-
Notifications
You must be signed in to change notification settings - Fork 132
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enable signing validation on shipping VMR outputs #4068
Comments
I couldn't figure out the best area label to add to this issue. If you have write-permissions please help me learn by adding exactly one area label. |
T-Shirt Size: XS/S If this is formally covered by https://github.com/dotnet/release/issues/732 then this is likely as simple as running SignCheck over all the binaries. |
SignCheck does not run on .NET Core, so it's a bit tricky to implement this as a "post-build" step after each repo build. Rather than augment the entire SignCheck tool to work on core, I think that the best approach here would be to validate the produced package artifacts after the final join point. This test build is an example of what that validation would look like. Note that this validation only checks the artifacts in |
My test runs are failing due to unrelated build issues, so I will have to wait until those are resolved to get a final validation build. I plan on doing two builds:
The latter build will take a few hours, so best case I'll have final test runs by tomorrow morning. |
Enable signing validation of VMR build outputs. This may actually be formally covered by https://github.com/dotnet/release/issues/732 in the staging pipeline. Still, it may help to have an interim solution (e..g just running SignCheck over all the binaries to do verification)
The text was updated successfully, but these errors were encountered: