diff --git a/constructor/signing.py b/constructor/signing.py index dcfd116ab..89bcb8854 100644 --- a/constructor/signing.py +++ b/constructor/signing.py @@ -193,7 +193,7 @@ def verify_signature(self, installer_file: str | Path): logger.error("Could not verify signature: PowerShell not found.") return command = ( - f"$sig = Get-AuthenticodeSignature -LiteralPath {installer_file};" + f"$sig = Get-AuthenticodeSignature -LiteralPath '{installer_file}';" "$sig.Status.value__;" "$sig.StatusMessage" ) diff --git a/examples/azure_signtool/construct.yaml b/examples/azure_signtool/construct.yaml index 96498a702..2ca0395cd 100644 --- a/examples/azure_signtool/construct.yaml +++ b/examples/azure_signtool/construct.yaml @@ -3,7 +3,7 @@ name: Signed_AzureSignTool version: 1.0.0 -installer_type: exe +installer_type: [exe, msi] channels: - https://repo.anaconda.com/pkgs/main/ specs: diff --git a/news/1273-fix-msi-signing-spaces b/news/1273-fix-msi-signing-spaces new file mode 100644 index 000000000..b8c6d3a9c --- /dev/null +++ b/news/1273-fix-msi-signing-spaces @@ -0,0 +1,19 @@ +### Enhancements + +* + +### Bug fixes + +* Fix `AzureSignTool` signature verification failing for installer paths that contain spaces. (#1273) + +### Deprecations + +* + +### Docs + +* + +### Other + +* diff --git a/tests/test_signing.py b/tests/test_signing.py new file mode 100644 index 000000000..a109d21be --- /dev/null +++ b/tests/test_signing.py @@ -0,0 +1,23 @@ +import sys + +import pytest + +from constructor.signing import AzureSignTool + + +@pytest.mark.skipif(sys.platform != "win32", reason="Windows only") +def test_azure_verify_signature_quotes_path_with_spaces(mocker): + """Test that installer paths containing spaces are quoted in the PowerShell command.""" + tool = AzureSignTool() + installer = r"C:\Users\runner\Some Product\foo.msi" + + mocker.patch("constructor.signing.shutil.which", return_value="powershell") + mock_run = mocker.patch("constructor.signing.run") + mock_run.return_value.stderr = "" + mock_run.return_value.stdout = "0\nSignature verified.\n" + + tool.verify_signature(installer) + + # argv passed to run() is ["powershell", "-c", command] + command = mock_run.call_args.args[0][2] + assert f"-LiteralPath '{installer}'" in command