-skipencryption option ignored in steps within the staging command

Development Pipeline & Plugins
, ,
1

We are disabling encryption during the packaging process by setting the `-skipencryption` option in the BuildCookRun arguments. We noticed that this correctly disables the -sign param for creating the actual pak files. Notably this section in CopyBuildToStagingDirectory.Automation.cs lines 4404-4426:

```

if (PakCommands.Count > 0)

{

string PakCommandsFileName = CombinePaths(CmdEnv.LogFolder, “PakCommands.txt”);

using (var Writer = new StreamWriter(PakCommandsFileName, false, new System.Text.UTF8Encoding(true)))

{

foreach (string Command in PakCommands)

{

Writer.WriteLine(Command);

}

}

StringBuilder Arguments = new StringBuilder();

string CommonArguments = GetCommonUnrealPakArguments(

PrimaryOrderFiles,

CommonAdditionalArgs,

Params.SkipEncryption ? null : CryptoSettings,

Params.SkipEncryption ? null : CryptoKeysCacheFilename,

SecondaryOrderFiles,

Params.Unattended

);

Arguments.AppendFormat(“{0} -CreateMultiple={1}”, CommonArguments, CommandUtils.MakePathSafeToUseWithCommandLine(PakCommandsFileName));

RunUnrealPak(Params.RawProjectPath, Arguments.ToString(), “CreateMultiplePaks”);

}

```

However, the IO store command that follows this sets the -cryptokeys and -sign params without checking the Params.SkipEncryption flag, lines 4465 - 4476:

```

if (CryptoKeysCacheFilename != null)

{

AdditionalArgs += String.Format(" -cryptokeys={0}", CommandUtils.MakePathSafeToUseWithCommandLine(CryptoKeysCacheFilename.FullName));

}

if (CryptoSettings != null)

{

if (CryptoSettings.bDataCryptoRequired && CryptoSettings.bEnablePakSigning && CryptoSettings.SigningKey.IsValid())

{

AdditionalArgs += String.Format(" -sign");

}

}

```

My understanding is that Params.SkipEncryption should be checked here as well

[Attachment Removed]

2

Steps to Reproduce

  1. Run `BuildCookRun` command in BuildGraph with at least the following arguments: -stage -skipencryption
  2. Notice how in the stage command, the following UnrealPak command will be executed (redacted with …) with -cryptokeys and -sign set:
Running UnrealPak with arguments: "..." -CreateGlobalContainer="...\Content\Paks\global.utoc" ... -cryptokeys="..." -sign ...

[Attachment Removed]

3

Hi!

Yes, you’re right, this looks like an oversight indeed.

I’ll submit a changelist for review internally. Until then, you can add your suggested fix:

if (!Params.SkipEncryption && CryptoKeysCacheFilename != null)
{
    AdditionalArgs += String.Format(" -cryptokeys={0}", ...);
}
 
if (!Params.SkipEncryption && CryptoSettings != null)
{
    if (CryptoSettings.bDataCryptoRequired && ...)
    {
        AdditionalArgs += String.Format(" -sign");
    }
}

[Attachment Removed]

4

It has now been committed to //Main, changelist 51756442. Github commit: https://github.com/EpicGames/UnrealEngine/commit/c66638fe66448cc7822d2ef2da62f09d0761cfc6\.

[Attachment Removed]