Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use the managed signer to remove the code signature from singlefile bundles #110063

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Use the managed signer to remove the code signature from singlefile bundles #110063

wants to merge 3 commits into from
+47 −22

Conversation

jtschuster
Copy link
Member

@jtschuster jtschuster commented Nov 21, 2024
edited
Loading

When working on using the managed Mac signer in the SDK on non-mac hosts, I found that since the bundler uses codesign to remove the signature, we end up with an invalid signature for single file osx executables. This PR updates the bundler to use the managed signer to remove the signature.

Signing bundles requires a little more thought and effort since the headers/load commands need to be updated to include the bundle data in the file. This will be done in a separate PR.

Part of #110055.

@jtschuster jtschuster added the area-HostModel Microsoft.NET.HostModel issues label Nov 21, 2024
@jtschuster jtschuster added this to the 10.0.0 milestone Nov 21, 2024
@dotnet-policy-service Dotnet Policy Service
Copy link
Contributor

Tagging subscribers to this area: @vitek-karas, @agocke
See info in area-owners.md if you want to be subscribed.

@dotnet-policy-service Dotnet Policy Service
Copy link
Contributor

Tagging subscribers to this area: @agocke, @vitek-karas, @VSadov
See info in area-owners.md if you want to be subscribed.

@am11
Copy link
Member

am11 commented Nov 21, 2024

since the bundler uses codesign to remove the signature, we end up with an invalid signature for single file osx executables

Was it due to some unintentional refactoring? SingleFile was a no-diff in #108992 because it required follow-up work. I understand that ultimately we want to use managed codesign everywhere, just trying to understand do we know what went wrong?

@jtschuster
Copy link
Member Author

since the bundler uses codesign to remove the signature, we end up with an invalid signature for single file osx executables

Was it due to some unintentional refactoring? SingleFile was a no-diff in #108992 because it required follow-up work. I understand that ultimately we want to use managed codesign everywhere, just trying to understand do we know what went wrong?

Nothing went wrong, we would only end up with an invalid signature if we merge the SDK PR (dotnet/sdk#45019) before this. HostWriter.CreateAppHost would create a signed SingleFile host on Windows or Linux, but then Bundler wouldn't remove it before creating the bundle, since it only does signing tasks with codesign.

This was referenced Nov 21, 2024
Open
Open
elinor-fung
elinor-fung reviewed Nov 22, 2024
View reviewed changes
src/installer/managed/Microsoft.NET.HostModel/Bundle/Bundler.cs Outdated
// Note: We're comparing file paths both on the OS we're running on as well as on the target OS for the app
// We can't really make assumptions about the file systems (even on Linux there can be case insensitive file systems
// and vice versa for Windows). So it's safer to do case sensitive comparison everywhere.
var relativePathToSpec = new Dictionary<string, FileSpec>(StringComparer.Ordinal);

long headerOffset = 0;
using (BinaryWriter writer = new BinaryWriter(File.OpenWrite(bundlePath)))
using (FileStream bundle = File.Open(bundlePath, FileMode.Open, FileAccess.ReadWrite))
using (BinaryWriter writer = new BinaryWriter(bundle))
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

BinaryWriter will close the stream on dispose. Now that we're disposing of the stream ourselves, I expect we want to use the overload that allows specifying to leave it open.

src/installer/managed/Microsoft.NET.HostModel/Bundle/Bundler.cs Outdated
Comment on lines 293 to 294
newLength ??= new FileInfo(bundlePath).Length;
bundle.SetLength(newLength.Value);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updating the length should only be needed if TryRemoveCodesign returns true, right? Can we move this up into a conditional based on that?

src/installer/tests/Microsoft.NET.HostModel.Tests/Bundle/BundlerConsistencyTests.cs
.Execute(expectedToFail: !shouldCodesign);
if (!RuntimeInformation.IsOSPlatform(OSPlatform.OSX))
{
SigningTests.IsSigned(bundledApp).Should().BeFalse();
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shouldn't this be based on shouldCodeSign?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh, this is because the signing still goes through codesign itself / is macOS-only for now, right? Can you add a comment?

@jtschuster
PR Feedback:
3f85250 
- Add comment why single file hosts aren't signed on non-mac yet
- Set length of file only if the signature is removed
@build-analysis build-analysis bot mentioned this pull request Nov 23, 2024
Open
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@elinor-fung elinor-fung elinor-fung left review comments

@agocke agocke Awaiting requested review from agocke

At least 1 approving review is required to merge this pull request.

Assignees

@jtschuster jtschuster

Labels
area-HostModel Microsoft.NET.HostModel issues area-Single-File
Projects
AppModel
Status: No status
Milestone
10.0.0
Development

Successfully merging this pull request may close these issues.
3 participants
@jtschuster @am11 @elinor-fung