Merging internal commits for release/9.0 #117442
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#### AI description (iteration 1) #### PR Classification Pipeline configuration update adjusting certificate validation. #### PR Summary This pull request updates the expected issuer for the DAC signing certificate in the diagnostic file signing pipeline to reflect the new PCA 2024 certificate. - `eng/pipelines/coreclr/templates/sign-diagnostic-files.yml`: Changed the certificate issuer string from "Microsoft Code Signing PCA 2010" to "Microsoft Code Signing PCA 2024". <!-- GitOpsUserAgent=GitOps.Apps.Server.pullrequestcopilot -->
…-merge-9.0-2025-07-08-1433
There was a problem hiding this comment.
Pull Request Overview
Merges internal commits for the 9.0 release by updating the certificate issuer check in the CoreCLR pipeline template.
- Updated the expected issuer from "Microsoft Code Signing PCA 2010" to "Microsoft Windows Code Signing PCA 2024"
- Removed locality (L) and state (S) qualifiers from the distinguished name match
Comments suppressed due to low confidence (1)
eng/pipelines/coreclr/templates/sign-diagnostic-files.yml:72
- Matching the full issuer distinguished name by string equality is brittle and the new string omits locality (L) and state (S) fields. Consider matching on parsed certificate properties (e.g.,
IssuerName.NameorGetNameInfo) or restoring the L/S qualifiers to ensure valid certificates aren’t rejected inadvertently.
-or $signingCert.Issuer -ne "CN=Microsoft Windows Code Signing PCA 2024, O=Microsoft Corporation, C=US")
|
The change in this PR is already used to release build yesterday. I'll go ahead and merge it. |
This was referenced Aug 5, 2025
This was referenced Aug 7, 2025
Open
Merged
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.