From 6f651493128817d06b3c7a8923981ee6a058bb6e Mon Sep 17 00:00:00 2001
From: Steve Dower <steve.dower@python.org>
Date: Tue, 19 Nov 2024 20:13:54 +0000
Subject: [PATCH] Make Nuget signing optional (disabled by default). Nuget will
 not allow uploading signed packages unless the certificate is registered, and
 we cannot register Azure Trusted Signing certificates at this time. So it's
 best to just not sign the package.

---
 windows-release/azure-pipelines.yml | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/windows-release/azure-pipelines.yml b/windows-release/azure-pipelines.yml
index 99871c8a..adc28558 100644
--- a/windows-release/azure-pipelines.yml
+++ b/windows-release/azure-pipelines.yml
@@ -92,6 +92,10 @@ parameters:
   displayName: "Build number to publish (0 to skip)"
   type: number
   default: '0'
+- name: SignNuget
+  displayName: "Enable Nuget signing (not recommended right now)"
+  type: boolean
+  default: false
 
 variables:
   ${{ if ne(parameters.GitRemote, '(Other)') }}:
@@ -166,7 +170,8 @@ stages:
     - template: stage-pack-nuget.yml
       parameters:
         ${{ if and(parameters.SigningCertificate, ne(parameters.SigningCertificate, 'Unsigned')) }}:
-          SigningCertificate: ${{ parameters.SigningCertificate }}
+          ${{ if eq(parameters.SignNuget, 'true') }}:
+            SigningCertificate: ${{ parameters.SigningCertificate }}
         DoFreethreaded: ${{ parameters.DoFreethreaded }}
 
   - stage: Test