Skip to content

Remove external tar process workaround for hardlink signing#16994

Open
MichaelSimons wants to merge 4 commits into
mainfrom
michaelsimons/remove-tar-process-workaround
Open

Remove external tar process workaround for hardlink signing#16994
MichaelSimons wants to merge 4 commits into
mainfrom
michaelsimons/remove-tar-process-workaround

Conversation

@MichaelSimons

@MichaelSimons MichaelSimons commented Jun 9, 2026

Copy link
Copy Markdown
Member

The workaround (dotnet/arcade#16484) used external tar.exe on Windows to handle hardlinks because System.Formats.Tar lacked proper support (dotnet/runtime#74404). Now that the runtime issue is fixed and arcade targets .NET 10+, hardlinks are handled the same way as symlinks: skipped during reading (only the target regular file is signed) and preserved as-is during repack.

Changes

  • Remove ReadTarGZipEntriesWithExternalTar and RepackTarGZipWithExternalTar private methods from ZipData.cs
  • Remove Windows-conditional branches in ReadEntries and RepackTarGZip
  • Add TarEntryType.HardLink to the skip filter in ReadEntries (same treatment as symlinks)
  • Change SignTarGZipFileWithHardlinks test from [WindowsOnlyFact] to [Fact]
  • Update test expectations: only the regular file entry is signed; hardlinks are preserved and validated via new helper
  • Add ValidateProducedTarGZipHardlinks helper to verify hardlinks survive the repack round-trip

Fixes #16484

@MichaelSimons
Remove external tar process workaround for hardlink signing
93151a2 
The workaround (#16484) used external tar.exe on Windows to
handle hardlinks because System.Formats.Tar lacked proper support
(dotnet/runtime#74404). Now that the runtime issue is fixed and arcade
targets .NET 10+, hardlinks are handled the same way as symlinks: skipped
during reading (only the target regular file is signed) and preserved
as-is during repack.

Changes:
- Remove ReadTarGZipEntriesWithExternalTar and RepackTarGZipWithExternalTar
  private methods from ZipData.cs
- Remove Windows-conditional branches in ReadEntries and RepackTarGZip
- Add TarEntryType.HardLink to the skip filter in ReadEntries (same
  treatment as symlinks)
- Change SignTarGZipFileWithHardlinks test from [WindowsOnlyFact] to [Fact]
- Update test expectations: only the regular file entry is signed;
  hardlinks are preserved and validated via new helper
- Add ValidateProducedTarGZipHardlinks helper to verify hardlinks survive
  the repack round-trip

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Copilot AI review requested due to automatic review settings June 9, 2026 17:02
Copilot AI reviewed Jun 9, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR removes the Windows-only external tar.exe workaround used by SignTool for .tar.gz archives containing hardlinks, relying instead on System.Formats.Tar now that Arcade targets .NET 10+. It updates tar entry filtering and adjusts/expands test coverage to validate that hardlinks are preserved through the signing + repack flow.

Changes:

  • Remove external tar.exe-based read/repack paths and Windows-conditional branches for .tar.gz.
  • Skip TarEntryType.HardLink during tar entry enumeration (same handling as symlinks) so only the target regular file is signed.
  • Update the hardlink signing test to run cross-platform and validate hardlinks are preserved in the repacked archive.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File Description
src/Microsoft.DotNet.SignTool/src/ZipData.cs Removes the external-tar workaround; updates tar entry filtering to skip hardlinks.
src/Microsoft.DotNet.SignTool.Tests/SignToolTests.cs Makes the hardlink test cross-platform; adds validation helper to assert hardlinks survive repack.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread src/Microsoft.DotNet.SignTool/src/ZipData.cs
Comment thread src/Microsoft.DotNet.SignTool.Tests/SignToolTests.cs Outdated
@ViktorHofer

ViktorHofer commented Jun 9, 2026

Copy link
Copy Markdown
Member

Please submit a real signed build for validation, i.e. in the VMR to avoid potential disruption.

ellahathaway
ellahathaway previously approved these changes Jun 9, 2026
View reviewed changes
@MichaelSimons
Potential fix for pull request finding
07e497a 
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Copilot AI review requested due to automatic review settings June 9, 2026 20:22
Copilot AI reviewed Jun 9, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

Comment thread src/Microsoft.DotNet.SignTool.Tests/SignToolTests.cs
MichaelSimons and others added 2 commits June 9, 2026 15:36
@MichaelSimons
Remove external tar process workaround for hardlink signing
5267739 
The workaround (#16484) used external tar.exe on Windows to
handle hardlinks because System.Formats.Tar lacked proper support
(dotnet/runtime#74404). Now that the runtime issue is fixed and arcade
targets .NET 10+, hardlinks are handled the same way as symlinks: skipped
during reading (only the target regular file is signed) and preserved
as-is during repack.

Changes:
- Remove ReadTarGZipEntriesWithExternalTar and RepackTarGZipWithExternalTar
  private methods from ZipData.cs
- Remove Windows-conditional branches in ReadEntries and RepackTarGZip
- Add TarEntryType.HardLink to the skip filter in ReadEntries (same
  treatment as symlinks)
- Change SignTarGZipFileWithHardlinks test from [WindowsOnlyFact] to [Fact]
- Update test expectations: only the regular file entry is signed;
  hardlinks are preserved and validated via new helper
- Add ValidateProducedTarGZipHardlinks helper to verify hardlinks survive
  the repack round-trip

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@MichaelSimons
Update symlink test doc comment
ec24366 
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Copilot AI review requested due to automatic review settings June 9, 2026 20:38
Copilot AI reviewed Jun 9, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 2 out of 2 changed files in this pull request and generated no new comments.

mmitche
mmitche reviewed Jun 16, 2026
View reviewed changes
Comment thread src/Microsoft.DotNet.SignTool.Tests/SignToolTests.cs

foreach ((string path, string linkName) in expectedHardlinks)
{
hardlinkEntries.Should().Contain((Name: path, LinkName: linkName),

@mmitche mmitche Jun 16, 2026

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: If possible I'd make this stronger and check that no additional hard links are present. I think that awesomeassertions has a nice primitive for this kind of assert.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@mmitche mmitche mmitche approved these changes

@ellahathaway ellahathaway ellahathaway left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

SignTool does not support tarballs w/hard links

5 participants

@MichaelSimons @ViktorHofer @mmitche @ellahathaway