Type (choose one):

• Bug

NPE version: 6.0.64+c118e46e01

OS version: Windows 11, Version 22H2 (OS Build 22621.2428)

Installed from: Microsoft Store

In case of a BUG:

While trying to publish a new release of Polly today, we encountered a failure when trying to validate the Authenticode signatures of the binaries in our NuGet packages. We do this by compiling AuthenticodeLint from source as the .NET 6 version is not available from NuGet.org (see vcsjones/AuthenticodeLint#34). There was no apparent feedback on what was wrong, just that the tool was failing to verify the signatures. See App-vNext/Polly#1760 for more context.

As part of investigating the issue, attempting to view the binaries inside the NuGet packages that were signed, NuGet Package Explorer fails to load the details for the DLLs, and instead shows this modal:

This error seems to correlate with the same exception I uncovered in AuthenticodeLint/AuthenticodeExaminer: vcsjones/AuthenticodeExaminer#19

Unpacking the NuGet package files shows the Authenticode signatures as valid in Windows Explorer, and rebuilding AuthenticodeLint as described in the issue above also then successfully validates the files (successful validation workflow).

I'm not aware of any workarounds to this issue - I expect that a dependency of some kind needs updating and the application recompiled and published for a new version to resolve the underlying code that has an issue with the signatures.

I didn't realise that you depended on AuthenticodeExaminer, so I guess this is just the exact same issue as vcsjones/AuthenticodeExaminer#19:

I'm going to see if I can force a package update locally that updates the transient dependency and fixes the issue here.

Looking at the diff, it's not a dependency update that fixes it, but what looks like a bunch of code changes that have happened since v0.3.0 was released.