Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SignCheck should validate files without extensions #4937

Closed
ellahathaway opened this issue Mar 6, 2025 · 4 comments
Closed

SignCheck should validate files without extensions #4937

ellahathaway opened this issue Mar 6, 2025 · 4 comments
Assignees
@ellahathaway
Labels
area-unified-build

Comments

@ellahathaway
Copy link
Member

We currently skip verifying files without extensions, but we should verify them because they can technically be signed.
@ellahathaway
Copy link
Member Author

We should not check all extensionless files because not all extensionless files are signable. Rather, we should only check extensionless files that the user specifically specifies and/or are included as ItemsToSign, if we're using a build manifest for sign checking.

@mmitche
Copy link
Member

mmitche commented Mar 10, 2025

Unfortunately the build manifest won't contain the signing information any longer, and wouldn't have had it anyway unless post build signing was on. Is there a way to identify whether an extensionless file is an executable on Linux/Mac?

@ellahathaway
Copy link
Member Author

ellahathaway commented Mar 10, 2025
edited
Loading

Unfortunately the build manifest won't contain the signing information any longer

Good to know. Current SignCheck infra assumes that it does, so I'll file an issue to get that logic cleaned up. Edit: Filed dotnet/arcade#15621

Is there a way to identify whether an extensionless file is an executable on Linux/Mac?

Yes, one option is to shell out to the command line and use "file". Another option may be to read the first two bytes of the file & check that or use some existing API

This was referenced Mar 10, 2025
Open
Closed
@ellahathaway
Copy link
Member Author

See dotnet/arcade#15623 (comment). Closing this issue and opening a new issue for verifying MachO files instead.

@ellahathaway ellahathaway closed this as not planned Won't fix, can't repro, duplicate, stale Mar 19, 2025
@ellahathaway ellahathaway self-assigned this Mar 19, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ellahathaway ellahathaway

Labels
area-unified-build
Projects
.NET Unified Build
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

SignCheck files without extensions ellahathaway/arcade
2 participants
@mmitche @ellahathaway