A task to authenticode sign dlls
License: MIT License
This is a vsts extension that tags git repos sorted in vsts with the release name.
To build, open in vscode and build
To debug edit launch.json to your test case and set ENDPOINT_AUTH_PARAMETER_SystemVssConnection_AccessToken and ENDPOINT_URL_SystemVssConnection
I try to sign around 70 files, give or take. If there is an error during signing, which according to the error I get is most likely a limit set by the timestamp server, this task waits for the time specified under "Delay in seconds between signing actions per provider requests". And then tries another attempt at signing EVERY file. But that's just going to cause the same issue, except maybe once if you're lucky.
Maybe I understand it wrong but that's at least what the log tells me. Wouldn't it make more sense to just wait between each file for the time specified or if it fails to only attempt and sign the files that have not been signed yet?
No matter what I enter in the "Sign Tool Location" (under Advanced settings), it always uses it's own local signtool.exe copy.
Thanks
Can you add support Secure Files in the repository to get to the certificate?
https://www.visualstudio.com/en-us/docs/build/concepts/library/secure-files
Or maybe it does this and I'm just missing it, but it didn't seem like it.
Thanks!
I am not able to sign using minimatch patterns. Only wild card with extension works.
I'd like to request a checkbox to allow skipping already signed files.
From a .bat script I have the following to skip those files:
echo "%~1\Signtool\signtool.exe" verify /pa %2
>NUL 2>&1 "%~1\Signtool\signtool.exe" verify /pa %2 && (
echo File %2 is already signed, skipping
) || (
"%~1\Signtool\signtool.exe" sign /tr http://timestamp.digicert.com /td sha256 /f "%~1\certificate.pfx" /p secretcode /fd sha256 %2
exit /b 0
)Timestamp servers like Comodo ask politely to "Note: If you are signing several pieces of software with a script, please add a delay of 15 seconds or more between signings so that you're not hammering our servers."
I think it makes sense to add a delay either way between retries, as that might increase the chances of a successful code signing in case of a "bad timing" failure.
Thanks
I have a build with a couple of slow optional steps. When I insert the task (using secure file) after the slow steps (takes about 30 minutes), the sign task fails consistently in most cases (of course not always, that would be too easy).
When I disable the slow tasks or move the sign task to above the slow steps it succeeds.
E:\Agent01\_work\_tasks\authenticode-sign_752fe535-ed47-4c2c-afcf-0778adb0bb12\5.0.4\x64\signtool.exe sign /tr http://timestamp.digicert.com /td sha256 /f E:\Agent01\_work\_temp\Unit4_Codesign_2021.pfx /p *** /fd sha256 E:\Agent01\_work\19\s\Bin\API\_PublishedWebsites\UNIT4.Multivers.API.WcfPortal40\bin\UNIT4.Multivers.API.BL.Factory.dll E:\Agent01\_work\19\s\Bin\API\_PublishedWebsites\UNIT4.Multivers.API.WcfPortal40\bin\UNIT4.Multivers.API.BL.Resources.dll E:\Agent01\_work\19\s\Bin\API\_PublishedWebsites\UNIT4.Multivers.API.WcfPortal40\bin\UNIT4.Multivers.API.BL.dll E:\Agent01\_work\19\s\Bin\API\_PublishedWebsites\UNIT4.Multivers.API.WcfPortal40\bin\UNIT4.Multivers.API.DAL.Core.dll E:\Agent01\_work\19\s\Bin\API\_PublishedWebsites\UNIT4.Multivers.API.WcfPortal40\bin\UNIT4.Multivers.API.DAL.Model.dll E:\Agent01\_work\19\s\Bin\API\_PublishedWebsites\UNIT4.Multivers.API.WcfPortal40\bin\UNIT4.Multivers.API.DAL.Providers.SQLBase.dll E:\Agent01\_work\19\s\Bin\API\_PublishedWebsites\UNIT4.Multivers.API.WcfPortal40\bin\UNIT4.Multivers.API.DAL.Web.dll E:\Agent01\_work\19\s\Bin\API\_PublishedWebsites\UNIT4.Multivers.API.WcfPortal40\bin\UNIT4.Multivers.API.Reporting.dll E:\Agent01\_work\19\s\Bin\API\_PublishedWebsites\UNIT4.Multivers.API.WcfPortal40\bin\UNIT4.Multivers.API.Server.Online.dll E:\Agent01\_work\19\s\Bin\API\_PublishedWebsites\UNIT4.Multivers.API.WcfPortal40\bin\UNIT4.Multivers.API.WcfPortal40.dll E:\Agent01\_work\19\s\Bin\API\_PublishedWebsites\UNIT4.Multivers.API.WcfPortal40\bin\UNIT4.Multivers.API.dll E:\Agent01\_work\19\s\Bin\API\_PublishedWebsites\UNIT4.Multivers.API.Web.WebApi\bin\UNIT4.Multivers.API.BL.Factory.dll E:\Agent01\_work\19\s\Bin\API\_PublishedWebsites\UNIT4.Multivers.API.Web.WebApi\bin\UNIT4.Multivers.API.BL.Resources.dll E:\Agent01\_work\19\s\Bin\API\_PublishedWebsites\UNIT4.Multivers.API.Web.WebApi\bin\UNIT4.Multivers.API.BL.dll E:\Agent01\_work\19\s\Bin\API\_PublishedWebsites\UNIT4.Multivers.API.Web.WebApi\bin\UNIT4.Multivers.API.DAL.Core.dll E:\Agent01\_work\19\s\Bin\API\_PublishedWebsites\UNIT4.Multivers.API.Web.WebApi\bin\UNIT4.Multivers.API.DAL.Model.dll E:\Agent01\_work\19\s\Bin\API\_PublishedWebsites\UNIT4.Multivers.API.Web.WebApi\bin\UNIT4.Multivers.API.DAL.Providers.SQLBase.dll E:\Agent01\_work\19\s\Bin\API\_PublishedWebsites\UNIT4.Multivers.API.Web.WebApi\bin\UNIT4.Multivers.API.DAL.Web.dll E:\Agent01\_work\19\s\Bin\API\_PublishedWebsites\UNIT4.Multivers.API.Web.WebApi\bin\UNIT4.Multivers.API.Proxy.dll E:\Agent01\_work\19\s\Bin\API\_PublishedWebsites\UNIT4.Multivers.API.Web.WebApi\bin\UNIT4.Multivers.API.Reporting.dll E:\Agent01\_work\19\s\Bin\API\_PublishedWebsites\UNIT4.Multivers.API.Web.WebApi\bin\UNIT4.Multivers.API.Server.Online.dll E:\Agent01\_work\19\s\Bin\API\_PublishedWebsites\UNIT4.Multivers.API.Web.WebApi\bin\UNIT4.Multivers.API.Web.WebApi.Core.dll E:\Agent01\_work\19\s\Bin\API\_PublishedWebsites\UNIT4.Multivers.API.Web.WebApi\bin\UNIT4.Multivers.API.Web.WebApi.DataAccess.dll E:\Agent01\_work\19\s\Bin\API\_PublishedWebsites\UNIT4.Multivers.API.Web.WebApi\bin\UNIT4.Multivers.API.Web.WebApi.Model.dll E:\Agent01\_work\19\s\Bin\API\_PublishedWebsites\UNIT4.Multivers.API.Web.WebApi\bin\UNIT4.Multivers.API.Web.WebApi.dll E:\Agent01\_work\19\s\Bin\API\_PublishedWebsites\UNIT4.Multivers.API.Web.WebApi\bin\UNIT4.Multivers.API.dll E:\Agent01\_work\19\s\UNIT4.Multivers.API.WcfPortal40\bin\UNIT4.Multivers.API.BL.Factory.dll E:\Agent01\_work\19\s\UNIT4.Multivers.API.WcfPortal40\bin\UNIT4.Multivers.API.BL.Resources.dll E:\Agent01\_work\19\s\UNIT4.Multivers.API.WcfPortal40\bin\UNIT4.Multivers.API.BL.dll E:\Agent01\_work\19\s\UNIT4.Multivers.API.WcfPortal40\bin\UNIT4.Multivers.API.DAL.Core.dll E:\Agent01\_work\19\s\UNIT4.Multivers.API.WcfPortal40\bin\UNIT4.Multivers.API.DAL.Model.dll E:\Agent01\_work\19\s\UNIT4.Multivers.API.WcfPortal40\bin\UNIT4.Multivers.API.DAL.Providers.SQLBase.dll E:\Agent01\_work\19\s\UNIT4.Multivers.API.WcfPortal40\bin\UNIT4.Multivers.API.DAL.Web.dll E:\Agent01\_work\19\s\UNIT4.Multivers.API.WcfPortal40\bin\UNIT4.Multivers.API.Reporting.dll E:\Agent01\_work\19\s\UNIT4.Multivers.API.WcfPortal40\bin\UNIT4.Multivers.API.Server.Online.dll E:\Agent01\_work\19\s\UNIT4.Multivers.API.WcfPortal40\bin\UNIT4.Multivers.API.WcfPortal40.dll E:\Agent01\_work\19\s\UNIT4.Multivers.API.WcfPortal40\bin\UNIT4.Multivers.API.dll E:\Agent01\_work\19\s\UNIT4.Multivers.API.WcfPortal40\obj\x86\Release\Package\PackageTmp\bin\UNIT4.Multivers.API.BL.Factory.dll E:\Agent01\_work\19\s\UNIT4.Multivers.API.WcfPortal40\obj\x86\Release\Package\PackageTmp\bin\UNIT4.Multivers.API.BL.Resources.dll E:\Agent01\_work\19\s\UNIT4.Multivers.API.WcfPortal40\obj\x86\Release\Package\PackageTmp\bin\UNIT4.Multivers.API.BL.dll E:\Agent01\_work\19\s\UNIT4.Multivers.API.WcfPortal40\obj\x86\Release\Package\PackageTmp\bin\UNIT4.Multivers.API.DAL.Core.dll E:\Agent01\_work\19\s\UNIT4.Multivers.API.WcfPortal40\obj\x86\Release\Package\PackageTmp\bin\UNIT4.Multivers.API.DAL.Model.dll E:\Agent01\_work\19\s\UNIT4.Multivers.API.WcfPortal40\obj\x86\Release\Package\PackageTmp\bin\UNIT4.Multivers.API.DAL.Providers.SQLBase.dll E:\Agent01\_work\19\s\UNIT4.Multivers.API.WcfPortal40\obj\x86\Release\Package\PackageTmp\bin\UNIT4.Multivers.API.DAL.Web.dll E:\Agent01\_work\19\s\UNIT4.Multivers.API.WcfPortal40\obj\x86\Release\Package\PackageTmp\bin\UNIT4.Multivers.API.Reporting.dll E:\Agent01\_work\19\s\UNIT4.Multivers.API.WcfPortal40\obj\x86\Release\Package\PackageTmp\bin\UNIT4.Multivers.API.Server.Online.dll E:\Agent01\_work\19\s\UNIT4.Multivers.API.WcfPortal40\obj\x86\Release\Package\PackageTmp\bin\UNIT4.Multivers.API.WcfPortal40.dll E:\Agent01\_work\19\s\UNIT4.Multivers.API.WcfPortal40\obj\x86\Release\Package\PackageTmp\bin\UNIT4.Multivers.API.dll E:\Agent01\_work\19\s\UNIT4.Multivers.API.Web.WebApi.Core\bin\UNIT4.Multivers.API.BL.dll E:\Agent01\_work\19\s\UNIT4.Multivers.API.Web.WebApi.Core\bin\UNIT4.Multivers.API.Reporting.dll E:\Agent01\_work\19\s\UNIT4.Multivers.API.Web.WebApi.Core\bin\UNIT4.Multivers.API.Web.WebApi.Core.dll E:\Agent01\_work\19\s\UNIT4.Multivers.API.Web.WebApi.DataAccess\bin\UNIT4.Multivers.API.Web.WebApi.DataAccess.dll E:\Agent01\_work\19\s\UNIT4.Multivers.API.Web.WebApi.Model\bin\UNIT4.Multivers.API.Reporting.dll E:\Agent01\_work\19\s\UNIT4.Multivers.API.Web.WebApi.Model\bin\UNIT4.Multivers.API.Web.WebApi.Core.dll E:\Agent01\_work\19\s\UNIT4.Multivers.API.Web.WebApi.Model\bin\UNIT4.Multivers.API.Web.WebApi.Model.dll E:\Agent01\_work\19\s\UNIT4.Multivers.API.Web.WebApi\bin\UNIT4.Multivers.API.BL.Factory.dll E:\Agent01\_work\19\s\UNIT4.Multivers.API.Web.WebApi\bin\UNIT4.Multivers.API.BL.Resources.dll E:\Agent01\_work\19\s\UNIT4.Multivers.API.Web.WebApi\bin\UNIT4.Multivers.API.BL.dll E:\Agent01\_work\19\s\UNIT4.Multivers.API.Web.WebApi\bin\UNIT4.Multivers.API.DAL.Core.dll E:\Agent01\_work\19\s\UNIT4.Multivers.API.Web.WebApi\bin\UNIT4.Multivers.API.DAL.Model.dll E:\Agent01\_work\19\s\UNIT4.Multivers.API.Web.WebApi\bin\UNIT4.Multivers.API.DAL.Providers.SQLBase.dll E:\Agent01\_work\19\s\UNIT4.Multivers.API.Web.WebApi\bin\UNIT4.Multivers.API.DAL.Web.dll E:\Agent01\_work\19\s\UNIT4.Multivers.API.Web.WebApi\bin\UNIT4.Multivers.API.Proxy.dll E:\Agent01\_work\19\s\UNIT4.Multivers.API.Web.WebApi\bin\UNIT4.Multivers.API.Reporting.dll E:\Agent01\_work\19\s\UNIT4.Multivers.API.Web.WebApi\bin\UNIT4.Multivers.API.Server.Online.dll E:\Agent01\_work\19\s\UNIT4.Multivers.API.Web.WebApi\bin\UNIT4.Multivers.API.Web.WebApi.Core.dll E:\Agent01\_work\19\s\UNIT4.Multivers.API.Web.WebApi\bin\UNIT4.Multivers.API.Web.WebApi.DataAccess.dll E:\Agent01\_work\19\s\UNIT4.Multivers.API.Web.WebApi\bin\UNIT4.Multivers.API.Web.WebApi.Model.dll E:\Agent01\_work\19\s\UNIT4.Multivers.API.Web.WebApi\bin\UNIT4.Multivers.API.Web.WebApi.dll E:\Agent01\_work\19\s\UNIT4.Multivers.API.Web.WebApi\bin\UNIT4.Multivers.API.dll E:\Agent01\_work\19\s\UNIT4.Multivers.API.Web.WebApi\obj\x86\Release\Package\PackageTmp\bin\UNIT4.Multivers.API.BL.Factory.dll E:\Agent01\_work\19\s\UNIT4.Multivers.API.Web.WebApi\obj\x86\Release\Package\PackageTmp\bin\UNIT4.Multivers.API.BL.Resources.dll E:\Agent01\_work\19\s\UNIT4.Multivers.API.Web.WebApi\obj\x86\Release\Package\PackageTmp\bin\UNIT4.Multivers.API.BL.dll E:\Agent01\_work\19\s\UNIT4.Multivers.API.Web.WebApi\obj\x86\Release\Package\PackageTmp\bin\UNIT4.Multivers.API.DAL.Core.dll E:\Agent01\_work\19\s\UNIT4.Multivers.API.Web.WebApi\obj\x86\Release\Package\PackageTmp\bin\UNIT4.Multivers.API.DAL.Model.dll E:\Agent01\_work\19\s\UNIT4.Multivers.API.Web.WebApi\obj\x86\Release\Package\PackageTmp\bin\UNIT4.Multivers.API.DAL.Providers.SQLBase.dll E:\Agent01\_work\19\s\UNIT4.Multivers.API.Web.WebApi\obj\x86\Release\Package\PackageTmp\bin\UNIT4.Multivers.API.DAL.Web.dll E:\Agent01\_work\19\s\UNIT4.Multivers.API.Web.WebApi\obj\x86\Release\Package\PackageTmp\bin\UNIT4.Multivers.API.Proxy.dll E:\Agent01\_work\19\s\UNIT4.Multivers.API.Web.WebApi\obj\x86\Release\Package\PackageTmp\bin\UNIT4.Multivers.API.Reporting.dll E:\Agent01\_work\19\s\UNIT4.Multivers.API.Web.WebApi\obj\x86\Release\Package\PackageTmp\bin\UNIT4.Multivers.API.Server.Online.dll E:\Agent01\_work\19\s\UNIT4.Multivers.API.Web.WebApi\obj\x86\Release\Package\PackageTmp\bin\UNIT4.Multivers.API.Web.WebApi.Core.dll E:\Agent01\_work\19\s\UNIT4.Multivers.API.Web.WebApi\obj\x86\Release\Package\PackageTmp\bin\UNIT4.Multivers.API.Web.WebApi.DataAccess.dll E:\Agent01\_work\19\s\UNIT4.Multivers.API.Web.WebApi\obj\x86\Release\Package\PackageTmp\bin\UNIT4.Multivers.API.Web.WebApi.Model.dll E:\Agent01\_work\19\s\UNIT4.Multivers.API.Web.WebApi\obj\x86\Release\Package\PackageTmp\bin\UNIT4.Multivers.API.Web.WebApi.dll E:\Agent01\_work\19\s\UNIT4.Multivers.API.Web.WebApi\obj\x86\Release\Package\PackageTmp\bin\UNIT4.Multivers.API.dll
SignTool Error: An error occurred while attempting to load the signing
certificate from: E:\Agent01\_work\_temp\Unit4_Codesign_2021.pfx
Error attempting to sign. Attempt number: 0. Exception text: Error: The process 'E:\Agent01\_work\_tasks\authenticode-sign_752fe535-ed47-4c2c-afcf-0778adb0bb12\5.0.4\x64\signtool.exe' failed with exit code 1
Sleeping for 15 second(s)
...
...
##[error]Unable to sign Error: The process 'E:\Agent01\_work\_tasks\authenticode-sign_752fe535-ed47-4c2c-afcf-0778adb0bb12\5.0.4\x64\signtool.exe' failed with exit code 1
##[error]Unable to sign Error: The process 'E:\Agent01\_work\_tasks\authenticode-sign_752fe535-ed47-4c2c-afcf-0778adb0bb12\5.0.4\x64\signtool.exe' failed with exit code 1
(node:13200) UnhandledPromiseRejectionWarning: Unhandled promise rejection (rejection id: 1): Error: The process 'E:\Agent01\_work\_tasks\authenticode-sign_752fe535-ed47-4c2c-afcf-0778adb0bb12\5.0.4\x64\signtool.exe' failed with exit code 1
Finishing: Authenticode Sign Build results
Could you please add the option to append the signature if one already exists (/as flag)?
Thank you.
Error attempting to sign. Attempt number: 4. Exception text: Error: The process 'E:\Agent01\_work\_tasks\authenticode-sign_752fe535-ed47-4c2c-afcf-0778adb0bb12\5.0.4\x64\signtool.exe' failed with exit code 1
Sleeping for 15 second(s)
##[error]Unable to sign Error: The process 'E:\Agent01\_work\_tasks\authenticode-sign_752fe535-ed47-4c2c-afcf-0778adb0bb12\5.0.4\x64\signtool.exe' failed with exit code 1
##[error]Unable to sign Error: The process 'E:\Agent01\_work\_tasks\authenticode-sign_752fe535-ed47-4c2c-afcf-0778adb0bb12\5.0.4\x64\signtool.exe' failed with exit code 1
(node:10180) UnhandledPromiseRejectionWarning: Unhandled promise rejection (rejection id: 1): Error: The process 'E:\Agent01\_work\_tasks\authenticode-sign_752fe535-ed47-4c2c-afcf-0778adb0bb12\5.0.4\x64\signtool.exe' failed with exit code 1
Finishing: Authenticode Sign
We are signing our .exe files with both SHA1 AND SHA256 (as Microsoft does to all their .EXEs), I currently need to setup 2 Tasks in order to do this - would be a great addition to have them both signed at the same time (maybe a new Algo choice "SHA1 & SHA256").
Thanks
I noticed the following warning being present in our build pipeline.
(node:4840) Warning: Use Cipheriv for counter mode of aes-256-ctr
We're using YAML and our configuration is like this:
steps:
- task: jabbera.authenticode-sign.authenticode-sign.authenticode-sign@4
displayName: "Code sign"
inputs:
filePath: |
**/*.@${{ parameters.extensionsToSign }}
signRootPath: "${{ parameters.rootDirectory }}"
timestampServer: "${{ parameters.timeStamper }}"
timestampServerDelay: 0
certificateLocation: pfxFile
pfxFile: "${{ parameters.certificateFilePath }}"
pfxPassword: "${{ parameters.certificatePassword }}"
additionalArguments: |
/debug
/vThis results in the following output in Azure DevOps:
I seem to be having challenges with the "Path to files to sign" parameter. The tooltip indicates I can use wildcards, which works fine with wildcards in the file name, but will it handle folders? Consider the example folder structure below:
$(Build.SourcesDirectory)\scripts\MyFolderA\MyScript1.ps1
$(Build.SourcesDirectory)\scripts\MyFolderA\MyScript2.ps1
$(Build.SourcesDirectory)\scripts\MyFolderB\MyScript3.ps1
If I provide the input of:
$(Build.SourcesDirectory)\scripts\MyFolderA\*.ps1
The extension will find script 1 and 2. What I'm really looking for is to provide this input:
$(Build.SourcesDirectory)\scripts\**\*.ps1
and have the extension find scripts 1,2, and 3. I also tried with a single asterisk for the folder, ie:
$(Build.SourcesDirectory)\scripts\*\*.ps1
Workaround is multiple calls to the extension. I'd like to specifiy a root folder and know any scripts placed in subsequent folders will be signed.
Error I get:
SignTool Error: File not found: d:\a\1\s\scripts\**\*.ps1 2017-12-12T15:07:26.4454250Z 2017-12-12T15:07:26.4486353Z Error attempting to sign. Attempt number: 0. Exception text: Error: d:\a\_tasks\authenticode-sign_752fe535-ed47-4c2c-afcf-0778adb0bb12\1.0.0\x64\signtool.exe failed with return code: 1 2017-12-12T15:07:26.4487352Z [command]d:\a\_tasks\authenticode-sign_752fe535-ed47-4c2c-afcf-0778adb0bb12\1.0.0\x64\signtool.exe sign /tr http://timestamp.digicert.com /td sha256 /f d:\a\_temp\mySigningCert.pfx /p ******** /fd sha256 /a d:\a\1\s\scripts\**\*.ps1
When I fill the box with custom arguments like this::
/d ProgramName /du http://www.example.com
The executed command is:
"D:\Agent17-One_work_tasks\authenticode-sign_752fe535-ed47-4c2c-afcf-0778adb0bb12\3.0.0\x64\signtool.exe" sign other args "/d ProgramName /du http://www.example.com"
This fails with code: SignTool Error: Invalid option: /d ProgramName /du http://www.example.com
It seems to fail on the " that are generated around the custom arguments.
Getting the following run-time error when signing my code. I've set the task to consume a .pfx file that is stored in Azure Devops as a seure file.
[error]Unable to sign TypeError: this.serverConnection.getTaskAgentApi(...).downloadSecureFile is not a function
(node:4360) UnhandledPromiseRejectionWarning: Unhandled promise rejection (rejection id: 2): TypeError: this.serverConnection.getTaskAgentApi(...).downloadSecureFile is not a function
[section]Finishing: Authenticode Sign
The screenhots/* (shown in the Market) and README.md show something about a "Tag Artifact" Task, which is obviously not the current Code Signing Task.
Thanks
Currently all CAs are not longer providing file certificates. Is it possible to use your solution with USB Token.
First of all, thanks for the minimatch implementation!
... yet it seems that for whatever reason (although I can see it in your code) it's always writing verbose debug information which makes it extremely slow. Here is a snippet of the log:
2018-01-16T15:07:15.6837236Z ##[debug]**system.debug=false**
2018-01-16T15:07:15.6837236Z ##[debug]defaultRoot: ....
2018-01-16T15:07:15.6837236Z ##[debug]findOptions.followSpecifiedSymbolicLink: 'true'
2018-01-16T15:07:15.6837236Z ##[debug]findOptions.followSymbolicLinks: 'true'
2018-01-16T15:07:15.6837236Z ##[debug]**matchOptions.debug: 'true'**
2018-01-16T15:07:15.6837236Z ##[debug]matchOptions.nobrace: 'true'
2018-01-16T15:07:15.6837236Z ##[debug]matchOptions.noglobstar: 'undefined'
2018-01-16T15:07:15.6837236Z ##[debug]matchOptions.dot: 'true'
2018-01-16T15:07:15.6837236Z ##[debug]matchOptions.noext: 'undefined'
2018-01-16T15:07:15.6837236Z ##[debug]matchOptions.nocase: 'true'
2018-01-16T15:07:15.6993470Z ##[debug]matchOptions.nonull: 'undefined'
2018-01-16T15:07:15.6993470Z ##[debug]matchOptions.matchBase: 'undefined'
2018-01-16T15:07:15.6993470Z ##[debug]matchOptions.nocomment: 'undefined'
2018-01-16T15:07:15.6993470Z ##[debug]matchOptions.nonegate: 'undefined'
2018-01-16T15:07:15.6993470Z ##[debug]matchOptions.flipNegate: 'undefined'
Thanks in advance
I am trying to debug issue #20 by adding the additional arguments /v /debug in the additional arguments field, however I get the error: SignTool Error: Invalid option: /v /debug because the following is added to the argument list: "/v /debug"
Error attempting to sign. Attempt number: 0. Exception text: Error: spawn ENAMETOOLONG
I'm having an issue with the signing, in that it always fails with the following error.
2019-05-24T12:17:41.8180915Z [command]C:\BUILD\agent_work_tasks\authenticode-sign_752fe535-ed47-4c2c-afcf-0778adb0bb12\4.0.0\x64\signtool.exe sign /tr http://timestamp.verisign.com/scripts/timstamp.dll /td sha256 /f ******** /p ******** /fd sha256 "C:\BUILD\agent_work*********************.exe"
2019-05-24T12:17:41.8850389Z SignTool Error: The specified PFX password is not correct.
It correctly retries 5 times, but the error is always the same. This happens on a build agent version 2.117.2 running on Windows Server 2016.
10.0.14393.795. My local version is 10.0.17763.1.I have tried to overwrite the location of the signtool with the latest version in the C:\Program Files (x86)\Windows Kits\10\bin***\folder, but the same error happens.
I've been struggling with this for a while. Any ideas?
Hi,
Since a couple of weeks we are using this plugin in our builds in order to be able to use the Secure file storage of TFS.
Most of the time this works like a charm, but sometimes we notice that we get the following message:
2019-03-18T07:48:27.7364419Z [command]C:\BuildAgent_work_tasks\authenticode-sign_752fe535-ed47-4c2c-afcf-0778adb0bb12\3.0.0\x64\signtool.exe sign /tr http://timestamp.digicert.com /td sha256 /f C:\BuildAgent_work_temp\CodeSignCertificate-2022-02-20.pfx /p *** /fd sha256 <...several assembly files...>
2019-03-18T07:48:27.9965373Z SignTool Error: An error occurred while attempting to load the signing
2019-03-18T07:48:27.9966085Z
2019-03-18T07:48:27.9966955Z certificate from: C:\BuildAgent_work_temp\CodeSignCertificate-2022-02-20.pfx
2019-03-18T07:48:27.9967702Z
2019-03-18T07:48:28.0134499Z Error attempting to sign. Attempt number: 0. Exception text: Error: C:\BuildAgent_work_tasks\authenticode-sign_752fe535-ed47-4c2c-afcf-0778adb0bb12\3.0.0\x64\signtool.exe failed with return code: 1
2019-03-18T07:48:28.0140299Z Sleeping for 15 second(s)
How could we debug these kind of issue and get the root cause of it?
Regards,
David
We want to hide the PfxPassword, but at present, the password is displayed in the build step. It should use an appropriate password field to mask the actual password and prevent copy /paste
The latest Task implementation uses the signtool.exe /a command line argument which according to the
documenation means:
Automatically selects the best signing certificate. Sign Tool will find all valid certificates that satisfy all
specified conditions and select the one that is valid for the longest time. lI this option is not present,
Sign Tool expects to find only one valid signing certificate.
The current task parameters don't allow to explicitly specify a certificate thumbprint to select a dedicated
certificate from the store.
Please add an optional parameter (e.g. named "Signing Certificate Thumbprint") which maps to use the
/sha1 command line argument instead of /a.
This would be a great enhancement!
All the best, Manuel
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.