Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Component .pkgs that were signed using SignTool are being reported as "not signed" #4889

Open
ellahathaway opened this issue Feb 7, 2025 · 0 comments
Open

Component .pkgs that were signed using SignTool are being reported as "not signed" #4889

ellahathaway opened this issue Feb 7, 2025 · 0 comments
Labels
area-unified-build

Comments

@ellahathaway
Copy link
Member

Related to dotnet/arcade#15489

After adding the SignCheck logic to check .pkg signatures, I discovered that component (nested) pkgs are being reported as "unsigned". I validated this locally by pulling a signed installer pkg, unpacking the installer, and verifying the component pkg. When I did this, the component pkg was reported to not have a signature. This is despite SignTool + MicroBuild binlogs showing that the component pkg was submitted for signing and was signed successfully.

Interestingly, when I then repacked the installer pkg and reverified it's signature, it was reported to not be signed. This suggests that the repack logic is likely modifying the package.

We should investigate this further.

cc @mmitche
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area-unified-build
Projects
.NET Unified Build
Status: No status
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ellahathaway