = {
       return $null
     }
 
-    $FileGuid = New-Guid
-    $ExpandedSymbolsPath = Join-Path -Path $SymbolsPath -ChildPath $FileGuid
-
-    $SymbolsOnMSDL = & $FirstMatchingSymbolDescriptionOrDefault `
-        -FullPath $FileName `
-        -TargetServerParam '--microsoft-symbol-server' `
-        -SymbolsPath "$ExpandedSymbolsPath-msdl" `
-        -WindowsPdbVerificationParam $WindowsPdbVerificationParam
-    $SymbolsOnSymWeb = & $FirstMatchingSymbolDescriptionOrDefault `
-        -FullPath $FileName `
-        -TargetServerParam '--internal-server' `
-        -SymbolsPath "$ExpandedSymbolsPath-symweb" `
-        -WindowsPdbVerificationParam $WindowsPdbVerificationParam
-
-    Write-Host -NoNewLine "`t Checking file " $FileName "... "
-  
-    if ($SymbolsOnMSDL -ne $null -and $SymbolsOnSymWeb -ne $null) {
-      Write-Host "Symbols found on MSDL ($SymbolsOnMSDL) and SymWeb ($SymbolsOnSymWeb)"
+    $FileRelativePath = $FileName.Replace("$ExtractPath\", "")
+    if (($($using:ExclusionSet) -ne $null) -and ($($using:ExclusionSet).Contains($FileRelativePath) -or ($($using:ExclusionSet).Contains($FileRelativePath.Replace("\", "/"))))){
+      Write-Host "Skipping $FileName from symbol validation"
     }
-    else {
-      $MissingSymbols++
 
-      if ($SymbolsOnMSDL -eq $null -and $SymbolsOnSymWeb -eq $null) {
-        Write-Host 'No symbols found on MSDL or SymWeb!'
+    else {
+      $FileGuid = New-Guid
+      $ExpandedSymbolsPath = Join-Path -Path $SymbolsPath -ChildPath $FileGuid
+
+      $SymbolsOnMSDL = & $FirstMatchingSymbolDescriptionOrDefault `
+          -FullPath $FileName `
+          -TargetServerParam '--microsoft-symbol-server' `
+          -SymbolsPath "$ExpandedSymbolsPath-msdl" `
+          -WindowsPdbVerificationParam $WindowsPdbVerificationParam
+      $SymbolsOnSymWeb = & $FirstMatchingSymbolDescriptionOrDefault `
+          -FullPath $FileName `
+          -TargetServerParam '--internal-server' `
+          -SymbolsPath "$ExpandedSymbolsPath-symweb" `
+          -WindowsPdbVerificationParam $WindowsPdbVerificationParam
+
+      Write-Host -NoNewLine "`t Checking file " $FileName "... "
+  
+      if ($SymbolsOnMSDL -ne $null -and $SymbolsOnSymWeb -ne $null) {
+        Write-Host "Symbols found on MSDL ($SymbolsOnMSDL) and SymWeb ($SymbolsOnSymWeb)"
       }
       else {
-        if ($SymbolsOnMSDL -eq $null) {
-          Write-Host 'No symbols found on MSDL!'
+        $MissingSymbols++
+
+        if ($SymbolsOnMSDL -eq $null -and $SymbolsOnSymWeb -eq $null) {
+          Write-Host 'No symbols found on MSDL or SymWeb!'
         }
         else {
-          Write-Host 'No symbols found on SymWeb!'
+          if ($SymbolsOnMSDL -eq $null) {
+            Write-Host 'No symbols found on MSDL!'
+          }
+          else {
+            Write-Host 'No symbols found on SymWeb!'
+          }
         }
       }
     }

eng/common/retain-build.ps1

@@ -0,0 +1,45 @@
+
+Param(
+[Parameter(Mandatory=$true)][int] $buildId,
+[Parameter(Mandatory=$true)][string] $azdoOrgUri, 
+[Parameter(Mandatory=$true)][string] $azdoProject,
+[Parameter(Mandatory=$true)][string] $token
+)
+
+$ErrorActionPreference = 'Stop'
+Set-StrictMode -Version 2.0
+
+function Get-AzDOHeaders(
+    [string] $token)
+{
+    $base64AuthInfo = [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(":${token}"))
+    $headers = @{"Authorization"="Basic $base64AuthInfo"}
+    return $headers
+}
+
+function Update-BuildRetention(
+    [string] $azdoOrgUri,
+    [string] $azdoProject,
+    [int] $buildId,
+    [string] $token)
+{
+    $headers = Get-AzDOHeaders -token $token
+    $requestBody = "{
+        `"keepForever`": `"true`"
+    }"
+
+    $requestUri = "${azdoOrgUri}/${azdoProject}/_apis/build/builds/${buildId}?api-version=6.0"
+    write-Host "Attempting to retain build using the following URI: ${requestUri} ..."
+
+    try {
+        Invoke-RestMethod -Uri $requestUri -Method Patch -Body $requestBody -Header $headers -contentType "application/json"
+        Write-Host "Updated retention settings for build ${buildId}."
+    }
+    catch {
+        Write-Error "Failed to update retention settings for build: $_.Exception.Response.StatusDescription"
+        exit 1
+    }
+}
+
+Update-BuildRetention -azdoOrgUri $azdoOrgUri -azdoProject $azdoProject -buildId $buildId -token $token
+exit 0

eng/common/sdk-task.ps1

@@ -64,7 +64,7 @@ try {
       $GlobalJson.tools | Add-Member -Name "vs" -Value (ConvertFrom-Json "{ `"version`": `"16.5`" }") -MemberType NoteProperty
     }
     if( -not ($GlobalJson.tools.PSObject.Properties.Name -match "xcopy-msbuild" )) {
-      $GlobalJson.tools | Add-Member -Name "xcopy-msbuild" -Value "16.10.0-preview2" -MemberType NoteProperty
+      $GlobalJson.tools | Add-Member -Name "xcopy-msbuild" -Value "17.3.1" -MemberType NoteProperty
     }
     if ($GlobalJson.tools."xcopy-msbuild".Trim() -ine "none") {
         $xcopyMSBuildToolsFolder = InitializeXCopyMSBuild $GlobalJson.tools."xcopy-msbuild" -install $true
@@ -83,9 +83,6 @@ try {
   }
 
   if ($restore) {
-    if ($ci) {
-      Try-LogClientIpAddress
-    }
     Build 'Restore'
   }
 

eng/common/sdl/configure-sdl-tool.ps1

@@ -15,7 +15,9 @@ Param(
   # Optional: Additional params to add to any tool using CredScan.
   [string[]] $CrScanAdditionalRunConfigParams,
   # Optional: Additional params to add to any tool using PoliCheck.
-  [string[]] $PoliCheckAdditionalRunConfigParams
+  [string[]] $PoliCheckAdditionalRunConfigParams,
+  # Optional: Additional params to add to any tool using CodeQL/Semmle.
+  [string[]] $CodeQLAdditionalRunConfigParams
 )
 
 $ErrorActionPreference = 'Stop'
@@ -69,15 +71,20 @@ try {
     # For some tools, add default and automatic args.
     if ($tool.Name -eq 'credscan') {
       if ($targetDirectory) {
-        $tool.Args += "TargetDirectory < $TargetDirectory"
+        $tool.Args += "`"TargetDirectory < $TargetDirectory`""
       }
-      $tool.Args += "OutputType < pre"
+      $tool.Args += "`"OutputType < pre`""
       $tool.Args += $CrScanAdditionalRunConfigParams
     } elseif ($tool.Name -eq 'policheck') {
       if ($targetDirectory) {
-        $tool.Args += "Target < $TargetDirectory"
+        $tool.Args += "`"Target < $TargetDirectory`""
       }
       $tool.Args += $PoliCheckAdditionalRunConfigParams
+    } elseif ($tool.Name -eq 'semmle' -or $tool.Name -eq 'codeql') {
+      if ($targetDirectory) {
+        $tool.Args += "`"SourceCodeDirectory < $TargetDirectory`""
+      }
+      $tool.Args += $CodeQLAdditionalRunConfigParams
     }
 
     # Create variable pointing to the args array directly so we can use splat syntax later.

eng/common/sdl/execute-all-sdl-tools.ps1

@@ -34,6 +34,7 @@ Param(
   [string] $GuardianLoggerLevel='Standard',                                                      # Optional: the logger level for the Guardian CLI; options are Trace, Verbose, Standard, Warning, and Error
   [string[]] $CrScanAdditionalRunConfigParams,                                                   # Optional: Additional Params to custom build a CredScan run config in the format @("xyz:abc","sdf:1")
   [string[]] $PoliCheckAdditionalRunConfigParams,                                                # Optional: Additional Params to custom build a Policheck run config in the format @("xyz:abc","sdf:1")
+  [string[]] $CodeQLAdditionalRunConfigParams,                                                   # Optional: Additional Params to custom build a Semmle/CodeQL run config in the format @("xyz < abc","sdf < 1")
   [bool] $BreakOnFailure=$False                                                                  # Optional: Fail the build if there were errors during the run
 )
 
@@ -105,7 +106,8 @@ try {
           -AzureDevOpsAccessToken $AzureDevOpsAccessToken `
           -GuardianLoggerLevel $GuardianLoggerLevel `
           -CrScanAdditionalRunConfigParams $CrScanAdditionalRunConfigParams `
-          -PoliCheckAdditionalRunConfigParams $PoliCheckAdditionalRunConfigParams
+          -PoliCheckAdditionalRunConfigParams $PoliCheckAdditionalRunConfigParams `
+          -CodeQLAdditionalRunConfigParams $CodeQLAdditionalRunConfigParams
         if ($BreakOnFailure) {
           Exit-IfNZEC "Sdl"
         }
@@ -124,7 +126,7 @@ try {
   Exec-BlockVerbosely {
     & $(Join-Path $PSScriptRoot 'run-sdl.ps1') `
       -GuardianCliLocation $guardianCliLocation `
-      -WorkingDirectory $workingDirectory `
+      -WorkingDirectory $SourceDirectory `
       -UpdateBaseline $UpdateBaseline `
       -GdnFolder $gdnFolder
   }

eng/common/sdl/packages.config

@@ -1,4 +1,4 @@
 <?xml version="1.0" encoding="utf-8"?>
 <packages>
-  <package id="Microsoft.Guardian.Cli" version="0.53.3"/>
+  <package id="Microsoft.Guardian.Cli" version="0.109.0"/>
 </packages>

eng/common/sdl/sdl.ps1

@@ -0,0 +1,37 @@
+
+function Install-Gdn {
+    param(
+        [string]$Path,
+
+        # If omitted, install the latest version of Guardian, otherwise install that specific version.
+        [string]$Version
+    )
+
+    $ErrorActionPreference = 'Stop'
+    Set-StrictMode -Version 2.0
+    $disableConfigureToolsetImport = $true
+    $global:LASTEXITCODE = 0
+
+    # `tools.ps1` checks $ci to perform some actions. Since the SDL
+    # scripts don't necessarily execute in the same agent that run the
+    # build.ps1/sh script this variable isn't automatically set.
+    $ci = $true
+    . $PSScriptRoot\..\tools.ps1
+
+    $argumentList = @("install", "Microsoft.Guardian.Cli", "-Source https://securitytools.pkgs.visualstudio.com/_packaging/Guardian/nuget/v3/index.json", "-OutputDirectory $Path", "-NonInteractive", "-NoCache")
+
+    if ($Version) {
+        $argumentList += "-Version $Version"
+    }
+    
+    Start-Process nuget -Verbose -ArgumentList $argumentList -NoNewWindow -Wait
+
+    $gdnCliPath = Get-ChildItem -Filter guardian.cmd -Recurse -Path $Path
+
+    if (!$gdnCliPath)
+    {
+        Write-PipelineTelemetryError -Category 'Sdl' -Message 'Failure installing Guardian'
+    }
+
+    return $gdnCliPath.FullName
+}

eng/common/templates/job/execute-sdl.yml

@@ -29,14 +29,6 @@ parameters:
   # Optional: download a list of pipeline artifacts. 'downloadArtifacts' controls build artifacts,
   # not pipeline artifacts, so doesn't affect the use of this parameter.
   pipelineArtifactNames: []
-  # Optional: location and ID of the AzDO build that the build/pipeline artifacts should be
-  # downloaded from. By default, uses runtime expressions to decide based on the variables set by
-  # the 'setupMaestroVars' dependency. Overriding this parameter is necessary if SDL tasks are
-  # running without Maestro++/BAR involved, or to download artifacts from a specific existing build
-  # to iterate quickly on SDL changes.
-  AzDOProjectName: $[ dependencies.setupMaestroVars.outputs['setReleaseVars.AzDOProjectName'] ]
-  AzDOPipelineId: $[ dependencies.setupMaestroVars.outputs['setReleaseVars.AzDOPipelineId'] ]
-  AzDOBuildId: $[ dependencies.setupMaestroVars.outputs['setReleaseVars.AzDOBuildId'] ]
 
 jobs:
 - job: Run_SDL
@@ -51,24 +43,24 @@ jobs:
       value: ${{ parameters.AzDOPipelineId }}
     - name: AzDOBuildId
       value: ${{ parameters.AzDOBuildId }}
-    # The Guardian version specified in 'eng/common/sdl/packages.config'. This value must be kept in
-    # sync with the packages.config file.
-    - name: DefaultGuardianVersion
-      value: 0.53.3
+    - template: /eng/common/templates/variables/sdl-variables.yml
     - name: GuardianVersion
       value: ${{ coalesce(parameters.overrideGuardianVersion, '$(DefaultGuardianVersion)') }}
-    - name: GuardianPackagesConfigFile
-      value: $(Build.SourcesDirectory)\eng\common\sdl\packages.config
   pool:
-    # To extract archives (.tar.gz, .zip), we need access to "tar", added in Windows 10/2019.
-    ${{ if eq(parameters.extractArchiveArtifacts, 'false') }}:
-      name: Hosted VS2017
-    ${{ if ne(parameters.extractArchiveArtifacts, 'false') }}:
-      vmImage: windows-2019
+    # We don't use the collection uri here because it might vary (.visualstudio.com vs. dev.azure.com)
+    ${{ if eq(variables['System.TeamProject'], 'DevDiv') }}:
+      name: VSEngSS-MicroBuild2022-1ES
+      demands: Cmd
+    # If it's not devdiv, it's dnceng
+    ${{ if ne(variables['System.TeamProject'], 'DevDiv') }}:
+      name: NetCore1ESPool-Svc-Internal
+      demands: ImageOverride -equals windows.vs2019.amd64
   steps:
   - checkout: self
     clean: true
 
+  - template: /eng/common/templates/post-build/setup-maestro-vars.yml
+
   - ${{ if ne(parameters.downloadArtifacts, 'false')}}:
     - ${{ if ne(parameters.artifactNames, '') }}:
       - ${{ each artifactName in parameters.artifactNames }}:
@@ -129,57 +121,11 @@ jobs:
       displayName: Extract Archive Artifacts
       continueOnError: ${{ parameters.sdlContinueOnError }}
   
-  - ${{ if ne(parameters.overrideGuardianVersion, '') }}:
-    - powershell: |
-        $content = Get-Content $(GuardianPackagesConfigFile)
-
-        Write-Host "packages.config content was:`n$content"
-
-        $content = $content.Replace('$(DefaultGuardianVersion)', '$(GuardianVersion)')
-        $content | Set-Content $(GuardianPackagesConfigFile)
-
-        Write-Host "packages.config content updated to:`n$content"
-      displayName: Use overridden Guardian version ${{ parameters.overrideGuardianVersion }}
-
-  - task: NuGetToolInstaller@1
-    displayName: 'Install NuGet.exe'
-  - task: NuGetCommand@2
-    displayName: 'Install Guardian'
-    inputs:
-      restoreSolution: $(Build.SourcesDirectory)\eng\common\sdl\packages.config
-      feedsToUse: config
-      nugetConfigPath: $(Build.SourcesDirectory)\eng\common\sdl\NuGet.config
-      externalFeedCredentials: GuardianConnect
-      restoreDirectory: $(Build.SourcesDirectory)\.packages
-
-  - ${{ if ne(parameters.overrideParameters, '') }}:
-    - powershell: ${{ parameters.executeAllSdlToolsScript }} ${{ parameters.overrideParameters }}
-      displayName: Execute SDL
-      continueOnError: ${{ parameters.sdlContinueOnError }}
-  - ${{ if eq(parameters.overrideParameters, '') }}:
-    - powershell: ${{ parameters.executeAllSdlToolsScript }}
-        -GuardianPackageName Microsoft.Guardian.Cli.$(GuardianVersion)
-        -NugetPackageDirectory $(Build.SourcesDirectory)\.packages
-        -AzureDevOpsAccessToken $(dn-bot-dotnet-build-rw-code-rw)
-        ${{ parameters.additionalParameters }}
-      displayName: Execute SDL
-      continueOnError: ${{ parameters.sdlContinueOnError }}
-
-  - ${{ if ne(parameters.publishGuardianDirectoryToPipeline, 'false') }}:
-    # We want to publish the Guardian results and configuration for easy diagnosis. However, the
-    # '.gdn' dir is a mix of configuration, results, extracted dependencies, and Guardian default
-    # tooling files. Some of these files are large and aren't useful during an investigation, so
-    # exclude them by simply deleting them before publishing. (As of writing, there is no documented
-    # way to selectively exclude a dir from the pipeline artifact publish task.)
-    - task: DeleteFiles@1
-      displayName: Delete Guardian dependencies to avoid uploading
-      inputs:
-        SourceFolder: $(Agent.BuildDirectory)/.gdn
-        Contents: |
-          c
-          i
-      condition: succeededOrFailed()
-    - publish: $(Agent.BuildDirectory)/.gdn
-      artifact: GuardianConfiguration
-      displayName: Publish GuardianConfiguration
-      condition: succeededOrFailed()
+  - template: /eng/common/templates/steps/execute-sdl.yml
+    parameters:
+      overrideGuardianVersion: ${{ parameters.overrideGuardianVersion }}
+      executeAllSdlToolsScript: ${{ parameters.executeAllSdlToolsScript }}
+      overrideParameters: ${{ parameters.overrideParameters }}
+      additionalParameters: ${{ parameters.additionalParameters }}
+      publishGuardianDirectoryToPipeline: ${{ parameters.publishGuardianDirectoryToPipeline }}
+      sdlContinueOnError: ${{ parameters.sdlContinueOnError }}

eng/common/templates/job/job.yml

@@ -24,12 +24,17 @@ parameters:
   enablePublishBuildAssets: false
   enablePublishTestResults: false
   enablePublishUsingPipelines: false
+  disableComponentGovernance: false
   mergeTestResults: false
   testRunTitle: ''
   testResultsFormat: ''
   name: ''
   preSteps: []
   runAsPublic: false
+# Sbom related params
+  enableSbom: true
+  PackageVersion: 7.0.0
+  BuildDropPath: '$(Build.SourcesDirectory)/artifacts'
 
 jobs:
 - job: ${{ parameters.name }}
@@ -114,6 +119,7 @@ jobs:
         continueOnError: ${{ parameters.continueOnError }}
         condition: and(succeeded(), in(variables['_SignType'], 'real', 'test'), eq(variables['Agent.Os'], 'Windows_NT'))
 
+  - ${{ if and(eq(parameters.runAsPublic, 'false'), eq(variables['System.TeamProject'], 'internal')) }}:
     - task: NuGetAuthenticate@0
 
   - ${{ if or(eq(parameters.artifacts.download, 'true'), ne(parameters.artifacts.download, '')) }}:
@@ -136,6 +142,10 @@ jobs:
         richNavLogOutputDirectory: $(Build.SourcesDirectory)/artifacts/bin
       continueOnError: true
 
+  - ${{ if and(eq(parameters.runAsPublic, 'false'), ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest'), ne(parameters.disableComponentGovernance, 'true')) }}:
+      - task: ComponentGovernanceComponentDetection@0
+        continueOnError: true
+
   - ${{ if eq(parameters.enableMicrobuild, 'true') }}:
     - ${{ if and(eq(parameters.runAsPublic, 'false'), ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}:
       - task: MicroBuildCleanup@1
@@ -242,3 +252,10 @@ jobs:
         ArtifactName: AssetManifests
       continueOnError: ${{ parameters.continueOnError }}
       condition: and(succeeded(), eq(variables['_DotNetPublishToBlobFeed'], 'true'))
+
+  - ${{ if and(eq(parameters.runAsPublic, 'false'), ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest'), eq(parameters.enableSbom, 'true')) }}:
+    - template: /eng/common/templates/steps/generate-sbom.yml
+      parameters:
+        PackageVersion: ${{ parameters.packageVersion}}
+        BuildDropPath: ${{ parameters.buildDropPath }}
+

eng/common/templates/job/onelocbuild.yml

@@ -3,15 +3,15 @@ parameters:
   dependsOn: ''
 
   # Optional: A defined YAML pool - https://docs.microsoft.com/en-us/azure/devops/pipelines/yaml-schema?view=vsts&tabs=schema#pool
-  pool:
-    vmImage: vs2017-win2016
-
+  pool: ''
+    
   CeapexPat: $(dn-bot-ceapex-package-r) # PAT for the loc AzDO instance https://dev.azure.com/ceapex
   GithubPat: $(BotAccount-dotnet-bot-repo-PAT)
 
   SourcesDirectory: $(Build.SourcesDirectory)
   CreatePr: true
   AutoCompletePr: false
+  ReusePr: true
   UseLfLineEndings: true
   UseCheckedInLocProjectJson: false
   LanguageSet: VS_Main_Languages
@@ -30,7 +30,18 @@ jobs:
 
   displayName: OneLocBuild
 
-  pool: ${{ parameters.pool }}
+  ${{ if ne(parameters.pool, '') }}:
+    pool: ${{ parameters.pool }}
+  ${{ if eq(parameters.pool, '') }}:
+    pool:
+      # We don't use the collection uri here because it might vary (.visualstudio.com vs. dev.azure.com)
+      ${{ if eq(variables['System.TeamProject'], 'DevDiv') }}:
+        name: VSEngSS-MicroBuild2022-1ES
+        demands: Cmd
+      # If it's not devdiv, it's dnceng
+      ${{ if ne(variables['System.TeamProject'], 'DevDiv') }}:
+        name: NetCore1ESPool-Svc-Internal
+        demands: ImageOverride -equals windows.vs2019.amd64
 
   variables:
     - group: OneLocBuildVariables # Contains the CeapexPat and GithubPat
@@ -61,9 +72,11 @@ jobs:
         lclSource: ${{ parameters.LclSource }}
         lclPackageId: ${{ parameters.LclPackageId }}
         isCreatePrSelected: ${{ parameters.CreatePr }}
+        isAutoCompletePrSelected: ${{ parameters.AutoCompletePr }}
         ${{ if eq(parameters.CreatePr, true) }}:
-          isAutoCompletePrSelected: ${{ parameters.AutoCompletePr }}
           isUseLfLineEndingsSelected: ${{ parameters.UseLfLineEndings }}
+          ${{ if eq(parameters.RepoType, 'gitHub') }}:
+            isShouldReusePrSelected: ${{ parameters.ReusePr }}
         packageSourceAuth: patAuth
         patVariable: ${{ parameters.CeapexPat }}
         ${{ if eq(parameters.RepoType, 'gitHub') }}:

eng/common/templates/job/publish-build-assets.yml

@@ -23,27 +23,33 @@ parameters:
   # Optional: whether the build's artifacts will be published using release pipelines or direct feed publishing
   publishUsingPipelines: false
 
+  # Optional: whether the build's artifacts will be published using release pipelines or direct feed publishing
+  publishAssetsImmediately: false
+
+  artifactsPublishingAdditionalParameters: ''
+
+  signingValidationAdditionalParameters: ''
+
 jobs:
 - job: Asset_Registry_Publish
 
   dependsOn: ${{ parameters.dependsOn }}
 
-  displayName: Publish to Build Asset Registry
+  ${{ if eq(parameters.publishAssetsImmediately, 'true') }}:
+    displayName: Publish Assets
+  ${{ else }}:
+    displayName: Publish to Build Asset Registry
 
   pool: ${{ parameters.pool }}
 
   variables:
   - ${{ if and(eq(parameters.runAsPublic, 'false'), ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}:
-    - name: _BuildConfig
-      value: ${{ parameters.configuration }}
     - group: Publish-Build-Assets
     - group: AzureDevOps-Artifact-Feeds-Pats
-    # Skip component governance and codesign validation for SDL. These jobs
-    # create no content.
-    - name: skipComponentGovernanceDetection
-      value: true
     - name: runCodesignValidationInjection
       value: false
+    - ${{ if eq(parameters.publishAssetsImmediately, 'true') }}:
+      - template: /eng/common/templates/post-build/common-variables.yml
 
   steps:
   - ${{ if and(eq(parameters.runAsPublic, 'false'), ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}:
@@ -56,14 +62,13 @@ jobs:
       condition: ${{ parameters.condition }}
       continueOnError: ${{ parameters.continueOnError }}
     
-    - ${{ if and(eq(parameters.runAsPublic, 'false'), ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}:
-      - task: NuGetAuthenticate@0
+    - task: NuGetAuthenticate@0
 
-      - task: PowerShell@2 
-        displayName: Enable cross-org NuGet feed authentication 
-        inputs: 
-          filePath: $(Build.SourcesDirectory)/eng/common/enable-cross-org-publishing.ps1 
-          arguments: -token $(dn-bot-all-orgs-artifact-feeds-rw) 
+    - task: PowerShell@2 
+      displayName: Enable cross-org NuGet feed authentication 
+      inputs: 
+        filePath: $(Build.SourcesDirectory)/eng/common/enable-cross-org-publishing.ps1 
+        arguments: -token $(dn-bot-all-orgs-artifact-feeds-rw) 
 
     - task: PowerShell@2
       displayName: Publish Build Assets
@@ -74,7 +79,6 @@ jobs:
           /p:BuildAssetRegistryToken=$(MaestroAccessToken)
           /p:MaestroApiEndpoint=https://maestro-prod.westus2.cloudapp.azure.com
           /p:PublishUsingPipelines=${{ parameters.publishUsingPipelines }}
-          /p:Configuration=$(_BuildConfig)
           /p:OfficialBuildId=$(Build.BuildNumber)
       condition: ${{ parameters.condition }}
       continueOnError: ${{ parameters.continueOnError }}
@@ -118,7 +122,25 @@ jobs:
         PathtoPublish: '$(Build.SourcesDirectory)/eng/SymbolPublishingExclusionsFile.txt'
         PublishLocation: Container
         ArtifactName: ReleaseConfigs
-        
+
+    - ${{ if eq(parameters.publishAssetsImmediately, 'true') }}:
+      - template: /eng/common/templates/post-build/setup-maestro-vars.yml
+        parameters:
+          BARBuildId: ${{ parameters.BARBuildId }}
+          PromoteToChannelIds: ${{ parameters.PromoteToChannelIds }}
+
+      - task: PowerShell@2
+        displayName: Publish Using Darc
+        inputs:
+          filePath: $(Build.SourcesDirectory)/eng/common/post-build/publish-using-darc.ps1
+          arguments: -BuildId $(BARBuildId) 
+            -PublishingInfraVersion 3
+            -AzdoToken '$(publishing-dnceng-devdiv-code-r-build-re)'
+            -MaestroToken '$(MaestroApiAccessToken)'
+            -WaitPublishingFinish true
+            -ArtifactsPublishingAdditionalParameters '${{ parameters.artifactsPublishingAdditionalParameters }}'
+            -SymbolPublishingAdditionalParameters '${{ parameters.symbolPublishingAdditionalParameters }}'
+
     - ${{ if eq(parameters.enablePublishBuildArtifacts, 'true') }}:
       - template: /eng/common/templates/steps/publish-logs.yml
         parameters:

eng/common/templates/job/source-build.yml

@@ -31,11 +31,6 @@ parameters:
   #   container and pool.
   platform: {}
 
-  # The default VM host AzDO pool. This should be capable of running Docker containers: almost all
-  # source-build builds run in Docker, including the default managed platform.
-  defaultContainerHostPool:
-    vmImage: ubuntu-20.04
-
 jobs:
 - job: ${{ parameters.jobNamePrefix }}_${{ parameters.platform.name }}
   displayName: Source-Build (${{ parameters.platform.name }})
@@ -47,7 +42,15 @@ jobs:
     container: ${{ parameters.platform.container }}
 
   ${{ if eq(parameters.platform.pool, '') }}:
-    pool: ${{ parameters.defaultContainerHostPool }}
+    # The default VM host AzDO pool. This should be capable of running Docker containers: almost all
+    # source-build builds run in Docker, including the default managed platform.
+    pool:
+      ${{ if eq(variables['System.TeamProject'], 'public') }}:
+        name: NetCore-Svc-Public
+        demands: ImageOverride -equals Build.Ubuntu.1804.Amd64.Open
+      ${{ if eq(variables['System.TeamProject'], 'internal') }}:
+        name: NetCore1ESPool-Svc-Internal
+        demands: ImageOverride -equals Build.Ubuntu.1804.Amd64
   ${{ if ne(parameters.platform.pool, '') }}:
     pool: ${{ parameters.platform.pool }}
 

eng/common/templates/job/source-index-stage1.yml

@@ -1,14 +1,13 @@
 parameters:
   runAsPublic: false
-  sourceIndexPackageVersion: 1.0.1-20210614.1
+  sourceIndexPackageVersion: 1.0.1-20220804.1
   sourceIndexPackageSource: https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-tools/nuget/v3/index.json
   sourceIndexBuildCommand: powershell -NoLogo -NoProfile -ExecutionPolicy Bypass -Command "eng/common/build.ps1 -restore -build -binarylog -ci"
   preSteps: []
   binlogPath: artifacts/log/Debug/Build.binlog
-  pool:
-    vmImage: vs2017-win2016
   condition: ''
   dependsOn: ''
+  pool: ''
 
 jobs:
 - job: SourceIndexStage1
@@ -24,7 +23,17 @@ jobs:
   - ${{ if and(eq(parameters.runAsPublic, 'false'), ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}:
     - group: source-dot-net stage1 variables
 
-  pool: ${{ parameters.pool }}
+  ${{ if ne(parameters.pool, '') }}:
+    pool: ${{ parameters.pool }}
+  ${{ if eq(parameters.pool, '') }}:
+    pool:
+      ${{ if eq(variables['System.TeamProject'], 'public') }}:
+        name: NetCore-Svc-Public
+        demands: ImageOverride -equals windows.vs2019.amd64.open
+      ${{ if eq(variables['System.TeamProject'], 'internal') }}:
+        name: NetCore1ESPool-Svc-Internal
+        demands: ImageOverride -equals windows.vs2019.amd64
+
   steps:
   - ${{ each preStep in parameters.preSteps }}:
     - ${{ preStep }}

eng/common/templates/jobs/codeql-build.yml

@@ -0,0 +1,31 @@
+parameters:
+  # See schema documentation in /Documentation/AzureDevOps/TemplateSchema.md
+  continueOnError: false
+  # Required: A collection of jobs to run - https://docs.microsoft.com/en-us/azure/devops/pipelines/yaml-schema?view=vsts&tabs=schema#job
+  jobs: []
+  # Optional: if specified, restore and use this version of Guardian instead of the default.
+  overrideGuardianVersion: ''
+
+jobs:
+- template: /eng/common/templates/jobs/jobs.yml
+  parameters:
+    enableMicrobuild: false
+    enablePublishBuildArtifacts: false
+    enablePublishTestResults: false
+    enablePublishBuildAssets: false
+    enablePublishUsingPipelines: false
+    enableTelemetry: true
+
+    variables:
+      - group: Publish-Build-Assets
+      # The Guardian version specified in 'eng/common/sdl/packages.config'. This value must be kept in
+      # sync with the packages.config file.
+      - name: DefaultGuardianVersion
+        value: 0.109.0
+      - name: GuardianPackagesConfigFile
+        value: $(Build.SourcesDirectory)\eng\common\sdl\packages.config
+      - name: GuardianVersion
+        value: ${{ coalesce(parameters.overrideGuardianVersion, '$(DefaultGuardianVersion)') }}
+  
+    jobs: ${{ parameters.jobs }}
+        

eng/common/templates/jobs/jobs.yml

@@ -27,6 +27,13 @@ parameters:
   # Optional: Override automatically derived dependsOn value for "publish build assets" job
   publishBuildAssetsDependsOn: ''
 
+  # Optional: Publish the assets as soon as the publish to BAR stage is complete, rather doing so in a separate stage.
+  publishAssetsImmediately: false
+
+  # Optional: If using publishAssetsImmediately and additional parameters are needed, can be used to send along additional parameters (normally sent to post-build.yml)
+  artifactsPublishingAdditionalParameters: ''
+  signingValidationAdditionalParameters: ''
+
   # Optional: should run as a public build even in the internal project
   #           if 'true', the build won't run any of the internal only steps, even if it is running in non-public projects.
   runAsPublic: false
@@ -68,7 +75,6 @@ jobs:
         ${{ parameter.key }}: ${{ parameter.value }}
 
 - ${{ if and(eq(parameters.runAsPublic, 'false'), ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}:
-  
   - ${{ if or(eq(parameters.enablePublishBuildAssets, true), eq(parameters.artifacts.publish.manifests, 'true'), ne(parameters.artifacts.publish.manifests, '')) }}:
     - template: ../job/publish-build-assets.yml
       parameters:
@@ -83,17 +89,18 @@ jobs:
         - ${{ if eq(parameters.enableSourceBuild, true) }}:
           - Source_Build_Complete
         pool:
-          vmImage: vs2017-win2016
+          # We don't use the collection uri here because it might vary (.visualstudio.com vs. dev.azure.com)
+          ${{ if eq(variables['System.TeamProject'], 'DevDiv') }}:
+            name: VSEngSS-MicroBuild2022-1ES
+            demands: Cmd
+          # If it's not devdiv, it's dnceng
+          ${{ if ne(variables['System.TeamProject'], 'DevDiv') }}:
+            name: NetCore1ESPool-Svc-Internal
+            demands: ImageOverride -equals windows.vs2019.amd64
+
         runAsPublic: ${{ parameters.runAsPublic }}
         publishUsingPipelines: ${{ parameters.enablePublishUsingPipelines }}
+        publishAssetsImmediately: ${{ parameters.publishAssetsImmediately }}
         enablePublishBuildArtifacts: ${{ parameters.enablePublishBuildArtifacts }}
-
-  - ${{ if eq(parameters.graphFileGeneration.enabled, true) }}:
-    - template: ../job/generate-graph-files.yml
-      parameters:
-        continueOnError: ${{ parameters.continueOnError }}
-        includeToolset: ${{ parameters.graphFileGeneration.includeToolset }}
-        dependsOn:
-          - Asset_Registry_Publish
-        pool:
-          vmImage: vs2017-win2016
+        artifactsPublishingAdditionalParameters: ${{ parameters.artifactsPublishingAdditionalParameters }}
+        signingValidationAdditionalParameters: ${{ parameters.signingValidationAdditionalParameters }}

eng/common/templates/jobs/source-build.yml

@@ -14,7 +14,7 @@ parameters:
   # This is the default platform provided by Arcade, intended for use by a managed-only repo.
   defaultManagedPlatform:
     name: 'Managed'
-    container: 'mcr.microsoft.com/dotnet-buildtools/prereqs:centos-7-3e800f1-20190501005343'
+    container: 'mcr.microsoft.com/dotnet-buildtools/prereqs:centos-stream8-20220809204800-17a4aab'
 
   # Defines the platforms on which to run build jobs. One job is created for each platform, and the
   # object in this array is sent to the job template as 'platform'. If no platforms are specified,

eng/common/templates/post-build/common-variables.yml

@@ -4,54 +4,6 @@ variables:
   - group: DotNet-DotNetCli-Storage
   - group: DotNet-MSRC-Storage
   - group: Publish-Build-Assets
-    
-  # .NET Core 3.1 Dev
-  - name: PublicDevRelease_31_Channel_Id
-    value: 128
-
-  # .NET 5 Dev
-  - name: Net_5_Dev_Channel_Id
-    value: 131
-
-  # .NET Eng - Validation
-  - name: Net_Eng_Validation_Channel_Id
-    value: 9
-
-  # .NET Eng - Latest
-  - name: Net_Eng_Latest_Channel_Id
-    value: 2
-
-  # .NET 3 Eng - Validation
-  - name: NET_3_Eng_Validation_Channel_Id
-    value: 390
-
-  # .NET 3 Eng
-  - name: NetCore_3_Tools_Channel_Id
-    value: 344
-
-  # .NET Core 3.0 Internal Servicing
-  - name: InternalServicing_30_Channel_Id
-    value: 184
-
-  # .NET Core 3.0 Release
-  - name: PublicRelease_30_Channel_Id
-    value: 19
-
-  # .NET Core 3.1 Release
-  - name: PublicRelease_31_Channel_Id
-    value: 129
-
-  # General Testing
-  - name: GeneralTesting_Channel_Id
-    value: 529
-
-  # .NET Core 3.1 Blazor Features
-  - name: NetCore_31_Blazor_Features_Channel_Id
-    value: 531
-
-  # .NET Core Experimental
-  - name: NetCore_Experimental_Channel_Id
-    value: 562
 
   # Whether the build is internal or not
   - name: IsInternalBuild
@@ -70,30 +22,5 @@ variables:
   - name: SymbolToolVersion
     value: 1.0.1
 
-  # Feed Configurations
-  # These should include the suffix "/index.json"
-
-  # Default locations for Installers and checksums
-  # Public Locations
-  - name: ChecksumsBlobFeedUrl
-    value: https://dotnetclichecksums.blob.core.windows.net/dotnet/index.json
-  - name: InstallersBlobFeedUrl
-    value: https://dotnetcli.blob.core.windows.net/dotnet/index.json
-
-  # Private Locations
-  - name: InternalChecksumsBlobFeedUrl
-    value: https://dotnetclichecksumsmsrc.blob.core.windows.net/dotnet/index.json
-  - name: InternalChecksumsBlobFeedKey
-    value: $(dotnetclichecksumsmsrc-storage-key)
-
-  - name: InternalInstallersBlobFeedUrl
-    value: https://dotnetclimsrc.blob.core.windows.net/dotnet/index.json
-  - name: InternalInstallersBlobFeedKey
-    value: $(dotnetclimsrc-access-key)
-
-  # Skip component governance and codesign validation for SDL. These jobs
-  # create no content.
-  - name: skipComponentGovernanceDetection
-    value: true
   - name: runCodesignValidationInjection
     value: false

eng/common/templates/post-build/post-build.yml

@@ -1,113 +1,120 @@
 parameters:
- # Which publishing infra should be used. THIS SHOULD MATCH THE VERSION ON THE BUILD MANIFEST.
-  # Publishing V2 accepts optionally outlining the publishing stages - default is inline.
-  # Publishing V3 DOES NOT accept inlining the publishing stages.
-  publishingInfraVersion: 2
-  # When set to true the publishing templates from the repo will be used
-  # otherwise Darc add-build-to-channel will be used to trigger the promotion pipeline
-  inline: true
-
-  # Only used if inline==false. When set to true will stall the current build until
-  # the Promotion Pipeline build finishes. Otherwise, the current build will continue 
-  # execution concurrently with the promotion build.
-  waitPublishingFinish: true
-
-  BARBuildId: ''
-  PromoteToChannelIds: ''
-
-  enableSourceLinkValidation: false
-  enableSigningValidation: true
-  enableSymbolValidation: false
-  enableNugetValidation: true
-  publishInstallersAndChecksums: true
-  SDLValidationParameters:
-    enable: false
-    continueOnError: false
-    params: ''
-    artifactNames: ''
-    downloadArtifacts: true
+  # Which publishing infra should be used. THIS SHOULD MATCH THE VERSION ON THE BUILD MANIFEST.
+  # Publishing V1 is no longer supported
+  # Publishing V2 is no longer supported
+  # Publishing V3 is the default
+  - name: publishingInfraVersion
+    displayName: Which version of publishing should be used to promote the build definition?
+    type: number
+    default: 3
+    values:
+    - 3
+
+  - name: BARBuildId
+    displayName: BAR Build Id
+    type: number
+    default: 0
+
+  - name: PromoteToChannelIds
+    displayName: Channel to promote BARBuildId to
+    type: string
+    default: ''
+
+  - name: enableSourceLinkValidation
+    displayName: Enable SourceLink validation
+    type: boolean
+    default: false
+
+  - name: enableSigningValidation
+    displayName: Enable signing validation
+    type: boolean
+    default: true
+
+  - name: enableSymbolValidation
+    displayName: Enable symbol validation
+    type: boolean
+    default: false
+
+  - name: enableNugetValidation
+    displayName: Enable NuGet validation
+    type: boolean
+    default: true
+    
+  - name: publishInstallersAndChecksums
+    displayName: Publish installers and checksums
+    type: boolean
+    default: true
+
+  - name: SDLValidationParameters
+    type: object
+    default:
+      enable: false
+      publishGdn: false
+      continueOnError: false
+      params: ''
+      artifactNames: ''
+      downloadArtifacts: true
 
   # These parameters let the user customize the call to sdk-task.ps1 for publishing
   # symbols & general artifacts as well as for signing validation
-  symbolPublishingAdditionalParameters: ''
-  artifactsPublishingAdditionalParameters: ''
-  signingValidationAdditionalParameters: ''
+  - name: symbolPublishingAdditionalParameters
+    displayName: Symbol publishing additional parameters
+    type: string
+    default: ''
+
+  - name: artifactsPublishingAdditionalParameters
+    displayName: Artifact publishing additional parameters
+    type: string
+    default: ''
+
+  - name: signingValidationAdditionalParameters
+    displayName: Signing validation additional parameters
+    type: string
+    default: ''
 
   # Which stages should finish execution before post-build stages start
-  validateDependsOn:
-  - build
-  publishDependsOn: 
-  - Validate
+  - name: validateDependsOn
+    type: object
+    default:
+    - build
+
+  - name: publishDependsOn
+    type: object
+    default:
+    - Validate
 
-  # Channel ID's instantiated in this file.
-  # When adding a new channel implementation the call to `check-channel-consistency.ps1` 
-  # needs to be updated with the new channel ID
-  NetEngLatestChannelId: 2
-  NetEngValidationChannelId: 9
-  NetDev5ChannelId: 131
-  NetDev6ChannelId: 1296
-  GeneralTestingChannelId: 529
-  NETCoreToolingDevChannelId: 548
-  NETCoreToolingReleaseChannelId: 549
-  NETInternalToolingChannelId: 551
-  NETCoreExperimentalChannelId: 562
-  NetEngServicesIntChannelId: 678
-  NetEngServicesProdChannelId: 679
-  NetCoreSDK313xxChannelId: 759
-  NetCoreSDK313xxInternalChannelId: 760
-  NetCoreSDK314xxChannelId: 921
-  NetCoreSDK314xxInternalChannelId: 922
-  VS166ChannelId: 1010
-  VS167ChannelId: 1011
-  VS168ChannelId: 1154
-  VSMasterChannelId: 1012
-  VS169ChannelId: 1473
-  VS1610ChannelId: 1692
+  # Optional: Call asset publishing rather than running in a separate stage
+  - name: publishAssetsImmediately
+    type: boolean
+    default: false
 
 stages:
-- ${{ if or(and(le(parameters.publishingInfraVersion, 2), eq(parameters.inline, 'true')), eq( parameters.enableNugetValidation, 'true'), eq(parameters.enableSigningValidation, 'true'), eq(parameters.enableSourceLinkValidation, 'true'), eq(parameters.SDLValidationParameters.enable, 'true')) }}:
+- ${{ if or(eq( parameters.enableNugetValidation, 'true'), eq(parameters.enableSigningValidation, 'true'), eq(parameters.enableSourceLinkValidation, 'true'), eq(parameters.SDLValidationParameters.enable, 'true')) }}:
   - stage: Validate
     dependsOn: ${{ parameters.validateDependsOn }}
     displayName: Validate Build Assets
     variables:
       - template: common-variables.yml
     jobs:
-    - template: setup-maestro-vars.yml
-      parameters:
-        BARBuildId: ${{ parameters.BARBuildId }}
-        PromoteToChannelIds: ${{ parameters.PromoteToChannelIds }}
-
-    - ${{ if and(le(parameters.publishingInfraVersion, 2), eq(parameters.inline, 'true')) }}:
-      - job:
-        displayName: Post-build Checks
-        dependsOn: setupMaestroVars
-        variables:
-          - name: TargetChannels
-            value: $[ dependencies.setupMaestroVars.outputs['setReleaseVars.TargetChannels'] ]
-        pool:
-          vmImage: 'windows-2019'
-        steps:
-          - task: PowerShell@2
-            displayName: Maestro Channels Consistency
-            inputs:
-              filePath: $(Build.SourcesDirectory)/eng/common/post-build/check-channel-consistency.ps1
-              arguments: -PromoteToChannels "$(TargetChannels)"
-                -AvailableChannelIds ${{parameters.NetEngLatestChannelId}},${{parameters.NetEngValidationChannelId}},${{parameters.NetDev5ChannelId}},${{parameters.NetDev6ChannelId}},${{parameters.GeneralTestingChannelId}},${{parameters.NETCoreToolingDevChannelId}},${{parameters.NETCoreToolingReleaseChannelId}},${{parameters.NETInternalToolingChannelId}},${{parameters.NETCoreExperimentalChannelId}},${{parameters.NetEngServicesIntChannelId}},${{parameters.NetEngServicesProdChannelId}},${{parameters.NetCoreSDK313xxChannelId}},${{parameters.NetCoreSDK313xxInternalChannelId}},${{parameters.NetCoreSDK314xxChannelId}},${{parameters.NetCoreSDK314xxInternalChannelId}},${{parameters.VS166ChannelId}},${{parameters.VS167ChannelId}},${{parameters.VS168ChannelId}},${{parameters.VSMasterChannelId}},${{parameters.VS169ChannelId}},${{parameters.VS1610ChannelId}}
-
     - job:
       displayName: NuGet Validation
-      dependsOn: setupMaestroVars
       condition: eq( ${{ parameters.enableNugetValidation }}, 'true')
       pool:
-        vmImage: 'windows-2019'
-      variables:
-        - name: AzDOProjectName
-          value: $[ dependencies.setupMaestroVars.outputs['setReleaseVars.AzDOProjectName'] ]
-        - name: AzDOPipelineId
-          value: $[ dependencies.setupMaestroVars.outputs['setReleaseVars.AzDOPipelineId'] ]
-        - name: AzDOBuildId
-          value: $[ dependencies.setupMaestroVars.outputs['setReleaseVars.AzDOBuildId'] ]
+        # We don't use the collection uri here because it might vary (.visualstudio.com vs. dev.azure.com)
+        ${{ if eq(variables['System.TeamProject'], 'DevDiv') }}:
+          name: VSEngSS-MicroBuild2022-1ES
+          demands: Cmd
+        # If it's not devdiv, it's dnceng
+        ${{ else }}:
+          name: NetCore1ESPool-Svc-Internal
+          demands: ImageOverride -equals windows.vs2019.amd64
+
       steps:
+        - template: setup-maestro-vars.yml
+          parameters:
+            BARBuildId: ${{ parameters.BARBuildId }}
+            PromoteToChannelIds: ${{ parameters.PromoteToChannelIds }}
+
         - task: DownloadBuildArtifacts@0
           displayName: Download Package Artifacts
           inputs:
@@ -128,19 +135,22 @@ stages:
 
     - job:
       displayName: Signing Validation
-      dependsOn: setupMaestroVars
       condition: and( eq( ${{ parameters.enableSigningValidation }}, 'true'), ne( variables['PostBuildSign'], 'true'))
-      variables:
-        - template: common-variables.yml
-        - name: AzDOProjectName
-          value: $[ dependencies.setupMaestroVars.outputs['setReleaseVars.AzDOProjectName'] ]
-        - name: AzDOPipelineId
-          value: $[ dependencies.setupMaestroVars.outputs['setReleaseVars.AzDOPipelineId'] ]
-        - name: AzDOBuildId
-          value: $[ dependencies.setupMaestroVars.outputs['setReleaseVars.AzDOBuildId'] ]
       pool:
-        vmImage: 'windows-2019'
+        # We don't use the collection uri here because it might vary (.visualstudio.com vs. dev.azure.com)
+        ${{ if eq(variables['System.TeamProject'], 'DevDiv') }}:
+          name: VSEngSS-MicroBuild2022-1ES
+          demands: Cmd
+        # If it's not devdiv, it's dnceng
+        ${{ else }}:
+          name: NetCore1ESPool-Svc-Internal
+          demands: ImageOverride -equals windows.vs2019.amd64
       steps:
+        - template: setup-maestro-vars.yml
+          parameters:
+            BARBuildId: ${{ parameters.BARBuildId }}
+            PromoteToChannelIds: ${{ parameters.PromoteToChannelIds }}
+
         - task: DownloadBuildArtifacts@0
           displayName: Download Package Artifacts
           inputs:
@@ -185,19 +195,22 @@ stages:
 
     - job:
       displayName: SourceLink Validation
-      dependsOn: setupMaestroVars
       condition: eq( ${{ parameters.enableSourceLinkValidation }}, 'true')
-      variables:
-        - template: common-variables.yml
-        - name: AzDOProjectName
-          value: $[ dependencies.setupMaestroVars.outputs['setReleaseVars.AzDOProjectName'] ]
-        - name: AzDOPipelineId
-          value: $[ dependencies.setupMaestroVars.outputs['setReleaseVars.AzDOPipelineId'] ]
-        - name: AzDOBuildId
-          value: $[ dependencies.setupMaestroVars.outputs['setReleaseVars.AzDOBuildId'] ]
       pool:
-        vmImage: 'windows-2019'
+        # We don't use the collection uri here because it might vary (.visualstudio.com vs. dev.azure.com)
+        ${{ if eq(variables['System.TeamProject'], 'DevDiv') }}:
+          name: VSEngSS-MicroBuild2022-1ES
+          demands: Cmd
+        # If it's not devdiv, it's dnceng
+        ${{ else }}:
+          name: NetCore1ESPool-Svc-Internal
+          demands: ImageOverride -equals windows.vs2019.amd64
       steps:
+        - template: setup-maestro-vars.yml
+          parameters:
+            BARBuildId: ${{ parameters.BARBuildId }}
+            PromoteToChannelIds: ${{ parameters.PromoteToChannelIds }}
+
         - task: DownloadBuildArtifacts@0
           displayName: Download Blob Artifacts
           inputs:
@@ -223,367 +236,50 @@ stages:
     - template: /eng/common/templates/job/execute-sdl.yml
       parameters:
         enable: ${{ parameters.SDLValidationParameters.enable }}
-        dependsOn: setupMaestroVars
+        publishGuardianDirectoryToPipeline: ${{ parameters.SDLValidationParameters.publishGdn }}
         additionalParameters: ${{ parameters.SDLValidationParameters.params }}
         continueOnError: ${{ parameters.SDLValidationParameters.continueOnError }}
         artifactNames: ${{ parameters.SDLValidationParameters.artifactNames }}
         downloadArtifacts: ${{ parameters.SDLValidationParameters.downloadArtifacts }}
 
-- ${{ if or(ge(parameters.publishingInfraVersion, 3), eq(parameters.inline, 'false')) }}:
+- ${{ if ne(parameters.publishAssetsImmediately, 'true') }}:
   - stage: publish_using_darc
     ${{ if or(eq(parameters.enableNugetValidation, 'true'), eq(parameters.enableSigningValidation, 'true'), eq(parameters.enableSourceLinkValidation, 'true'), eq(parameters.SDLValidationParameters.enable, 'true')) }}:
       dependsOn: ${{ parameters.publishDependsOn }}
-    ${{ if and(ne(parameters.enableNugetValidation, 'true'), ne(parameters.enableSigningValidation, 'true'), ne(parameters.enableSourceLinkValidation, 'true'), ne(parameters.SDLValidationParameters.enable, 'true')) }}:
+    ${{ else }}:
       dependsOn: ${{ parameters.validateDependsOn }}
     displayName: Publish using Darc
     variables:
       - template: common-variables.yml
     jobs:
-    - template: setup-maestro-vars.yml
-      parameters:
-        BARBuildId: ${{ parameters.BARBuildId }}
-        PromoteToChannelIds: ${{ parameters.PromoteToChannelIds }}
-
     - job:
       displayName: Publish Using Darc
-      dependsOn: setupMaestroVars
       timeoutInMinutes: 120
-      variables:
-        - name: BARBuildId
-          value: $[ dependencies.setupMaestroVars.outputs['setReleaseVars.BARBuildId'] ]
       pool:
-        vmImage: 'windows-2019'
+        # We don't use the collection uri here because it might vary (.visualstudio.com vs. dev.azure.com)
+        ${{ if eq(variables['System.TeamProject'], 'DevDiv') }}:
+          name: VSEngSS-MicroBuild2022-1ES
+          demands: Cmd
+        # If it's not devdiv, it's dnceng
+        ${{ else }}:
+          name: NetCore1ESPool-Svc-Internal
+          demands: ImageOverride -equals windows.vs2019.amd64
       steps:
+        - template: setup-maestro-vars.yml
+          parameters:
+            BARBuildId: ${{ parameters.BARBuildId }}
+            PromoteToChannelIds: ${{ parameters.PromoteToChannelIds }}
+
+        - task: NuGetAuthenticate@0
+
         - task: PowerShell@2
           displayName: Publish Using Darc
           inputs:
             filePath: $(Build.SourcesDirectory)/eng/common/post-build/publish-using-darc.ps1
             arguments: -BuildId $(BARBuildId) 
-              -PublishingInfraVersion ${{ parameters.PublishingInfraVersion }}
+              -PublishingInfraVersion ${{ parameters.publishingInfraVersion }}
               -AzdoToken '$(publishing-dnceng-devdiv-code-r-build-re)'
               -MaestroToken '$(MaestroApiAccessToken)'
-              -WaitPublishingFinish ${{ parameters.waitPublishingFinish }}
-              -PublishInstallersAndChecksums ${{ parameters.publishInstallersAndChecksums }}
+              -WaitPublishingFinish true
               -ArtifactsPublishingAdditionalParameters '${{ parameters.artifactsPublishingAdditionalParameters }}'
-              -SymbolPublishingAdditionalParameters '${{ parameters.symbolPublishingAdditionalParameters }}'
-
-- ${{ if and(le(parameters.publishingInfraVersion, 2), eq(parameters.inline, 'true')) }}:
-  - template: \eng\common\templates\post-build\channels\generic-public-channel.yml
-    parameters:
-      BARBuildId: ${{ parameters.BARBuildId }}
-      PromoteToChannelIds: ${{ parameters.PromoteToChannelIds }}    
-      artifactsPublishingAdditionalParameters: ${{ parameters.artifactsPublishingAdditionalParameters }}
-      dependsOn: ${{ parameters.publishDependsOn }}
-      publishInstallersAndChecksums: ${{ parameters.publishInstallersAndChecksums }}
-      symbolPublishingAdditionalParameters: ${{ parameters.symbolPublishingAdditionalParameters }}
-      stageName: 'NetCore_Dev5_Publish'
-      channelName: '.NET 5 Dev'
-      akaMSChannelName: 'net5/dev'
-      channelId: ${{ parameters.NetDev5ChannelId }}
-      transportFeed: 'https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet5-transport/nuget/v3/index.json'
-      shippingFeed: 'https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet5/nuget/v3/index.json'
-      symbolsFeed: 'https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet5-symbols/nuget/v3/index.json'
-
-  - template: \eng\common\templates\post-build\channels\generic-public-channel.yml
-    parameters:
-      BARBuildId: ${{ parameters.BARBuildId }}
-      PromoteToChannelIds: ${{ parameters.PromoteToChannelIds }}
-      artifactsPublishingAdditionalParameters: ${{ parameters.artifactsPublishingAdditionalParameters }}
-      dependsOn: ${{ parameters.publishDependsOn }}
-      publishInstallersAndChecksums: ${{ parameters.publishInstallersAndChecksums }}
-      symbolPublishingAdditionalParameters: ${{ parameters.symbolPublishingAdditionalParameters }}
-      stageName: 'NetCore_Dev6_Publish'
-      channelName: '.NET 6 Dev'
-      akaMSChannelName: 'net6/dev'
-      channelId: ${{ parameters.NetDev6ChannelId }}
-      transportFeed: 'https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet6-transport/nuget/v3/index.json'
-      shippingFeed: 'https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet6/nuget/v3/index.json'
-      symbolsFeed: 'https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet6-symbols/nuget/v3/index.json'
-
-  - template: \eng\common\templates\post-build\channels\generic-public-channel.yml
-    parameters:
-      BARBuildId: ${{ parameters.BARBuildId }}
-      PromoteToChannelIds: ${{ parameters.PromoteToChannelIds }}
-      artifactsPublishingAdditionalParameters: ${{ parameters.artifactsPublishingAdditionalParameters }}
-      dependsOn: ${{ parameters.publishDependsOn }}
-      publishInstallersAndChecksums: ${{ parameters.publishInstallersAndChecksums }}
-      symbolPublishingAdditionalParameters: ${{ parameters.symbolPublishingAdditionalParameters }}
-      stageName: 'Net_Eng_Latest_Publish'
-      channelName: '.NET Eng - Latest'
-      akaMSChannelName: 'eng/daily'
-      channelId: ${{ parameters.NetEngLatestChannelId }}
-      transportFeed: 'https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-eng/nuget/v3/index.json'
-      shippingFeed: 'https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-eng/nuget/v3/index.json'
-      symbolsFeed: 'https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-eng-symbols/nuget/v3/index.json'
-
-  - template: \eng\common\templates\post-build\channels\generic-public-channel.yml
-    parameters:
-      BARBuildId: ${{ parameters.BARBuildId }}
-      PromoteToChannelIds: ${{ parameters.PromoteToChannelIds }}    
-      artifactsPublishingAdditionalParameters: ${{ parameters.artifactsPublishingAdditionalParameters }}
-      dependsOn: ${{ parameters.publishDependsOn }}
-      publishInstallersAndChecksums: ${{ parameters.publishInstallersAndChecksums }}
-      symbolPublishingAdditionalParameters: ${{ parameters.symbolPublishingAdditionalParameters }}
-      stageName: 'Net_Eng_Validation_Publish'
-      channelName: '.NET Eng - Validation'
-      akaMSChannelName: 'eng/validation'
-      channelId: ${{ parameters.NetEngValidationChannelId }}
-      transportFeed: 'https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-eng/nuget/v3/index.json'
-      shippingFeed: 'https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-eng/nuget/v3/index.json'
-      symbolsFeed: 'https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-eng-symbols/nuget/v3/index.json'
-
-  - template: \eng\common\templates\post-build\channels\generic-public-channel.yml
-    parameters:
-      BARBuildId: ${{ parameters.BARBuildId }}
-      PromoteToChannelIds: ${{ parameters.PromoteToChannelIds }}    
-      artifactsPublishingAdditionalParameters: ${{ parameters.artifactsPublishingAdditionalParameters }}
-      dependsOn: ${{ parameters.publishDependsOn }}
-      publishInstallersAndChecksums: ${{ parameters.publishInstallersAndChecksums }}
-      symbolPublishingAdditionalParameters: ${{ parameters.symbolPublishingAdditionalParameters }}
-      stageName: 'General_Testing_Publish'
-      channelName: 'General Testing'
-      akaMSChannelName: 'generaltesting'
-      channelId: ${{ parameters.GeneralTestingChannelId }}
-      transportFeed: 'https://pkgs.dev.azure.com/dnceng/public/_packaging/general-testing/nuget/v3/index.json'
-      shippingFeed: 'https://pkgs.dev.azure.com/dnceng/public/_packaging/general-testing/nuget/v3/index.json'
-      symbolsFeed: 'https://pkgs.dev.azure.com/dnceng/public/_packaging/general-testing-symbols/nuget/v3/index.json'
-
-  - template: \eng\common\templates\post-build\channels\generic-public-channel.yml
-    parameters:
-      BARBuildId: ${{ parameters.BARBuildId }}
-      PromoteToChannelIds: ${{ parameters.PromoteToChannelIds }}    
-      artifactsPublishingAdditionalParameters: ${{ parameters.artifactsPublishingAdditionalParameters }}
-      dependsOn: ${{ parameters.publishDependsOn }}
-      publishInstallersAndChecksums: ${{ parameters.publishInstallersAndChecksums }}
-      symbolPublishingAdditionalParameters: ${{ parameters.symbolPublishingAdditionalParameters }}
-      stageName: 'NETCore_Tooling_Dev_Publishing'
-      channelName: '.NET Core Tooling Dev'
-      channelId: ${{ parameters.NETCoreToolingDevChannelId }}
-      transportFeed: 'https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-tools/nuget/v3/index.json'
-      shippingFeed: 'https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-tools/nuget/v3/index.json'
-      symbolsFeed: 'https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-tools-symbols/nuget/v3/index.json'
-
-  - template: \eng\common\templates\post-build\channels\generic-public-channel.yml
-    parameters:
-      BARBuildId: ${{ parameters.BARBuildId }}
-      PromoteToChannelIds: ${{ parameters.PromoteToChannelIds }}    
-      artifactsPublishingAdditionalParameters: ${{ parameters.artifactsPublishingAdditionalParameters }}
-      dependsOn: ${{ parameters.publishDependsOn }}
-      publishInstallersAndChecksums: ${{ parameters.publishInstallersAndChecksums }}
-      symbolPublishingAdditionalParameters: ${{ parameters.symbolPublishingAdditionalParameters }}
-      stageName: 'NETCore_Tooling_Release_Publishing'
-      channelName: '.NET Core Tooling Release'
-      channelId: ${{ parameters.NETCoreToolingReleaseChannelId }}
-      transportFeed: 'https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-tools/nuget/v3/index.json'
-      shippingFeed: 'https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-tools/nuget/v3/index.json'
-      symbolsFeed: 'https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-tools-symbols/nuget/v3/index.json'
-
-  - template: \eng\common\templates\post-build\channels\generic-internal-channel.yml
-    parameters:
-      BARBuildId: ${{ parameters.BARBuildId }}
-      PromoteToChannelIds: ${{ parameters.PromoteToChannelIds }}    
-      artifactsPublishingAdditionalParameters: ${{ parameters.artifactsPublishingAdditionalParameters }}
-      dependsOn: ${{ parameters.publishDependsOn }}
-      publishInstallersAndChecksums: ${{ parameters.publishInstallersAndChecksums }}
-      symbolPublishingAdditionalParameters: ${{ parameters.symbolPublishingAdditionalParameters }}
-      stageName: 'NET_Internal_Tooling_Publishing'
-      channelName: '.NET Internal Tooling'
-      channelId: ${{ parameters.NETInternalToolingChannelId }}
-      transportFeed: 'https://pkgs.dev.azure.com/dnceng/internal/_packaging/dotnet-tools-internal/nuget/v3/index.json'
-      shippingFeed: 'https://pkgs.dev.azure.com/dnceng/internal/_packaging/dotnet-tools-internal/nuget/v3/index.json'
-      symbolsFeed: 'https://pkgs.dev.azure.com/dnceng/internal/_packaging/dotnet-tools-internal-symbols/nuget/v3/index.json'
-
-  - template: \eng\common\templates\post-build\channels\generic-public-channel.yml
-    parameters:
-      BARBuildId: ${{ parameters.BARBuildId }}
-      PromoteToChannelIds: ${{ parameters.PromoteToChannelIds }}    
-      artifactsPublishingAdditionalParameters: ${{ parameters.artifactsPublishingAdditionalParameters }}
-      dependsOn: ${{ parameters.publishDependsOn }}
-      publishInstallersAndChecksums: ${{ parameters.publishInstallersAndChecksums }}
-      symbolPublishingAdditionalParameters: ${{ parameters.symbolPublishingAdditionalParameters }}
-      stageName: 'NETCore_Experimental_Publishing'
-      channelName: '.NET Core Experimental'
-      channelId: ${{ parameters.NETCoreExperimentalChannelId }}
-      transportFeed: 'https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-experimental/nuget/v3/index.json'
-      shippingFeed: 'https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-experimental/nuget/v3/index.json'
-      symbolsFeed: 'https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-experimental-symbols/nuget/v3/index.json'
-
-  - template: \eng\common\templates\post-build\channels\generic-public-channel.yml
-    parameters:
-      BARBuildId: ${{ parameters.BARBuildId }}
-      PromoteToChannelIds: ${{ parameters.PromoteToChannelIds }}    
-      artifactsPublishingAdditionalParameters: ${{ parameters.artifactsPublishingAdditionalParameters }}
-      dependsOn: ${{ parameters.publishDependsOn }}
-      publishInstallersAndChecksums: ${{ parameters.publishInstallersAndChecksums }}
-      symbolPublishingAdditionalParameters: ${{ parameters.symbolPublishingAdditionalParameters }}
-      stageName: 'Net_Eng_Services_Int_Publish'
-      channelName: '.NET Eng Services - Int'
-      channelId: ${{ parameters.NetEngServicesIntChannelId }}
-      transportFeed: 'https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-eng/nuget/v3/index.json'
-      shippingFeed: 'https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-eng/nuget/v3/index.json'
-      symbolsFeed: 'https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-eng-symbols/nuget/v3/index.json'
-
-  - template: \eng\common\templates\post-build\channels\generic-public-channel.yml
-    parameters:
-      BARBuildId: ${{ parameters.BARBuildId }}
-      PromoteToChannelIds: ${{ parameters.PromoteToChannelIds }}    
-      artifactsPublishingAdditionalParameters: ${{ parameters.artifactsPublishingAdditionalParameters }}
-      dependsOn: ${{ parameters.publishDependsOn }}
-      publishInstallersAndChecksums: ${{ parameters.publishInstallersAndChecksums }}
-      symbolPublishingAdditionalParameters: ${{ parameters.symbolPublishingAdditionalParameters }}
-      stageName: 'Net_Eng_Services_Prod_Publish'
-      channelName: '.NET Eng Services - Prod'
-      channelId: ${{ parameters.NetEngServicesProdChannelId }}
-      transportFeed: 'https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-eng/nuget/v3/index.json'
-      shippingFeed: 'https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-eng/nuget/v3/index.json'
-      symbolsFeed: 'https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-eng-symbols/nuget/v3/index.json'
-
-  - template: \eng\common\templates\post-build\channels\generic-public-channel.yml
-    parameters:
-      BARBuildId: ${{ parameters.BARBuildId }}
-      PromoteToChannelIds: ${{ parameters.PromoteToChannelIds }}    
-      artifactsPublishingAdditionalParameters: ${{ parameters.artifactsPublishingAdditionalParameters }}
-      dependsOn: ${{ parameters.publishDependsOn }}
-      publishInstallersAndChecksums: ${{ parameters.publishInstallersAndChecksums }}
-      symbolPublishingAdditionalParameters: ${{ parameters.symbolPublishingAdditionalParameters }}
-      stageName: 'NETCore_SDK_314xx_Publishing'
-      channelName: '.NET Core SDK 3.1.4xx'
-      channelId: ${{ parameters.NetCoreSDK314xxChannelId }}
-      transportFeed: 'https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet3.1-transport/nuget/v3/index.json'
-      shippingFeed: 'https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet3.1/nuget/v3/index.json'
-      symbolsFeed: 'https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet3.1-symbols/nuget/v3/index.json'
-
-  - template: \eng\common\templates\post-build\channels\generic-internal-channel.yml
-    parameters:
-      BARBuildId: ${{ parameters.BARBuildId }}
-      PromoteToChannelIds: ${{ parameters.PromoteToChannelIds }}    
-      artifactsPublishingAdditionalParameters: ${{ parameters.artifactsPublishingAdditionalParameters }}
-      dependsOn: ${{ parameters.publishDependsOn }}
-      publishInstallersAndChecksums: ${{ parameters.publishInstallersAndChecksums }}
-      symbolPublishingAdditionalParameters: ${{ parameters.symbolPublishingAdditionalParameters }}
-      stageName: 'NETCore_SDK_314xx_Internal_Publishing'
-      channelName: '.NET Core SDK 3.1.4xx Internal'
-      channelId: ${{ parameters.NetCoreSDK314xxInternalChannelId }}
-      transportFeed: 'https://pkgs.dev.azure.com/dnceng/_packaging/dotnet3.1-internal-transport/nuget/v3/index.json'
-      shippingFeed: 'https://pkgs.dev.azure.com/dnceng/_packaging/dotnet3.1-internal/nuget/v3/index.json'
-      symbolsFeed: 'https://pkgs.dev.azure.com/dnceng/_packaging/dotnet3.1-internal-symbols/nuget/v3/index.json' 
-
-  - template: \eng\common\templates\post-build\channels\generic-public-channel.yml
-    parameters:
-      BARBuildId: ${{ parameters.BARBuildId }}
-      PromoteToChannelIds: ${{ parameters.PromoteToChannelIds }}    
-      artifactsPublishingAdditionalParameters: ${{ parameters.artifactsPublishingAdditionalParameters }}
-      dependsOn: ${{ parameters.publishDependsOn }}
-      publishInstallersAndChecksums: ${{ parameters.publishInstallersAndChecksums }}
-      symbolPublishingAdditionalParameters: ${{ parameters.symbolPublishingAdditionalParameters }}
-      stageName: 'NETCore_SDK_313xx_Publishing'
-      channelName: '.NET Core SDK 3.1.3xx'
-      channelId: ${{ parameters.NetCoreSDK313xxChannelId }}
-      transportFeed: 'https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet3.1-transport/nuget/v3/index.json'
-      shippingFeed: 'https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet3.1/nuget/v3/index.json'
-      symbolsFeed: 'https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet3.1-symbols/nuget/v3/index.json'
-
-  - template: \eng\common\templates\post-build\channels\generic-internal-channel.yml
-    parameters:
-      BARBuildId: ${{ parameters.BARBuildId }}
-      PromoteToChannelIds: ${{ parameters.PromoteToChannelIds }}    
-      artifactsPublishingAdditionalParameters: ${{ parameters.artifactsPublishingAdditionalParameters }}
-      dependsOn: ${{ parameters.publishDependsOn }}
-      publishInstallersAndChecksums: ${{ parameters.publishInstallersAndChecksums }}
-      symbolPublishingAdditionalParameters: ${{ parameters.symbolPublishingAdditionalParameters }}
-      stageName: 'NETCore_SDK_313xx_Internal_Publishing'
-      channelName: '.NET Core SDK 3.1.3xx Internal'
-      channelId: ${{ parameters.NetCoreSDK313xxInternalChannelId }}
-      transportFeed: 'https://pkgs.dev.azure.com/dnceng/_packaging/dotnet3.1-internal-transport/nuget/v3/index.json'
-      shippingFeed: 'https://pkgs.dev.azure.com/dnceng/_packaging/dotnet3.1-internal/nuget/v3/index.json'
-      symbolsFeed: 'https://pkgs.dev.azure.com/dnceng/_packaging/dotnet3.1-internal-symbols/nuget/v3/index.json' 
-
-  - template: \eng\common\templates\post-build\channels\generic-public-channel.yml
-    parameters:
-      BARBuildId: ${{ parameters.BARBuildId }}
-      PromoteToChannelIds: ${{ parameters.PromoteToChannelIds }}    
-      artifactsPublishingAdditionalParameters: ${{ parameters.artifactsPublishingAdditionalParameters }}
-      dependsOn: ${{ parameters.publishDependsOn }}
-      publishInstallersAndChecksums: ${{ parameters.publishInstallersAndChecksums }}
-      symbolPublishingAdditionalParameters: ${{ parameters.symbolPublishingAdditionalParameters }}
-      stageName: 'VS16_6_Publishing'
-      channelName: 'VS 16.6'
-      channelId: ${{ parameters.VS166ChannelId }}
-      transportFeed: 'https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-tools-transport/nuget/v3/index.json'
-      shippingFeed: 'https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-tools/nuget/v3/index.json'
-      symbolsFeed: 'https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-tools-symbols/nuget/v3/index.json'
-
-  - template: \eng\common\templates\post-build\channels\generic-public-channel.yml
-    parameters:
-      BARBuildId: ${{ parameters.BARBuildId }}
-      PromoteToChannelIds: ${{ parameters.PromoteToChannelIds }}    
-      artifactsPublishingAdditionalParameters: ${{ parameters.artifactsPublishingAdditionalParameters }}
-      dependsOn: ${{ parameters.publishDependsOn }}
-      publishInstallersAndChecksums: ${{ parameters.publishInstallersAndChecksums }}
-      symbolPublishingAdditionalParameters: ${{ parameters.symbolPublishingAdditionalParameters }}
-      stageName: 'VS16_7_Publishing'
-      channelName: 'VS 16.7'
-      channelId: ${{ parameters.VS167ChannelId }}
-      transportFeed: 'https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-tools-transport/nuget/v3/index.json'
-      shippingFeed: 'https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-tools/nuget/v3/index.json'
-      symbolsFeed: 'https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-tools-symbols/nuget/v3/index.json'
-      
-  - template: \eng\common\templates\post-build\channels\generic-public-channel.yml
-    parameters:
-      BARBuildId: ${{ parameters.BARBuildId }}
-      PromoteToChannelIds: ${{ parameters.PromoteToChannelIds }}    
-      artifactsPublishingAdditionalParameters: ${{ parameters.artifactsPublishingAdditionalParameters }}
-      dependsOn: ${{ parameters.publishDependsOn }}
-      publishInstallersAndChecksums: ${{ parameters.publishInstallersAndChecksums }}
-      symbolPublishingAdditionalParameters: ${{ parameters.symbolPublishingAdditionalParameters }}
-      stageName: 'VS16_8_Publishing'
-      channelName: 'VS 16.8'
-      channelId: ${{ parameters.VS168ChannelId }}
-      transportFeed: 'https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-tools-transport/nuget/v3/index.json'
-      shippingFeed: 'https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-tools/nuget/v3/index.json'
-      symbolsFeed: 'https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-tools-symbols/nuget/v3/index.json'
-
-  - template: \eng\common\templates\post-build\channels\generic-public-channel.yml
-    parameters:
-      BARBuildId: ${{ parameters.BARBuildId }}
-      PromoteToChannelIds: ${{ parameters.PromoteToChannelIds }}    
-      artifactsPublishingAdditionalParameters: ${{ parameters.artifactsPublishingAdditionalParameters }}
-      dependsOn: ${{ parameters.publishDependsOn }}
-      publishInstallersAndChecksums: ${{ parameters.publishInstallersAndChecksums }}
-      symbolPublishingAdditionalParameters: ${{ parameters.symbolPublishingAdditionalParameters }}
-      stageName: 'VS_Master_Publishing'
-      channelName: 'VS Master'
-      channelId: ${{ parameters.VSMasterChannelId }}
-      transportFeed: 'https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-tools-transport/nuget/v3/index.json'
-      shippingFeed: 'https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-tools/nuget/v3/index.json'
-      symbolsFeed: 'https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-tools-symbols/nuget/v3/index.json'
-
-  - template: \eng\common\templates\post-build\channels\generic-public-channel.yml
-    parameters:
-      BARBuildId: ${{ parameters.BARBuildId }}
-      PromoteToChannelIds: ${{ parameters.PromoteToChannelIds }}    
-      artifactsPublishingAdditionalParameters: ${{ parameters.artifactsPublishingAdditionalParameters }}
-      dependsOn: ${{ parameters.publishDependsOn }}
-      publishInstallersAndChecksums: ${{ parameters.publishInstallersAndChecksums }}
-      symbolPublishingAdditionalParameters: ${{ parameters.symbolPublishingAdditionalParameters }}
-      stageName: 'VS_16_9_Publishing'
-      channelName: 'VS 16.9'
-      channelId: ${{ parameters.VS169ChannelId }}
-      transportFeed: 'https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-tools-transport/nuget/v3/index.json'
-      shippingFeed: 'https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-tools/nuget/v3/index.json'
-      symbolsFeed: 'https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-tools-symbols/nuget/v3/index.json'
-
-  - template: \eng\common\templates\post-build\channels\generic-public-channel.yml
-    parameters:
-      BARBuildId: ${{ parameters.BARBuildId }}
-      PromoteToChannelIds: ${{ parameters.PromoteToChannelIds }}    
-      artifactsPublishingAdditionalParameters: ${{ parameters.artifactsPublishingAdditionalParameters }}
-      dependsOn: ${{ parameters.publishDependsOn }}
-      publishInstallersAndChecksums: ${{ parameters.publishInstallersAndChecksums }}
-      symbolPublishingAdditionalParameters: ${{ parameters.symbolPublishingAdditionalParameters }}
-      stageName: 'VS_16_10_Publishing'
-      channelName: 'VS 16.10'
-      channelId: ${{ parameters.VS1610ChannelId }}
-      transportFeed: 'https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-tools-transport/nuget/v3/index.json'
-      shippingFeed: 'https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-tools/nuget/v3/index.json'
-      symbolsFeed: 'https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-tools-symbols/nuget/v3/index.json'
+              -SymbolPublishingAdditionalParameters '${{ parameters.symbolPublishingAdditionalParameters }}'

eng/common/templates/post-build/setup-maestro-vars.yml

@@ -2,77 +2,69 @@ parameters:
   BARBuildId: ''
   PromoteToChannelIds: ''
 
-jobs:
-- job: setupMaestroVars
-  displayName: Setup Maestro Vars
-  variables:
-    - template: common-variables.yml
-  pool:
-    vmImage: 'windows-2019'
-  steps:
-    - checkout: none
-
-    - ${{ if eq(coalesce(parameters.PromoteToChannelIds, 0), 0) }}:
-      - task: DownloadBuildArtifacts@0
-        displayName: Download Release Configs
-        inputs:
-          buildType: current
-          artifactName: ReleaseConfigs
-          checkDownloadedFiles: true
-
-    - task: PowerShell@2
-      name: setReleaseVars
-      displayName: Set Release Configs Vars
+steps:
+  - ${{ if eq(coalesce(parameters.PromoteToChannelIds, 0), 0) }}:
+    - task: DownloadBuildArtifacts@0
+      displayName: Download Release Configs
       inputs:
-        targetType: inline
-        script: |
-          try {
-            if (!$Env:PromoteToMaestroChannels -or $Env:PromoteToMaestroChannels.Trim() -eq '') {
-              $Content = Get-Content $(Build.StagingDirectory)/ReleaseConfigs/ReleaseConfigs.txt
+        buildType: current
+        artifactName: ReleaseConfigs
+        checkDownloadedFiles: true
 
-              $BarId = $Content | Select -Index 0
-              $Channels = $Content | Select -Index 1             
-              $IsStableBuild = $Content | Select -Index 2
+  - task: PowerShell@2
+    name: setReleaseVars
+    displayName: Set Release Configs Vars
+    inputs:
+      targetType: inline
+      pwsh: true
+      script: |
+        try {
+          if (!$Env:PromoteToMaestroChannels -or $Env:PromoteToMaestroChannels.Trim() -eq '') {
+            $Content = Get-Content $(Build.StagingDirectory)/ReleaseConfigs/ReleaseConfigs.txt
 
-              $AzureDevOpsProject = $Env:System_TeamProject
-              $AzureDevOpsBuildDefinitionId = $Env:System_DefinitionId
-              $AzureDevOpsBuildId = $Env:Build_BuildId
-            }
-            else {
-              $buildApiEndpoint = "${Env:MaestroApiEndPoint}/api/builds/${Env:BARBuildId}?api-version=${Env:MaestroApiVersion}"
+            $BarId = $Content | Select -Index 0
+            $Channels = $Content | Select -Index 1             
+            $IsStableBuild = $Content | Select -Index 2
 
-              $apiHeaders = New-Object 'System.Collections.Generic.Dictionary[[String],[String]]'
-              $apiHeaders.Add('Accept', 'application/json')
-              $apiHeaders.Add('Authorization',"Bearer ${Env:MAESTRO_API_TOKEN}")
-
-              $buildInfo = try { Invoke-WebRequest -Method Get -Uri $buildApiEndpoint -Headers $apiHeaders | ConvertFrom-Json } catch { Write-Host "Error: $_" }
-             
-              $BarId = $Env:BARBuildId
-              $Channels = $Env:PromoteToMaestroChannels -split ","
-              $Channels = $Channels -join "]["
-              $Channels = "[$Channels]"
+            $AzureDevOpsProject = $Env:System_TeamProject
+            $AzureDevOpsBuildDefinitionId = $Env:System_DefinitionId
+            $AzureDevOpsBuildId = $Env:Build_BuildId
+          }
+          else {
+            $buildApiEndpoint = "${Env:MaestroApiEndPoint}/api/builds/${Env:BARBuildId}?api-version=${Env:MaestroApiVersion}"
 
-              $IsStableBuild = $buildInfo.stable
-              $AzureDevOpsProject = $buildInfo.azureDevOpsProject
-              $AzureDevOpsBuildDefinitionId = $buildInfo.azureDevOpsBuildDefinitionId
-              $AzureDevOpsBuildId = $buildInfo.azureDevOpsBuildId
-            }
+            $apiHeaders = New-Object 'System.Collections.Generic.Dictionary[[String],[String]]'
+            $apiHeaders.Add('Accept', 'application/json')
+            $apiHeaders.Add('Authorization',"Bearer ${Env:MAESTRO_API_TOKEN}")
 
-            Write-Host "##vso[task.setvariable variable=BARBuildId;isOutput=true]$BarId"
-            Write-Host "##vso[task.setvariable variable=TargetChannels;isOutput=true]$Channels"
-            Write-Host "##vso[task.setvariable variable=IsStableBuild;isOutput=true]$IsStableBuild"
+            $buildInfo = try { Invoke-WebRequest -Method Get -Uri $buildApiEndpoint -Headers $apiHeaders | ConvertFrom-Json } catch { Write-Host "Error: $_" }
+            
+            $BarId = $Env:BARBuildId
+            $Channels = $Env:PromoteToMaestroChannels -split ","
+            $Channels = $Channels -join "]["
+            $Channels = "[$Channels]"
 
-            Write-Host "##vso[task.setvariable variable=AzDOProjectName;isOutput=true]$AzureDevOpsProject"
-            Write-Host "##vso[task.setvariable variable=AzDOPipelineId;isOutput=true]$AzureDevOpsBuildDefinitionId"
-            Write-Host "##vso[task.setvariable variable=AzDOBuildId;isOutput=true]$AzureDevOpsBuildId"
+            $IsStableBuild = $buildInfo.stable
+            $AzureDevOpsProject = $buildInfo.azureDevOpsProject
+            $AzureDevOpsBuildDefinitionId = $buildInfo.azureDevOpsBuildDefinitionId
+            $AzureDevOpsBuildId = $buildInfo.azureDevOpsBuildId
           }
-          catch {
-            Write-Host $_
-            Write-Host $_.Exception
-            Write-Host $_.ScriptStackTrace
-            exit 1
-          }
-      env:
-        MAESTRO_API_TOKEN: $(MaestroApiAccessToken)
-        BARBuildId: ${{ parameters.BARBuildId }}
-        PromoteToMaestroChannels: ${{ parameters.PromoteToChannelIds }}
+
+          Write-Host "##vso[task.setvariable variable=BARBuildId]$BarId"
+          Write-Host "##vso[task.setvariable variable=TargetChannels]$Channels"
+          Write-Host "##vso[task.setvariable variable=IsStableBuild]$IsStableBuild"
+
+          Write-Host "##vso[task.setvariable variable=AzDOProjectName]$AzureDevOpsProject"
+          Write-Host "##vso[task.setvariable variable=AzDOPipelineId]$AzureDevOpsBuildDefinitionId"
+          Write-Host "##vso[task.setvariable variable=AzDOBuildId]$AzureDevOpsBuildId"
+        }
+        catch {
+          Write-Host $_
+          Write-Host $_.Exception
+          Write-Host $_.ScriptStackTrace
+          exit 1
+        }
+    env:
+      MAESTRO_API_TOKEN: $(MaestroApiAccessToken)
+      BARBuildId: ${{ parameters.BARBuildId }}
+      PromoteToMaestroChannels: ${{ parameters.PromoteToChannelIds }}

eng/common/templates/steps/execute-codeql.yml

@@ -0,0 +1,32 @@
+parameters:
+  # Language that should be analyzed. Defaults to csharp
+  language: csharp
+  # Build Commands
+  buildCommands: ''
+  overrideParameters: ''                                       # Optional: to override values for parameters.
+  additionalParameters: ''                                     # Optional: parameters that need user specific values eg: '-SourceToolsList @("abc","def") -ArtifactToolsList @("ghi","jkl")'
+  # Optional: if specified, restore and use this version of Guardian instead of the default.
+  overrideGuardianVersion: ''
+  # Optional: if true, publish the '.gdn' folder as a pipeline artifact. This can help with in-depth
+  # diagnosis of problems with specific tool configurations.
+  publishGuardianDirectoryToPipeline: false
+  # The script to run to execute all SDL tools. Use this if you want to use a script to define SDL
+  # parameters rather than relying on YAML. It may be better to use a local script, because you can
+  # reproduce results locally without piecing together a command based on the YAML.
+  executeAllSdlToolsScript: 'eng/common/sdl/execute-all-sdl-tools.ps1'
+  # There is some sort of bug (has been reported) in Azure DevOps where if this parameter is named
+  # 'continueOnError', the parameter value is not correctly picked up.
+  # This can also be remedied by the caller (post-build.yml) if it does not use a nested parameter
+  # optional: determines whether to continue the build if the step errors;
+  sdlContinueOnError: false
+
+steps:
+- template: /eng/common/templates/steps/execute-sdl.yml
+  parameters:
+    overrideGuardianVersion: ${{ parameters.overrideGuardianVersion }}
+    executeAllSdlToolsScript: ${{ parameters.executeAllSdlToolsScript }}
+    overrideParameters: ${{ parameters.overrideParameters }}
+    additionalParameters: '${{ parameters.additionalParameters }}
+      -CodeQLAdditionalRunConfigParams @("BuildCommands < ${{ parameters.buildCommands }}", "Language < ${{ parameters.language }}")'
+    publishGuardianDirectoryToPipeline: ${{ parameters.publishGuardianDirectoryToPipeline }}
+    sdlContinueOnError: ${{ parameters.sdlContinueOnError }}

eng/common/templates/steps/execute-sdl.yml

@@ -0,0 +1,86 @@
+parameters:
+  overrideGuardianVersion: ''
+  executeAllSdlToolsScript: ''
+  overrideParameters: ''
+  additionalParameters: ''
+  publishGuardianDirectoryToPipeline: false
+  sdlContinueOnError: false
+  condition: ''
+
+steps:
+- task: NuGetAuthenticate@1
+  inputs:
+    nuGetServiceConnections: GuardianConnect
+
+- task: NuGetToolInstaller@1
+  displayName: 'Install NuGet.exe'
+  
+- ${{ if ne(parameters.overrideGuardianVersion, '') }}:
+  - pwsh: |
+      . $(Build.SourcesDirectory)\eng\common\sdl\sdl.ps1
+      $guardianCliLocation = Install-Gdn -Path $(Build.SourcesDirectory)\.artifacts -Version ${{ parameters.overrideGuardianVersion }}
+      Write-Host "##vso[task.setvariable variable=GuardianCliLocation]$guardianCliLocation"
+    displayName: Install Guardian (Overridden)
+
+- ${{ if eq(parameters.overrideGuardianVersion, '') }}:
+  - pwsh: |
+      . $(Build.SourcesDirectory)\eng\common\sdl\sdl.ps1
+      $guardianCliLocation = Install-Gdn -Path $(Build.SourcesDirectory)\.artifacts
+      Write-Host "##vso[task.setvariable variable=GuardianCliLocation]$guardianCliLocation"
+    displayName: Install Guardian
+
+- ${{ if ne(parameters.overrideParameters, '') }}:
+  - powershell: ${{ parameters.executeAllSdlToolsScript }} ${{ parameters.overrideParameters }}
+    displayName: Execute SDL
+    continueOnError: ${{ parameters.sdlContinueOnError }}
+    condition: ${{ parameters.condition }}
+
+- ${{ if eq(parameters.overrideParameters, '') }}:
+  - powershell: ${{ parameters.executeAllSdlToolsScript }}
+      -GuardianCliLocation $(GuardianCliLocation)
+      -NugetPackageDirectory $(Build.SourcesDirectory)\.packages
+      -AzureDevOpsAccessToken $(dn-bot-dotnet-build-rw-code-rw)
+      ${{ parameters.additionalParameters }}
+    displayName: Execute SDL
+    continueOnError: ${{ parameters.sdlContinueOnError }}
+    condition: ${{ parameters.condition }}
+
+- ${{ if ne(parameters.publishGuardianDirectoryToPipeline, 'false') }}:
+  # We want to publish the Guardian results and configuration for easy diagnosis. However, the
+  # '.gdn' dir is a mix of configuration, results, extracted dependencies, and Guardian default
+  # tooling files. Some of these files are large and aren't useful during an investigation, so
+  # exclude them by simply deleting them before publishing. (As of writing, there is no documented
+  # way to selectively exclude a dir from the pipeline artifact publish task.)
+  - task: DeleteFiles@1
+    displayName: Delete Guardian dependencies to avoid uploading
+    inputs:
+      SourceFolder: $(Agent.BuildDirectory)/.gdn
+      Contents: |
+        c
+        i
+    condition: succeededOrFailed()
+
+  - publish: $(Agent.BuildDirectory)/.gdn
+    artifact: GuardianConfiguration
+    displayName: Publish GuardianConfiguration
+    condition: succeededOrFailed()
+
+  # Publish the SARIF files in a container named CodeAnalysisLogs to enable integration
+  # with the "SARIF SAST Scans Tab" Azure DevOps extension
+  - task: CopyFiles@2
+    displayName: Copy SARIF files
+    inputs:
+      flattenFolders: true
+      sourceFolder:  $(Agent.BuildDirectory)/.gdn/rc/
+      contents: '**/*.sarif'
+      targetFolder: $(Build.SourcesDirectory)/CodeAnalysisLogs
+    condition: succeededOrFailed()
+
+  # Use PublishBuildArtifacts because the SARIF extension only checks this case
+  # see microsoft/sarif-azuredevops-extension#4
+  - task: PublishBuildArtifacts@1
+    displayName: Publish SARIF files to CodeAnalysisLogs container
+    inputs:
+      pathToPublish:  $(Build.SourcesDirectory)/CodeAnalysisLogs
+      artifactName: CodeAnalysisLogs
+    condition: succeededOrFailed()

eng/common/templates/steps/generate-sbom.yml

@@ -0,0 +1,44 @@
+# BuildDropPath - The root folder of the drop directory for which the manifest file will be generated.
+# PackageName - The name of the package this SBOM represents.
+# PackageVersion - The version of the package this SBOM represents. 
+# ManifestDirPath - The path of the directory where the generated manifest files will be placed
+
+parameters:
+  PackageVersion: 7.0.0
+  BuildDropPath: '$(Build.SourcesDirectory)/artifacts'
+  PackageName: '.NET'
+  ManifestDirPath: $(Build.ArtifactStagingDirectory)/sbom
+  sbomContinueOnError: true
+
+steps:
+- task: PowerShell@2 
+  displayName: Prep for SBOM generation in (Non-linux)
+  condition: or(eq(variables['Agent.Os'], 'Windows_NT'), eq(variables['Agent.Os'], 'Darwin'))
+  inputs: 
+    filePath: ./eng/common/generate-sbom-prep.ps1
+    arguments: ${{parameters.manifestDirPath}}
+
+# Chmodding is a workaround for https://github.com/dotnet/arcade/issues/8461
+- script: |
+    chmod +x ./eng/common/generate-sbom-prep.sh
+    ./eng/common/generate-sbom-prep.sh ${{parameters.manifestDirPath}}
+  displayName: Prep for SBOM generation in (Linux)
+  condition: eq(variables['Agent.Os'], 'Linux')
+  continueOnError: ${{ parameters.sbomContinueOnError }}
+
+- task: AzureArtifacts.manifest-generator-task.manifest-generator-task.ManifestGeneratorTask@0
+  displayName: 'Generate SBOM manifest'
+  continueOnError: ${{ parameters.sbomContinueOnError }}
+  inputs:
+      PackageName: ${{ parameters.packageName }}
+      BuildDropPath: ${{ parameters.buildDropPath }}
+      PackageVersion: ${{ parameters.packageVersion }}
+      ManifestDirPath: ${{ parameters.manifestDirPath }}
+
+- task: PublishPipelineArtifact@1
+  displayName: Publish SBOM manifest
+  continueOnError: ${{parameters.sbomContinueOnError}}
+  inputs:
+    targetPath: '${{parameters.manifestDirPath}}'
+    artifactName: $(ARTIFACT_NAME)
+

eng/common/templates/steps/retain-build.yml

@@ -0,0 +1,28 @@
+parameters:
+  # Optional azure devops PAT with build execute permissions for the build's organization,
+  # only needed if the build that should be retained ran on a different organization than 
+  # the pipeline where this template is executing from
+  Token: ''
+  # Optional BuildId to retain, defaults to the current running build
+  BuildId: ''
+  # Azure devops Organization URI for the build in the https://dev.azure.com/<organization> format.
+  # Defaults to the organization the current pipeline is running on
+  AzdoOrgUri: '$(System.CollectionUri)'
+  # Azure devops project for the build. Defaults to the project the current pipeline is running on
+  AzdoProject: '$(System.TeamProject)'
+
+steps:
+  - task: powershell@2
+    inputs:
+      targetType: 'filePath'
+      filePath: eng/common/retain-build.ps1
+      pwsh: true
+      arguments: >
+        -AzdoOrgUri: ${{parameters.AzdoOrgUri}}
+        -AzdoProject ${{parameters.AzdoProject}}
+        -Token ${{coalesce(parameters.Token, '$env:SYSTEM_ACCESSTOKEN') }}
+        -BuildId ${{coalesce(parameters.BuildId, '$env:BUILD_ID')}}
+    displayName: Enable permanent build retention
+    env:
+      SYSTEM_ACCESSTOKEN: $(System.AccessToken)
+      BUILD_ID: $(Build.BuildId)

eng/common/templates/steps/send-to-helix.yml

@@ -3,7 +3,7 @@ parameters:
   HelixSource: 'pr/default'              # required -- sources must start with pr/, official/, prodcon/, or agent/
   HelixType: 'tests/default/'            # required -- Helix telemetry which identifies what type of data this is; should include "test" for clarity and must end in '/'
   HelixBuild: $(Build.BuildNumber)       # required -- the build number Helix will use to identify this -- automatically set to the AzDO build number
-  HelixTargetQueues: ''                  # required -- semicolon delimited list of Helix queues to test on; see https://helix.dot.net/ for a list of queues
+  HelixTargetQueues: ''                  # required -- semicolon-delimited list of Helix queues to test on; see https://helix.dot.net/ for a list of queues
   HelixAccessToken: ''                   # required -- access token to make Helix API requests; should be provided by the appropriate variable group
   HelixConfiguration: ''                 # optional -- additional property attached to a job
   HelixPreCommands: ''                   # optional -- commands to run before Helix work item execution
@@ -12,7 +12,7 @@ parameters:
   WorkItemCommand: ''                    # optional -- a command to execute on the payload; requires WorkItemDirectory; incompatible with XUnitProjects
   WorkItemTimeout: ''                    # optional -- a timeout in TimeSpan.Parse-ready value (e.g. 00:02:00) for the work item command; requires WorkItemDirectory; incompatible with XUnitProjects
   CorrelationPayloadDirectory: ''        # optional -- a directory to zip up and send to Helix as a correlation payload
-  XUnitProjects: ''                      # optional -- semicolon delimited list of XUnitProjects to parse and send to Helix; requires XUnitRuntimeTargetFramework, XUnitPublishTargetFramework, XUnitRunnerVersion, and IncludeDotNetCli=true
+  XUnitProjects: ''                      # optional -- semicolon-delimited list of XUnitProjects to parse and send to Helix; requires XUnitRuntimeTargetFramework, XUnitPublishTargetFramework, XUnitRunnerVersion, and IncludeDotNetCli=true
   XUnitWorkItemTimeout: ''               # optional -- the workitem timeout in seconds for all workitems created from the xUnit projects specified by XUnitProjects
   XUnitPublishTargetFramework: ''        # optional -- framework to use to publish your xUnit projects
   XUnitRuntimeTargetFramework: ''        # optional -- framework to use for the xUnit console runner
@@ -20,17 +20,16 @@ parameters:
   IncludeDotNetCli: false                # optional -- true will download a version of the .NET CLI onto the Helix machine as a correlation payload; requires DotNetCliPackageType and DotNetCliVersion
   DotNetCliPackageType: ''               # optional -- either 'sdk', 'runtime' or 'aspnetcore-runtime'; determines whether the sdk or runtime will be sent to Helix; see https://raw.githubusercontent.com/dotnet/core/main/release-notes/releases-index.json
   DotNetCliVersion: ''                   # optional -- version of the CLI to send to Helix; based on this: https://raw.githubusercontent.com/dotnet/core/main/release-notes/releases-index.json
-  EnableXUnitReporter: false             # optional -- true enables XUnit result reporting to Mission Control
   WaitForWorkItemCompletion: true        # optional -- true will make the task wait until work items have been completed and fail the build if work items fail. False is "fire and forget."
   IsExternal: false                      # [DEPRECATED] -- doesn't do anything, jobs are external if HelixAccessToken is empty and Creator is set
-  HelixBaseUri: 'https://helix.dot.net/' # optional -- sets the Helix API base URI (allows targeting int)
+  HelixBaseUri: 'https://helix.dot.net/' # optional -- sets the Helix API base URI (allows targeting https://helix.int-dot.net )
   Creator: ''                            # optional -- if the build is external, use this to specify who is sending the job
   DisplayNamePrefix: 'Run Tests'         # optional -- rename the beginning of the displayName of the steps in AzDO 
   condition: succeeded()                 # optional -- condition for step to execute; defaults to succeeded()
   continueOnError: false                 # optional -- determines whether to continue the build if the step errors; defaults to false
 
 steps:
-  - powershell: 'powershell "$env:BUILD_SOURCESDIRECTORY\eng\common\msbuild.ps1 $env:BUILD_SOURCESDIRECTORY\eng\common\helixpublish.proj /restore /t:Test /bl:$env:BUILD_SOURCESDIRECTORY\artifacts\log\$env:BuildConfig\SendToHelix.binlog"'
+  - powershell: 'powershell "$env:BUILD_SOURCESDIRECTORY\eng\common\msbuild.ps1 $env:BUILD_SOURCESDIRECTORY\eng\common\helixpublish.proj /restore /p:TreatWarningsAsErrors=false /t:Test /bl:$env:BUILD_SOURCESDIRECTORY\artifacts\log\$env:BuildConfig\SendToHelix.binlog"'
     displayName: ${{ parameters.DisplayNamePrefix }} (Windows)
     env:
       BuildConfig: $(_BuildConfig)
@@ -54,14 +53,13 @@ steps:
       IncludeDotNetCli: ${{ parameters.IncludeDotNetCli }}
       DotNetCliPackageType: ${{ parameters.DotNetCliPackageType }}
       DotNetCliVersion: ${{ parameters.DotNetCliVersion }}
-      EnableXUnitReporter: ${{ parameters.EnableXUnitReporter }}
       WaitForWorkItemCompletion: ${{ parameters.WaitForWorkItemCompletion }}
       HelixBaseUri: ${{ parameters.HelixBaseUri }}
       Creator: ${{ parameters.Creator }}
       SYSTEM_ACCESSTOKEN: $(System.AccessToken)
     condition: and(${{ parameters.condition }}, eq(variables['Agent.Os'], 'Windows_NT'))
     continueOnError: ${{ parameters.continueOnError }}
-  - script: $BUILD_SOURCESDIRECTORY/eng/common/msbuild.sh $BUILD_SOURCESDIRECTORY/eng/common/helixpublish.proj /restore /t:Test /bl:$BUILD_SOURCESDIRECTORY/artifacts/log/$BuildConfig/SendToHelix.binlog
+  - script: $BUILD_SOURCESDIRECTORY/eng/common/msbuild.sh $BUILD_SOURCESDIRECTORY/eng/common/helixpublish.proj /restore /p:TreatWarningsAsErrors=false /t:Test /bl:$BUILD_SOURCESDIRECTORY/artifacts/log/$BuildConfig/SendToHelix.binlog
     displayName: ${{ parameters.DisplayNamePrefix }} (Unix)
     env:
       BuildConfig: $(_BuildConfig)
@@ -85,7 +83,6 @@ steps:
       IncludeDotNetCli: ${{ parameters.IncludeDotNetCli }}
       DotNetCliPackageType: ${{ parameters.DotNetCliPackageType }}
       DotNetCliVersion: ${{ parameters.DotNetCliVersion }}
-      EnableXUnitReporter: ${{ parameters.EnableXUnitReporter }}
       WaitForWorkItemCompletion: ${{ parameters.WaitForWorkItemCompletion }}
       HelixBaseUri: ${{ parameters.HelixBaseUri }}
       Creator: ${{ parameters.Creator }}

eng/common/templates/steps/source-build.yml

@@ -23,7 +23,7 @@ steps:
     # In addition, add an msbuild argument to copy the WIP from the repo to the target build location.
     # This is because SetupNuGetSources.sh will alter the current NuGet.config file, and we need to preserve those
     # changes.
-    $internalRestoreArgs=
+    internalRestoreArgs=
     if [ '$(dn-bot-dnceng-artifact-feeds-rw)' != '$''(dn-bot-dnceng-artifact-feeds-rw)' ]; then
       # Temporarily work around https://github.com/dotnet/arcade/issues/7709
       chmod +x $(Build.SourcesDirectory)/eng/common/SetupNugetSources.sh
@@ -43,8 +43,8 @@ steps:
     # In that case, add variables to allow the download of internal runtimes if the specified versions are not found
     # in the default public locations.
     internalRuntimeDownloadArgs=
-    if [ '$(dotnetclimsrc-read-sas-token-base64)' != '$''(dotnetclimsrc-read-sas-token-base64)' ]; then
-      internalRuntimeDownloadArgs='/p:DotNetRuntimeSourceFeed=https://dotnetclimsrc.blob.core.windows.net/dotnet /p:DotNetRuntimeSourceFeedKey=$(dotnetclimsrc-read-sas-token-base64) --runtimesourcefeed https://dotnetclimsrc.blob.core.windows.net/dotnet --runtimesourcefeedkey $(dotnetclimsrc-read-sas-token-base64)'
+    if [ '$(dotnetbuilds-internal-container-read-token-base64)' != '$''(dotnetbuilds-internal-container-read-token-base64)' ]; then
+      internalRuntimeDownloadArgs='/p:DotNetRuntimeSourceFeed=https://dotnetbuilds.blob.core.windows.net/internal /p:DotNetRuntimeSourceFeedKey=$(dotnetbuilds-internal-container-read-token-base64) --runtimesourcefeed https://dotnetbuilds.blob.core.windows.net/internal --runtimesourcefeedkey $(dotnetbuilds-internal-container-read-token-base64)'
     fi
 
     buildConfig=Release

eng/common/templates/variables/sdl-variables.yml

@@ -0,0 +1,7 @@
+variables:
+# The Guardian version specified in 'eng/common/sdl/packages.config'. This value must be kept in
+# sync with the packages.config file.
+- name: DefaultGuardianVersion
+  value: 0.109.0
+- name: GuardianPackagesConfigFile
+  value: $(Build.SourcesDirectory)\eng\common\sdl\packages.config

eng/common/tools.ps1

@@ -163,9 +163,6 @@ function InitializeDotNetCli([bool]$install, [bool]$createSdkLocationFile) {
   # Disable telemetry on CI.
   if ($ci) {
     $env:DOTNET_CLI_TELEMETRY_OPTOUT=1
- 
-    # In case of network error, try to log the current IP for reference
-    Try-LogClientIpAddress
   }
 
   # Source Build uses DotNetCoreSdkDir variable
@@ -301,31 +298,44 @@ function InstallDotNet([string] $dotnetRoot,
   if ($skipNonVersionedFiles) { $installParameters.SkipNonVersionedFiles = $skipNonVersionedFiles }
   if ($noPath) { $installParameters.NoPath = $True }
 
-  try {
-    & $installScript @installParameters
-  }
-  catch {
-    if ($runtimeSourceFeed -or $runtimeSourceFeedKey) {
-      Write-Host "Failed to install dotnet from public location. Trying from '$runtimeSourceFeed'"
-      if ($runtimeSourceFeed) { $installParameters.AzureFeed = $runtimeSourceFeed }
+  $variations = @()
+  $variations += @($installParameters)
 
-      if ($runtimeSourceFeedKey) {
-        $decodedBytes = [System.Convert]::FromBase64String($runtimeSourceFeedKey)
-        $decodedString = [System.Text.Encoding]::UTF8.GetString($decodedBytes)
-        $installParameters.FeedCredential = $decodedString
-      }
+  $dotnetBuilds = $installParameters.Clone()
+  $dotnetbuilds.AzureFeed = "https://dotnetbuilds.azureedge.net/public"
+  $variations += @($dotnetBuilds)
 
-      try {
-        & $installScript @installParameters
-      }
-      catch {
-        Write-PipelineTelemetryError -Category 'InitializeToolset' -Message "Failed to install dotnet from custom location '$runtimeSourceFeed'."
-        ExitWithExitCode 1
-      }
+  if ($runtimeSourceFeed) {
+    $runtimeSource = $installParameters.Clone()
+    $runtimeSource.AzureFeed = $runtimeSourceFeed
+    if ($runtimeSourceFeedKey) {
+      $decodedBytes = [System.Convert]::FromBase64String($runtimeSourceFeedKey)
+      $decodedString = [System.Text.Encoding]::UTF8.GetString($decodedBytes)
+      $runtimeSource.FeedCredential = $decodedString
+    }
+    $variations += @($runtimeSource)
+  }
+
+  $installSuccess = $false
+  foreach ($variation in $variations) {
+    if ($variation | Get-Member AzureFeed) {
+      $location = $variation.AzureFeed
     } else {
-      Write-PipelineTelemetryError -Category 'InitializeToolset' -Message "Failed to install dotnet from public location."
-      ExitWithExitCode 1
+      $location = "public location";
+    }
+    Write-Host "Attempting to install dotnet from $location."
+    try {
+      & $installScript @variation
+      $installSuccess = $true
+      break
     }
+    catch {
+      Write-Host "Failed to install dotnet from $location."
+    }
+  }
+  if (-not $installSuccess) {
+    Write-PipelineTelemetryError -Category 'InitializeToolset' -Message "Failed to install dotnet from any of the specified locations."
+    ExitWithExitCode 1
   }
 }
 
@@ -355,10 +365,17 @@ function InitializeVisualStudioMSBuild([bool]$install, [object]$vsRequirements =
 
   # If the version of msbuild is going to be xcopied,
   # use this version. Version matches a package here:
-  # https://dev.azure.com/dnceng/public/_packaging?_a=package&feed=dotnet-eng&package=RoslynTools.MSBuild&protocolType=NuGet&version=16.10.0-preview2&view=overview
-  $defaultXCopyMSBuildVersion = '16.10.0-preview2'
+  # https://dev.azure.com/dnceng/public/_packaging?_a=package&feed=dotnet-eng&package=RoslynTools.MSBuild&protocolType=NuGet&version=17.3.1view=overview
+  $defaultXCopyMSBuildVersion = '17.3.1'
 
-  if (!$vsRequirements) { $vsRequirements = $GlobalJson.tools.vs }
+  if (!$vsRequirements) {
+    if (Get-Member -InputObject $GlobalJson.tools -Name 'vs') {
+      $vsRequirements = $GlobalJson.tools.vs
+    }
+    else {
+      $vsRequirements = New-Object PSObject -Property @{ version = $vsMinVersionReqdStr }
+    }
+  }
   $vsMinVersionStr = if ($vsRequirements.version) { $vsRequirements.version } else { $vsMinVersionReqdStr }
   $vsMinVersion = [Version]::new($vsMinVersionStr)
 
@@ -563,7 +580,7 @@ function InitializeBuildTool() {
       ExitWithExitCode 1
     }
     $dotnetPath = Join-Path $dotnetRoot (GetExecutableFileName 'dotnet')
-    $buildTool = @{ Path = $dotnetPath; Command = 'msbuild'; Tool = 'dotnet'; Framework = 'netcoreapp3.1' }
+    $buildTool = @{ Path = $dotnetPath; Command = 'msbuild'; Tool = 'dotnet'; Framework = 'net7.0' }
   } elseif ($msbuildEngine -eq "vs") {
     try {
       $msbuildPath = InitializeVisualStudioMSBuild -install:$restore
@@ -625,6 +642,10 @@ function InitializeNativeTools() {
         InstallDirectory = "$ToolsDir"
       }
     }
+    if ($env:NativeToolsOnMachine) {
+      Write-Host "Variable NativeToolsOnMachine detected, enabling native tool path promotion..."
+      $nativeArgs += @{ PathPromotion = $true }
+    }
     & "$PSScriptRoot/init-tools-native.ps1" @nativeArgs
   }
 }
@@ -882,24 +903,6 @@ if (!$disableConfigureToolsetImport) {
   }
 }
 
-function Try-LogClientIpAddress()
-{
-    Write-Host "Attempting to log this client's IP for Azure Package feed telemetry purposes"
-    try
-    {
-        $result = Invoke-WebRequest -Uri "http://co1.msedge.net/fdv2/diagnostics.aspx" -UseBasicParsing
-        $lines = $result.Content.Split([Environment]::NewLine) 
-        $socketIp = $lines | Select-String -Pattern "^Socket IP:.*"
-        Write-Host $socketIp
-        $clientIp = $lines | Select-String -Pattern "^Client IP:.*"
-        Write-Host $clientIp
-    }
-    catch
-    {
-        Write-Host "Unable to get this machine's effective IP address for logging: $_"
-    }
-}
-
 #
 # If $ci flag is set, turn on (and log that we did) special environment variables for improved Nuget client retry logic.
 #

eng/common/tools.sh

@@ -178,7 +178,7 @@ function InstallDotNetSdk {
   if [[ $# -ge 3 ]]; then
     architecture=$3
   fi
-  InstallDotNet "$root" "$version" $architecture 'sdk' 'false' $runtime_source_feed $runtime_source_feed_key
+  InstallDotNet "$root" "$version" $architecture 'sdk' 'true' $runtime_source_feed $runtime_source_feed_key
 }
 
 function InstallDotNet {
@@ -188,28 +188,29 @@ function InstallDotNet {
   GetDotNetInstallScript "$root"
   local install_script=$_GetDotNetInstallScript
 
-  local archArg=''
+  local installParameters=(--version $version --install-dir "$root")
+
   if [[ -n "${3:-}" ]] && [ "$3" != 'unset' ]; then
-    archArg="--architecture $3"
+    installParameters+=(--architecture $3)
   fi
-  local runtimeArg=''
   if [[ -n "${4:-}" ]] && [ "$4" != 'sdk' ]; then
-    runtimeArg="--runtime $4"
+    installParameters+=(--runtime $4)
   fi
-  local skipNonVersionedFilesArg=""
   if [[ "$#" -ge "5" ]] && [[ "$5" != 'false' ]]; then
-    skipNonVersionedFilesArg="--skip-non-versioned-files"
+    installParameters+=(--skip-non-versioned-files)
   fi
-  bash "$install_script" --version $version --install-dir "$root" $archArg $runtimeArg $skipNonVersionedFilesArg || {
-    local exit_code=$?
-    echo "Failed to install dotnet SDK from public location (exit code '$exit_code')."
 
-    local runtimeSourceFeed=''
-    if [[ -n "${6:-}" ]]; then
-      runtimeSourceFeed="--azure-feed $6"
-    fi
+  local variations=() # list of variable names with parameter arrays in them
+
+  local public_location=("${installParameters[@]}")
+  variations+=(public_location)
 
-    local runtimeSourceFeedKey=''
+  local dotnetbuilds=("${installParameters[@]}" --azure-feed "https://dotnetbuilds.azureedge.net/public")
+  variations+=(dotnetbuilds)
+
+  if [[ -n "${6:-}" ]]; then
+    variations+=(private_feed)
+    local private_feed=("${installParameters[@]}" --azure-feed $6)
     if [[ -n "${7:-}" ]]; then
       # The 'base64' binary on alpine uses '-d' and doesn't support '--decode'
       # '-d'. To work around this, do a simple detection and switch the parameter
@@ -219,22 +220,27 @@ function InstallDotNet {
           decodeArg="-d"
       fi
       decodedFeedKey=`echo $7 | base64 $decodeArg`
-      runtimeSourceFeedKey="--feed-credential $decodedFeedKey"
+      private_feed+=(--feed-credential $decodedFeedKey)
     fi
+  fi
 
-    if [[ -n "$runtimeSourceFeed" || -n "$runtimeSourceFeedKey" ]]; then
-      bash "$install_script" --version $version --install-dir "$root" $archArg $runtimeArg $skipNonVersionedFilesArg $runtimeSourceFeed $runtimeSourceFeedKey || {
-        local exit_code=$?
-        Write-PipelineTelemetryError -category 'InitializeToolset' "Failed to install dotnet SDK from custom location '$runtimeSourceFeed' (exit code '$exit_code')."
-        ExitWithExitCode $exit_code
-      }
-    else
-      if [[ $exit_code != 0 ]]; then
-        Write-PipelineTelemetryError -category 'InitializeToolset' "Failed to install dotnet SDK from public location (exit code '$exit_code')."
-      fi
-      ExitWithExitCode $exit_code
+  local installSuccess=0
+  for variationName in "${variations[@]}"; do
+    local name="$variationName[@]"
+    local variation=("${!name}")
+    echo "Attempting to install dotnet from $variationName."
+    bash "$install_script" "${variation[@]}" && installSuccess=1
+    if [[ "$installSuccess" -eq 1 ]]; then
+      break
     fi
-  }
+
+    echo "Failed to install dotnet from $variationName."
+  done
+
+  if [[ "$installSuccess" -eq 0 ]]; then
+    Write-PipelineTelemetryError -category 'InitializeToolset' "Failed to install dotnet SDK from any of the specified locations."
+    ExitWithExitCode 1
+  fi
 }
 
 function with_retries {
@@ -306,7 +312,7 @@ function InitializeBuildTool {
   # return values
   _InitializeBuildTool="$_InitializeDotNetCli/dotnet"
   _InitializeBuildToolCommand="msbuild"
-  _InitializeBuildToolFramework="netcoreapp3.1"
+  _InitializeBuildToolFramework="net7.0"
 }
 
 # Set RestoreNoCache as a workaround for https://github.com/NuGet/Home/issues/3116
@@ -399,13 +405,6 @@ function StopProcesses {
   return 0
 }
 
-function TryLogClientIpAddress () {
-  echo 'Attempting to log this client''s IP for Azure Package feed telemetry purposes'
-  if command -v curl > /dev/null; then
-    curl -s 'http://co1.msedge.net/fdv2/diagnostics.aspx' | grep ' IP: ' || true
-  fi
-}
-
 function MSBuild {
   local args=$@
   if [[ "$pipelines_log" == true ]]; then