Skip to content

Support skip-signed portable signing#28

Merged
Marc-André Moreau (mamoreau-devolutions) merged 2 commits into
masterfrom
mamoreau-devolutions-psign-skip-signed
Jun 30, 2026
Merged

Support skip-signed portable signing#28
Marc-André Moreau (mamoreau-devolutions) merged 2 commits into
masterfrom
mamoreau-devolutions-psign-skip-signed

Conversation

@mamoreau-devolutions

Copy link
Copy Markdown
Contributor

Summary

  • Add digest-verified --skip-signed behavior for portable PE/WinMD signing so valid embedded signatures are skipped, unsigned files sign normally, and corrupt existing signatures fail instead of being silently skipped.
  • Thread skip-signed support through portable core and Set-PsignSignature -SkipSigned, including output-path copy behavior for skipped PE/WinMD files.
  • Update docs and add regression coverage for CLI, portable core, and PowerShell cmdlet behavior.

Validation

  • cargo fmt --all
  • cargo clippy --workspace --all-targets --locked
  • bash scripts/linux-portable-validation.sh
  • cargo test -p psign-portable-core --locked
  • cargo test --test cert_store_cli portable_sign_sha1_skip_signed --locked
  • pwsh ./PowerShell/build.ps1 -Configuration Debug
  • Manual PowerShell smoke test for Set-PsignSignature -SkipSigned

Known baseline issue: cargo test --workspace --locked still fails in tests/fixture_vector_manifest.rs due the pre-existing size mismatch for tests/fixtures/msix-minimal/AppxManifest.xml (1418 vs expected 1452). Pester was not run because Pester 5.x is not installed in this environment.

Add digest-verified skip-signed handling for native-shaped portable PE/WinMD signing across cert-store, Azure Key Vault, and Artifact Signing flows. Unsigned files continue through normal signing, valid existing signatures are skipped, and corrupt existing PE signatures surface verification errors.

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
@mamoreau-devolutions Marc-André Moreau (mamoreau-devolutions) merged commit 003562c into master Jun 30, 2026
36 checks passed
@mamoreau-devolutions Marc-André Moreau (mamoreau-devolutions) deleted the mamoreau-devolutions-psign-skip-signed branch June 30, 2026 21:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Development

Successfully merging this pull request may close these issues.

1 participant