Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PowerShell scripts should have valid signatures #43978

Open
jspaquet opened this issue Feb 23, 2025 · 4 comments
Open

PowerShell scripts should have valid signatures #43978

jspaquet opened this issue Feb 23, 2025 · 4 comments
Assignees
@BillyONeal @MonicaLiu0311
Labels
category:vcpkg-bug The issue is with the vcpkg system (including helper scripts in `scripts/cmake/`)

Comments

@jspaquet
Copy link
Contributor

Describe the bug
PowerShell scripts should have valid signatures to allow running on systems with ExecutionPolicy set to AllSigned via GPO.

Environment

  • OS: Windows
  • Compiler: N/A

To Reproduce
Steps to reproduce the behavior:

  1. Get-AuthenticodeSignature -FilePath .\scripts\bootstrap.ps1
  2. Get-AuthenticodeSignature -FilePath .\scripts\buildsystems\msbuild\applocal.ps1

Expected behavior
Signature should be successfully verified.

Failure logs

  • N/A

Additional context
There might be more PowerShell scripts needed, these are the only two I ran across.
@MonicaLiu0311 MonicaLiu0311 added the category:vcpkg-bug The issue is with the vcpkg system (including helper scripts in `scripts/cmake/`) label Feb 24, 2025
@MonicaLiu0311
Copy link
Contributor

The result are as follows:

PS F:\vcpkg> Get-AuthenticodeSignature -FilePath .\scripts\bootstrap.ps1


    Directory: F:\vcpkg\scripts


SignerCertificate                         Status                                                          Path
-----------------                         ------                                                          ----
                                          NotSigned                                                       bootstrap.ps1


PS F:\vcpkg> Get-AuthenticodeSignature -FilePath .\scripts\buildsystems\msbuild\applocal.ps1


    Directory: F:\vcpkg\scripts\buildsystems\msbuild


SignerCertificate                         Status                                                          Path
-----------------                         ------                                                          ----
8740DF4ACB749640AD318E4BE842F72EC651AD80  HashMismatch                                                    applocal.ps1

@MonicaLiu0311
Copy link
Contributor

@BillyONeal Please help take a look at this issue.

@BillyONeal
Copy link
Member

Looks like it was broken in May 2023 with nobody noticing: #29894

There was an attempted fix March 2024: #37820
which was reverted almost immediately: #37843

As a workaround for now you can grab https://github.com/microsoft/vcpkg-tool/releases/download/2025-02-11/applocal.ps1

@BillyONeal BillyONeal self-assigned this Feb 25, 2025
@BillyONeal
Copy link
Member

Looks like it was broken in May 2023 with nobody noticing: #29894

There was an attempted fix March 2024: #37820 which was reverted almost immediately: #37843

To clarify, this is about applocal.ps1 only, not bootstrap. I'm not sure if we have a good story for that one. Once upon a time we had URIs in there which made signing it somewhat impractical; after #32677 it might be doable now. Will consider for next tool release.

BillyONeal added a commit to BillyONeal/vcpkg that referenced this issue Feb 25, 2025
@BillyONeal
Deploy applocal.ps1 with correct signature.
95f2d33 
Parital fix for microsoft#43978
@BillyONeal BillyONeal mentioned this issue Feb 25, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@BillyONeal BillyONeal

@MonicaLiu0311 MonicaLiu0311

Labels
category:vcpkg-bug The issue is with the vcpkg system (including helper scripts in `scripts/cmake/`)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@BillyONeal @jspaquet @MonicaLiu0311