Search Issue Tracker

Fixed

Fixed in 6000.0.67f1, 6000.3.7f1, 6000.4.0b7, 6000.5.0a6

Votes

1

Found in

6000.0.66f1

6000.3.5f1

6000.4.0b7

6000.5.0a6

Issue ID

UUM-133005

Regression

No

Package signature validation unexpectedly return an invalid signature status if the validation check is done after the code signing certificate validaty range has passed

Packman

-

Description

When validating a signature, the Package Manager checks the validity range of the code-signing certificate used to sign the attestation/package. When the current date is passed the package code signing certificate validity range, the signature validation will fails with the {{ERR_SIGNED_ATTESTATION_VALIDATION_FAILED}} status and this reason:

{quote}
Signed attestation validation failed: Validation of signer's certificate failed: The certificate is either not yet valid or expired
{quote}

Reproduction steps

  • Create a new project in the Hub and open Unity
  • Add a package that is not a built-in package in the project (ex.: {{com.unity.timeline@1.8.10}}
  • Note the version is important because the issue will not show up with recent packages that were signed with a code signing certificate that is currently active and valid.

Expected behaviour
The package signature status is valid

Actual behavior
The package signature status is invalid

Logs and Links

  1. Resolution Note:

    Fixed in 6000.4.0b7

  2. Resolution Note (fix version 6000.5.0a6):

    Fixed in 6000.4.0b7

Log in to vote on this issue

Add comment

Log in to post comment

All about bugs

View bugs we have successfully reproduced, and vote for the bugs you want to see fixed most urgently.

Latest issues

See all new issues