Configuration processor auditing improvements#6193
Conversation
florelis
left a comment
florelis
left a comment
There was a problem hiding this comment.
I'm not familiar with the configuration code, so my review of that part was superficial and it may be wise to get somebody else to look at it.
| Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "doc", "doc", "{3FF6C881-2548-486E-8D70-7555A90030F5}" | ||
| ProjectSection(SolutionItems) = preProject | ||
| ..\doc\windows\package-manager\winget\returnCodes.md = ..\doc\windows\package-manager\winget\returnCodes.md | ||
| ..\doc\Settings.md = ..\doc\Settings.md |
There was a problem hiding this comment.
Should we move all the .mds here?
| result.IsAlias = true; | ||
| result.HashString = Utility::SHA256::ConvertToString( |
There was a problem hiding this comment.
Could we extract the signer/publisher from the package that owns the alias?
There was a problem hiding this comment.
We don't know that with OS APIs. We could infer things about the path and likely find the family name, then the full name, then extract the signing information. But all of that is a guess, and a bad actor could easily replace the alias contents while we claimed signature information from the other package.
| | 0x8A15C110 | -1978285814 | WINGET_CONFIG_ERROR_UNIT_SETTING_CONFIG_ROOT | A unit contains a setting that requires the config root. | | ||
| | 0x8A15C111 | -1978285813 | WINGET_CONFIG_ERROR_UNIT_IMPORT_MODULE_ADMIN | Loading the module for the configuration unit failed because it requires administrator privileges to run. | | ||
| | 0x8A15C112 | -1978285812 | WINGET_CONFIG_ERROR_NOT_SUPPORTED_BY_PROCESSOR | Operation is not supported by the configuration processor. | | ||
| | 0x8A15C113 | -1978285811 | WINGET_CONFIG_ERROR_PROCESSOR_HASH_MISMATCH | The DSC processor hash provided does not match hash of the target file. | |
There was a problem hiding this comment.
Just realized the decimals for error codes starting from 0x8A15C110 were incorrect , we did not use ABCD..
There was a problem hiding this comment.
Fixed and added markdown generation via winget error -o file.md which fixed a few more things that were off.
| <value>Enable Windows Package Manager Configuration</value> | ||
| </data> | ||
| <data name="ErrorCommandLongDescription" xml:space="preserve"> | ||
| <value>Retrieve information about errors. Given a number, the output will contain details about the error, including the symbol name if it is a WinGet specific error. Given a string, the WinGet specific errors are searched for this value.</value> |
There was a problem hiding this comment.
Should we update the command long description?
There was a problem hiding this comment.
I don't think so. It isn't the primary purpose of the command and I don't expect that many/any people will run it outside of us. The one fun thing you can do is run it to get a localized markdown file.
3 participants
Change
When a processor path is provided, inform the user about that fact in the output. Ensure that the server agrees on the hash of the processor that is provided in its CLI arguments.
When the target processor is an app execution alias, the hash is of the contents of the reparse point data. Otherwise, it is a hash of the contents of the file itself.
Validation
Tests are added for the scenario and individual operations.
Microsoft Reviewers: Open in CodeFlow