Arcade: Should we support nested .zip packages?

Created on 4 Oct 2018  路  10Comments  路  Source: dotnet/arcade

The current SignTool task doesn't support signing content of nested .zip packages. I.e,

package1.zip
    -> package2.zip
         -> library1.dll

the library won't be signed because the .zip extension is ignored for nested content.

CC: @natemcmaster @weshaggard @tmat @jaredpar @mikem8361

All 10 comments

Actually, I even wonder if we should generalize this and support other kinds of compressed formats that aren't signed themselves but their content probably will be. I'm thinking .tar, .tar.gz, etc.

I don't need this feature, so I'm fine if we don't.

If we don't actually support it we should at least warn/error about it to avoid issues if this case comes up.

Yes, .tar/.tar.gz should eventually be supported. I'm currently using zip files for Linux/MacOS, but the standard is .tar.gz.

Opps. Reopened.

I currently don't need nested zip support.

Signing currently supports nesting: VSIX in VSIX and VSIX in NuPkg. Generalizing this should not require a lot of effort.

Yes, we should support it. There should be no difference between how different kinds of containers are handled by the tool.

The only difference right now is that some aren't "signable", like .zip, .tar.gz (in the future). I think we can handle all these the same way we did for .zip .. eventually.

Closing this as we now support nested .zip files. Also, postponing the work for other containers to when the need show up - should be straight forward to implement it in the way that we did for .zip.

Was this page helpful?
0 / 5 - 0 ratings