Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable StrongName verification in SignCheck #15602

Merged
merged 4 commits into from
Mar 11, 2025
Merged

Enable StrongName verification in SignCheck #15602

merged 4 commits into from
Mar 11, 2025

Conversation

ellahathaway
Copy link
Member

@ellahathaway ellahathaway commented Mar 6, 2025
edited
Loading

Closes dotnet/source-build#4884

Enable StrongName validation with SignCheck on .NET Core. This PR shares the SN logic from SignTool to SignCheck by moving the logic to a new classlib called Microsoft.DotNet.StrongName and consuming the functionality in SignTool & SignCheck.

Example

Ran SignCheck on https://www.nuget.org/api/v2/package/dotnet-ef/9.0.2. This was the outcome:

<SignCheckResults>
  <File Name="dotnet-ef.9.0.2.nupkg" Outcome="Signed">
    <File Name="dotnet-ef.9.0.2.nupkg/_rels/.rels" Outcome="Skipped" />
    <File Name="dotnet-ef.9.0.2.nupkg/dotnet-ef.nuspec" Outcome="Skipped" />
    <File Name="dotnet-ef.9.0.2.nupkg/Icon.png" Outcome="Skipped" />
    <File Name="dotnet-ef.9.0.2.nupkg/docs/PACKAGE.md" Outcome="Skipped" />
    <File Name="dotnet-ef.9.0.2.nupkg/tools/net8.0/any/DotnetToolSettings.xml" Outcome="Skipped" />
    <File Name="dotnet-ef.9.0.2.nupkg/tools/net8.0/any/shims/win-x64/dotnet-ef.exe" Outcome="Signed" AuthentiCode="Timestamp: 01/17/25 17:31:39 (sha256RSA), AuthentiCode signed: True" StrongName="No StrongName signature (NGEN/CrossGen image)." />
    <File Name="dotnet-ef.9.0.2.nupkg/tools/net8.0/any/dotnet-ef.deps.json" Outcome="Skipped" />
    <File Name="dotnet-ef.9.0.2.nupkg/tools/net8.0/any/ef.runtimeconfig.json" Outcome="Skipped" />
    <File Name="dotnet-ef.9.0.2.nupkg/tools/net8.0/any/shims/win-x86/dotnet-ef.exe" Outcome="Signed" AuthentiCode="Timestamp: 01/17/25 17:31:29 (sha256RSA), AuthentiCode signed: True" StrongName="No StrongName signature (NGEN/CrossGen image)." />
    <File Name="dotnet-ef.9.0.2.nupkg/tools/net8.0/any/dotnet-ef.dll" Outcome="Signed" AuthentiCode="Timestamp: 01/17/25 17:31:29 (sha256RSA), AuthentiCode signed: True" StrongName="StrongName signed: True, Public key = adb9793829ddae60" />
    <File Name="dotnet-ef.9.0.2.nupkg/tools/net8.0/any/dotnet-ef.runtimeconfig.json" Outcome="Skipped" />
    <File Name="dotnet-ef.9.0.2.nupkg/tools/net8.0/any/shims/win-arm64/dotnet-ef.exe" Outcome="Signed" AuthentiCode="Timestamp: 01/17/25 17:31:30 (sha256RSA), AuthentiCode signed: True" StrongName="No StrongName signature (NGEN/CrossGen image)." />
    <File Name="dotnet-ef.9.0.2.nupkg/tools/net8.0/any/dotnet-ef.exe" Outcome="Signed" AuthentiCode="Timestamp: 01/17/25 17:31:30 (sha256RSA), AuthentiCode signed: True" StrongName="No StrongName signature (NGEN/CrossGen image)." />
    <File Name="dotnet-ef.9.0.2.nupkg/tools/net8.0/any/tools/netcoreapp2.0/any/ef.dll" Outcome="Signed" AuthentiCode="Timestamp: 01/17/25 17:32:14 (sha256RSA), AuthentiCode signed: True" StrongName="StrongName signed: True, Public key = adb9793829ddae60" />
    <File Name="dotnet-ef.9.0.2.nupkg/tools/net8.0/any/tools/netcoreapp2.0/any/ef.runtimeconfig.json" Outcome="Skipped" />
    <File Name="dotnet-ef.9.0.2.nupkg/tools/net8.0/any/tools/net472/any/ef.exe" Outcome="Signed" AuthentiCode="Timestamp: 01/17/25 17:33:25 (sha256RSA), AuthentiCode signed: True" StrongName="StrongName signed: True, Public key = adb9793829ddae60" />
    <File Name="dotnet-ef.9.0.2.nupkg/tools/net8.0/any/tools/net472/win-x86/ef.exe" Outcome="Signed" AuthentiCode="Timestamp: 01/17/25 17:31:29 (sha256RSA), AuthentiCode signed: True" StrongName="StrongName signed: True, Public key = adb9793829ddae60" />
    <File Name="dotnet-ef.9.0.2.nupkg/tools/net8.0/any/tools/net472/win-arm64/ef.exe" Outcome="Signed" AuthentiCode="Timestamp: 01/17/25 17:31:29 (sha256RSA), AuthentiCode signed: True" StrongName="StrongName signed: True, Public key = adb9793829ddae60" />
    <File Name="dotnet-ef.9.0.2.nupkg/[Content_Types].xml" Outcome="Skipped" />
    <File Name="dotnet-ef.9.0.2.nupkg/package/services/metadata/core-properties/a812c08dbe0b4e168df2a9a030bdf821.psmdcp" Outcome="Skipped" />
    <File Name="dotnet-ef.9.0.2.nupkg/.signature.p7s" Outcome="Skipped" />
  </File>
</SignCheckResults>

Token info validated manually with sn:

sn -T dotnet-ef.dll 
Mono StrongName - version 6.8.0.105
StrongName utility for signing assemblies
Copyright 2002, 2003 Motus Technologies. Copyright 2004-2008 Novell. BSD licensed.

Public Key Token: adb9793829ddae60

@ellahathaway
Copy link
Member Author

ellahathaway commented Mar 6, 2025
edited
Loading

https://dev.azure.com/dnceng/internal/_build/results?buildId=2657811&view=results

The pipeline results are correct. I pulled assemblies that are strongnamed and not strongnamed and validated the SignCheck output manually.

@ellahathaway ellahathaway marked this pull request as ready for review March 7, 2025 18:42
@ellahathaway ellahathaway requested a review from mmitche March 7, 2025 18:42
@ellahathaway ellahathaway merged commit dbb4142 into dotnet:main Mar 11, 2025
11 checks passed
@ellahathaway ellahathaway deleted the signcheck-strongname branch March 11, 2025 17:22
YuliiaKovalova pushed a commit that referenced this pull request Mar 20, 2025
@ellahathaway @YuliiaKovalova
Enable StrongName verification in SignCheck (#15602)
bcabd7f
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mmitche mmitche mmitche approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Replace SignCheck's SN Verification with SignTool's Implementation
2 participants
@ellahathaway @mmitche