From df9d89aec01c9215734a56321e430f334af2fe65 Mon Sep 17 00:00:00 2001
From: Larry Ewing <lewing@microsoft.com>
Date: Mon, 12 Aug 2024 14:04:57 -0500
Subject: [PATCH 01/15] Remove old signing exclusions

---
 eng/SignCheckExclusionsFile.txt | 8 --------
 eng/Signing.props               | 8 --------
 eng/azure-pipelines.yml         | 2 +-
 3 files changed, 1 insertion(+), 17 deletions(-)
 delete mode 100644 eng/SignCheckExclusionsFile.txt

diff --git a/eng/SignCheckExclusionsFile.txt b/eng/SignCheckExclusionsFile.txt
deleted file mode 100644
index 09f381edd3..0000000000
--- a/eng/SignCheckExclusionsFile.txt
+++ /dev/null
@@ -1,8 +0,0 @@
-;; Exclusions for SignCheck. Corresponds to info in Signing.props.
-;; Format: https://github.com/dotnet/arcade/blob/397316e195639450b6c76bfeb9823b40bee72d6d/src/SignCheck/Microsoft.SignCheck/Verification/Exclusion.cs#L23-L35
-;;
-;; This issue tracks a way to implement exclusions via Signing.props and avoid this extra file: https://github.com/dotnet/arcade/issues/2888
-
-*.js;;Can't dual sign .js files, https://github.com/dotnet/runtime/issues/53252
-*.ps1;;Can't dual sign .ps1 files, https://github.com/dotnet/runtime/issues/53252
-*.exe;*.whl;The .whl files are not supported by ESRP, https://github.com/dotnet/runtime/issues/53252
diff --git a/eng/Signing.props b/eng/Signing.props
index 42529efd94..a93062d52e 100644
--- a/eng/Signing.props
+++ b/eng/Signing.props
@@ -10,14 +10,6 @@
     <FileExtensionSignInfo Include=".msi" CertificateName="MicrosoftDotNet500" />
     <FileExtensionSignInfo Include=".pyd" CertificateName="3PartySHA2" />
     <FileExtensionSignInfo Include=".cat" CertificateName="MicrosoftDotNet500" />
-
-    <!--
-      These files can't be dual-signed with 3PartySHA2, don't try to sign them.
-    -->
-    <FileExtensionSignInfo Update=".py" CertificateName="None" />
-    <FileExtensionSignInfo Update=".ps1" CertificateName="None" />
-    <FileExtensionSignInfo Update=".js" CertificateName="None" />
-    <FileExtensionSignInfo Include=".vbs" CertificateName="None" />
   </ItemGroup>
   
   <ItemGroup>
diff --git a/eng/azure-pipelines.yml b/eng/azure-pipelines.yml
index 7c718a8e60..7b73b8416e 100644
--- a/eng/azure-pipelines.yml
+++ b/eng/azure-pipelines.yml
@@ -362,6 +362,6 @@ extends:
     - template: /eng/common/templates-official/post-build/post-build.yml@self
       parameters:
         enableSourceLinkValidation: false
-        enableSigningValidation: false
+        enableSigningValidation: true
         enableSymbolValidation: false
         enableNugetValidation: true

From 88646c5e7b68e716d587697fb3912de1984de943 Mon Sep 17 00:00:00 2001
From: Larry Ewing <lewing@microsoft.com>
Date: Mon, 12 Aug 2024 16:09:31 -0500
Subject: [PATCH 02/15] Don't sign .py or .js

---
 eng/Signing.props | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/eng/Signing.props b/eng/Signing.props
index a93062d52e..b8ed1ee63c 100644
--- a/eng/Signing.props
+++ b/eng/Signing.props
@@ -10,6 +10,12 @@
     <FileExtensionSignInfo Include=".msi" CertificateName="MicrosoftDotNet500" />
     <FileExtensionSignInfo Include=".pyd" CertificateName="3PartySHA2" />
     <FileExtensionSignInfo Include=".cat" CertificateName="MicrosoftDotNet500" />
+
+    <!--
+      These files can't be dual-signed with 3PartySHA2, don't try to sign them.
+    -->
+    <FileExtensionSignInfo Update=".py" CertificateName="None" />
+    <FileExtensionSignInfo Update=".js" CertificateName="None" />
   </ItemGroup>
   
   <ItemGroup>

From 0ca26bee0764306cdd09ecff4b2bb136681b044d Mon Sep 17 00:00:00 2001
From: Larry Ewing <lewing@microsoft.com>
Date: Mon, 12 Aug 2024 17:12:15 -0500
Subject: [PATCH 03/15] Don't sign already signed .ps1 files

---
 eng/Signing.props | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/eng/Signing.props b/eng/Signing.props
index b8ed1ee63c..e5bf87dc1f 100644
--- a/eng/Signing.props
+++ b/eng/Signing.props
@@ -16,6 +16,10 @@
     -->
     <FileExtensionSignInfo Update=".py" CertificateName="None" />
     <FileExtensionSignInfo Update=".js" CertificateName="None" />
+
+    <FileSignInfo Include="Activate.ps1" CertificateName="None" />
+    <FileSignInfo Include="run_python.ps1" CertificateName="None" />
+    <FileSignInfo Include="run_python_compiler.ps1" CertificateName="None" />
   </ItemGroup>
   
   <ItemGroup>

From d7516c56a587b417193df3d1ef877bf9bf0c9e85 Mon Sep 17 00:00:00 2001
From: Larry Ewing <lewing@microsoft.com>
Date: Tue, 13 Aug 2024 12:01:36 -0500
Subject: [PATCH 04/15] Try a new sig

---
 eng/SignCheckExclusionsFile.txt | 6 ++++++
 eng/Signing.props               | 7 +++----
 2 files changed, 9 insertions(+), 4 deletions(-)
 create mode 100644 eng/SignCheckExclusionsFile.txt

diff --git a/eng/SignCheckExclusionsFile.txt b/eng/SignCheckExclusionsFile.txt
new file mode 100644
index 0000000000..211a61c47e
--- /dev/null
+++ b/eng/SignCheckExclusionsFile.txt
@@ -0,0 +1,6 @@
+;; Exclusions for SignCheck. Corresponds to info in Signing.props.
+;; Format: https://github.com/dotnet/arcade/blob/397316e195639450b6c76bfeb9823b40bee72d6d/src/SignCheck/Microsoft.SignCheck/Verification/Exclusion.cs#L23-L35
+;;
+;; This issue tracks a way to implement exclusions via Signing.props and avoid this extra file: https://github.com/dotnet/arcade/issues/2888
+
+*.js;;Can't dual sign .js files, https://github.com/dotnet/runtime/issues/53252
\ No newline at end of file
diff --git a/eng/Signing.props b/eng/Signing.props
index e5bf87dc1f..6267a3a8ee 100644
--- a/eng/Signing.props
+++ b/eng/Signing.props
@@ -10,16 +10,15 @@
     <FileExtensionSignInfo Include=".msi" CertificateName="MicrosoftDotNet500" />
     <FileExtensionSignInfo Include=".pyd" CertificateName="3PartySHA2" />
     <FileExtensionSignInfo Include=".cat" CertificateName="MicrosoftDotNet500" />
+    <FileExtensionSignInfo Include=".ps1" CertificateName="3PartyScriptsSHA2" />
 
     <!--
       These files can't be dual-signed with 3PartySHA2, don't try to sign them.
     -->
-    <FileExtensionSignInfo Update=".py" CertificateName="None" />
+    <FileExtensionSignInfo Update=".py" CertificateName="3PartyScriptsSHA2" />
     <FileExtensionSignInfo Update=".js" CertificateName="None" />
+    <FileExtensionSignInfo Include=".ps1" CertificateName="3PartyScriptsSHA2" />
 
-    <FileSignInfo Include="Activate.ps1" CertificateName="None" />
-    <FileSignInfo Include="run_python.ps1" CertificateName="None" />
-    <FileSignInfo Include="run_python_compiler.ps1" CertificateName="None" />
   </ItemGroup>
   
   <ItemGroup>

From 349b91c8231718553cc48084bc3e0aa19177fb31 Mon Sep 17 00:00:00 2001
From: Larry Ewing <lewing@microsoft.com>
Date: Tue, 13 Aug 2024 12:32:31 -0500
Subject: [PATCH 05/15] Fix definition

---
 eng/Signing.props | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/eng/Signing.props b/eng/Signing.props
index 6267a3a8ee..942ce45fc2 100644
--- a/eng/Signing.props
+++ b/eng/Signing.props
@@ -10,14 +10,13 @@
     <FileExtensionSignInfo Include=".msi" CertificateName="MicrosoftDotNet500" />
     <FileExtensionSignInfo Include=".pyd" CertificateName="3PartySHA2" />
     <FileExtensionSignInfo Include=".cat" CertificateName="MicrosoftDotNet500" />
-    <FileExtensionSignInfo Include=".ps1" CertificateName="3PartyScriptsSHA2" />
 
     <!--
       These files can't be dual-signed with 3PartySHA2, don't try to sign them.
     -->
     <FileExtensionSignInfo Update=".py" CertificateName="3PartyScriptsSHA2" />
     <FileExtensionSignInfo Update=".js" CertificateName="None" />
-    <FileExtensionSignInfo Include=".ps1" CertificateName="3PartyScriptsSHA2" />
+    <FileExtensionSignInfo Update=".ps1" CertificateName="3PartyScriptsSHA2" />
 
   </ItemGroup>
   

From dc22482139f721a9d43d6dc5145477bd365adac0 Mon Sep 17 00:00:00 2001
From: Larry Ewing <lewing@microsoft.com>
Date: Tue, 13 Aug 2024 15:27:58 -0500
Subject: [PATCH 06/15] Work around other issues

---
 eng/Signing.props | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/eng/Signing.props b/eng/Signing.props
index 942ce45fc2..89259a9223 100644
--- a/eng/Signing.props
+++ b/eng/Signing.props
@@ -15,9 +15,15 @@
       These files can't be dual-signed with 3PartySHA2, don't try to sign them.
     -->
     <FileExtensionSignInfo Update=".py" CertificateName="3PartyScriptsSHA2" />
-    <FileExtensionSignInfo Update=".js" CertificateName="None" />
+    <FileExtensionSignInfo Update=".js" CertificateName="3PartyScriptsSHA2" />
     <FileExtensionSignInfo Update=".ps1" CertificateName="3PartyScriptsSHA2" />
 
+    <!--
+      These files are not supported by ESRP, don't try to sign them.
+    -->
+    <FileSignInfo Include="__init__.py" CertificateName="None" /> <!-- *some* of them are zero length -->
+
+    <!---->
   </ItemGroup>
   
   <ItemGroup>

From 2804aac77343d8ee19dbcc90a1f9216208538705 Mon Sep 17 00:00:00 2001
From: Larry Ewing <lewing@microsoft.com>
Date: Tue, 13 Aug 2024 17:37:04 -0500
Subject: [PATCH 07/15] Remove the resolve/test directory

---
 eng/Signing.props | 22 +++++++++++++++++-----
 eng/emsdk.proj    |  1 +
 2 files changed, 18 insertions(+), 5 deletions(-)

diff --git a/eng/Signing.props b/eng/Signing.props
index 89259a9223..9d1a507e36 100644
--- a/eng/Signing.props
+++ b/eng/Signing.props
@@ -12,18 +12,30 @@
     <FileExtensionSignInfo Include=".cat" CertificateName="MicrosoftDotNet500" />
 
     <!--
-      These files can't be dual-signed with 3PartySHA2, don't try to sign them.
+      Script files need to be signed with 3PartyScriptsSHA2 not the dual-signed certificate.
     -->
     <FileExtensionSignInfo Update=".py" CertificateName="3PartyScriptsSHA2" />
     <FileExtensionSignInfo Update=".js" CertificateName="3PartyScriptsSHA2" />
     <FileExtensionSignInfo Update=".ps1" CertificateName="3PartyScriptsSHA2" />
 
     <!--
-      These files are not supported by ESRP, don't try to sign them.
+      Zero length files should not be signed because it breaks signing/ESRP.
+    -->
+    <FileSignInfo Include="__init__.py" CertificateName="None" />
+    <!-- resolve/test has a lot of zero length files -->
+    <!--
+    <FileSignInfo Include="index.js" CertificateName="None" />
+    <FileSignInfo Include="corejs2-built-ins.js" CertificateName="None" />
+    <FileSignInfo Include="Final_Punctuation.js" CertificateName="None" />
+    <FileSignInfo Include="main.js" CertificateName="None" />
+    <FileSignInfo Include="mug.js" CertificateName="None" />
+    <FileSignInfo Include="doom.js" CertificateName="None" />
+    <FileSignInfo Include="a.js" CertificateName="None" />
+    <FileSignInfo Include="b.js" CertificateName="None" />
+    <FileSignInfo Include="root.js" CertificateName="None" />
+    <FileSignInfo Include="other-lib.js" CertificateName="None" />
+    <FileSignInfo Include="foo.js" CertificateName="None" />
     -->
-    <FileSignInfo Include="__init__.py" CertificateName="None" /> <!-- *some* of them are zero length -->
-
-    <!---->
   </ItemGroup>
   
   <ItemGroup>
diff --git a/eng/emsdk.proj b/eng/emsdk.proj
index edbc8bae64..c48ae96c09 100644
--- a/eng/emsdk.proj
+++ b/eng/emsdk.proj
@@ -296,6 +296,7 @@
     <RemoveDir Directories="$(ArtifactsObjDir)upstream\emscripten\third_party\ply" />
     <RemoveDir Directories="$(ArtifactsObjDir)upstream\emscripten\third_party\uglify-js" />
     <RemoveDir Directories="$(ArtifactsObjDir)upstream\emscripten\third_party\websockify" />
+    <RemoveDir Directories="$(ArtifactsObjDir)upstream\emscripten\resolve\test"
 
     <RemoveDir Directories="$(ArtifactsObjDir)node\include" />
     <RemoveDir Directories="$(ArtifactsObjDir)node\lib" />

From 25aec1c0d3d60b6e99e81fcaba48b077376e3404 Mon Sep 17 00:00:00 2001
From: Larry Ewing <lewing@microsoft.com>
Date: Tue, 13 Aug 2024 17:43:12 -0500
Subject: [PATCH 08/15] Remove the resolve/test directory

---
 eng/SignCheckExclusionsFile.txt | 2 --
 eng/emsdk.proj                  | 2 +-
 2 files changed, 1 insertion(+), 3 deletions(-)

diff --git a/eng/SignCheckExclusionsFile.txt b/eng/SignCheckExclusionsFile.txt
index 211a61c47e..bb401785de 100644
--- a/eng/SignCheckExclusionsFile.txt
+++ b/eng/SignCheckExclusionsFile.txt
@@ -2,5 +2,3 @@
 ;; Format: https://github.com/dotnet/arcade/blob/397316e195639450b6c76bfeb9823b40bee72d6d/src/SignCheck/Microsoft.SignCheck/Verification/Exclusion.cs#L23-L35
 ;;
 ;; This issue tracks a way to implement exclusions via Signing.props and avoid this extra file: https://github.com/dotnet/arcade/issues/2888
-
-*.js;;Can't dual sign .js files, https://github.com/dotnet/runtime/issues/53252
\ No newline at end of file
diff --git a/eng/emsdk.proj b/eng/emsdk.proj
index c48ae96c09..87e812e1dd 100644
--- a/eng/emsdk.proj
+++ b/eng/emsdk.proj
@@ -296,7 +296,7 @@
     <RemoveDir Directories="$(ArtifactsObjDir)upstream\emscripten\third_party\ply" />
     <RemoveDir Directories="$(ArtifactsObjDir)upstream\emscripten\third_party\uglify-js" />
     <RemoveDir Directories="$(ArtifactsObjDir)upstream\emscripten\third_party\websockify" />
-    <RemoveDir Directories="$(ArtifactsObjDir)upstream\emscripten\resolve\test"
+    <RemoveDir Directories="$(ArtifactsObjDir)upstream\emscripten\resolve\test" />
 
     <RemoveDir Directories="$(ArtifactsObjDir)node\include" />
     <RemoveDir Directories="$(ArtifactsObjDir)node\lib" />

From e8397344080a13ea121cd266e2e2a97a71e427db Mon Sep 17 00:00:00 2001
From: Larry Ewing <lewing@microsoft.com>
Date: Tue, 13 Aug 2024 18:39:38 -0500
Subject: [PATCH 09/15] fix the path

---
 eng/emsdk.proj | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/eng/emsdk.proj b/eng/emsdk.proj
index 87e812e1dd..37e29bd2d4 100644
--- a/eng/emsdk.proj
+++ b/eng/emsdk.proj
@@ -291,12 +291,13 @@
     <RemoveDir Directories="$(ArtifactsObjDir)upstream\emscripten\node_modules\google-closure-compiler-osx" />
     <RemoveDir Directories="$(ArtifactsObjDir)upstream\emscripten\node_modules\google-closure-compiler-windows" />
     <RemoveDir Directories="$(ArtifactsObjDir)upstream\emscripten\node_modules\google-closure-compiler-linux" />
+    <RemoveDir Directories="$(ArtifactsObjDir)upstream\emscripten\node_modules\resolve\test" />
     <RemoveDir Directories="$(ArtifactsObjDir)upstream\emscripten\third_party\closure-compiler" />
     <RemoveDir Directories="$(ArtifactsObjDir)upstream\emscripten\third_party\jni" />
     <RemoveDir Directories="$(ArtifactsObjDir)upstream\emscripten\third_party\ply" />
     <RemoveDir Directories="$(ArtifactsObjDir)upstream\emscripten\third_party\uglify-js" />
     <RemoveDir Directories="$(ArtifactsObjDir)upstream\emscripten\third_party\websockify" />
-    <RemoveDir Directories="$(ArtifactsObjDir)upstream\emscripten\resolve\test" />
+    <RemoveDir Directories="$(ArtifactsObjDir)upstream\emscripten\node_modules\resolve\test" />
 
     <RemoveDir Directories="$(ArtifactsObjDir)node\include" />
     <RemoveDir Directories="$(ArtifactsObjDir)node\lib" />

From f2d292bbd76d6ee59ee4d875f10e72f8db1c7de2 Mon Sep 17 00:00:00 2001
From: Larry Ewing <lewing@microsoft.com>
Date: Tue, 13 Aug 2024 21:28:48 -0500
Subject: [PATCH 10/15] skip eggs.py too

---
 eng/Signing.props | 15 +--------------
 1 file changed, 1 insertion(+), 14 deletions(-)

diff --git a/eng/Signing.props b/eng/Signing.props
index 9d1a507e36..a69fd28ce7 100644
--- a/eng/Signing.props
+++ b/eng/Signing.props
@@ -22,20 +22,7 @@
       Zero length files should not be signed because it breaks signing/ESRP.
     -->
     <FileSignInfo Include="__init__.py" CertificateName="None" />
-    <!-- resolve/test has a lot of zero length files -->
-    <!--
-    <FileSignInfo Include="index.js" CertificateName="None" />
-    <FileSignInfo Include="corejs2-built-ins.js" CertificateName="None" />
-    <FileSignInfo Include="Final_Punctuation.js" CertificateName="None" />
-    <FileSignInfo Include="main.js" CertificateName="None" />
-    <FileSignInfo Include="mug.js" CertificateName="None" />
-    <FileSignInfo Include="doom.js" CertificateName="None" />
-    <FileSignInfo Include="a.js" CertificateName="None" />
-    <FileSignInfo Include="b.js" CertificateName="None" />
-    <FileSignInfo Include="root.js" CertificateName="None" />
-    <FileSignInfo Include="other-lib.js" CertificateName="None" />
-    <FileSignInfo Include="foo.js" CertificateName="None" />
-    -->
+    <FileSignInfo Include="eggs.py" CertificateName="None" />
   </ItemGroup>
   
   <ItemGroup>

From 1c15da75c2d377dfb8515ffb5a68e84cadfc3fcd Mon Sep 17 00:00:00 2001
From: Larry Ewing <lewing@microsoft.com>
Date: Wed, 14 Aug 2024 11:08:44 -0500
Subject: [PATCH 11/15] Clean up emsdk.proj changes

---
 eng/emsdk.proj | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/eng/emsdk.proj b/eng/emsdk.proj
index 37e29bd2d4..1cee58eb5b 100644
--- a/eng/emsdk.proj
+++ b/eng/emsdk.proj
@@ -291,13 +291,12 @@
     <RemoveDir Directories="$(ArtifactsObjDir)upstream\emscripten\node_modules\google-closure-compiler-osx" />
     <RemoveDir Directories="$(ArtifactsObjDir)upstream\emscripten\node_modules\google-closure-compiler-windows" />
     <RemoveDir Directories="$(ArtifactsObjDir)upstream\emscripten\node_modules\google-closure-compiler-linux" />
-    <RemoveDir Directories="$(ArtifactsObjDir)upstream\emscripten\node_modules\resolve\test" />
+    <RemoveDir Directories="$(ArtifactsObjDir)upstream\emscripten\node_modules\resolve\test" /> <!-- contains zero length .js files -->
     <RemoveDir Directories="$(ArtifactsObjDir)upstream\emscripten\third_party\closure-compiler" />
     <RemoveDir Directories="$(ArtifactsObjDir)upstream\emscripten\third_party\jni" />
     <RemoveDir Directories="$(ArtifactsObjDir)upstream\emscripten\third_party\ply" />
     <RemoveDir Directories="$(ArtifactsObjDir)upstream\emscripten\third_party\uglify-js" />
     <RemoveDir Directories="$(ArtifactsObjDir)upstream\emscripten\third_party\websockify" />
-    <RemoveDir Directories="$(ArtifactsObjDir)upstream\emscripten\node_modules\resolve\test" />
 
     <RemoveDir Directories="$(ArtifactsObjDir)node\include" />
     <RemoveDir Directories="$(ArtifactsObjDir)node\lib" />

From f01f24646ee4e6ef3586b004105c3df117876895 Mon Sep 17 00:00:00 2001
From: Larry Ewing <lewing@microsoft.com>
Date: Wed, 14 Aug 2024 11:26:11 -0500
Subject: [PATCH 12/15] Add another exclusion

---
 eng/Signing.props | 1 +
 1 file changed, 1 insertion(+)

diff --git a/eng/Signing.props b/eng/Signing.props
index a69fd28ce7..f78a48daa3 100644
--- a/eng/Signing.props
+++ b/eng/Signing.props
@@ -23,6 +23,7 @@
     -->
     <FileSignInfo Include="__init__.py" CertificateName="None" />
     <FileSignInfo Include="eggs.py" CertificateName="None" />
+    <FileSignInfo Include="Final_Punctuation.js" CertificateName="None" />
   </ItemGroup>
   
   <ItemGroup>

From ae7a5d019abce1b4c2212d4c22ccd4a0167d5bcd Mon Sep 17 00:00:00 2001
From: Larry Ewing <lewing@microsoft.com>
Date: Wed, 14 Aug 2024 13:56:40 -0500
Subject: [PATCH 13/15] Don't sign js - it makes no sense in this case

---
 eng/SignCheckExclusionsFile.txt | 1 +
 eng/Signing.props               | 3 ++-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/eng/SignCheckExclusionsFile.txt b/eng/SignCheckExclusionsFile.txt
index bb401785de..bb5933ea39 100644
--- a/eng/SignCheckExclusionsFile.txt
+++ b/eng/SignCheckExclusionsFile.txt
@@ -2,3 +2,4 @@
 ;; Format: https://github.com/dotnet/arcade/blob/397316e195639450b6c76bfeb9823b40bee72d6d/src/SignCheck/Microsoft.SignCheck/Verification/Exclusion.cs#L23-L35
 ;;
 ;; This issue tracks a way to implement exclusions via Signing.props and avoid this extra file: https://github.com/dotnet/arcade/issues/2888
+*.js;;We don't need to code sign .js files because they are not used in Windows Script Host
diff --git a/eng/Signing.props b/eng/Signing.props
index f78a48daa3..f1697b5647 100644
--- a/eng/Signing.props
+++ b/eng/Signing.props
@@ -15,8 +15,9 @@
       Script files need to be signed with 3PartyScriptsSHA2 not the dual-signed certificate.
     -->
     <FileExtensionSignInfo Update=".py" CertificateName="3PartyScriptsSHA2" />
-    <FileExtensionSignInfo Update=".js" CertificateName="3PartyScriptsSHA2" />
     <FileExtensionSignInfo Update=".ps1" CertificateName="3PartyScriptsSHA2" />
+    <!-- We don't need to code sign .js files because they are not used in Windows Script Host. -->
+    <FileExtensionSignInfo Include=".js" CertificateName="None" />
 
     <!--
       Zero length files should not be signed because it breaks signing/ESRP.

From e39fcb006f1348029ffecee195faef140ef2769e Mon Sep 17 00:00:00 2001
From: Larry Ewing <lewing@microsoft.com>
Date: Wed, 14 Aug 2024 14:22:14 -0500
Subject: [PATCH 14/15] Update eng/Signing.props
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: Alexander Köplinger <alex.koeplinger@outlook.com>
---
 eng/Signing.props | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/eng/Signing.props b/eng/Signing.props
index f1697b5647..58a6b580c3 100644
--- a/eng/Signing.props
+++ b/eng/Signing.props
@@ -17,7 +17,7 @@
     <FileExtensionSignInfo Update=".py" CertificateName="3PartyScriptsSHA2" />
     <FileExtensionSignInfo Update=".ps1" CertificateName="3PartyScriptsSHA2" />
     <!-- We don't need to code sign .js files because they are not used in Windows Script Host. -->
-    <FileExtensionSignInfo Include=".js" CertificateName="None" />
+    <FileExtensionSignInfo Update=".js" CertificateName="None" />
 
     <!--
       Zero length files should not be signed because it breaks signing/ESRP.

From 65c60454458c0c69d81bbd195269aaaa7c2a9a06 Mon Sep 17 00:00:00 2001
From: Larry Ewing <lewing@microsoft.com>
Date: Wed, 14 Aug 2024 14:22:20 -0500
Subject: [PATCH 15/15] Update eng/Signing.props
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: Alexander Köplinger <alex.koeplinger@outlook.com>
---
 eng/Signing.props | 1 -
 1 file changed, 1 deletion(-)

diff --git a/eng/Signing.props b/eng/Signing.props
index 58a6b580c3..4dde63a86d 100644
--- a/eng/Signing.props
+++ b/eng/Signing.props
@@ -24,7 +24,6 @@
     -->
     <FileSignInfo Include="__init__.py" CertificateName="None" />
     <FileSignInfo Include="eggs.py" CertificateName="None" />
-    <FileSignInfo Include="Final_Punctuation.js" CertificateName="None" />
   </ItemGroup>
   
   <ItemGroup>