Skip to content

[AI Generated] Ensure correct DSC export of admin settings#6109

Open
Trenly wants to merge 6 commits intomicrosoft:masterfrom
Trenly:copilot/ms-5881-fix-issue-5881
Open

[AI Generated] Ensure correct DSC export of admin settings#6109
Trenly wants to merge 6 commits intomicrosoft:masterfrom
Trenly:copilot/ms-5881-fix-issue-5881

Conversation

@Trenly
Copy link
Copy Markdown
Contributor

@Trenly Trenly commented Mar 26, 2026
edited by microsoft-github-policy-service bot
Loading

Copilot Summary

winget dsc export --all exports all admin settings as false even when enabled. Root cause: SecureSettingsContainer doesn't verify that verification hash writes succeed, causing subsequent reads to throw unhandled exceptions.

Changes

AdminSettings.cpp

  • Added exception handling around m_settingStream.Get() to catch verification failures
  • Falls back to default values with error logging instead of crashing

Settings.cpp

  • Changed SetVerificationData() to return bool indicating write success
  • SecureSettingsContainer::Set() now checks verification write result
  • Reverts main write if verification write fails (atomic operation)
  • Added diagnostic logging for verification failures

Technical Detail

SecureSettingsContainer stores settings in one file and SHA256 hash in another. Write path was:

bool Set(value) {
    bool result = ExchangeSettingsContainer::Set(value);
    if (result) {
        SetVerificationData(hash);  // Return value ignored - bug
    }
    return result;
}

Now enforces atomicity:

bool Set(value) {
    bool result = ExchangeSettingsContainer::Set(value);
    if (result) {
        if (!SetVerificationData(hash)) {
            Remove();  // Revert
            return false;
        }
    }
    return result;
}

Read path now handles verification exceptions gracefully rather than leaving settings at default values.

Microsoft Reviewers: Open in CodeFlow

Copilot AI and others added 5 commits March 26, 2026 00:43
@Trenly
Add exception handling for admin settings read failures
d00b1c4 
Co-authored-by: Trenly <12611259+Trenly@users.noreply.github.com>
Agent-Logs-Url: https://github.com/Trenly/winget-cli/sessions/a2b00ade-cc75-4ccf-bb63-6f81ef0e0176
@Trenly
Fix verification data write failure handling in SecureSettingsContainer
c4341bd 
Co-authored-by: Trenly <12611259+Trenly@users.noreply.github.com>
Agent-Logs-Url: https://github.com/Trenly/winget-cli/sessions/a2b00ade-cc75-4ccf-bb63-6f81ef0e0176
@Trenly
Address code review feedback: improve error messages and logging
8bd3ed3 
Co-authored-by: Trenly <12611259+Trenly@users.noreply.github.com>
Agent-Logs-Url: https://github.com/Trenly/winget-cli/sessions/a2b00ade-cc75-4ccf-bb63-6f81ef0e0176
@Trenly
Consolidate log messages per code review feedback
6bdec4d 
Co-authored-by: Trenly <12611259+Trenly@users.noreply.github.com>
Agent-Logs-Url: https://github.com/Trenly/winget-cli/sessions/a2b00ade-cc75-4ccf-bb63-6f81ef0e0176
@Trenly
Update release notes
2cd9085
@Trenly Trenly requested a review from a team as a code owner March 26, 2026 04:28
@Trenly Trenly changed the title Copilot/ms 5881 fix issue 5881 [AI Generated] Ensure correct DSC export of admin settings Mar 26, 2026
@JohnMcPMS
Copy link
Copy Markdown
Member

JohnMcPMS commented Mar 27, 2026

Should have test that intentionally corrupts the verification file of the admin settings to confirm that you get default values out.

@JohnMcPMS JohnMcPMS added the Needs-Author-Feedback Issue needs attention from issue or PR author label Mar 27, 2026
@Trenly
Add test for corrupted verification file
a2381d6 
Agent-Logs-Url: https://github.com/Trenly/winget-cli/sessions/31c7cc4d-743a-4f9d-9ff3-38156f36f278

Co-authored-by: Trenly <12611259+Trenly@users.noreply.github.com>
@Trenly
Copy link
Copy Markdown
Contributor Author

Trenly commented Mar 27, 2026
edited
Loading

Updated

@microsoft-github-policy-service microsoft-github-policy-service bot added Needs-Attention Issue needs attention from Microsoft and removed Needs-Author-Feedback Issue needs attention from issue or PR author labels Mar 27, 2026
@JohnMcPMS
Copy link
Copy Markdown
Member

JohnMcPMS commented Mar 27, 2026

/azp run

@azure-pipelines
Copy link
Copy Markdown

azure-pipelines bot commented Mar 27, 2026

Azure Pipelines successfully started running 1 pipeline(s).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

Needs-Attention Issue needs attention from Microsoft

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

winget dsc export --all has wrong values for Admin Settings

3 participants

@Trenly @JohnMcPMS