Signing: enable signature verification by default on Linux in .NET 8 …

…SDK (#5006) Resolve NuGet/Home#11262.
NuGet · Jan 30, 2023 · 4135711 · 4135711
1 parent 098dab6
commit 4135711
Show file tree

Hide file tree

Showing 4 changed files with 154 additions and 1 deletion.
diff --git a/src/NuGet.Core/NuGet.Packaging/PackageArchiveReader.cs b/src/NuGet.Core/NuGet.Packaging/PackageArchiveReader.cs
@@ -530,7 +530,7 @@ public override bool CanVerifySignedPackages(SignedPackageVerifierSettings verif
                 string signVerifyEnvVariable = _environmentVariableReader.GetEnvironmentVariable(
                     EnvironmentVariableConstants.DotNetNuGetSignatureVerification);
 
-                bool canVerify = false;
+                bool canVerify = RuntimeEnvironmentHelper.IsLinux && RuntimeSdkDetector.Is8OrGreater;
 
                 if (!string.IsNullOrEmpty(signVerifyEnvVariable))
                 {

diff --git a/src/NuGet.Core/NuGet.Packaging/RuntimeSdkDetector.cs b/src/NuGet.Core/NuGet.Packaging/RuntimeSdkDetector.cs
@@ -0,0 +1,62 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.IO;
+using System.Reflection;
+using NuGet.Versioning;
+
+namespace NuGet.Packaging
+{
+    internal static class RuntimeSdkDetector
+    {
+        private static readonly Lazy<NuGetVersion> LazySdkVersion = new(GetSdkVersion);
+        private static readonly Lazy<bool> LazyIs8OrGreater = new(GetIs8OrGreater);
+
+        internal static bool Is8OrGreater => LazyIs8OrGreater.Value;
+
+        private static bool GetIs8OrGreater()
+        {
+            NuGetVersion sdkVersion = LazySdkVersion.Value;
+
+            return sdkVersion is not null && sdkVersion.Version >= new Version(8, 0, 0, 0);
+        }
+
+        private static NuGetVersion GetSdkVersion()
+        {
+            if (TryGetSdkVersion(out NuGetVersion version))
+            {
+                return version;
+            }
+
+            return null;
+        }
+
+        // Non-private for testing.
+        internal static bool TryGetSdkVersion(out NuGetVersion version)
+        {
+            Assembly assembly = typeof(RuntimeSdkDetector).Assembly;
+            string filePath = assembly.Location;
+
+            return TryGetSdkVersion(filePath, out version);
+        }
+
+        // Non-private for testing.
+        internal static bool TryGetSdkVersion(string filePath, out NuGetVersion version)
+        {
+            version = null;
+
+            if (string.IsNullOrEmpty(filePath))
+            {
+                return false;
+            }
+
+            FileInfo file = new(filePath);
+            string directoryName = file.Directory?.Name;
+
+            return !string.IsNullOrEmpty(directoryName)
+                && char.IsDigit(directoryName[0])
+                && NuGetVersion.TryParse(directoryName, out version);
+        }
+    }
+}
diff --git a/test/NuGet.Core.Tests/NuGet.Packaging.Test/PackageArchiveReaderTests.cs b/test/NuGet.Core.Tests/NuGet.Packaging.Test/PackageArchiveReaderTests.cs
@@ -2103,6 +2103,7 @@ public void CanVerifySignedPackages_ReturnsValueBasedOnOperatingSystemAndFramewo
         private static bool CanVerifySignedPackages(IEnvironmentVariableReader environmentVariableReader = null)
         {
             return (RuntimeEnvironmentHelper.IsWindows ||
+                (RuntimeEnvironmentHelper.IsLinux && RuntimeSdkDetector.Is8OrGreater) ||
                 IsVerificationEnabledByEnvironmentVariable(environmentVariableReader)) &&
 #if IS_SIGNING_SUPPORTED
                 true;

diff --git a/test/NuGet.Core.Tests/NuGet.Packaging.Test/RuntimeSdkDetectorTests.cs b/test/NuGet.Core.Tests/NuGet.Packaging.Test/RuntimeSdkDetectorTests.cs
@@ -0,0 +1,90 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.IO;
+using NuGet.Versioning;
+using Xunit;
+
+namespace NuGet.Packaging.Test
+{
+    public class RuntimeSdkDetectorTests
+    {
+        private static readonly Lazy<NuGetVersion> LazyExpectedSdkVersion = new(GetExpectedSdkVersion);
+
+        [Theory]
+        [InlineData(null)]
+        [InlineData("")]
+        [InlineData("file.dll")]
+        [InlineData("./file.dll")]
+        [InlineData("/file.dll")]
+        [InlineData("/a/file.dll")]
+        [InlineData(@"\\a\b\file.dll")]
+        public void TryGetSdkVersion_WhenFileIsNotInVersionedSdkFolder_ReturnsFalse(string filePath)
+        {
+            bool actualResult = RuntimeSdkDetector.TryGetSdkVersion(filePath, out NuGetVersion version);
+
+            Assert.False(actualResult);
+            Assert.Null(version);
+        }
+
+        [Theory]
+        [InlineData("7.0.200-preview.22628.1")]
+        [InlineData("8.0.100")]
+        public void TryGetSdkVersion_WhenFileIsInVersionedSdkFolder_ReturnsTrue(string expectedVersion)
+        {
+            string filePath = $"/home/user/.dotnet/sdk/{expectedVersion}/file.dll";
+            bool actualResult = RuntimeSdkDetector.TryGetSdkVersion(filePath, out NuGetVersion version);
+
+            Assert.True(actualResult);
+            Assert.NotNull(version);
+            Assert.Equal(expectedVersion, version.ToString());
+        }
+
+        [Fact]
+        public void TryGetSdkVersion_Always_ReturnsValueForNuGetPackagingAssembly()
+        {
+            bool actualResult = RuntimeSdkDetector.TryGetSdkVersion(out NuGetVersion actualVersion);
+
+            if (LazyExpectedSdkVersion.Value is null)
+            {
+                Assert.False(actualResult);
+                Assert.Null(actualVersion);
+            }
+            else
+            {
+                Assert.True(actualResult);
+                Assert.NotNull(actualVersion);
+                Assert.Equal(LazyExpectedSdkVersion.Value, actualVersion);
+            }
+        }
+
+        [Fact]
+        public void Is8OrGreater_Always_ReturnsValueForNuGetPackagingAssembly()
+        {
+            bool is8OrGreater = RuntimeSdkDetector.Is8OrGreater;
+
+            if (LazyExpectedSdkVersion.Value is null
+                || LazyExpectedSdkVersion.Value.Version < new Version(8, 0, 0, 0))
+            {
+                Assert.False(is8OrGreater);
+            }
+            else
+            {
+                Assert.True(is8OrGreater);
+            }
+        }
+
+        private static NuGetVersion GetExpectedSdkVersion()
+        {
+            string directoryName = new FileInfo(typeof(PackageArchiveReader).Assembly.Location).Directory.Name;
+
+            if (NuGetVersion.TryParse(directoryName, out NuGetVersion expectedVersion))
+            {
+                return expectedVersion;
+            }
+
+            return null;
+        }
+    }
+}