From 66c787891e4032897eb5df029c11ea97a5a4b89a Mon Sep 17 00:00:00 2001
From: "dotnet-maestro[bot]"
 <42748379+dotnet-maestro[bot]@users.noreply.github.com>
Date: Mon, 20 Nov 2023 21:01:01 +0000
Subject: [PATCH 1/2] [release/6.0.1xx] Update dependencies from dotnet/arcade
 (#17517)

[release/6.0.1xx] Update dependencies from dotnet/arcade


 - Merge branch 'release/6.0.1xx' of https://github.com/dotnet/installer into darc-release/6.0.1xx-25252fb3-bc5a-4401-85d9-c93e83346b2b

 - Merge branch 'release/6.0.1xx' into darc-release/6.0.1xx-25252fb3-bc5a-4401-85d9-c93e83346b2b
---
 NuGet.config                                |  9 -----
 eng/Version.Details.xml                     | 12 +++---
 eng/Versions.props                          |  2 +-
 eng/common/retain-build.ps1                 | 45 +++++++++++++++++++++
 eng/common/templates/jobs/source-build.yml  |  2 +-
 eng/common/templates/steps/retain-build.yml | 28 +++++++++++++
 global.json                                 |  6 +--
 7 files changed, 84 insertions(+), 20 deletions(-)
 create mode 100644 eng/common/retain-build.ps1
 create mode 100644 eng/common/templates/steps/retain-build.yml

diff --git a/NuGet.config b/NuGet.config
index a735b4622..dd632b04b 100644
--- a/NuGet.config
+++ b/NuGet.config
@@ -7,21 +7,16 @@
     <clear />
     <!--Begin: Package sources managed by Dependency Flow automation. Do not edit the sources below.-->
     <!--  Begin: Package sources from dotnet-aspnetcore -->
-    <add key="darc-int-dotnet-aspnetcore-36be7ed" value="https://pkgs.dev.azure.com/dnceng/internal/_packaging/darc-int-dotnet-aspnetcore-36be7ed6/nuget/v3/index.json" />
     <!--  End: Package sources from dotnet-aspnetcore -->
     <!--  Begin: Package sources from dotnet-emsdk -->
-    <add key="darc-pub-dotnet-emsdk-d8bc162" value="https://pkgs.dev.azure.com/dnceng/public/_packaging/darc-pub-dotnet-emsdk-d8bc162c/nuget/v3/index.json" />
     <!--  End: Package sources from dotnet-emsdk -->
     <!--  Begin: Package sources from DotNet-msbuild-Trusted -->
     <!--  End: Package sources from DotNet-msbuild-Trusted -->
     <!--  Begin: Package sources from dotnet-runtime -->
-    <add key="darc-int-dotnet-runtime-492abbe" value="https://pkgs.dev.azure.com/dnceng/internal/_packaging/darc-int-dotnet-runtime-492abbee/nuget/v3/index.json" />
     <!--  End: Package sources from dotnet-runtime -->
     <!--  Begin: Package sources from dotnet-templating -->
-    <add key="darc-int-dotnet-templating-7e5c022" value="https://pkgs.dev.azure.com/dnceng/internal/_packaging/darc-int-dotnet-templating-7e5c0220/nuget/v3/index.json" />
     <!--  End: Package sources from dotnet-templating -->
     <!--  Begin: Package sources from dotnet-windowsdesktop -->
-    <add key="darc-int-dotnet-windowsdesktop-a74946f" value="https://pkgs.dev.azure.com/dnceng/internal/_packaging/darc-int-dotnet-windowsdesktop-a74946f8/nuget/v3/index.json" />
     <!--  End: Package sources from dotnet-windowsdesktop -->
     <!--End: Package sources managed by Dependency Flow automation. Do not edit the sources above.-->
     <add key="dotnet-tools" value="https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-tools/nuget/v3/index.json" />
@@ -42,17 +37,13 @@
   <disabledPackageSources>
     <!--Begin: Package sources managed by Dependency Flow automation. Do not edit the sources below.-->
     <!--  Begin: Package sources from dotnet-aspnetcore -->
-    <add key="darc-int-dotnet-aspnetcore-36be7ed" value="true" />
     <!--  Begin: Package sources from DotNet-msbuild-Trusted -->
     <!--  End: Package sources from DotNet-msbuild-Trusted -->
     <!--  End: Package sources from dotnet-aspnetcore -->
     <!--  Begin: Package sources from dotnet-runtime -->
-    <add key="darc-int-dotnet-runtime-492abbe" value="true" />
     <!--  Begin: Package sources from dotnet-templating -->
-    <add key="darc-int-dotnet-templating-7e5c022" value="true" />
     <!--  End: Package sources from dotnet-templating -->
     <!--  Begin: Package sources from dotnet-windowsdesktop -->
-    <add key="darc-int-dotnet-windowsdesktop-a74946f" value="true" />
     <!--  End: Package sources from dotnet-windowsdesktop -->
     <!--  End: Package sources from dotnet-runtime -->
     <!--  Begin: Package sources from dotnet-windowsdesktop -->
diff --git a/eng/Version.Details.xml b/eng/Version.Details.xml
index d7af92d1e..039431cba 100644
--- a/eng/Version.Details.xml
+++ b/eng/Version.Details.xml
@@ -197,19 +197,19 @@
     </Dependency>
   </ProductDependencies>
   <ToolsetDependencies>
-    <Dependency Name="Microsoft.DotNet.Arcade.Sdk" Version="6.0.0-beta.23408.5">
+    <Dependency Name="Microsoft.DotNet.Arcade.Sdk" Version="6.0.0-beta.23517.3">
       <Uri>https://github.com/dotnet/arcade</Uri>
-      <Sha>98fd22588fbb0f407faa6a74cb1aa79031306151</Sha>
+      <Sha>7c67805da0adbf4e72f2f4799b63efcf1cc8fe4c</Sha>
       <SourceBuild RepoName="arcade" ManagedOnly="true" />
     </Dependency>
-    <Dependency Name="Microsoft.DotNet.CMake.Sdk" Version="6.0.0-beta.23408.5">
+    <Dependency Name="Microsoft.DotNet.CMake.Sdk" Version="6.0.0-beta.23517.3">
       <Uri>https://github.com/dotnet/arcade</Uri>
-      <Sha>98fd22588fbb0f407faa6a74cb1aa79031306151</Sha>
+      <Sha>7c67805da0adbf4e72f2f4799b63efcf1cc8fe4c</Sha>
       <SourceBuild RepoName="arcade" ManagedOnly="true" />
     </Dependency>
-    <Dependency Name="Microsoft.DotNet.Build.Tasks.Installers" Version="6.0.0-beta.23408.5">
+    <Dependency Name="Microsoft.DotNet.Build.Tasks.Installers" Version="6.0.0-beta.23517.3">
       <Uri>https://github.com/dotnet/arcade</Uri>
-      <Sha>98fd22588fbb0f407faa6a74cb1aa79031306151</Sha>
+      <Sha>7c67805da0adbf4e72f2f4799b63efcf1cc8fe4c</Sha>
     </Dependency>
     <Dependency Name="Microsoft.SourceBuild.Intermediate.source-build-reference-packages" Version="6.0.0-servicing.22570.2">
       <Uri>https://github.com/dotnet/source-build-reference-packages</Uri>
diff --git a/eng/Versions.props b/eng/Versions.props
index c858d3a61..616f2592a 100644
--- a/eng/Versions.props
+++ b/eng/Versions.props
@@ -19,7 +19,7 @@
   </PropertyGroup>
   <PropertyGroup>
     <!-- Dependency from https://github.com/dotnet/arcade -->
-    <MicrosoftDotNetBuildTasksInstallersPackageVersion>6.0.0-beta.23408.5</MicrosoftDotNetBuildTasksInstallersPackageVersion>
+    <MicrosoftDotNetBuildTasksInstallersPackageVersion>6.0.0-beta.23517.3</MicrosoftDotNetBuildTasksInstallersPackageVersion>
   </PropertyGroup>
   <PropertyGroup>
     <!-- Dependency from https://github.com/dotnet/winforms -->
diff --git a/eng/common/retain-build.ps1 b/eng/common/retain-build.ps1
new file mode 100644
index 000000000..e7ba975ad
--- /dev/null
+++ b/eng/common/retain-build.ps1
@@ -0,0 +1,45 @@
+
+Param(
+[Parameter(Mandatory=$true)][int] $buildId,
+[Parameter(Mandatory=$true)][string] $azdoOrgUri, 
+[Parameter(Mandatory=$true)][string] $azdoProject,
+[Parameter(Mandatory=$true)][string] $token
+)
+
+$ErrorActionPreference = 'Stop'
+Set-StrictMode -Version 2.0
+
+function Get-AzDOHeaders(
+    [string] $token)
+{
+    $base64AuthInfo = [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(":${token}"))
+    $headers = @{"Authorization"="Basic $base64AuthInfo"}
+    return $headers
+}
+
+function Update-BuildRetention(
+    [string] $azdoOrgUri,
+    [string] $azdoProject,
+    [int] $buildId,
+    [string] $token)
+{
+    $headers = Get-AzDOHeaders -token $token
+    $requestBody = "{
+        `"keepForever`": `"true`"
+    }"
+
+    $requestUri = "${azdoOrgUri}/${azdoProject}/_apis/build/builds/${buildId}?api-version=6.0"
+    write-Host "Attempting to retain build using the following URI: ${requestUri} ..."
+
+    try {
+        Invoke-RestMethod -Uri $requestUri -Method Patch -Body $requestBody -Header $headers -contentType "application/json"
+        Write-Host "Updated retention settings for build ${buildId}."
+    }
+    catch {
+        Write-Error "Failed to update retention settings for build: $_.Exception.Response.StatusDescription"
+        exit 1
+    }
+}
+
+Update-BuildRetention -azdoOrgUri $azdoOrgUri -azdoProject $azdoProject -buildId $buildId -token $token
+exit 0
diff --git a/eng/common/templates/jobs/source-build.yml b/eng/common/templates/jobs/source-build.yml
index 7c240e654..00aa98eb3 100644
--- a/eng/common/templates/jobs/source-build.yml
+++ b/eng/common/templates/jobs/source-build.yml
@@ -14,7 +14,7 @@ parameters:
   # This is the default platform provided by Arcade, intended for use by a managed-only repo.
   defaultManagedPlatform:
     name: 'Managed'
-    container: 'mcr.microsoft.com/dotnet-buildtools/prereqs:centos-7'
+    container: 'mcr.microsoft.com/dotnet-buildtools/prereqs:centos-7-3e800f1-20190501005343'
 
   # Defines the platforms on which to run build jobs. One job is created for each platform, and the
   # object in this array is sent to the job template as 'platform'. If no platforms are specified,
diff --git a/eng/common/templates/steps/retain-build.yml b/eng/common/templates/steps/retain-build.yml
new file mode 100644
index 000000000..83d97a26a
--- /dev/null
+++ b/eng/common/templates/steps/retain-build.yml
@@ -0,0 +1,28 @@
+parameters:
+  # Optional azure devops PAT with build execute permissions for the build's organization,
+  # only needed if the build that should be retained ran on a different organization than 
+  # the pipeline where this template is executing from
+  Token: ''
+  # Optional BuildId to retain, defaults to the current running build
+  BuildId: ''
+  # Azure devops Organization URI for the build in the https://dev.azure.com/<organization> format.
+  # Defaults to the organization the current pipeline is running on
+  AzdoOrgUri: '$(System.CollectionUri)'
+  # Azure devops project for the build. Defaults to the project the current pipeline is running on
+  AzdoProject: '$(System.TeamProject)'
+
+steps:
+  - task: powershell@2
+    inputs:
+      targetType: 'filePath'
+      filePath: eng/common/retain-build.ps1
+      pwsh: true
+      arguments: >
+        -AzdoOrgUri: ${{parameters.AzdoOrgUri}}
+        -AzdoProject ${{parameters.AzdoProject}}
+        -Token ${{coalesce(parameters.Token, '$env:SYSTEM_ACCESSTOKEN') }}
+        -BuildId ${{coalesce(parameters.BuildId, '$env:BUILD_ID')}}
+    displayName: Enable permanent build retention
+    env:
+      SYSTEM_ACCESSTOKEN: $(System.AccessToken)
+      BUILD_ID: $(Build.BuildId)
\ No newline at end of file
diff --git a/global.json b/global.json
index 327cfe027..1410185dd 100644
--- a/global.json
+++ b/global.json
@@ -1,6 +1,6 @@
 {
   "tools": {
-    "dotnet": "6.0.121",
+    "dotnet": "6.0.123",
     "runtimes": {
       "dotnet": [
         "$(VSRedistCommonNetCoreSharedFrameworkx6460PackageVersion)"
@@ -11,7 +11,7 @@
     "cmake": "3.16.4"
   },
   "msbuild-sdks": {
-    "Microsoft.DotNet.Arcade.Sdk": "6.0.0-beta.23408.5",
-    "Microsoft.DotNet.CMake.Sdk": "6.0.0-beta.23408.5"
+    "Microsoft.DotNet.Arcade.Sdk": "6.0.0-beta.23517.3",
+    "Microsoft.DotNet.CMake.Sdk": "6.0.0-beta.23517.3"
   }
 }

From b654f3e01bd56d01afd22663f05a63baf4c5eb22 Mon Sep 17 00:00:00 2001
From: Ella Hathaway <67609881+ellahathaway@users.noreply.github.com>
Date: Tue, 5 Dec 2023 12:15:32 -0800
Subject: [PATCH 2/2] Enable open ssl sha 1 signatures for CentOS Stream 9
 (#17889)

---
 .../templates/job/source-build-build-tarball.yml      | 11 ++++++++---
 .../templates/job/source-build-run-tarball-build.yml  | 10 +++++++++-
 2 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/src/SourceBuild/Arcade/eng/common/templates/job/source-build-build-tarball.yml b/src/SourceBuild/Arcade/eng/common/templates/job/source-build-build-tarball.yml
index 2c7900e09..f5569e26b 100644
--- a/src/SourceBuild/Arcade/eng/common/templates/job/source-build-build-tarball.yml
+++ b/src/SourceBuild/Arcade/eng/common/templates/job/source-build-build-tarball.yml
@@ -123,19 +123,24 @@ jobs:
       set -x
       df -h
 
-      networkArgs=
+      customRunArgs=
       customBuildArgs=
       if [[ '$(_RunOnline)' == 'true' ]]; then
         customBuildArgs='--online'
       else
-        networkArgs='--network none'
+        customRunArgs='--network none'
+      fi
+
+      # See https://github.com/dotnet/source-build/issues/3712
+      if [[ '$(_OverrideDistroDisablingSha1)' == 'true' ]]; then
+        customRunArgs="$customRunArgs -e OPENSSL_ENABLE_SHA1_SIGNATURES=1"
       fi
 
       if [[ '$(_EnablePoison)' == 'true' ]]; then
         customBuildArgs="$customBuildArgs --poison"
       fi
 
-      docker run --rm -v $(tarballDir):/tarball -w /tarball ${networkArgs} $(_Container) ./build.sh --clean-while-building ${customBuildArgs} $(additionalBuildArgs)
+      docker run --rm -v $(tarballDir):/tarball -w /tarball ${customRunArgs} $(_Container) ./build.sh --clean-while-building ${customBuildArgs} $(additionalBuildArgs)
     displayName: Build Tarball
 
   - ${{ if ne(variables['System.TeamProject'], 'public') }}:
diff --git a/src/SourceBuild/Arcade/eng/common/templates/job/source-build-run-tarball-build.yml b/src/SourceBuild/Arcade/eng/common/templates/job/source-build-run-tarball-build.yml
index bfea7becd..a4a18425a 100644
--- a/src/SourceBuild/Arcade/eng/common/templates/job/source-build-run-tarball-build.yml
+++ b/src/SourceBuild/Arcade/eng/common/templates/job/source-build-run-tarball-build.yml
@@ -11,7 +11,7 @@ parameters:
   # -----------------------------------------------------------------------------------------------
   alpine317Container: mcr.microsoft.com/dotnet-buildtools/prereqs:alpine-3.17
   centOS7Container: mcr.microsoft.com/dotnet-buildtools/prereqs:centos-7-source-build
-  centOSStream9Container: mcr.microsoft.com/dotnet-buildtools/prereqs:centos-stream9-20220107135047-4cd394c
+  centOSStream9Container: mcr.microsoft.com/dotnet-buildtools/prereqs:centos-stream9
   debian11Arm64Container: mcr.microsoft.com/dotnet-buildtools/prereqs:debian-11-arm64v8
   fedora38Container: mcr.microsoft.com/dotnet-buildtools/prereqs:fedora-38
   ubuntu1804Container: mcr.microsoft.com/dotnet-buildtools/prereqs:ubuntu-18.04
@@ -40,18 +40,21 @@ jobs:
         _BootstrapPrep: true
         _Container: ${{ parameters.alpine317Container }}
         _ExcludeOmniSharpTests: true
+        _OverrideDistroDisablingSha1: false
         _RunOnline: false
       CentOS7-Online:
         _BootstrapPrep: false
         _Container: ${{ parameters.centOS7Container }}
         _EnablePoison: false
         _ExcludeOmniSharpTests: true
+        _OverrideDistroDisablingSha1: false
         _RunOnline: true
       CentOS7-Offline:
         _BootstrapPrep: false
         _Container: ${{ parameters.centOS7Container }}
         _EnablePoison: false
         _ExcludeOmniSharpTests: true
+        _OverrideDistroDisablingSha1: false
         _RunOnline: false
       ${{ if ne(variables['Build.Reason'], 'PullRequest') }}:
         CentOSStream9-Offline:
@@ -59,18 +62,21 @@ jobs:
           _Container: ${{ parameters.centOSStream9Container }}
           _EnablePoison: false
           _ExcludeOmniSharpTests: false
+          _OverrideDistroDisablingSha1: true
           _RunOnline: false
         Fedora38-Offline:
           _BootstrapPrep: false
           _Container: ${{ parameters.fedora38Container }}
           _EnablePoison: true
           _ExcludeOmniSharpTests: false
+          _OverrideDistroDisablingSha1: false
           _RunOnline: false
         Ubuntu1804-Offline:
           _BootstrapPrep: false
           _Container: ${{ parameters.ubuntu1804Container }}
           _EnablePoison: false
           _ExcludeOmniSharpTests: false
+          _OverrideDistroDisablingSha1: false
           _RunOnline: false
     name: Build_Tarball_x64
     pool:
@@ -94,6 +100,7 @@ jobs:
           _Container: ${{ parameters.debian11Arm64Container }}
           _EnablePoison: false
           _ExcludeOmniSharpTests: false
+          _OverrideDistroDisablingSha1: false
           _RunOnline: false
       name: Build_Tarball_arm64
       pool: ${{ parameters.poolInternalArm64 }}
@@ -114,6 +121,7 @@ jobs:
           _Container: ${{ parameters.fedora38Container }}
           _EnablePoison: false
           _ExcludeOmniSharpTests: false
+          _OverrideDistroDisablingSha1: false
           _RunOnline: false
       name: Build_Tarball_x64_Using_Previous
       pool: