search

App-vNext / Polly

Polly is a .NET resilience and transient-fault-handling library that allows developers to express policies such as Retry, Circuit Breaker, Timeout, Bulkhead Isolation, and Fallback in a fluent and thread-safe manner. From version 6.0.1, Polly targets .NET Standard 1.1 and 2.0+.
https://www.thepollyproject.org
BSD 3-Clause "New" or "Revised" License
13.32k stars 1.22k forks source link

[Bug]: Signature validation is failing during tag releases #1760

Closed martincostello closed 10 months ago

martincostello commented 10 months ago

Describe the bug

Trying to release 8.1.0, the validate-signed-packages job is failing as the Authenticode signatures appear to be invalid: workflow logs.

I've unpublished the release and deleted the tag while I investigate what's going wrong.

Expected behavior

The binaries are signed with a valid Authenticode signature.

Actual behavior

Multiple binaries are not correctly Authenticode signed.

Steps to reproduce

Create a new tag.

Exception(s) (if any)

See workflow logs.

Polly version

No response

.NET Version

No response

Anything else?

No response

martincostello commented 10 months ago

Looks like there was a new release of the sign tool yesterday - maybe updating that will help.

martincostello commented 10 months ago

Investigation so far:

  1. Trying to view the Authenticode signatures of the DLLs inside the NuGet packages in NuGet Package Explorer fails with this exception: image
  2. Running vcsjones/AuthenticodeLint locally fails with a similar exception here: image 
    System.ArgumentNullException
HResult=0x80004003
Message=Value cannot be null. Arg_ParamName_Name
Source=System.Private.CoreLib
StackTrace:
at System.Runtime.InteropServices.Marshal.CopyToManaged[T](IntPtr source, T[] destination, Int32 startIndex, Int32 length)
at AuthenticodeExaminer.CmsSignatureBase.ReadAttributes(CRYPT_ATTRIBUTES attributes)
at AuthenticodeExaminer.CmsSignature.InitFromHandles(CryptMsgSafeHandle messageHandle, LocalBufferSafeHandle signerHandle)
at AuthenticodeExaminer.CmsSignature..ctor(AsnEncodedData data, SignatureKind kind)
at AuthenticodeExaminer.CmsSignature.GetNestedSignatures()
at AuthenticodeLint.SignatureExtensions.<VisitAll>d__0.MoveNext() in C:\Coding\vcsjones\AuthenticodeLint\AuthenticodeLint\SignatureExtensions.cs:line 10
at AuthenticodeLint.SignatureExtensions.<VisitAll>d__1.MoveNext() in C:\Coding\vcsjones\AuthenticodeLint\AuthenticodeLint\SignatureExtensions.cs:line 38
at AuthenticodeLint.Rules.NoWeakFileDigestAlgorithmsRule.Validate(IReadOnlyList`1 graph, SignatureLogger verboseWriter, CheckConfiguration configuration) in C:\Coding\vcsjones\AuthenticodeLint\AuthenticodeLint\Rules\10002-NoWeakFileDigestAlgorithmsRule.cs:line 20
at AuthenticodeLint.CheckEngine.RunAllRules(String file, IReadOnlyList`1 signatures, List`1 collectors, CheckConfiguration configuration) in C:\Coding\vcsjones\AuthenticodeLint\AuthenticodeLint\CheckEngine.cs:line 59
at AuthenticodeLint.Program.Main(String[] args) in C:\Coding\vcsjones\AuthenticodeLint\AuthenticodeLint\Program.cs:line 175

Maybe something in the last two .NET SDK updates broke something in NuGet when packages are signed or something in Azure Sign Service broken something...

martincostello commented 10 months ago

Rebuilding the linter from source and building its dependency from source works as expected and validates the signatures.

Short-term fix is to commit that into a fork of the repository and to build and run that version in our release process. Once that's set up and working, I can dig further post-release to find the true root cause of the issue and sort things out in a less string-and-duct-tape way.

martincostello commented 10 months ago

Possibly somehow related to https://github.com/dotnet/sdk/issues/33928.

martincostello commented 10 months ago

Resolved by #1761 - looks like the code issue is https://github.com/vcsjones/AuthenticodeExaminer/issues/19, which also affects NuGet Package Explorer, but something else changed to trigger that underlying issue.