Add osx-x64 release #576
Add osx-x64 release #576
Conversation
|
@marmegh , The change looks ok but we should test it. |
|
@eddynaka, can you help make your proposed pipeline change, it's an excellent suggestion. In reply to: 1108956840 In reply to: 1108956840 |
|
Sorry for the delay. In reply to: 1108956840 |
ado-build.yml
Outdated
| @@ -32,3 +27,23 @@ jobs: | |||
| script: 'BuildAndTest.cmd' | |||
|
|
|||
| - task: ComponentGovernanceComponentDetection@0 | |||
| inputs: | |||
| ignoreDirectories: '..\src\sarif-sdk' | |||
There was a problem hiding this comment.
we already have component governance in sarif-sdk. We don't need to analyze here as well.
So, let's ignore the entire submodule. #Closed
| displayName: 'Run BinSkim' | ||
| inputs: | ||
| targetType: 'inline' | ||
| script: 'dotnet bld/bin/x64_Release/netcoreapp3.1/binskim.dll analyze src/Test.FunctionalTests.BinSkim.Driver/BaselineTestData/macho.*' |
There was a problem hiding this comment.
+1
I see one candidate place,
at the bottom of the readme.md
we currently have:
Example: binskim.exe analyze c:\bld\*.dll --recurse --output MyRun.sarif
I think we can change it to 3 OS version example here.
we can also consider if want to include the path in the example to make it more clear, because the previous step is unzip.
There was a problem hiding this comment.
more info fyi
I found that we have this file "BinSkim" in the package
./BinSkim analyze
I just tried works in Linux.
There was a problem hiding this comment.
@shaopeng-gh, could you clarify where you found this file?
There was a problem hiding this comment.
download package from
https://www.nuget.org/packages/Microsoft.CodeAnalysis.BinSkim/
(which is the result of our build and package)
unzip
go to folder \tools\netcoreapp3.1\linux-x64
file "BinSkim" without ext
There was a problem hiding this comment.
Apologies. I was confused since this change is specific to osx. You were being helpful, I was concerned you were telling me we had a binary for linux in the wrong location.
There was a problem hiding this comment.
macOS also have a same file in same location, after your change:
\tools\netcoreapp3.1\osx-x64\BinSkim
I point out in the case we want to add doc for user
see if we want to say use
./BinSkim analyze
or
dotnet binskim.dll analyze
There was a problem hiding this comment.
When I created this, I didn't want to change the current directory that we are right now. So, it is why we have the full path.
But, in the end, it is the same as dotnet binskim.dll analyze.
There was a problem hiding this comment.
Mary also updated the readme showing where the files will be. so, I think, Shaopeng's suggestion is to add the dotnet binskim.dll analyze as a new step in the readme
There was a problem hiding this comment.
I think, Shaopeng's suggestion is to add the dotnet binskim.dll analyze as a new step in the readme
------ yes, I think it is not necessary, it should be clear enough, just throwing ideals, let me close this comment.
| @@ -65,7 +65,11 @@ public void AnalyzeCommand_ReadSarifLog_ShouldBeAbleToReadCurrent() | |||
| [Obsolete] | |||
| public void AnalyzeCommand_Hashes_ShouldUpdateDataToInsert() | |||
|
FYI, the windows pipeline isn't working properly. In reply to: 1113754507 |
|
For the point above, i was able to fix it already. :) In reply to: 1113758229 |
README.md
Outdated
| @@ -22,9 +22,9 @@ This repository contains the source code for BinSkim, a Portable Executable (PE) | |||
| ### How to extract the exe file from the nuget package | |||
| If you only want to run the Binskim tool without installing anything, then you can | |||
| 1. Download BinSkim from **[NuGet](https://www.nuget.org/packages/Microsoft.CodeAnalysis.BinSkim/)** | |||
| 2. Rename the file extension from .nupkg to .zip | |||
| 2. Rename the file extension from .nupkg to .zip (ie. via commandline: `rename microsoft.codeanalysis.binskim.x.y.z.nupkg microsoft.codeanalysis.binskim.1.9.4.zip`) | |||
src/ReleaseHistory.md
Outdated
| @@ -5,6 +5,7 @@ | |||
| * Bump ELFSharp from 2.13.2 to 2.14.0. [#628](https://github.com/microsoft/binskim/pull/628) | |||
| * Bump System.Reflection.Metadata from 5.0.0 to 6.0.1 and System.Collections.Immutable from 5.0.0 to 6.0.0. [#605](https://github.com/microsoft/binskim/pull/605) | |||
| * Bump ELFSharp from 2.14.0 to 2.15.0. [#631](https://github.com/microsoft/binskim/pull/631) | |||
| * BUGFIX: Unblock running binskim on MacOS. [#576](https://github.com/microsoft/binskim/pull/576) | |||
src/ReleaseHistory.md
Outdated
| @@ -5,6 +5,7 @@ | |||
| * Bump ELFSharp from 2.13.2 to 2.14.0. [#628](https://github.com/microsoft/binskim/pull/628) | |||
| * Bump System.Reflection.Metadata from 5.0.0 to 6.0.1 and System.Collections.Immutable from 5.0.0 to 6.0.0. [#605](https://github.com/microsoft/binskim/pull/605) | |||
| * Bump ELFSharp from 2.14.0 to 2.15.0. [#631](https://github.com/microsoft/binskim/pull/631) | |||
| * FEATURE: Enable BinSkim for MacOS. [#576](https://github.com/microsoft/binskim/pull/576) | |||
| - Bump Sarif.Sdk by updating submodule from [4e9f606 to fc9a9df](https://github.com/microsoft/sarif-sdk/compare/4e9f606bb0e88428866e253352cdc70dc68f98cb...fc9a9dfb865096b5aaa9fa3651854670940f7459). [#638](https://github.com/microsoft/binskim/pull/638) | |||
| @@ -1,11 +1,12 @@ | |||
| #!/bin/bash | |||
There was a problem hiding this comment.
there is also a file "UpdateBaselines.sh" which was for Linux only, not sure if we want to update that. #ByDesign
There was a problem hiding this comment.
What would be the proposed change? I don't see any reference in that file to BinSkimLinux.sln or the uname variable.
There was a problem hiding this comment.
oh because I see this file is running under folder /netcoreapp3.1/linux-x64/
I don't think we need another one running for macOS.
Addressing issue #554
@jeffersonking, recommended adding osx-x64 specific release binaries per the dotnet documentation on runtime identifier (RID).
@eddynaka and @michaelcfanning, still need to get the result tested on mac to see if this resolves the issue. Will update accordingly and publish for formal review once this step is complete. Feel free to add any feedback before this.
Results of test run (verify code signing and codesign validation steps, disabled publish steps):
