Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use the SignedFileContentKey as the key to the engine dictionary in SignTool #8002

Merged
merged 3 commits into from
Oct 6, 2021
Merged

Use the SignedFileContentKey as the key to the engine dictionary in SignTool #8002

merged 3 commits into from
Oct 6, 2021

Conversation

michellemcdaniel
Copy link
Contributor

@michellemcdaniel michellemcdaniel commented Oct 6, 2021
edited
Loading

To double check:

When performing post-build signing on a drop that has been partially released/partially signed (ie, the installer/sdk is unreleased and unsigned, but the runtime bits are already released/signed but not marked as released in BAR), we ended up in a scenario where we would have collisions in the dictionary that controlled signing the engine files. When we extract and then sign the engines, we create a dictionary of the engines. Before, we were simply using the path to the engine as the key to the dictionary. Additionally, if there were two files with the same name, we would extract their engines to the same place. This change changes both of these things, so that we can perform post-build signing on partially signed drops:

  1. Instead of using the path to the extracted engine, we use the SignedFileContentKey
  2. Instead of extracting all engines from files with the same file name, use a subdirectory using a counter (so that the directories are deterministic). Since these files have already been determined to be different (they have different hashes), and we have decided to extract engines from them, we should make sure there are no collisions when extracting their engines.

This has been tested in two post-build signing scenarios:

  1. No collisions, and should have the same behavior as before: https://dev.azure.com/dnceng/internal/_build/results?buildId=1403818&view=logs&j=9ff0e0af-24e7-5b0f-fa76-5e12fc9920ef&t=04e39753-8cfe-5fb5-2824-43b4c4b51e3b (confirmed that the number of engines signed in Round 2 is the same).
  2. Collisions because some files are from builds that have already been signed (ie, the original failure case): https://dev.azure.com/dnceng/internal/_build/results?buildId=1404733&view=logs&j=9ff0e0af-24e7-5b0f-fa76-5e12fc9920ef&t=04e39753-8cfe-5fb5-2824-43b4c4b51e3b (confirmed the number of engines extracted is the same, but there are no collisions, and all files get signed).

Fixes #7908

@michellemcdaniel
Make the engine dictionary smarter
62231f0 
When releasing an sdk-only release (where the sdk is new, but everything else has already been released), we occasionally end up in a state where we have two engines with the same filename but are different files, so we attempt to add them to the dictionary twice. This change does two different things:

1) Use the SignedFileContentKey as the key to the engine dictionary. This will prevent duplicate adds to it.
2) Extract the engines from two different files with the same filename to two different directories by using Guids. This will prevent us from extracting them to the same place (which insignia allows, but means that when we File.Delete later, the first copy will get signed but the second copy will have nothing, and would likely fail).
@michellemcdaniel
Fix
d9baca9
chcosta
chcosta approved these changes Oct 6, 2021
View reviewed changes
Copy link
Member

@chcosta chcosta left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks reasonable to me

mmitche
mmitche approved these changes Oct 6, 2021
View reviewed changes
Copy link
Member

@mmitche mmitche left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM and thanks for the really great PR description.

@michellemcdaniel michellemcdaniel merged commit 95e2c8d into dotnet:main Oct 6, 2021
@danmoseley danmoseley mentioned this pull request Feb 7, 2022
Closed
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chcosta chcosta chcosta approved these changes

@mmitche mmitche mmitche approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Make engine signing map during post-build signing a bit smarter
3 participants
@michellemcdaniel @mmitche @chcosta