Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix package signing verification #1761

Merged
merged 7 commits into from
Oct 31, 2023
Merged

Fix package signing verification #1761

merged 7 commits into from
Oct 31, 2023

Conversation

martincostello
Copy link
Member

@martincostello martincostello commented Oct 31, 2023
edited
Loading

Changes verified using #1762: successful valid signing

Once 8.1.0 has been successfully published to NuGet.org, I'll create follow-up issues with the relevant tools/repos to hopefully resolve the underlying issue without us having to build the linter from a custom fork/branch.

Reported issues:

@martincostello
Bump sign tool
96effca 
Bump sign to 0.9.1-beta.23530.1.
@martincostello martincostello added CI/build bug fix dependencies Pull requests that update a dependency file labels Oct 31, 2023
@martincostello martincostello added this to the v8.1.0 milestone Oct 31, 2023
@codecov
Copy link

codecov bot commented Oct 31, 2023
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (e404873) 84.53% compared to head (cff3f59) 84.53%.
Report is 1 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #1761   +/-   ##
=======================================
  Coverage   84.53%   84.53%           
=======================================
  Files         307      307           
  Lines        6777     6777           
  Branches     1043     1043           
=======================================
  Hits         5729     5729           
  Misses        839      839           
  Partials      209      209
Flag Coverage Δ
linux 84.53% <ø> (ø)
macos 84.53% <ø> (ø)
windows ?

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

martincostello added a commit that referenced this pull request Oct 31, 2023
@martincostello
Test Authenticode signing
b6137eb 
Test that #1761 resolves the issue.
@martincostello martincostello mentioned this pull request Oct 31, 2023
Closed
@martintmk
Copy link
Contributor

Can we add this tool to dotnet-config.json file?

@martincostello
Copy link
Member Author

We could, which we keep it updated with dependabot, but (currently) have no way of testing the signing steps change-to-change to validate that updating the pinned version doesn't break anything.

For now I'm just concentrating on resolving the root problem.

@martincostello
Install consistent .NET SDK versions
21834b1 
Check out the repository so our `global.json` version determines what version of the .NET SDK is installed.
@martincostello
Specify verbosity sign sign tool
bfe5538 
Pass the `--verbosity` flag with a level of `Warning` (the default) unless GitHub Actions debugging is enabled, in which case specify `Debug`.
@martincostello
Fix downloads being overwritten
8c8fd9c 
Checkout Polly to a subdirectory when being used to obtain the .NET SDK version.
@martincostello
Avoid cloning Polly
aed812a 
Avoid cloning Polly to get the .NET SDK version to use, and instead output the value from the actions/setup-dotnet step in the build job.
@martincostello
Remove hard-coded repository URL
b2b0513 
Use `github.repository` to get the repository name instead of hard-coding it.
@martincostello
Use fork of AuthenticodeLint to fix validation
cff3f59 
Use fork of vcsjones/AuthenticodeLint that is compiled against vcsjones/AuthenticodeExaminer from source to resolve issues with validating Authenticode signatures of the DLLs.
@martincostello martincostello added the github_actions Pull requests that update GitHub Actions code label Oct 31, 2023
@martincostello martincostello changed the title Bump sign tool Fix package signing verification Oct 31, 2023
@martincostello martincostello marked this pull request as ready for review October 31, 2023 14:53
@martincostello
Copy link
Member Author

@martintmk I've logged bugs against the associated tools we use to validate the packages in CI. Once we have some feedback on those (and ideally some upstream fixes), then we can look at revisiting the automation to have a more regular feedback loop that doesn't need is to actually try and publish something to NuGet.org.

@martincostello martincostello merged commit 4d2dd5a into main Oct 31, 2023
18 checks passed
@martincostello martincostello deleted the bump-sign-tool branch October 31, 2023 16:13
@martincostello martincostello mentioned this pull request Oct 31, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@martintmk martintmk Awaiting requested review from martintmk

Assignees
No one assigned
Labels
bug fix CI/build dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code
Projects
None yet
Milestone
v8.1.0
Development

Successfully merging this pull request may close these issues.
2 participants
@martincostello @martintmk