search

HodorNV / ALOps

ALOps
59 stars 24 forks source link

[ALOpsAppSign] Signature status: UnknownError. ASN1 bad tag value met. #479

Closed jcoe-nvt closed 2 years ago

jcoe-nvt commented 2 years ago

Describe the bug Our build pipelines started to display warnings for some of our builds. It seems like ALOpsSign step randomly fails to sign our apps. In 4/10 builds the signing fails. To remove the warning we need to rerun the build (sometimes even more than 3x). (Nothing was changed to our pfx-file and password)

the used yaml

parameters:
  app_name: $(Build.Repository.Name)

steps:
- task: ALOpsAppSign@1
  displayName: 'Sign ${{ parameters.app_name }} apps'
  condition: ne( variables['Build.Reason'], 'PullRequest')
  continueOnError: true
  timeoutInMinutes: 2
  inputs:
    pfx_path: $(pfx-file)
    pfx_password: $(pfx-password)
    publish_artifact: false
    nav_artifact_app_filter: '*w1.app'

the output

2022-01-31T08:53:10.9135753Z ##[section]Starting: Sign Navitrans.Core apps
2022-01-31T08:53:10.9242817Z ==============================================================================
2022-01-31T08:53:10.9243034Z Task         : ALOps App Sign
2022-01-31T08:53:10.9243223Z Description  : CodeSign an AL Extension for Business Central
2022-01-31T08:53:10.9243397Z Version      : 1.447.2769
2022-01-31T08:53:10.9243527Z Author       : Hodor
2022-01-31T08:53:10.9243711Z Help         : Codesign Business Central extension with .pfx.
2022-01-31T08:53:10.9243934Z ==============================================================================
2022-01-31T08:53:12.0028372Z *** Validate configuration
2022-01-31T08:53:12.1895634Z *** Task Inputs:
2022-01-31T08:53:12.1923804Z 
2022-01-31T08:53:12.1974735Z name                                                                                                              value
2022-01-31T08:53:12.1977979Z ----                                                                                                              -----
2022-01-31T08:53:12.1981692Z usedocker                                                                                                         False
2022-01-31T08:53:12.1985225Z fixed_tag                                                                                                              
2022-01-31T08:53:12.1987184Z batchsigncompiledapps                                                                                             False
2022-01-31T08:53:12.1989279Z artifact_path                                                                                                          
2022-01-31T08:53:12.1991321Z nav_artifact_app_filter                                                                                         *w1.app
2022-01-31T08:53:12.2004373Z pfx_path                ***
2022-01-31T08:53:12.2006412Z timestamp_uri                                                                                                          
2022-01-31T08:53:12.2008536Z publish_artifact                                                                                                  False
2022-01-31T08:53:12.2011022Z pfx_password                                                                                       ***
2022-01-31T08:53:12.2011603Z 
2022-01-31T08:53:12.2023836Z 
2022-01-31T08:53:12.2028623Z 
2022-01-31T08:53:12.2129012Z *** For documentation, please visit   : https://www.alops.be/documentation
2022-01-31T08:53:12.2132634Z 
2022-01-31T08:53:13.1010235Z *** ALOps License:
2022-01-31T08:53:13.1029097Z   * Licensed To: Navitrans (Organisation License)
2022-01-31T08:53:13.1031598Z 
2022-01-31T08:53:13.1757302Z *** Memory Status: 24.88/31.84 (78.12% Free)
2022-01-31T08:53:13.1912911Z *** Importing required PS-Functions
2022-01-31T08:53:13.3813278Z *** Dynamic resolve App file.
2022-01-31T08:53:13.3820154Z *** Scanning [System.DefaultWorkingDirectory].
2022-01-31T08:53:13.4195796Z *** Scanning [System.ArtifactsDirectory].
2022-01-31T08:53:13.4216515Z *** Scanning [Pipeline.Workspace].
2022-01-31T08:53:13.4880939Z *** Multiple App files found with filter [*w1.app].
2022-01-31T08:53:13.4918578Z   * C:\DockerInstallation\Agent\_work\189\s\App\.alpackages\Navitrans_Navitrans 365 Core_18.0.0.13616_sandbox_18.1_w1.app
2022-01-31T08:53:13.4924967Z   * C:\DockerInstallation\Agent\_work\189\a\Navitrans_Navitrans 365 Core_19.3.0.21666_sandbox_19.1_w1.app
2022-01-31T08:53:13.4944159Z *** Resolved App File: [C:\DockerInstallation\Agent\_work\189\a\Navitrans_Navitrans 365 Core_19.3.0.21666_sandbox_19.1_w1.app].
2022-01-31T08:53:13.4962060Z *** Starting App Sign for: 
2022-01-31T08:53:13.4966748Z   * C:\DockerInstallation\Agent\_work\189\a\Navitrans_Navitrans 365 Core_19.3.0.21666_sandbox_19.1_w1.app
2022-01-31T08:53:13.4971027Z *** App Sign: C:\DockerInstallation\Agent\_work\189\a\Navitrans_Navitrans 365 Core_19.3.0.21666_sandbox_19.1_w1.app
2022-01-31T08:53:13.5160686Z *** NavSip registration OK
2022-01-31T08:53:13.5950434Z *** App File: C:\DockerInstallation\Agent\_work\189\a\Navitrans_Navitrans 365 Core_19.3.0.21666_sandbox_19.1_w1.app
2022-01-31T08:53:13.5956290Z *** Setup Pfx File
2022-01-31T08:53:13.6004461Z *** Create TempFile
2022-01-31T08:53:13.6113768Z *** Download file
2022-01-31T08:53:13.6896580Z *** PFX File: C:\WINDOWS\TEMP\tmp99E3.tmp
2022-01-31T08:53:13.6901374Z *** Check for Powershell Authenticode CmdLets
2022-01-31T08:53:13.6916778Z *** Authenticode CmdLets exist, using Powershell
2022-01-31T08:53:13.6921557Z *** Sign App file with Pfx
2022-01-31T08:53:13.8292570Z *** Signing App with Powershell: C:\DockerInstallation\Agent\_work\189\a\Navitrans_Navitrans 365 Core_19.3.0.21666_sandbox_19.1_w1.app
2022-01-31T08:53:13.9321714Z 
2022-01-31T08:53:13.9340001Z 
2022-01-31T08:53:13.9349052Z SignerCertificate      : 
2022-01-31T08:53:13.9349733Z TimeStamperCertificate : 
2022-01-31T08:53:13.9351699Z Status                 : UnknownError
2022-01-31T08:53:13.9353571Z StatusMessage          : ASN1 bad tag value met
2022-01-31T08:53:13.9372462Z Path                   : C:\DockerInstallation\Agent\_work\189\a\Navitrans_Navitrans 365 Core_19.3.0.21666_sandbox_19.1
2022-01-31T08:53:13.9372807Z                          _w1.app
2022-01-31T08:53:13.9374104Z SignatureType          : None
2022-01-31T08:53:13.9375015Z IsOSBinary             : False
2022-01-31T08:53:13.9375333Z 
2022-01-31T08:53:13.9375510Z 
2022-01-31T08:53:13.9376583Z 
2022-01-31T08:53:13.9469485Z ##[error]Signature status: UnknownError. ASN1 bad tag value met.
2022-01-31T08:53:13.9478688Z *** Sign App Completed.
2022-01-31T08:53:13.9532949Z *** Cleanup VSTS Environment: True
2022-01-31T08:53:16.2220956Z ##[section]Finishing: Sign Navitrans.Core apps

Expected behavior No failure on signing apps.

Screenshots image

waldo1001 commented 2 years ago

We can't simulate this issue. All we find on this issue is that it seems there something wrong with the certificate.

https://techcommunity.microsoft.com/t5/iis-support-blog/asn1-bad-tag-value-met-error-when-processing-a-certificate/ba-p/347654 "Their recommendation seems to be to replace the certificate with a new one"

I'd recommend to refresh your certificate, but if you allow to share your certificate with us, we'd be able to simulate this and try to figure out what we can do about it.. .

jcoe-nvt commented 2 years ago

We didn't change our certificate, but the issue has disappeared. Will close this now. If it occurs in future, I will reopen this issue.

FYI: our certificate is the same for all our builds. It would be strange that something is wrong with it...