Skip to content
This repository has been archived by the owner on Jun 1, 2024. It is now read-only.

#498 Disable PublicSign to fix strong-name signature verification issue #504

Merged
merged 1 commit into from
Jan 30, 2023
Merged

Conversation

nenadvicentic
Copy link
Contributor

@nenadvicentic nenadvicentic commented Jan 30, 2023

Disable PublicSign to fix strong-name signature verification issue of assemblies from public NuGet package:

What issue does this PR address?
Issue with signing of assemblies published in NuGet package.

Could not load file or assembly 'Serilog.Formatting.Elasticsearch' or one of its dependencies. Strong name signature could not be verified. The assembly may have been tampered with, or it was delay signed but not fully signed with the correct private key. (Exception from HRESULT: 0x80131045)"

Does this PR introduce a breaking change?
No.

Please check if the PR fulfills these requirements

  • The commit follows our guidelines
  • Unit Tests for the changes have been added (for bug fixes / features)

Notes
Fix is based on similar issue fixed in another Serilog Sink here and on further details about "Public Sign" from this SO answer.

Fix has been tested with local dotnet pack on Windows 10 machine and use of newly built package within .NET Framework 4.8 project.

…ssue of assemblies from public NuGet package:

> Could not load file or assembly 'Serilog.Formatting.Elasticsearch' or one of its dependencies. Strong name signature could not be verified. The assembly may have been tampered with, or it was delay signed but not fully signed with the correct private key. (Exception from HRESULT: 0x80131045)"
@mivano mivano merged commit 5c6985c into serilog-contrib:dev Jan 30, 2023
mivano added a commit that referenced this pull request Feb 2, 2023
* Create codeql-analysis.yml (#370)

* fix: Correct comment about default TypeName (#393)

The default TypeName was changed to '_doc' in #298

* Proper handling of TypeName = null from appsettings.json (#420)

Co-authored-by: Marius Wingerei <[email protected]>

* Add `ElasticsearchSinkOptions.BufferFileRollingInterval` option (#416)

* Add `ElasticsearchSinkOptions.BufferFileRollingInterval` option

- Using this option we can customize buffer file rolling interval. The default is `RollingInterval.Day` (so no changes here). In some cases higher granularity may be needed.
- Changed regular expression for FileSet to get buffer files to support different rolling interval file name formats - from Infinite to Minute. All of them are different amount of digits representing date - 0(Infinite), 4(Year),..., 12 (Minute). So replaced expression part for day format `(?<date>\\d{8})` with the expression for all interval date `(?<date>\\d{0,12})`.

* Add tests for the desired functionality, which fail now.

- Return code to support only Daily rolling interval
- Add RollingIntervalExtensions.cs (origin: Serilog.Sinks.File) with InternalVisible attribute to be able to test
- Add InternalVisible to FileSet.cs to be able to test it
- Sign tests assembly the same way as Serilog.Sinks.Elasticsearch for InternalVisible to work

* Support different rolling intervals for DurableElasticsearchSink rolling files.

- Make support only for intervals like Day, Hour, Minute. As for less frequent intervals we cannot get specific date (specific day) for passing to _getIndexForEvent in `ElasticsearchPayloadReader`.
- Support handling rolling files for different intervals in `ElasticsearchPayloadReader` and `FileSet` by using corresponding formats and search patterns.
- Add tests of changed code - for `ElasticsearchPayloadReader` and `FileSet`

* Remove redundant spaces

* Fix internal or IntelliSense typos (#406)

Cleaning up a few very minor typos in internal methods or exposed via
IntelliSense:

 * "semi column" -> "semi-colon"
 * "preforming" -> "performing"
 * "CreatePlayLoad" -> "CreatePayload"

Co-authored-by: Bo Flynn <[email protected]>

* Clean package sources

* clean obsolete .net versions

* updated packages

* added dependabot

* Bump actions/setup-dotnet from 1 to 2 (#431)

Bumps [actions/setup-dotnet](https://github.com/actions/setup-dotnet) from 1 to 2.
- [Release notes](https://github.com/actions/setup-dotnet/releases)
- [Commits](actions/setup-dotnet@v1...v2)

---
updated-dependencies:
- dependency-name: actions/setup-dotnet
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump actions/checkout from 2 to 3 (#427)

Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v2...v3)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump actions/cache from 2 to 3 (#429)

Bumps [actions/cache](https://github.com/actions/cache) from 2 to 3.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](actions/cache@v2...v3)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump actions/download-artifact from 2 to 3 (#424)

Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 2 to 3.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](actions/download-artifact@v2...v3)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* added dependencies

* copy local files

* updating versions

* publish test results

* remove old nuspec and updated icons

* added icon

* updates

* fix build

* multiple packages

* name

* cicd

* skip test for now as it is flaky

* version

* Names

* use correct folder

* older version

* diffferent way of pushing

* enviroment

* Remove app veyor and dotnet-version

* Use repo owner

* use dotnet nuget

* logging

* remove @

* --skip-duplicate

* update project url

* Updated changelog

* paths

* use correct output path

* remove the source

* skip duplicates

* Bump actions/setup-dotnet from 2 to 3.0.2 (#478)

Bumps [actions/setup-dotnet](https://github.com/actions/setup-dotnet) from 2 to 3.0.2.
- [Release notes](https://github.com/actions/setup-dotnet/releases)
- [Commits](actions/setup-dotnet@v2...v3.0.2)

---
updated-dependencies:
- dependency-name: actions/setup-dotnet
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Update cicd.yaml

* Bump actions/download-artifact from 1 to 3 (#439)

Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 1 to 3.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](actions/download-artifact@v1...v3)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump actions/upload-artifact from 2 to 3 (#438)

Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 2 to 3.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@v2...v3)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Update cicd.yaml

* fix file references in the Visual Studio Solution file. (#461)

Co-authored-by: Nenad Vicentic <[email protected]>

* Bump actions/setup-dotnet from 3.0.2 to 3.0.3 (#487)

Bumps [actions/setup-dotnet](https://github.com/actions/setup-dotnet) from 3.0.2 to 3.0.3.
- [Release notes](https://github.com/actions/setup-dotnet/releases)
- [Commits](actions/setup-dotnet@v3.0.2...v3.0.3)

---
updated-dependencies:
- dependency-name: actions/setup-dotnet
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump github/codeql-action from 1 to 2 (#426)

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1 to 2.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@v1...v2)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Automatically handle `TypeName` parameter for different versions of Elasticsearch (<7, 7 or higher) (#462)

* fix file references in the Visual Studio Solution file.

* Do not set `TypeName` by default any more.
* last version of Elasticsearch that supported user-defined `_type` field - v6.8.x is running out of support on 2022-02-10 (https://www.elastic.co/support/eol)

* Automatically handle `ElasticsearchSinkOptions.TypeName` for different versions Elasticsearch (<7, 7+) when `ElasticsearchSinkOptions.DetectElasticsearchVersion` is enabled.

* Add unit test for automatic settings of `TypeName` when `DetectElasticsearchVersion` is set to `true`.
- Two methods used - instantiate `ElasticsearchSinkState` directly and via `LoggerConfiguration`

* Add Elasticsearch v8 template + parsing of Elasticsearch major version to `int` + decision branch for which version of index-template API to use + removal of obsolete `ElasticsearchTemplateProvider.GetTemplate(...)` method overload.

* Upgrade to .NET 6.0 and update test-frameworks related NuGet pacakges

* Upgrade to Elasticsearch.NET 7.17.5 + handle new "preflight" request

https://discuss.elastic.co/t/the-client-is-unable-to-verify-that-the-server-is-elasticsearch-due-to-an-unsuccessful-product-check-call-some-functionality-may-not-be-compatible-if-the-server-is-running-an-unsupported-product/310969/9

"The 7.16 client performs a pre-flight GET request to the root URL of the server before the first request.".

* Make `ConnectionStub` a bit more robust .

* Use `System.Version` to parse Elasticsearch server version number (similar to what `Elasticsearch.Net` does)

* Update NuGet packages

* Replace obsolete NuGet package `Serilog.Sinks.ColoredConsole` with `Serilog.Sinks.Console`

* Update `Serilog.Sinks.PeriodicBatching` package and reimplent `ElasticsearchSink` so that it does not use obsolete `PeriodicBatchingSink` constructor.

* Better handling of Elasticsearch server version number in mocked `ConnectionStub`

* Cleanup: refactor to use single `JsonEquals` method.

* Turn on `DetectElasticSearchVersion` option by default. Assume version 7 on fallback.

* Cleanup: remove unused namespaces

* Cleanup: move `ElasticsearchSinkTestsBase` into `Stubs` subfolder.

* Refactor: extract `ConnectionStub` into a separate file.

* Fix: json comparison in .NET Framework 4.6+

* Run unit-tests on multiple .NET frameworks.

* Cleanup: remove unused NUnit runner package.

* Use newer, built-in compilation constants.
https://learn.microsoft.com/en-us/dotnet/csharp/language-reference/preprocessor-directives#conditional-compilation

* Use standard MSBuild property `IsPackable` for clarity.

* Cleanup: remove unused package refrence.

* Update GitHub actions

* docs: updated documentation to reflect  changes in behavior of the sink.

Co-authored-by: Nenad Vicentic <[email protected]>

* Update dotnet sdk

* disable net48 tests

* set api key

* Remove support for Elasticsearch v2 and v5. (#488)

* Remove support for Elasticsearch v2 and v5.

* Code-conventions: add rule for underscore `_` on private fields (as it already is in the code).

* Remove GitHub's `set-output` command deprication warning.

Co-authored-by: Nenad Vicentic <[email protected]>

* added path for tests

* fix: Example in README is incorrect #402 (#496)

* Applying right versioning

* Update AssemblyInfo.cs

* Remove `AssemblyInfo.cs` and move attributes to the `*.csproj` file. This enables setting assembly version via command line and CI. (#501)

1. Build and pack:
    dotnet build -c Release -p:Version=9.0.0-beta11
    dotnet pack -c Release --no-build  -p:Version=9.0.0-beta11
2. Pack (with implicit build)
    dotnet pack -c Release -p:Version=9.0.0-beta11

Co-authored-by: Nenad Vicentic <[email protected]>

* Read Elasticsearch server version from a root page response (#502)

Co-authored-by: Nenad Vicentic <[email protected]>

* Versioning and permission for unit tests

* [no ci]

* #498 Disable `PublicSign` to fix strong-name signature verification issue of assemblies from public NuGet package: (#504)

> Could not load file or assembly 'Serilog.Formatting.Elasticsearch' or one of its dependencies. Strong name signature could not be verified. The assembly may have been tampered with, or it was delay signed but not fully signed with the correct private key. (Exception from HRESULT: 0x80131045)"

Co-authored-by: Nenad Vicentic <[email protected]>

* [no ci]

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: Mikkel Nylander Bundgaard <[email protected]>
Co-authored-by: mariwing <[email protected]>
Co-authored-by: Marius Wingerei <[email protected]>
Co-authored-by: Andrey Kozlov <[email protected]>
Co-authored-by: Bo Flynn <[email protected]>
Co-authored-by: Bo Flynn <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Nenad Vićentić <[email protected]>
Co-authored-by: Nenad Vicentic <[email protected]>
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants