search

microsoft / winget-cli

WinGet is the Windows Package Manager. This project includes a CLI (Command Line Interface), PowerShell modules, and a COM (Component Object Model) API (Application Programming Interface).
https://learn.microsoft.com/windows/package-manager/
MIT License
22.54k stars 1.39k forks source link

Update expired certificate with incoming one #4568

Closed JohnMcPMS closed 6 days ago

JohnMcPMS commented 1 week ago

Change

Replace the expired store certificate with the newly generated one.

Validation

Certificate is used as expected during a manual test.

Microsoft Reviewers: Open in CodeFlow
yao-msft commented 1 week ago

There are unit tests with Store certs chain 2 as test input. When updating the certs, we used to move chain 2 to chain 1, and put the new certs as chain 2. (Unless we fixed those unit tests to not test on Store certs)

JohnMcPMS commented 1 week ago

There are unit tests with Store certs chain 2 as test input. When updating the certs, we used to move chain 2 to chain 1, and put the new certs as chain 2. (Unless we fixed those unit tests to not test on Store certs)

From reviewing the tests, it doesn't look like it matters much which chain is 1 or 2. The unit tests pass.

yao-msft commented 1 week ago

From reviewing the tests, it doesn't look like it matters much which chain is 1 or 2. The unit tests pass.

The unit tests pass because chain 2 certs have not expired yet. In Nov when chain 2 certs expired, the tests will fail. Like what Ruben did when chain 1 certs expired. https://github.com/microsoft/winget-cli/pull/3435

After that we try to make chain 2 certs the ones with later expiration dates. But I'm ok if we update the tests with our own created certs later.

JohnMcPMS commented 1 week ago

/azp run

azure-pipelines[bot] commented 1 week ago
Azure Pipelines successfully started running 1 pipeline(s).