-
Notifications
You must be signed in to change notification settings - Fork 353
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SignCheck failing to validated javascript files are signed #7238
Comments
@chcosta none of us really know anything about SignCheck or why it might be failing for javascript files. Can you take a look? |
Ack, looking |
Haven't figured this out yet. For some reason, the behavior is different when running as a task versus running the signcheck app directly, and when running as a task, we're getting the TRUST_E_NOSIGNATURE error code even though I wouldn't expect any behavioral difference here. I'm still investigating. |
Side note, this is https://github.com/dotnet/core-eng/issues/9933, which was never resolved. If you need to unblock something, then you'd need to add exclusions for these files. Either way, I'll spend a little more time investigating unless @joeloff has a solution. |
We did fix this. The problem is that we need to ensure that we're running under a single threaded apartment, otherwise the code to which WinVerifyTrust calls into ends up failing. There was a fix I made in SignCheck last year to add the STAThread attribute to it. If you're running from a task, that's probably executing on an msbuild node. @rainersigwald do tasks in msbuild use single threaded apartments? Here's the PR: #5840 |
Only if opted in by applying the |
Spot on, that fixes it. Thanks all, I'll prepare a PR |
There are a few javascript files in runtime that we sign, that appear to get successfully signed (they have a signature), but that signcheck fails on: https://dev.azure.com/dnceng/internal/_build/results?buildId=1082658&view=logs&j=99de65b0-5466-527c-2773-3bea55ba597d&t=2939c30a-036c-51e0-0258-8924602c5671&l=128
SignCheck uses AuthentiCode -> WinVerifyTrust to verify that javascript files are signed. Something in this process is failing.
The text was updated successfully, but these errors were encountered: