Skip to content

Set-AuthenticodeSignature hash default to SHA256#17560

Merged
iSazonov merged 1 commit intoPowerShell:masterfrom
jborean93:authenticode-hash
Jul 7, 2022
Merged

Set-AuthenticodeSignature hash default to SHA256#17560
iSazonov merged 1 commit intoPowerShell:masterfrom
jborean93:authenticode-hash

Conversation

@jborean93
Copy link
Copy Markdown
Collaborator

@jborean93 jborean93 commented Jun 22, 2022
edited
Loading

PR Summary

The docs for Set-AuthenticodeSignature state the default hash algorithm is SHA256 but the default is null which means SHA1 is used. This updates the default to SHA256 to match the docs and standards expected today.

WIP - Need to get tests working before marking as ready.

PR Context

Fixes #17559

I was going to add some tests but Get-AuthenticodeSignature doesn't return the hash algorithm so I can't really confirm it without adding even more code making the PR harder to review.

I'll look at implementing a different PR to do this but first want to get this fix in.

PR Checklist

@ghost ghost assigned iSazonov Jun 22, 2022
@jborean93 jborean93 mentioned this pull request Jun 22, 2022
Closed
5 tasks
@jborean93 jborean93 marked this pull request as ready for review June 22, 2022 20:55
@jborean93 jborean93 mentioned this pull request Jun 23, 2022
Closed
22 tasks
@iSazonov iSazonov requested review from PaulHigin and TravisEz13 June 23, 2022 17:35
@PaulHigin
Copy link
Copy Markdown
Contributor

PaulHigin commented Jun 23, 2022

Non-Windows platform build errors involving dotnet-install.sh is a known issue:

dotnet/install-scripts#286

@PaulHigin
Copy link
Copy Markdown
Contributor

PaulHigin commented Jun 23, 2022

The non-Windows platform test failures involving dotnet-install.sh are a known issue, and there is a fix coming hopefully soon.

dotnet/install-scripts#286

@ghost ghost added the Review - Needed The PR is being reviewed label Jul 1, 2022
@ghost
Copy link
Copy Markdown

ghost commented Jul 1, 2022

This pull request has been automatically marked as Review Needed because it has been there has not been any activity for 7 days.
Maintainer, please provide feedback and/or mark it as Waiting on Author

@iSazonov
Copy link
Copy Markdown
Collaborator

iSazonov commented Jul 7, 2022

/rebase

@ghost ghost removed the Review - Needed The PR is being reviewed label Jul 7, 2022
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Jul 7, 2022
edited by unfurl-links Bot
Loading

Started rebase: https://github.com/PowerShell/PowerShell/actions/runs/2629026312

GitHub
PowerShell for every system! Contribute to PowerShell/PowerShell development by creating an account on GitHub.

@pull-request-quantifier-deprecated
Copy link
Copy Markdown

pull-request-quantifier-deprecated Bot commented Jul 7, 2022

This PR has 2 quantified lines of changes. In general, a change size of upto 200 lines is ideal for the best PR experience!

Quantification details 

Label      : Extra Small
Size       : +1 -1
Percentile : 0.8%

Total files changed: 1

Change summary by file extension:
.cs : +1 -1

Change counts above are quantified counts, based on the PullRequestQuantifier customizations.

Why proper sizing of changes matters

Optimal pull request sizes drive a better predictable PR flow as they strike a
balance between between PR complexity and PR review overhead. PRs within the
optimal size (typical small, or medium sized PRs) mean:

  • Fast and predictable releases to production:
    • Optimal size changes are more likely to be reviewed faster with fewer
      iterations.
    • Similarity in low PR complexity drives similar review times.
  • Review quality is likely higher as complexity is lower:
    • Bugs are more likely to be detected.
    • Code inconsistencies are more likely to be detetcted.
  • Knowledge sharing is improved within the participants:
    • Small portions can be assimilated better.
  • Better engineering practices are exercised:
    • Solving big problems by dividing them in well contained, smaller problems.
    • Exercising separation of concerns within the code changes.

What can I do to optimize my changes

  • Use the PullRequestQuantifier to quantify your PR accurately
    • Create a context profile for your repo using the context generator
    • Exclude files that are not necessary to be reviewed or do not increase the review complexity. Example: Autogenerated code, docs, project IDE setting files, binaries, etc. Check out the Excluded section from your prquantifier.yaml context profile.
    • Understand your typical change complexity, drive towards the desired complexity by adjusting the label mapping in your prquantifier.yaml context profile.
    • Only use the labels that matter to you, see context specification to customize your prquantifier.yaml context profile.
  • Change your engineering behaviors
    • For PRs that fall outside of the desired spectrum, review the details and check if:
      • Your PR could be split in smaller, self-contained PRs instead
      • Your PR only solves one particular issue. (For example, don't refactor and code new features in the same PR).

How to interpret the change counts in git diff output

  • One line was added: +1 -0
  • One line was deleted: +0 -1
  • One line was modified: +1 -1 (git diff doesn't know about modified, it will
    interpret that line like one addition plus one deletion)
  • Change percentiles: Change characteristics (addition, deletion, modification)
    of this PR in relation to all other PRs within the repository.

Was this comment helpful? 👍  :ok_hand:  :thumbsdown: (Email)
Customize PullRequestQuantifier for this repository.

@iSazonov
Copy link
Copy Markdown
Collaborator

iSazonov commented Jul 7, 2022

/cc @TravisEz13

CodeQL Action v1 will be deprecated on December 7th, 2022. Please upgrade to v2. For more information, see https://github.blog/changelog/2022-04-27-code-scanning-deprecation-of-codeql-action-v1/

@iSazonov iSazonov merged commit 9a9c766 into PowerShell:master Jul 7, 2022
@iSazonov iSazonov added the CL-General Indicates that a PR should be marked as a general cmdlet change in the Change Log label Jul 7, 2022
@jborean93 jborean93 deleted the authenticode-hash branch July 7, 2022 18:35
@ghost
Copy link
Copy Markdown

ghost commented Jul 18, 2022

🎉v7.3.0-preview.6 has been released which incorporates this pull request.:tada:

Handy links:

@sdwheeler sdwheeler mentioned this pull request Jul 19, 2022
Closed
2 tasks
@TravisEz13 TravisEz13 mentioned this pull request Sep 30, 2022
Merged
22 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@TravisEz13 TravisEz13 Awaiting requested review from TravisEz13

1 more reviewer

@PaulHigin PaulHigin PaulHigin approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@iSazonov iSazonov

Labels

CL-General Indicates that a PR should be marked as a general cmdlet change in the Change Log Extra Small

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Set-AuthenticodeSignature's HashAlgorithm should default to SHA256

3 participants

@jborean93 @PaulHigin @iSazonov