Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Replace strong name verification and signing with custom implementation #15309

Merged
merged 27 commits into from
Jan 3, 2025

Conversation

mmitche
Copy link
Member

@mmitche mmitche commented Dec 5, 2024

The goal here is two-fold:

  • Strong name checking could run on non-Windows platforms (not be reliant on sn.exe)
  • If a file has a valid strong name, do not strong name it.

The implementation was pulled from a combination of roslyn's strong naming tests and runtime's checksum implemention and a few constants. The implementation was altered to remove need for private reflection and avoid unsafe code when calculating checksums. When a PE file is found, we check whether it has a valid strong name. If it does, and we would have tried to strong name sign it, avoid doing so.

This should allow Mac and Linux machines to consume binaries from early build stages and run signtool without attempting to re-strong name.

To double check:

The goal here is two-fold:
- Strong name checking could run on non-Windows platforms (not be reliant on sn.exe)
- If a file has a valid strong name, do not strong name it.

The implementation was pulled from a combination of roslyn's strong naming tests and runtime's checksum implemention and a few constants. The implementation was altered to remove need for private reflection and avoid unsafe code when calculating checksums. When a PE file is found, we check whether it has a valid strong name. If it does, and we would have tried to strong name sign it, avoid doing so.

This should allow Mac and Linux machines to consume binaries from early build stages and run signtool without attempting to re-strong name.
ellahathaway
ellahathaway previously approved these changes Dec 6, 2024
Copy link
Member

@ellahathaway ellahathaway left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. I don't have a lot of knowledge on SN signing, so it'd be good to get another pair of eyes on this.

ViktorHofer
ViktorHofer previously approved these changes Dec 8, 2024
Copy link
Member

@ViktorHofer ViktorHofer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM but I would also appreciate an additional review.

@mmitche mmitche requested a review from ericstj December 9, 2024 17:28
@mmitche
Copy link
Member Author

mmitche commented Dec 10, 2024

Hold on this. I've found some binaries that we build that seem to have malformed public key data. Or the metadata reader has a bug.

@mmitche mmitche dismissed stale reviews from ViktorHofer and ellahathaway via da162f0 December 11, 2024 20:59
@mmitche
Copy link
Member Author

mmitche commented Dec 11, 2024

The issue was the binaries signed with the ECMA key do not include a typical public key blob. They include a nuetral blob, and the ECMA public key is actually in the verifying runtime.

  • Updated to include ECMA support
  • To be sure this won't randomly break, include exception handing, and fall back to sn.exe if the new code fails.

@mmitche mmitche changed the title Replace strong name verification with custom implementation Replace strong name verification and signing with custom implementation Dec 17, 2024
@mmitche mmitche force-pushed the replace-sn-with-custom-implementation branch from d4882e8 to e01610a Compare December 17, 2024 23:27
src/Microsoft.DotNet.SignTool/src/StrongName.cs Outdated Show resolved Hide resolved
src/Microsoft.DotNet.SignTool/src/StrongName.cs Outdated Show resolved Hide resolved
src/Microsoft.DotNet.SignTool/src/StrongName.cs Outdated Show resolved Hide resolved
src/Microsoft.DotNet.SignTool/src/StrongName.cs Outdated Show resolved Hide resolved
@mmitche mmitche force-pushed the replace-sn-with-custom-implementation branch from e01610a to a0c3185 Compare December 18, 2024 01:49
@mmitche
Copy link
Member Author

mmitche commented Dec 19, 2024

@mmitche
Copy link
Member Author

mmitche commented Jan 2, 2025

https://dev.azure.com/dnceng/internal/_build/results?buildId=2610895&view=results

Looking good on latest runtime build.

@@ -97,6 +97,7 @@
<PackageVersion Include="Newtonsoft.Json" Version="$(NewtonsoftJsonVersion)" />
<PackageVersion Include="Octokit" Version="12.0.0" />
<PackageVersion Include="Polly.Core" Version="8.4.1" />
<PackageVersion Include="sn" Version="1.0.0" />
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This can now be removed.

Comment on lines +14 to +16
using System.Diagnostics;
using Microsoft.Build.Framework;
using Microsoft.Build.Utilities;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are you sure that those additional usings are necessary?

ViktorHofer
ViktorHofer previously approved these changes Jan 2, 2025
Copy link
Member

@ViktorHofer ViktorHofer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I spot checked the code in StrongName.cs but didn't review in detail. A few nits and some concerns about swallowing exceptions and returning false but aside from that LGTM.

You might want to add some additional logging in the "swallow exception" cases.

@mmitche
Copy link
Member Author

mmitche commented Jan 2, 2025

One last tweak PTAL.

ViktorHofer
ViktorHofer previously approved these changes Jan 2, 2025
@mmitche mmitche enabled auto-merge (squash) January 2, 2025 22:09
@mmitche mmitche merged commit 05d4d46 into dotnet:main Jan 3, 2025
11 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants