Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remaining TODOs for MSIX installer #3332

Closed
1 of 8 tasks
davidanthoff opened this issue Jul 24, 2021 · 5 comments
Closed
1 of 8 tasks

Remaining TODOs for MSIX installer #3332

davidanthoff opened this issue Jul 24, 2021 · 5 comments

Comments

@davidanthoff
Copy link

davidanthoff commented Jul 24, 2021

I will keep this list at the top of the issue here updated to continually reflect things that need to be sorted out before this is really ready to be tested more broadly.

@dscho
Copy link
Member

dscho commented Jul 26, 2021

* Figure out what is going on with `WebView2Loader.dll`, i.e. remove https://github.com/git-for-windows/git/pull/3331/files#diff-027c70cd6ed99ca64ca6fc12148edaf142051f780a5516aca15ef28f437b711aR577 once we have a version of that file that doesn't error when it is put into the msix package.

The error I get is:

Done Adding Additional Store

Number of errors: 1
SignTool Error: SignedCode::Sign returned error: 0x800700C1
        For more information, please see https://aka.ms/badexeformat
SignTool Error: An error occurred while attempting to sign: WebView2Loader.dll

When I look for that hex number, I find that it means ERROR_BAD_EXE_FORMAT (and following the link from the error message does not help, either). The .dll seems to be a valid i686 Dynamic Link Library, but even the i686 version of signtool.exe seems to be unable to sign it. When I ask osslsigncode to verify the .dll, it claims that there is a signature that is not at the end:

Corrupt PE file - current signature not at end of file: WebView2Loader.dll

@rimrul
Copy link
Member

rimrul commented Jul 27, 2021

When I ask osslsigncode to verify the .dll, it claims that there is a signature that is not at the end:

Corrupt PE file - current signature not at end of file: WebView2Loader.dll

I went to take a look at what causes this particular error message. I looked into the source code of osslsigncode and dug into the PE image with a hex editor.

The check is fairly simple

It turns out filesize is 101376, sigpos is 101376 and siglen is 8608. So if I understand it correctly, the DLL used to have a signature at the end, but it got removed somehow without removing the meta information that there is a signature.

The binary shipped by GCM Core seems to be roughly siglen bytes larger, but mingw-w64-git-credential-manager-core should just copy the binaries from the release zipfile.

Our binaries in git-sdk-32 and git-sdk-64 seem to be lacking the signature already. It's really curious.

@rimrul
Copy link
Member

rimrul commented Jul 27, 2021

I think i found the issue. makepkg tries to strip shared libraries of "unneeded" bloat by default.
We should add
options=('!strip') to the PKGBUILD.

@rimrul
Copy link
Member

rimrul commented Jul 27, 2021

With options=('!strip') osslsigncode is quite happy.

Current PE checksum   : 0002A8DD
Calculated PE checksum: 0002A8DD

Message digest algorithm  : SHA256
Current message digest    : 3464030DB18AF5D8489B5763CD8D7E6B12FA1206222547FEBD19587B5466E852
Calculated message digest : 3464030DB18AF5D8489B5763CD8D7E6B12FA1206222547FEBD19587B5466E852

Signature verification: ok

Number of signers: 1
        Signer #0:
                Subject: /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Corporation
                Issuer : /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Code Signing PCA 2010
                Serial : 3300000326AECEEDF9BCE47B92000000000326

Number of certificates: 2
        Cert #0:
                Subject: /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Corporation
                Issuer : /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Code Signing PCA 2010
                Serial : 3300000326AECEEDF9BCE47B92000000000326
        ------------------
        Cert #1:
                Subject: /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Code Signing PCA 2010
                Issuer : /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Root Certificate Authority 2010
                Serial : 610C524C000000000003

Succeeded

@dscho
Copy link
Member

dscho commented Aug 29, 2023

Closing as stale.

@dscho dscho closed this as not planned Won't fix, can't repro, duplicate, stale Aug 29, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants