Skip to content

Commit af19c3f

Browse files
authored
Fix AzureSignTool signature verification for paths with spaces (#1273)
1 parent 68891e1 commit af19c3f

4 files changed

Lines changed: 44 additions & 2 deletions

File tree

constructor/signing.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -193,7 +193,7 @@ def verify_signature(self, installer_file: str | Path):
193193
logger.error("Could not verify signature: PowerShell not found.")
194194
return
195195
command = (
196-
f"$sig = Get-AuthenticodeSignature -LiteralPath {installer_file};"
196+
f"$sig = Get-AuthenticodeSignature -LiteralPath '{installer_file}';"
197197
"$sig.Status.value__;"
198198
"$sig.StatusMessage"
199199
)

examples/azure_signtool/construct.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@
33

44
name: Signed_AzureSignTool
55
version: 1.0.0
6-
installer_type: exe
6+
installer_type: [exe, msi]
77
channels:
88
- https://repo.anaconda.com/pkgs/main/
99
specs:

news/1273-fix-msi-signing-spaces

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,19 @@
1+
### Enhancements
2+
3+
* <news item>
4+
5+
### Bug fixes
6+
7+
* Fix `AzureSignTool` signature verification failing for installer paths that contain spaces. (#1273)
8+
9+
### Deprecations
10+
11+
* <news item>
12+
13+
### Docs
14+
15+
* <news item>
16+
17+
### Other
18+
19+
* <news item>

tests/test_signing.py

Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,23 @@
1+
import sys
2+
3+
import pytest
4+
5+
from constructor.signing import AzureSignTool
6+
7+
8+
@pytest.mark.skipif(sys.platform != "win32", reason="Windows only")
9+
def test_azure_verify_signature_quotes_path_with_spaces(mocker):
10+
"""Test that installer paths containing spaces are quoted in the PowerShell command."""
11+
tool = AzureSignTool()
12+
installer = r"C:\Users\runner\Some Product\foo.msi"
13+
14+
mocker.patch("constructor.signing.shutil.which", return_value="powershell")
15+
mock_run = mocker.patch("constructor.signing.run")
16+
mock_run.return_value.stderr = ""
17+
mock_run.return_value.stdout = "0\nSignature verified.\n"
18+
19+
tool.verify_signature(installer)
20+
21+
# argv passed to run() is ["powershell", "-c", command]
22+
command = mock_run.call_args.args[0][2]
23+
assert f"-LiteralPath '{installer}'" in command

0 commit comments

Comments
 (0)