Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add signature verification for VS Code extensions #23368

Open
RomanNikitenko opened this issue Feb 28, 2025 · 0 comments
Open

Add signature verification for VS Code extensions #23368

RomanNikitenko opened this issue Feb 28, 2025 · 0 comments
Labels
area/editor/vscode Issues related to the Code OSS editor of Che kind/task Internal things, technical debt, and to-do tasks to be performed. severity/P1 Has a major impact to usage or development of the system. team/B This team is responsible for the Web Terminal, the DevWorkspace Operator and the IDEs.

Comments

@RomanNikitenko
Copy link
Member

RomanNikitenko commented Feb 28, 2025
edited
Loading

Is your task related to a problem? Please describe

VS Code uses @vscode/vsce-sign to verify a VS Code extension signature at the extension installation step.
@vscode/vsce-sign is Microsoft's proprietary package and is not included as a dependency to the Code - OSS assembly.
So - signature verification is not executed, as result the following message is displayed when a user installs an extension

Image

Describe the solution you'd like

@vscode/vsce-sign should be replaced by another package.
I've found https://github.com/filiptronicek/node-ovsx-sign repository - it can be considered as an alternative to @vscode/vsce-sign package.

Describe alternatives you've considered

No response

Additional context

No response
@RomanNikitenko RomanNikitenko added the kind/task Internal things, technical debt, and to-do tasks to be performed. label Feb 28, 2025
@che-bot che-bot added the status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github. label Feb 28, 2025
@RomanNikitenko RomanNikitenko added area/editor/vscode Issues related to the Code OSS editor of Che team/B This team is responsible for the Web Terminal, the DevWorkspace Operator and the IDEs. and removed status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github. labels Feb 28, 2025
@ibuziuk ibuziuk added the severity/P1 Has a major impact to usage or development of the system. label Mar 3, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/editor/vscode Issues related to the Code OSS editor of Che kind/task Internal things, technical debt, and to-do tasks to be performed. severity/P1 Has a major impact to usage or development of the system. team/B This team is responsible for the Web Terminal, the DevWorkspace Operator and the IDEs.
Projects
Eclipse Che Team B Backlog
Status: No status
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ibuziuk @RomanNikitenko @che-bot