Skip to content
This repository has been archived by the owner on Jul 30, 2024. It is now read-only.
/ NuGet.Jobs Public archive

[Process Signature] Strip valid repository signatures #697

Merged
merged 5 commits into from
Dec 12, 2018
Merged

[Process Signature] Strip valid repository signatures #697

merged 5 commits into from
Dec 12, 2018

Conversation

loic-sharma
Copy link
Contributor

@loic-sharma loic-sharma commented Dec 11, 2018
edited
Loading

Add a config to strip valid repository signatures. This will be used to re-reposign Microsoft packages.

Build: #2272834
Deployment: #8733
Part of https://github.com/NuGet/Engineering/issues/1964

@loic-sharma loic-sharma self-assigned this Dec 11, 2018
@joelverhagen
Copy link
Member

If an admin revalidates a package for another reason, that means the hash will now change, right? This seems like most of the time it is an unintended side-effect. The only time we want this is when the Microsoft owner has the case mismatch. Can't we just re-reposign in a specific case, e.g.

  1. Owner casing does not match
  2. Package ID/version is in a whitelist
  3. Owner is Microsoft
  4. Validation message has a special flag

Perhaps in that meeting I missed we decided we don't care about package hash changes?

@loic-sharma
Copy link
Contributor Author

Talked to @joelverhagen offline. We will enable this feature only for a short window of time so that we can re-reposign Microsoft packages.

@loic-sharma
Copy link
Contributor Author

loic-sharma commented Dec 12, 2018
edited
Loading

🔔 This feature branch is verified on DEV. Please review when possible :)

@loic-sharma loic-sharma merged commit ed45b4e into dev Dec 12, 2018
@loic-sharma loic-sharma deleted the loshar-resign-msft branch December 12, 2018 23:28
@agr agr mentioned this pull request Dec 12, 2018
Closed
@loic-sharma loic-sharma mentioned this pull request Dec 14, 2018
Merged
joelverhagen added a commit that referenced this pull request Jul 31, 2020
@joelverhagen
Move common V3 test data to V3.Tests (#697)
b43e280
joelverhagen pushed a commit that referenced this pull request Oct 26, 2020
@loic-sharma
[Process Signature] Strip valid repository signatures (#697)
6b54bc0 
Add a config to strip valid repository signatures. This will be used to re-reposign Microsoft packages.

Part of https://github.com/NuGet/Engineering/issues/1964
joelverhagen added a commit that referenced this pull request Oct 26, 2020
@joelverhagen
Move common V3 test data to V3.Tests (#697)
007c07f
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@joelverhagen joelverhagen joelverhagen approved these changes

@agr agr Awaiting requested review from agr

@xavierdecoster xavierdecoster Awaiting requested review from xavierdecoster

@shishirx34 shishirx34 Awaiting requested review from shishirx34

@ryuyu ryuyu Awaiting requested review from ryuyu

@dtivel dtivel Awaiting requested review from dtivel

@chenriksson chenriksson Awaiting requested review from chenriksson

@cristinamanum cristinamanum Awaiting requested review from cristinamanum

@skofman1 skofman1 Awaiting requested review from skofman1

@scottbommarito scottbommarito Awaiting requested review from scottbommarito

@zhhyu zhhyu Awaiting requested review from zhhyu

Assignees

@loic-sharma loic-sharma

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@loic-sharma @joelverhagen