Skip to content

[6.1] AKV Provider Strong Name Signing #3573

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Aug 19, 2025
Merged

[6.1] AKV Provider Strong Name Signing #3573

merged 4 commits into from
Aug 19, 2025

Conversation

benrr101
Copy link
Contributor

Description

Addressing a high-priority issue where official builds of AKV provider are not strong name signed. This was a mistake in the new official pipeline, where the signing key path was not being provided to the Roslyn analyzer step of the official build job. Because the Roslyn analyzer step rebuilds the project (and replaces the build output), if this step does not perform signing, it will replace the strong name signed binaries with unsigned binaries.

This PR fixes this by 1) adding the signing key path variable to the Roslyn analyzer build arguments, and 2) factors out the signing key path to an argument to the main build and Roslyn analyzer steps.

Issues

Not sure if there is an issue that can be linked. But there's definitely an IcM about it.

Testing

See this build: https://sqlclientdrivers.visualstudio.com/ADO.Net/_build/results?buildId=123216&view=results
CI will still need to pass since it tweaks the signing behavior on non-official builds.

@benrr101
* Add signing key path to roslyn analyzers
46bdc0b 
* Make signing key path an argument to build and roslyn analyzers steps
* Enable strong name signing on buddy (unofficial) builds
* Add akv official job to solution file
@Copilot Copilot AI review requested due to automatic review settings August 19, 2025 18:14
@benrr101 benrr101 requested a review from a team as a code owner August 19, 2025 18:14
@benrr101 benrr101 added Area\AKV Provider Use this label to tag issues that are targeted for AKV Provider codebase. Area\Engineering Use this for issues that are targeted for changes in the 'eng' folder or build systems. P0 Use this label to prioritize an issue above everything else, or a critical issue to address ASAP. labels Aug 19, 2025
Copilot
Copilot AI reviewed Aug 19, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR addresses a critical issue where official builds of the Azure Key Vault (AKV) provider were not being strong name signed due to a missing signing key path in the Roslyn analyzer step. The fix ensures that both the main build and Roslyn analyzer steps use the same signing configuration to maintain strong name signatures throughout the build process.

  • Factors out the signing key path as a parameter to both build and Roslyn analyzer steps
  • Updates the AKV provider project to enable signing for both Official and Buddy builds
  • Adds diagnostics to help troubleshoot signing issues

Reviewed Changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 2 comments.

Show a summary per file
File Description
Microsoft.Data.SqlClient.AlwaysEncrypted.AzureKeyVaultProvider.csproj Extends signing configuration to include Buddy builds and reorganizes PropertyGroup structure
Microsoft.Data.SqlClient.sln Adds build job YAML file to solution items for better visibility
roslyn-analyzers-akv-step.yml Adds signingKeyPath parameter and passes it to MSBuild to ensure analyzer step maintains signing
compound-build-akv-step.yml Parameterizes signing key path and adds temporary diagnostic file copying
build-akv-official-job.yml Passes signing key path parameter to both build and analyzer steps

cheenamalhotra
cheenamalhotra previously approved these changes Aug 19, 2025
View reviewed changes
samsharma2700
samsharma2700 previously approved these changes Aug 19, 2025
View reviewed changes
@cheenamalhotra
Copy link
Member

Reminder to also update AKV NuGet package version alongside.

@benrr101 benrr101 dismissed stale reviews from samsharma2700 and cheenamalhotra via 4a6e656 August 19, 2025 19:44
@benrr101 benrr101 merged commit 84b3c81 into release/6.1 Aug 19, 2025
7 of 127 checks passed
@benrr101 benrr101 deleted the dev/russellben/6.1-akv-signingkeypath branch August 19, 2025 20:02
@mdaigle mdaigle mentioned this pull request Oct 7, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@cheenamalhotra cheenamalhotra cheenamalhotra approved these changes

@samsharma2700 samsharma2700 samsharma2700 approved these changes

Assignees

No one assigned

Labels

Area\AKV Provider Use this label to tag issues that are targeted for AKV Provider codebase. Area\Engineering Use this for issues that are targeted for changes in the 'eng' folder or build systems. P0 Use this label to prioritize an issue above everything else, or a critical issue to address ASAP.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@benrr101 @cheenamalhotra @samsharma2700