Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Restore old signing to get out hotfix release #2004

Merged
merged 1 commit into from
May 19, 2024
Merged

Restore old signing to get out hotfix release #2004

merged 1 commit into from
May 19, 2024

Conversation

chkr1011
Copy link
Collaborator

This PR restores the old signing code so that a hotfix can be released. Upload to nuget is not working.

@chkr1011 chkr1011 merged commit 918a3c8 into master May 19, 2024
3 checks passed
@chkr1011 chkr1011 deleted the restore-old-signing branch May 19, 2024 14:39
@CZEMacLeod
Copy link
Contributor

@chkr1011 looking at these two build processes, I think you need to keep the certificate.snk bit and the SignAssembly and AssemblyOriginatorKeyFile properties - these are for strong nameing and affect the naming of the assembly.
The sign tool applies digital signatures that prove the DLL was built by the owner of the certificate, and has not been modified (and the same of the nuget package by signing the nuget (zip) file).
My public nuget packages have (require) both types of 'signature'.

@chkr1011
Copy link
Collaborator Author

The problem I has was that I need to import the certificate into nuget somehow. Otherwise, I cannot publish the packet. Myget accepts them (see: https://www.myget.org/feed/mqttnet/package/nuget/MQTTnet/5.0.0.1145). But I only got some keys, IDs etc. from the .NET Foundation and no actual certificate file. So, I have to figure out how to export it and import it into nuget.

Regarding the strong name if found this:

For .NET Core and .NET 5 , strong-named assemblies do not provide material benefits. The runtime never validates the strong-name signature, nor does it use the strong-name for assembly binding.

But since the project also covers older frameworks, I will restore the SignAssembly stuff (or keep it as soon as the certificate is imported to nuget).

@rido-min
Copy link
Member

So, I have to figure out how to export it and import it into nuget.

this article might be useful https://learn.microsoft.com/en-us/nuget/create-packages/sign-a-package#register-the-certificate-on-nugetorg

@chkr1011
Copy link
Collaborator Author

@rido-min The thing is that I need an actual certificate file. I only got some tenant ID, subscription ID and so on (see CI script). Now I have to upload the certificate to nuget but don't have a certificate file. I found some articles on how to download a certificate from key vault via API only but was not able to execute it properly (yet).

@rido-min
Copy link
Member

the certificate is already in the signed packages (without the private key)

So I downloaded the signed packages from: https://github.com/dotnet/MQTTnet/actions/runs/9148210346/artifacts/1517149691

And then extract the certificate with NuGetPackageExplorer (iirc there is an option in a cli)

X.509v3 TLS Certificate (RSA 4096) [Serial: 2793...4564]
  Subject:     MQTTNET (.NET Foundation)
  Issuer:      .NET Foundation Projects Code Signing CA2
  Valid from:  2024-05-15T00:00:00Z
          to:  2027-05-14T23:59:59Z

pasted below for reference.

-----BEGIN CERTIFICATE-----
MIIHpDCCBYygAwIBAgIQAhoXLJfHLAljF9zyG2bgpDANBgkqhkiG9w0BAQsFADBb
MQswCQYDVQQGEwJVUzEYMBYGA1UEChMPLk5FVCBGb3VuZGF0aW9uMTIwMAYDVQQD
EykuTkVUIEZvdW5kYXRpb24gUHJvamVjdHMgQ29kZSBTaWduaW5nIENBMjAeFw0y
NDA1MTUwMDAwMDBaFw0yNzA1MTQyMzU5NTlaMIHjMRMwEQYLKwYBBAGCNzwCAQMT
AlVTMRswGQYLKwYBBAGCNzwCAQITCldhc2hpbmd0b24xHTAbBgNVBA8MFFByaXZh
dGUgT3JnYW5pemF0aW9uMRQwEgYDVQQFEws2MDMgMzg5IDA2ODELMAkGA1UEBhMC
VVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxIjAgBgNV
BAoTGU1RVFRORVQgKC5ORVQgRm91bmRhdGlvbikxIjAgBgNVBAMTGU1RVFRORVQg
KC5ORVQgRm91bmRhdGlvbikwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC
AQC16lbICWdmvblBSL7SQgxVZI6cIZmEfxBy13iXgwolc4BPNdNKPK5  QqP0e3C
OPyLc/7Zay2w/6A 24iNU1ewnbOyD8gOutnJ71jcCyGpOeQl94J9ZTwUJJTpt/51
5seTmqB moowCnK1/z6dnYeT6lfCKMYc6vnciBxfdephdmcsqFfVMUojH7D9peZZ
wX7CV63 YvQ FVlMWISLLDr 0lTovt/NCpWHl9XWRtJYe3LRD7AId5qf6j97Kwzy
qZmMnzoKN74TxfnQVo2yf9 U1Aufvyj5YeP3GRGtaPHJ0G/zBufR3AQg 8GHgCgr
i5p1pDoUCuZH8IuP5ai96SsEjbTvMD F2A90dawe4d85uPV9tfOxnS1QCHTlBcpp
6tKJ5yvRkc14lhVXlvS5  8JvJjkI2Vg3WPC JY6QJBvoxUsos3GptUAjIo5J1D6
5FVhjobZvj4cLVDSsT5wc12Jh7TtwCHZrl M4qdZYNPZ/JEbgRVXZ8oQ9dO QNyj
clHiHEQmfdpc /Io2sEp87NVkrLaOEV lR9tcu cocL4tmuVonZIWiVoBefOgpCw
YJQBlRXCKBG1Bevj9bUstnKlA0OXVZXdt3WhBHx6L0d ZBp XicUKbCz4F83uYIP
KXQf7dB5GO/M1mbuACxkfNgU6DT7g8dmZHfOjyA5zhMgTwIDAQABo4IB2TCCAdUw
HwYDVR0jBBgwFoAUKA5MiRyZl/GB8I8I3lcSS7y4eM8wHQYDVR0OBBYEFDJEGQjN
AIEbKRKLn8RjOPstZfetMD0GA1UdIAQ2MDQwMgYFZ4EMAQMwKTAnBggrBgEFBQcC
ARYbaHR0cDovL3d3dy5kaWdpY2VydC5jb20vQ1BTMA4GA1UdDwEB/wQEAwIHgDAT
BgNVHSUEDDAKBggrBgEFBQcDAzCBmwYDVR0fBIGTMIGQMEagRKBChkBodHRwOi8v
Y3JsMy5kaWdpY2VydC5jb20vTkVURm91bmRhdGlvblByb2plY3RzQ29kZVNpZ25p
bmdDQTIuY3JsMEagRKBChkBodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vTkVURm91
bmRhdGlvblByb2plY3RzQ29kZVNpZ25pbmdDQTIuY3JsMIGFBggrBgEFBQcBAQR5
MHcwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBPBggrBgEF
BQcwAoZDaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL05FVEZvdW5kYXRpb25Q
cm9qZWN0c0NvZGVTaWduaW5nQ0EyLmNydDAJBgNVHRMEAjAAMA0GCSqGSIb3DQEB
CwUAA4ICAQBPmiyhi R3uKkcllaU46o9CxDOGP8JgGyY0RrmpMExgbe1Fq Xy4jP
5HzRRXjD5TqaT2UiPuu2l4DeMq0xIQYmbdyCCaaghgG8KpWnSpaCTQpDhtZB6cLv
Lw4zYrzRkmLiooKkwaZKJosNe6M/SWNP/ M7nvHRsJWXKOCHIGBQaG Ov5C122Vu
Da/uDlbWq3kvMlFSSJbFBzn/XEfwh1KN/7faQEz/EJ9jNJMrIumP3 bGsaBa NKf
sHoOkMUwOw8tjqc7Lpur4AsKinSISnz0xnQvOaHNXO2k/pOY199/gRq1Kd gUNXI
dWQQWPAlu JKrji22prbUnX YVCWNMcioHdqb55HO36SUl1T1k0DFX0Bm dqtQVq
WLNtkTO2zz1W rp99wYaq0nwue6jUOrz3 uFew2gMWWN0X/B6Ap9x94AQ8mWD5af
 dtoqWQDyAjtCJmlVd7Kk YZSQ7sv0vItJka925/M5NgKNqdDPT6yzCNnp9fS75J
n4ZQWzJ0uCAyO1B/839oSetoZf RKHRc0JG68FGfGKzcO0VYK6qsVAtrxEqJJsNT
CoOj7trXQc1KZaenaU UGOO4jrRYRf/eTzrJAaFnM1UvNTKcbqjSri0JxFFaIBX7
dl8sf6CaVne3/TNjzf2C0hhGW6RyFUuhjFefjTlLzwiy5eRH5wWoWw==
-----END CERTIFICATE-----

You can paste the base64 string into a new text file, rename as cer,pem or crt, and use it to register the certificate in NuGet.

@chkr1011
Copy link
Collaborator Author

@rido-min I had to convert the format of the cert from PEM to CRT but now it works (can be uploaded). Thank you very much, your supported saved me a lot of time 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@chkr1011 @CZEMacLeod @rido-min