Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Windows builds have two Eclipse signatures in the executables #3997

Open
sxa opened this issue Oct 15, 2024 · 1 comment
Open

Windows builds have two Eclipse signatures in the executables #3997

sxa opened this issue Oct 15, 2024 · 1 comment

Comments

@sxa
Copy link
Member

sxa commented Oct 15, 2024

What are you trying to do? Look at the signatures of the EXE/DLL files in the Windows builds

Expected behaviour: There is a single Eclipse signature on the files

Observed behaviour: There are two eclipse signatures on the files. Also the original MSFT signatures on the MSVC redistributable files are (correctly) preserved whereas in previous releases they were not

Any other comments: This was likely as a result of a change from Eclipse to use jsign instead of osslsigncode which was using a parameter to replace existing signatures.

Potential courses of action here (assuming the status quo is undesirable, which is my view):

  1. Modify our pipelines to avoid the signing being invoked twice on the same file
  2. Modify our scripting to check for the presence of an EF signature before invoking the signing
  3. Adjust the tool to only replace EF signatures
  4. Set the option on the new tool to replace existing signatures which is what the previous tool did (not a great solution since it would wipe the MSFT signature on the redist DLLs)

Discussion thread in slack with screenshot of the issue: https://adoptium.slack.com/archives/C09NW3L2J/p1729001400776759?thread_ts=1728988912.817729&cid=C09NW3L2J

@andrew-m-leonard
Copy link
Contributor

The general opinion is Eclipse should not sign the MS Redist DLLs, as it's like assigning your trust in something your didn't build...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
Status: Todo
Development

No branches or pull requests

2 participants