-
Notifications
You must be signed in to change notification settings - Fork 353
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Replace strong name verification and signing with custom implementation #15309
Replace strong name verification and signing with custom implementation #15309
Conversation
The goal here is two-fold: - Strong name checking could run on non-Windows platforms (not be reliant on sn.exe) - If a file has a valid strong name, do not strong name it. The implementation was pulled from a combination of roslyn's strong naming tests and runtime's checksum implemention and a few constants. The implementation was altered to remove need for private reflection and avoid unsafe code when calculating checksums. When a PE file is found, we check whether it has a valid strong name. If it does, and we would have tried to strong name sign it, avoid doing so. This should allow Mac and Linux machines to consume binaries from early build stages and run signtool without attempting to re-strong name.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. I don't have a lot of knowledge on SN signing, so it'd be good to get another pair of eyes on this.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM but I would also appreciate an additional review.
Hold on this. I've found some binaries that we build that seem to have malformed public key data. Or the metadata reader has a bug. |
da162f0
The issue was the binaries signed with the ECMA key do not include a typical public key blob. They include a nuetral blob, and the ECMA public key is actually in the verifying runtime.
|
d4882e8
to
e01610a
Compare
e01610a
to
a0c3185
Compare
Co-authored-by: Jeremy Koritzinsky <[email protected]>
Co-authored-by: Jeremy Koritzinsky <[email protected]>
…ation' into replace-sn-with-custom-implementation
https://dev.azure.com/dnceng/internal/_build/results?buildId=2605048&view=results - runtime build test |
https://dev.azure.com/dnceng/internal/_build/results?buildId=2610895&view=results Looking good on latest runtime build. |
src/Microsoft.DotNet.SignTool.Tests/Microsoft.DotNet.SignTool.Tests.csproj
Outdated
Show resolved
Hide resolved
@@ -97,6 +97,7 @@ | |||
<PackageVersion Include="Newtonsoft.Json" Version="$(NewtonsoftJsonVersion)" /> | |||
<PackageVersion Include="Octokit" Version="12.0.0" /> | |||
<PackageVersion Include="Polly.Core" Version="8.4.1" /> | |||
<PackageVersion Include="sn" Version="1.0.0" /> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This can now be removed.
using System.Diagnostics; | ||
using Microsoft.Build.Framework; | ||
using Microsoft.Build.Utilities; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Are you sure that those additional usings are necessary?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I spot checked the code in StrongName.cs but didn't review in detail. A few nits and some concerns about swallowing exceptions and returning false but aside from that LGTM.
You might want to add some additional logging in the "swallow exception" cases.
…ation' into replace-sn-with-custom-implementation
4425ec8
One last tweak PTAL. |
3c80dcc
The goal here is two-fold:
The implementation was pulled from a combination of roslyn's strong naming tests and runtime's checksum implemention and a few constants. The implementation was altered to remove need for private reflection and avoid unsafe code when calculating checksums. When a PE file is found, we check whether it has a valid strong name. If it does, and we would have tried to strong name sign it, avoid doing so.
This should allow Mac and Linux machines to consume binaries from early build stages and run signtool without attempting to re-strong name.
To double check: