[release/10.0.3xx] Source code updates from dotnet/arcade (#5316)

dotnet-maestro[bot] · web-flow · commit 695853e77c90 · 2026-03-15T16:45:47.000+01:00
Co-authored-by: dotnet-maestro[bot] &lt;dotnet-maestro[bot]@users.noreply.github.com&gt;
diff --git a/src/arcade/eng/Version.Details.xml b/src/arcade/eng/Version.Details.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="utf-8"?>
 <Dependencies>
-  <Source Uri="https://github.com/dotnet/dotnet" Mapping="arcade" Sha="b6995982889aca81f3e8a3e1406629e1f379b31f" BarId="295588" />
+  <Source Uri="https://github.com/dotnet/dotnet" Mapping="arcade" Sha="7b28be752296e052a57e85fac1b2be81917fe569" BarId="305997" />
   <ProductDependencies>
   </ProductDependencies>
   <ToolsetDependencies>
@@ -174,4 +174,4 @@
       <Sha>0a2e291c0d9c0c7675d445703e51750363a549ef</Sha>
     </Dependency>
   </ToolsetDependencies>
-</Dependencies>
+</Dependencies>
diff --git a/src/arcade/global.json b/src/arcade/global.json
@@ -1,6 +1,6 @@
 {
   "sdk": {
-    "version": "10.0.101",
+    "version": "10.0.104",
     "rollForward": "latestFeature",
     "paths": [
       ".dotnet",
@@ -9,7 +9,7 @@
     "errorMessage": "The required .NET SDK wasn't found. Please run ./eng/common/dotnet.cmd/sh to install it."
   },
   "tools": {
-    "dotnet": "10.0.101"
+    "dotnet": "10.0.104"
   },
   "msbuild-sdks": {
     "Microsoft.DotNet.Arcade.Sdk": "10.0.0-beta.26123.2",
diff --git a/src/arcade/src/Microsoft.DotNet.Build.Tasks.Installers/build/installer.build.targets b/src/arcade/src/Microsoft.DotNet.Build.Tasks.Installers/build/installer.build.targets
@@ -249,11 +249,11 @@
     <Exec Command="chmod ugo+x '$(_LayoutControlRoot)postrm'"
           Condition="'@(LinuxPostRemoveScript)' != ''" />
 
-    <Exec Command="tar -C '$(_LayoutControlRoot)' -czf '$(_LayoutDirectory)/control.tar.gz' ."
+    <Exec Command="tar --owner=root --group=root -C '$(_LayoutControlRoot)' -czf '$(_LayoutDirectory)/control.tar.gz' ."
           IgnoreExitCode="true"
           IgnoreStandardErrorWarningFormat="true" />
     
-    <Exec Command="tar -C '$(_LayoutDataRoot)' -czf '$(_LayoutDirectory)/data.tar.gz' ."
+    <Exec Command="tar --owner=root --group=root -C '$(_LayoutDataRoot)' -czf '$(_LayoutDirectory)/data.tar.gz' ."
           IgnoreExitCode="true"
           IgnoreStandardErrorWarningFormat="true" />
 
diff --git a/src/arcade/src/Microsoft.DotNet.SignTool.Tests/SignToolTests.cs b/src/arcade/src/Microsoft.DotNet.SignTool.Tests/SignToolTests.cs
@@ -440,18 +440,18 @@ private void ValidateProducedDebContent(
 
                 using MD5 md5 = MD5.Create();
                 using FileStream fileStream = File.OpenRead(layoutFilePath);
-                string newHash = Convert.ToHexString(md5.ComputeHash(fileStream));
+                string newHash = Convert.ToHexStringLower(md5.ComputeHash(fileStream));
 
                 if (signableFiles.Contains(targetSystemFilePath))
                 {
                     newHash.Should().NotBe(originalHash);
-                    md5sumsContents.Should().Contain($"{newHash} {targetSystemFilePath}");
-                    md5sumsContents.Should().NotContain($"{originalHash} {targetSystemFilePath}");
+                    md5sumsContents.Should().Contain($"{newHash}  {targetSystemFilePath}");
+                    md5sumsContents.Should().NotContain($"{originalHash}  {targetSystemFilePath}");
                 }
                 else
                 {
                     newHash.Should().Be(originalHash);
-                    md5sumsContents.Should().Contain($"{originalHash} {targetSystemFilePath}");
+                    md5sumsContents.Should().Contain($"{originalHash}  {targetSystemFilePath}");
                 }
             }
 
@@ -1831,8 +1831,8 @@ public void CheckDebSigning()
 
             var expectedFilesOriginalHashes = new (string, string)[]
             {
-                ("usr/local/bin/hello", "644981BBD6F4ED1B3CF68CD0F47981AA"),
-                ("usr/local/bin/mscorlib.dll", "B80EEBA2B8616B7C37E49B004D69BBB7")
+                ("usr/local/bin/hello", "644981bbd6f4ed1b3cf68cd0f47981aa"),
+                ("usr/local/bin/mscorlib.dll", "b80eeba2b8616b7c37e49b004d69bbb7")
             };
             string[] signableFiles = ["usr/local/bin/mscorlib.dll"];
             string expectedControlFileContent = "Package: test\nVersion: 1.0\nSection: base\nPriority: optional\nArchitecture: all\n";
@@ -3635,5 +3635,132 @@ public void ContainerSigningWithDoNotUnpackViaFileExtensionSignInfo()
                 "File 'NestedContainer.1.0.0.nupkg' Certificate='NuGet'",
             });
         }
+
+        [Fact]
+        public void NotarizationRetriesOnFailure()
+        {
+            // List of files to be considered for signing
+            var itemsToSign = new List<ItemToSign>()
+            {
+                new ItemToSign(GetResourcePath("test.pkg"))
+            };
+
+            // Default signing information
+            var strongNameSignInfo = new Dictionary<string, List<SignInfo>>()
+            {
+                { "581d91ccdfc4ea9c", new List<SignInfo>{ new SignInfo(certificate: "ArcadeCertTest", strongName: "ArcadeStrongTest") } }
+            };
+
+            // Set up the cert to allow for signing and notarization.
+            var additionalCertificateInfo = new Dictionary<string, List<AdditionalCertificateInformation>>()
+            {
+                {  "MacDeveloperHardenWithNotarization",
+                    new List<AdditionalCertificateInformation>() {
+                        new AdditionalCertificateInformation() { MacNotarizationAppName = "dotnet", MacSigningOperation = "MacDeveloperHarden" }
+                    }
+                }
+            };
+
+            // Overriding information
+            var fileSignInfo = new Dictionary<ExplicitSignInfoKey, FileSignInfoEntry>()
+            {
+                { new ExplicitSignInfoKey("test.pkg"), new FileSignInfoEntry("MacDeveloperHardenWithNotarization") }
+            };
+
+            var configuration = new Configuration(_tmpDir,
+                itemsToSign,
+                strongNameSignInfo,
+                fileSignInfo,
+                s_fileExtensionSignInfo,
+                additionalCertificateInfo,
+                itemsToSkip3rdPartyCheck: null,
+                tarToolPath: null,
+                pkgToolPath: null,
+                snPath: null,
+                new TaskLoggingHelper(new FakeBuildEngine(_output), "SignToolTests"),
+                telemetry: null);
+
+            var parsedSigningInput = configuration.GenerateListOfFiles();
+
+            // Create a fake build engine to track build calls
+            var fakeBuildEngine = new FakeBuildEngineWithFailures(_output, failNotarizationCount: 3);
+            var fakeLog = new TaskLoggingHelper(fakeBuildEngine, "SignToolTests");
+
+            var args = new SignToolArgs(
+                tempPath: _tmpDir,
+                microBuildCorePath: CreateTestResource("MicroBuild.Core"),
+                testSign: true,
+                dotnetPath: null,
+                msbuildVerbosity: "quiet",
+                logDir: _tmpDir,
+                enclosingDir: "",
+                snBinaryPath: null,
+                wix3ToolsPath: null,
+                wixToolsPath: null,
+                tarToolPath: null,
+                pkgToolPath: null,
+                dotnetTimeout: -1);
+
+            var signTool = new FakeSignTool(args, fakeLog);
+
+            var util = new BatchSignUtil(
+                fakeBuildEngine,
+                fakeLog,
+                signTool,
+                parsedSigningInput,
+                Array.Empty<string>(),
+                null);
+
+            util.Go(false);
+
+            // Verify that notarization was retried
+            fakeBuildEngine.NotarizationAttempts.Should().Be(4, "Notarization should succeed on the 4th attempt after 3 failures");
+        }
+    }
+
+    /// <summary>
+    /// Fake build engine that can simulate notarization failures
+    /// </summary>
+    internal class FakeBuildEngineWithFailures : IBuildEngine
+    {
+        private readonly int _failNotarizationCount;
+        private int _notarizationAttemptsSoFar = 0;
+        private readonly FakeBuildEngine _innerEngine;
+
+        public int NotarizationAttempts => _notarizationAttemptsSoFar;
+
+        public FakeBuildEngineWithFailures(ITestOutputHelper output, int failNotarizationCount)
+        {
+            _failNotarizationCount = failNotarizationCount;
+            _innerEngine = new FakeBuildEngine(output);
+        }
+
+        public bool BuildProjectFile(string projectFileName, string[] targetNames, System.Collections.IDictionary globalProperties, System.Collections.IDictionary targetOutputs)
+        {
+            // Check if this is a notarization project
+            if (projectFileName.Contains("Notarize"))
+            {
+                _notarizationAttemptsSoFar++;
+                
+                // Fail the first N attempts
+                if (_notarizationAttemptsSoFar <= _failNotarizationCount)
+                {
+                    return false;
+                }
+            }
+
+            // Otherwise use the inner engine implementation
+            return _innerEngine.BuildProjectFile(projectFileName, targetNames, globalProperties, targetOutputs);
+        }
+
+        public int ColumnNumberOfTaskNode => _innerEngine.ColumnNumberOfTaskNode;
+        public bool ContinueOnError { get => _innerEngine.ContinueOnError; set => _innerEngine.ContinueOnError = value; }
+        public int LineNumberOfTaskNode => _innerEngine.LineNumberOfTaskNode;
+        public string ProjectFileOfTaskNode => _innerEngine.ProjectFileOfTaskNode;
+
+        public void LogCustomEvent(CustomBuildEventArgs e) => _innerEngine.LogCustomEvent(e);
+        public void LogErrorEvent(BuildErrorEventArgs e) => _innerEngine.LogErrorEvent(e);
+        public void LogMessageEvent(BuildMessageEventArgs e) => _innerEngine.LogMessageEvent(e);
+        public void LogWarningEvent(BuildWarningEventArgs e) => _innerEngine.LogWarningEvent(e);
     }
 }
diff --git a/src/arcade/src/Microsoft.DotNet.SignTool/src/SignTool.cs b/src/arcade/src/Microsoft.DotNet.SignTool/src/SignTool.cs
@@ -191,8 +191,37 @@ private bool AuthenticodeSignAndNotarize(IBuildEngine buildEngine, int round, IE
             {
                 var notarizeProjectPath = Path.Combine(dir, $"Round{round}-Notarize.proj");
                 File.WriteAllText(notarizeProjectPath, GenerateBuildFileContent(filesToNotarize, null, true));
-                string notarizeLogName = $"NotarizationRound{round}";
-                status = RunMSBuild(buildEngine, notarizeProjectPath, Path.Combine(_args.LogDir, $"{notarizeLogName}.binlog"), Path.Combine(_args.LogDir, $"{notarizeLogName}.log"), Path.Combine(_args.LogDir, $"{notarizeLogName}.error.log"));
+                
+                // Notarization can be flaky, so retry up to 5 times with no wait between retries
+                const int maxRetries = 5;
+                int attempt = 0;
+                bool notarizationSucceeded = false;
+                
+                _log.LogMessage(MessageImportance.High, $"Starting notarization with up to {maxRetries} attempts");
+                
+                while (attempt < maxRetries && !notarizationSucceeded)
+                {
+                    attempt++;
+                    _log.LogMessage(MessageImportance.High, $"Notarization attempt {attempt} of {maxRetries}");
+                    
+                    string notarizeLogName = $"NotarizationRound{round}-Attempt{attempt}";
+                    notarizationSucceeded = RunMSBuild(buildEngine, notarizeProjectPath, 
+                        Path.Combine(_args.LogDir, $"{notarizeLogName}.binlog"), 
+                        Path.Combine(_args.LogDir, $"{notarizeLogName}.log"), 
+                        Path.Combine(_args.LogDir, $"{notarizeLogName}.error.log"));
+                    
+                    if (!notarizationSucceeded && attempt < maxRetries)
+                    {
+                        _log.LogMessage(MessageImportance.High, $"Notarization failed on attempt {attempt}. Retrying...");
+                    }
+                }
+                
+                if (!notarizationSucceeded)
+                {
+                    _log.LogError($"Notarization failed after {maxRetries} attempts");
+                }
+                
+                status = notarizationSucceeded;
             }
 
             return status;
diff --git a/src/source-manifest.json b/src/source-manifest.json
@@ -1,10 +1,10 @@
 {
   "repositories": [
     {
-      "barId": 304224,
+      "barId": 306186,
       "path": "arcade",
       "remoteUri": "https://github.com/dotnet/arcade",
-      "commitSha": "5976b9d3d62aaac137169c638af21096bd8e8fcd"
+      "commitSha": "e365cfcb58176841c2fb80d1a40926f394776970"
     },
     {
       "barId": 288647,

Original file line number	Diff line number	Diff line change
`@@ -1,10 +1,10 @@`
`1`	`1`	`{`
`2`	`2`	`"repositories": [`
`3`	`3`	`{`
`4`		`- "barId": 304224,`
	`4`	`+ "barId": 306186,`
`5`	`5`	`"path": "arcade",`
`6`	`6`	`"remoteUri": "https://github.com/dotnet/arcade",`
`7`		`- "commitSha": "5976b9d3d62aaac137169c638af21096bd8e8fcd"`
	`7`	`+ "commitSha": "e365cfcb58176841c2fb80d1a40926f394776970"`
`8`	`8`	`},`
`9`	`9`	`{`
`10`	`10`	`"barId": 288647,`