Skip to content

Port dotnet/arcade#16657: Add PowerShellScriptVerifier for cross-platform PS script signing#5829

Merged
ViktorHofer merged 1 commit intorelease/11.0.1xx-preview3from
port/signcheck-powershell-verifier
Apr 1, 2026
Merged

Port dotnet/arcade#16657: Add PowerShellScriptVerifier for cross-platform PS script signing#5829
ViktorHofer merged 1 commit intorelease/11.0.1xx-preview3from
port/signcheck-powershell-verifier

Conversation

@ViktorHofer
Copy link
Copy Markdown
Member

@ViktorHofer ViktorHofer commented Apr 1, 2026

Port of dotnet/arcade#16657 to the VMR.

Changes:

  • Add \PowerShellScriptVerifier\ with a custom \ISecurityInfoProvider\ that reads # SIG # Begin/End signature block\ comment-embedded signatures from PowerShell scripts
  • Make PowerShell file verification cross-platform (previously Windows-only)
  • Remove dead .vsix\ header-detection branch (VsixVerifier was deleted)

@ViktorHofer
Add PowerShellScriptVerifier for cross-platform PS script signing
d738b1b 
Port of dotnet/arcade#16657.

The AuthentiCodeVerifier uses PEReader which only works for PE files
(.exe/.dll), not text-based script files. When SignCheck encounters
.ps1/.psd1/.psm1/.ps1xml files, PEReader throws 'Unknown file format'.

Add PowerShellScriptVerifier (modeled after JavaScriptVerifier) with a
custom ISecurityInfoProvider that reads '# SIG # Begin/End signature
block' comment-embedded signatures from PowerShell scripts.

This also makes PowerShell file verification cross-platform (previously
Windows-only) and removes the dead .vsix header-detection branch since
VsixVerifier was deleted.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@dotnet-policy-service dotnet-policy-service bot requested a review from a team April 1, 2026 11:10
@dotnet dotnet deleted a comment from github-actions bot Apr 1, 2026
@ViktorHofer ViktorHofer enabled auto-merge (squash) April 1, 2026 12:40
@ViktorHofer ViktorHofer merged commit e4f9f09 into release/11.0.1xx-preview3 Apr 1, 2026
11 checks passed
@ViktorHofer ViktorHofer deleted the port/signcheck-powershell-verifier branch April 1, 2026 14:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@akoeplinger akoeplinger akoeplinger approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ViktorHofer @akoeplinger