chore(nuget-sign): Use osslsigncode for now#92
Merged
RomainMuller merged 2 commits intomasterfrom Apr 11, 2019
Merged
Conversation
We cannot use mono's `signcode` tool until a release is available that supports SHA256 signatures, so we'll be using osslsigncode in interim. A patch has been submitted to mono to add support for SHA256 signatures should be making it to a release "soon". Related: mono/mono#11999
eladb
reviewed
Apr 11, 2019
Contributor
eladb
left a comment
There was a problem hiding this comment.
Can you describe how this was tested?
| "git merge $BRANCH", | ||
| "git remote add origin_ssh git@github.com:awslabs/aws-delivlib-sample.git", | ||
| "git push --follow-tags origin_ssh master" | ||
| "git describe --exact-match HEAD && { echo \"No new commits.\"; export SKIP=true; } || { echo \"Changes to release.\"; export SKIP=false; }", |
Contributor
Author
There was a problem hiding this comment.
It looks to me that the expectation is incorrect on the current master.
Contributor
Author
|
This was tested by running |
Contributor
|
Please run the delivlib integration test and make sure publishing with signing actually works. |
Contributor
Author
$ osslsigncode verify /Users/rmuller/Downloads/eladb.jsiisample.1.5.0.nupkg/lib/netstandard2.0/Eladb.JsiiSample.dll
Current PE checksum : 000105A7
Calculated PE checksum: 000105A7
Message digest algorithm : SHA256
Current message digest : 79AA8FCB5AAD4B4526354EAE3F6C42DDCDA903FA0ADC1594729ADA465BAE0F68
Calculated message digest : 79AA8FCB5AAD4B4526354EAE3F6C42DDCDA903FA0ADC1594729ADA465BAE0F68
Signature verification: ok
Number of signers: 1
Signer #0:
Subject: /CN=delivlib-test/C=IL/ST=Ztate/L=Zity/O=Amazon Test/OU=AWS/emailAddress=aws-cdk-dev+delivlib-test@amazon.com
Issuer : /CN=delivlib-test/C=IL/ST=Ztate/L=Zity/O=Amazon Test/OU=AWS/emailAddress=aws-cdk-dev+delivlib-test@amazon.com
Number of certificates: 3
Cert #0:
Subject: /CN=delivlib-test/C=IL/ST=Ztate/L=Zity/O=Amazon Test/OU=AWS/emailAddress=aws-cdk-dev+delivlib-test@amazon.com
Issuer : /CN=delivlib-test/C=IL/ST=Ztate/L=Zity/O=Amazon Test/OU=AWS/emailAddress=aws-cdk-dev+delivlib-test@amazon.com
Cert #1:
Subject: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Assured ID CA-1
Issuer : /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Assured ID Root CA
Cert #2:
Subject: /C=US/O=DigiCert/CN=DigiCert Timestamp Responder
Issuer : /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Assured ID CA-1
Succeeded |
eladb
approved these changes
Apr 11, 2019
Merged
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
We cannot use mono's
signcodetool until a release is available thatsupports SHA256 signatures, so we'll be using osslsigncode in interim.
A patch has been submitted to mono to add support for SHA256 signatures
should be making it to a release "soon".
Related: mono/mono#11999
A previous iteration of this code was already see in awslabs/cdk-ops@844181b86893436661f75c4be12baf312d03a32a