Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Runner fails to run as a service on windows: Disable Delay Signing on the Runner Service #185

Merged
merged 3 commits into from
Nov 8, 2019
Merged

Runner fails to run as a service on windows: Disable Delay Signing on the Runner Service #185

merged 3 commits into from
Nov 8, 2019

Conversation

thboop
Copy link
Collaborator

@thboop thboop commented Nov 7, 2019
edited by bryanmacfarlane
Loading

Running as a service is failing on self hosted windows machines without strong named signing disabled (common customer scenario). This effectively makes running as a service not viable.

Fixes #186
Currently in production RunnerService is getting generated as delay-signed. It should just be unsigned.

PS:  sn -vf RunnerService.exe

Microsoft (R) .NET Framework Strong Name Utility  Version 4.0.30319.0
Copyright (c) Microsoft Corporation.  All rights reserved.

RunnerService.exe is a delay-signed or test-signed assembly

I did a test release and verified the new version is not signed from this build

PS C:\Users\thboop\downloads\actions-runner-win-x64-1.999.9\bin> sn -vf RunnerService.exe

Microsoft (R) .NET Framework Strong Name Utility  Version 4.0.30319.0
Copyright (c) Microsoft Corporation.  All rights reserved.

RunnerService.exe does not represent a strongly named assembly
PS C:\Users\thboop\downloads\actions-runner-win-x64-1.999.9\bin>

I was able to verify on a VM with Windows Server 2019 that the issue no longer occurs. I want to do some additional sanity testing.

@bryanmacfarlane bryanmacfarlane changed the title Disable Delay Signing on the Runner Service Runner fails to run as a service: Disable Delay Signing on the Runner Service Nov 7, 2019
@bryanmacfarlane bryanmacfarlane changed the title Runner fails to run as a service: Disable Delay Signing on the Runner Service Runner fails to run as a service on windows: Disable Delay Signing on the Runner Service Nov 7, 2019
@TingluoHuang
Copy link
Member

Delete the public key under windows service folder that checked in, that’s a MSFT public key

@TingluoHuang
Copy link
Member

What’s the default of those csproj setting? Should we just remove them if the default is false?

@bryanmacfarlane
Copy link
Member

As part of the testing, let’s test running as svc on macOS and Ubuntu. I realize this change doesn’t affect those but this does identify a testing gap

@thboop
Copy link
Collaborator Author

thboop commented Nov 8, 2019

What’s the default of those csproj setting? Should we just remove them if the default is false?

I prefer these values being explicitly set, but I can understand not wanting to have lines of code that aren't needed. We can take a look at modifying this post GA if needed

Delete the public key under windows service folder that checked in, that’s a MSFT public key

This has been deleted, and the references have been removed.

@thboop
Copy link
Collaborator Author

thboop commented Nov 8, 2019

As part of the testing, let’s test running as svc on macOS and Ubuntu. I realize this change doesn’t affect those but this does identify a testing gap

This works as expected!

@thboop thboop merged commit c5cbac9 into master Nov 8, 2019
@thboop thboop deleted the users/thboop/disableDelaySigning branch December 3, 2019 15:36
AdamOlech pushed a commit to antmicro/runner that referenced this pull request Jan 28, 2021
@thboop
Runner fails to run as a service on windows: Disable Delay Signing on…
086a352 
… the Runner Service (actions#185)

* test release

* Reverse test release changes

* Remove Unused Public Keys from Runner Service
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bryanmacfarlane bryanmacfarlane bryanmacfarlane approved these changes

@TingluoHuang TingluoHuang TingluoHuang approved these changes

@youhanaNaseim youhanaNaseim youhanaNaseim approved these changes

@ericsciple ericsciple Awaiting requested review from ericsciple

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Self Hosted Runner Service on Windows Fails Strong Name Validation
4 participants
@thboop @TingluoHuang @bryanmacfarlane @youhanaNaseim