主页 / user-394934

The Fabio's questions

Martin Hope
The Fabio
Asked: 2024-08-08 08:50:11 +0800 CST
  • 6

在 Azure devops 脚本中将 signtool.exe 与“Azure 受信任签名帐户”结合使用时,该过程挂起在:

正在提交摘要以供签名...

这是我们在 Azure devops 使用的 PowerShell 脚本块,它基于Azure 受信任签名帐户的文档

    - task: PowerShell@2
      displayName: Preparing Windows EXE signing tools
      inputs:
        targetType: 'inline'
        workingDirectory: $(Pipeline.Workspace)/windows-signing-tool
        script: |
          Set-PSDebug -Trace 1
          Invoke-WebRequest -Uri https://dist.nuget.org/win-x86-commandline/latest/nuget.exe -OutFile .\nuget.exe
          .\nuget.exe install Microsoft.Windows.SDK.BuildTools -Version 10.0.22621.3233 -x
          .\nuget.exe install Microsoft.Trusted.Signing.Client -Version 1.0.53 -x
          ./"Microsoft.Windows.SDK.BuildTools\bin\10.0.22621.0\x86\signtool.exe" sign /v /debug /fd SHA256 /tr "http://timestamp.acs.microsoft.com" /td SHA256 /dlib "Microsoft.Trusted.Signing.Client\bin\x86\Azure.CodeSigning.Dlib.dll" /dmdf ".\signing-metadata.json" "<obscurecFolder>/MyProject.exe"

日志输出:

========================== Starting Command Output ===========================
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoLogo -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -Command ". 'D:\a\_temp\c16ea5da-1997-4e32-9ef5-9e9268766943.ps1'"
DEBUG:    5+  >>>> Invoke-WebRequest -Uri https://dist.nuget.org/win-x86-commandline/latest/nuget.exe -OutFile 
.\nuget.exe
DEBUG:    6+  >>>> .\nuget.exe install Microsoft.Windows.SDK.BuildTools -Version 10.0.22621.3233 -x
Feeds used:
  https://api.nuget.org/v3/index.json
  C:\Program Files (x86)\Microsoft SDKs\NuGetPackages\



Attempting to gather dependency information for package 'Microsoft.Windows.SDK.BuildTools.10.0.22621.3233' with respect to project '<obscurecFolder>\windows-signing-tool', targeting 'Any,Version=v0.0'
Gathering dependency information took 751 ms
Attempting to resolve dependencies for package 'Microsoft.Windows.SDK.BuildTools.10.0.22621.3233' with DependencyBehavior 'Lowest'
Resolving dependency information took 0 ms
Resolving actions to install package 'Microsoft.Windows.SDK.BuildTools.10.0.22621.3233'
Resolved actions to install package 'Microsoft.Windows.SDK.BuildTools.10.0.22621.3233'
Retrieving package 'Microsoft.Windows.SDK.BuildTools 10.0.22621.3233' from 'nuget.org'.
  GET https://api.nuget.org/v3-flatcontainer/microsoft.windows.sdk.buildtools/10.0.22621.3233/microsoft.windows.sdk.buildtools.10.0.22621.3233.nupkg
  OK https://api.nuget.org/v3-flatcontainer/microsoft.windows.sdk.buildtools/10.0.22621.3233/microsoft.windows.sdk.buildtools.10.0.22621.3233.nupkg 7ms
Installed Microsoft.Windows.SDK.BuildTools 10.0.22621.3233 from https://api.nuget.org/v3/index.json to C:\Users\VssAdministrator\.nuget\packages\microsoft.windows.sdk.buildtools\10.0.22621.3233 with content hash v67zwCb9JOpfPxdSroZukIKHruU6FUB+KwcmSPcVvUFyYtcyvcUign5y8jPQNi54CVzWvaTg646e62LbanUkxg==.
Adding package 'Microsoft.Windows.SDK.BuildTools.10.0.22621.3233' to folder '<obscurecFolder>\windows-signing-tool'
Added package 'Microsoft.Windows.SDK.BuildTools.10.0.22621.3233' to folder '<obscurecFolder>\windows-signing-tool'
Successfully installed 'Microsoft.Windows.SDK.BuildTools 10.0.22621.3233' to <obscurecFolder>\windows-signing-tool
Executing nuget actions took 5.09 sec
DEBUG:    7+  >>>> .\nuget.exe install Microsoft.Trusted.Signing.Client -Version 1.0.53 -x
Feeds used:
  C:\Users\VssAdministrator\.nuget\packages\
  https://api.nuget.org/v3/index.json
  C:\Program Files (x86)\Microsoft SDKs\NuGetPackages\



Attempting to gather dependency information for package 'Microsoft.Trusted.Signing.Client.1.0.53' with respect to project '<obscurecFolder>\windows-signing-tool', targeting 'Any,Version=v0.0'
Gathering dependency information took 1.09 sec
Attempting to resolve dependencies for package 'Microsoft.Trusted.Signing.Client.1.0.53' with DependencyBehavior 'Lowest'
Resolving dependency information took 0 ms
Resolving actions to install package 'Microsoft.Trusted.Signing.Client.1.0.53'
Resolved actions to install package 'Microsoft.Trusted.Signing.Client.1.0.53'
Retrieving package 'Microsoft.Trusted.Signing.Client 1.0.53' from 'nuget.org'.
  GET https://api.nuget.org/v3-flatcontainer/microsoft.trusted.signing.client/1.0.53/microsoft.trusted.signing.client.1.0.53.nupkg
  OK https://api.nuget.org/v3-flatcontainer/microsoft.trusted.signing.client/1.0.53/microsoft.trusted.signing.client.1.0.53.nupkg 9ms
Installed Microsoft.Trusted.Signing.Client 1.0.53 from https://api.nuget.org/v3/index.json to C:\Users\VssAdministrator\.nuget\packages\microsoft.trusted.signing.client\1.0.53 with content hash lou6NowgbY3S/Yn0+WSeI+Dl8SCmvmqkeAzt2Pgs51QL5/kHh+w8FJgutYGM+j2TB11a9zNc0EBWjOGWdwWtoQ==.
Adding package 'Microsoft.Trusted.Signing.Client.1.0.53' to folder '<obscurecFolder>\windows-signing-tool'
Added package 'Microsoft.Trusted.Signing.Client.1.0.53' to folder '<obscurecFolder>\windows-signing-tool'
Successfully installed 'Microsoft.Trusted.Signing.Client 1.0.53' to <obscurecFolder>\windows-signing-tool
Executing nuget actions took 1.45 sec

这意味着前三个命令运行正常......

之后我们有:

./"Microsoft.Windows.SDK.BuildTools\bin\10.0.22621.0\x86\signtool.exe" sign /v /debug /fd SHA256 /tr "http://timestamp.acs.microsoft.com" /td SHA256 /dlib "Microsoft.Trusted.Signing.Client\bin\x86\Azure.CodeSigning.Dlib.dll" /dmdf ".\signing-metadata.json" "<obscurecFolder>/MyProject.exe"

Trusted Signing

Version: 1.0.53

"Metadata": {
  "Endpoint": "https://eus.codesigning.azure.net",
  "CodeSigningAccountName": "ObscuredTrustedSignAccName",
  "CertificateProfileName": "ObscuredTrustedSignAccCertificateProfileName",
  "ExcludeCredentials": []
}

Submitting digest for signing...

在本地执行时,同样的最后一条命令的输出是:

Trusted Signing

Version: 1.0.60

"Metadata": {
  "Endpoint": "https://eus.codesigning.azure.net",
  "CodeSigningAccountName": "ObscuredTrustedSignAccName",
  "CertificateProfileName": "ObscuredTrustedSignAccCertificateProfileName",
  "ExcludeCredentials": []
}

Submitting digest for signing...

OperationId 12121212-acbc-acbc-acbc-49603042d34c: InProgress

Signing completed with status 'Succeeded' in 20.5563194s

Successfully signed: <obscurecFolder>/MyProject.exe

Number of files successfully Signed: 1
Number of warnings: 0
Number of errors: 0

为什么 signtool.exe 在由 devops 运行时无法继续,但在我的本地环境中却可以正常运行?

azure