Disable FullAssemblySigningSupported by default on non-Windows platforms#16566
Open
aw0lid wants to merge 1 commit intodotnet:mainfrom
Open
Disable FullAssemblySigningSupported by default on non-Windows platforms#16566aw0lid wants to merge 1 commit intodotnet:mainfrom
aw0lid wants to merge 1 commit intodotnet:mainfrom
Conversation
Author
|
As planned here, this is Step 2: changing the global default in Arcade. This follows the completion of Step 1 (the F# fixes in dotnet/fsharp#19242). |
jkotas
requested changes
Mar 4, 2026
| <Project> | ||
|
|
||
| <PropertyGroup> | ||
| <FullAssemblySigningSupported Condition="'$(FullAssemblySigningSupported)' == '' and '$(OS)' != 'Windows_NT'">false</FullAssemblySigningSupported> |
Member
There was a problem hiding this comment.
This Directory.Builds.props is for Arcade repo build only.
This needs to apply to all repos that use Arcade - similar to how it works for source-build today. I think this is the right place to change this:
Member
|
It may be better to submit this change via https://github.com/dotnet/dotnet to make it easier to validate that nothing got broken and revert if needed. |
This was referenced Mar 4, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes dotnet/runtime#123010
Summary
This PR changes the default value of
FullAssemblySigningSupportedtofalsefor non-Windows builds within the Arcade SDK. This ensures a smoother developer experience on modern Linux distributions (like RHEL 9/10) where strict security policies disable RSA+SHA-1, which is required for strong-name signing.Context & Reasoning
As reported in dotnet/runtime#123010, building .NET repositories on modern Linux environments fails because the build system attempts full assembly signing using SHA-1 by default. Since full signing is typically only required for official Microsoft builds, we are moving the default to
falsefor all non-Windows platforms.This is the second phase of the plan discussed with @jkotas in dotnet/runtime#123401:
dotnet/fsharpto signing to maintain stability (dotnet/fsharp#19242).Changes
Directory.Build.propsto setFullAssemblySigningSupportedtofalseon non-Windows platforms.Condition="'$(FullAssemblySigningSupported)' == ''"to allow projects to manually opt-in if full signing is explicitly required.Validation
FullAssemblySigningSupportedevaluates tofalseby default using a test project.trueby default).XliffTasks) completes successfully on Linux without requiring manual flags.Related Issues