Skip to content

Remove the certificate allowlist from signcheck for nupkg verification #6593

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
riarenas merged 1 commit into from
Nov 19, 2020
Merged

Remove the certificate allowlist from signcheck for nupkg verification #6593

riarenas merged 1 commit into from
Nov 19, 2020

Conversation

@riarenas
Copy link
Contributor

@riarenas riarenas commented Nov 19, 2020

Removes the specific cert verification from the nupkg verifier. The NuGet team confirmed that this validation goes beyond what NuGet validates when pushing to nuget.org, and since the certs expire, maintaining this list becomes problematic for release branches.

I validated locally that adding it solves the issue seen in https://github.com/dotnet/core-eng/issues/11458 for packages signed with the new certificate.

I'll have a full arcade test build soon to validate whether this unblocks things end to end in a build.

@riarenas riarenas requested review from joeloff and mmitche November 19, 2020 16:39
@riarenas
Copy link
Contributor Author

riarenas commented Nov 19, 2020

Test build: https://dnceng.visualstudio.com/internal/_build/results?buildId=892519&view=results

@riarenas
Copy link
Contributor Author

riarenas commented Nov 19, 2020

Test build failed, kind of as expected. Repos will need an arcade update to be unblocked. I'll run a second build with the arcade sdk produced by the first build and that should work.

@riarenas
Copy link
Contributor Author

riarenas commented Nov 19, 2020

new test build: https://dnceng.visualstudio.com/internal/_build/results?buildId=892591&view=results

@riarenas
Copy link
Contributor Author

riarenas commented Nov 19, 2020

new test build with the arcade that this change will produce succeeded. Merging.

dotnet/core-eng#11458

@riarenas riarenas merged commit 69bf603 into dotnet:master Nov 19, 2020
This was referenced Nov 19, 2020
Merged
Merged
@riarenas riarenas deleted the riarenas/remove-nupkg-cert-allowlist branch January 13, 2021 20:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@joeloff joeloff joeloff approved these changes

@mmitche mmitche mmitche approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@riarenas @joeloff @mmitche