Warn / Enable blocking skips on signature checks for daily dotnetup installs#11
Open
nagilson wants to merge 11 commits into
Open
Warn / Enable blocking skips on signature checks for daily dotnetup installs#11nagilson wants to merge 11 commits into
nagilson wants to merge 11 commits into
Conversation
Co-authored-by: Jacques Eloff <joeloff@users.noreply.github.com> Co-authored-by: Damon Tivel <dtivel@microsoft.com>
…nstalls initial starting guidance: The current 'daily' channel or 'daily' versions of the runtime or sdk skip sign checking because they are not signed yet. [Dotnetup: Skip signature validation for daily builds, but display warning · Issue dotnet#54278 · dotnet/sdk](dotnet#54278) This issue tracks the work we need to do and I want you to fully implement the requirements of this change Step 1: Add yellow text warning for any daily style build or any time we skip signature checks in the user visible output: "``` ⚠ Daily builds are not code-signed. Only the SHA-512 hash is verified. ```" We will probably run into this during the installation progress while we are still updating progress bars. So we'll have to make sure we have a good way to display it. We might defer displaying the warning until the installations complete if we don't have a good way of displaying additional output after the progress bars while they're still in progress. Step 2: Enable the ability to block installing the daily channel or daily builds at the point in time check where we fallback to the blob storage feed. This will be done with a registry key on Windows that can be enabled/set by It for example, similar to @"SOFTWARE\Policies\Microsoft\dotnet\Workloads\VerifySignatures which exists in the code today as a check to block the --skip-sign-check flag on workloads install. On Unix I _think_ this can be done with a file, checking the existence of a file such as /etc/dotnetup_disable_daily_sig_skip.conf that could be present, and read / check if the file is present (note, it will likely and should be owned by root, but must be readable by others ) 3. We should document that guidance as well as the IT policy/ file flag for this, with guidance. Be minimal and instructive on setup mostly. step 4: add a test for the yellow warning text and the opt out flags , might need to consider if /etc/ is writeableby the test platform and be able to delete it or not - or can have static functions or overrides to the location or reg key value or mock it somehow. see what other tests do in the repo but dont worry ab out this until afte the rest is done.
I dont want to have to expect every implementation entry point to have to call this method
nagilson
force-pushed
the
nagilson-dotnetup-daily-sign-check
branch
from
62cc9cc to
6b7d125
Compare
…tnetup-skip-daily-warn
…igration` new `Lens` `Router` deleting data (dotnet#54473) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
The current 'daily' channel or 'daily' versions of the runtime or sdk skip sign checking because they are not signed yet.
resolves (dotnet#54278)
Step 1:
Add yellow text warning for any daily style build or any time we skip signature checks in the user visible output:
We will probably run into this during the installation progress while we are still updating progress bars. So we'll have to make sure we have a good way to display it. We might defer displaying the warning until the installations complete if we don't have a good way of displaying additional output after the progress bars while they're still in progress.
Step 2:
Enable the ability to block installing the daily channel or daily builds at the point in time check where we fallback to the blob storage feed.
This will be done with a registry key on Windows that can be enabled/set by It for example, similar to @"SOFTWARE\Policies\Microsoft\dotnet\Workloads\VerifySignatures which exists in the code today as a check to block the --skip-sign-check flag on workloads install.
On Unix we think this can be done with a file, checking the existence of a file such as /etc/dotnetup_disable_daily_sig_skip.conf that could be present, and read / check if the file is present (note, it will likely and should be owned by root, but must be readable by others )
Step 3.
We should document that guidance as well as the IT policy/ file flag for this, with guidance. Be minimal and instructive on setup mostly.
step 4:
add a test for the yellow warning text and the opt out flags , might need to consider if /etc/ is writeableby the test platform and be able to delete it or not - or can have static functions or overrides to the location or reg key value or mock it somehow.