search

HodorNV / ALOps

ALOps
56 stars 24 forks source link

ALOps App Sign fails with Signature status: UnknownError. The form specified for the subject is not one supported or known by the specified trust provider. #681

Closed ninjaniels closed 11 months ago

ninjaniels commented 11 months ago

Describe the bug I am not sure if this is on our end or your end, but we have build pipelines that have been running error free for a long time that are failing the ALOps App Sign step with the error ##[error]Signature status: UnknownError. The form specified for the subject is not one supported or known by the specified trust provider.

The pipelines were unstable last week, sometimes failing with the above error and sometimes succeeding, but today they have been consistently failing.

the used yaml

#Your build pipeline references an undefined variable named ‘app_name’. Create or edit the build pipeline for this YAML file, define the variable on the Variables tab. See https://go.microsoft.com/fwlink/?linkid=865972
#Your build pipeline references an undefined variable named ‘CodeSignatureCertificate’. Create or edit the build pipeline for this YAML file, define the variable on the Variables tab. See https://go.microsoft.com/fwlink/?linkid=865972
#Your build pipeline references an undefined variable named ‘cert_password’. Create or edit the build pipeline for this YAML file, define the variable on the Variables tab. See https://go.microsoft.com/fwlink/?linkid=865972

steps:
- task: Hodor.hodor-alops.alopsappsign.ALOpsAppSign@1
  displayName: 'App Sign $(app_name)'
  inputs:
    usedocker: true
    nav_artifact_app_filter: '*_$(app_name)_*_APP.app'
    pfx_path: '$(CodeSignatureCertificate)'
    pfx_password: '$(cert_password)'

the output

2023-10-09T13:58:12.3980870Z ##[section]Starting: App Sign EQM 365 Rental - Re-Rent
2023-10-09T13:58:12.4457768Z ==============================================================================
2023-10-09T13:58:12.4457920Z Task         : ALOps App Sign
2023-10-09T13:58:12.4458000Z Description  : CodeSign an AL Extension for Business Central
2023-10-09T13:58:12.4458077Z Version      : 1.459.4971
2023-10-09T13:58:12.4458133Z Author       : Hodor
2023-10-09T13:58:12.4458187Z Help         : Codesign Business Central extension with .pfx.
2023-10-09T13:58:12.4458281Z ==============================================================================
2023-10-09T13:58:13.8936327Z *** Validate configuration
2023-10-09T13:58:13.9852501Z *** Task Inputs:
2023-10-09T13:58:13.9905813Z 
2023-10-09T13:58:14.0010096Z name                                                                                                              value
2023-10-09T13:58:14.0014704Z ----                                                                                                              -----
2023-10-09T13:58:14.0017554Z usedocker                                                                                                          True
2023-10-09T13:58:14.0020778Z fixed_tag                                                                                                              
2023-10-09T13:58:14.0024122Z batchsigncompiledapps                                                                                             False
2023-10-09T13:58:14.0027514Z artifact_path                                                                                                          
2023-10-09T13:58:14.0031263Z nav_artifact_app_filter                                                            *_EQM 365 Rental - Re-Rent_*_APP.app
2023-10-09T13:58:14.0095311Z pfx_path                ...23T16:35:57Z&spr=https&sv=2020-08-04&sr=b&sig=XE4bQDGJQBehMsHvEgzCfIAwqREJ0gCOawXVrlx7q4g%3D
2023-10-09T13:58:14.0098820Z timestamp_uri                                                                                                          
2023-10-09T13:58:14.0102100Z publish_artifact                                                                                                   True
2023-10-09T13:58:14.0105690Z pfx_password                                                                                              ***
2023-10-09T13:58:14.0106323Z 
2023-10-09T13:58:14.0131515Z 
2023-10-09T13:58:14.0142183Z 
2023-10-09T13:58:14.0341444Z *** For documentation, please visit   : https://www.alops.be/documentation
2023-10-09T13:58:14.0346358Z 
2023-10-09T13:58:14.4601971Z *** ALOps License:
2023-10-09T13:58:14.4641190Z   * Licensed To: Armada Dynamics AS (Organization License)
2023-10-09T13:58:14.4647789Z 
2023-10-09T13:58:14.5123755Z *** Importing required PS-Functions
2023-10-09T13:58:14.6203135Z *** Dynamic resolve App file.
2023-10-09T13:58:14.6227269Z *** Scanning [System.DefaultWorkingDirectory].
2023-10-09T13:58:14.6595548Z *** Scanning [System.ArtifactsDirectory].
2023-10-09T13:58:14.6641964Z *** Scanning [Pipeline.Workspace].
2023-10-09T13:58:14.7542734Z *** Multiple App files found with filter [*_EQM 365 Rental - Re-Rent_*_APP.app].
2023-10-09T13:58:14.7618565Z   * C:\docker\agents\elektra\_work\26\a\Armada Dynamics AS_EQM 365 Rental - Re-Rent_22.6.202341.28236_APP.app
2023-10-09T13:58:14.7652135Z *** Resolved App File: [C:\docker\agents\elektra\_work\26\a\Armada Dynamics AS_EQM 365 Rental - Re-Rent_22.6.202341.28236_APP.app].
2023-10-09T13:58:14.7680732Z *** Starting App Sign for: 
2023-10-09T13:58:14.7690990Z   * C:\docker\agents\elektra\_work\26\a\Armada Dynamics AS_EQM 365 Rental - Re-Rent_22.6.202341.28236_APP.app
2023-10-09T13:58:14.7700871Z *** App Sign: C:\docker\agents\elektra\_work\26\a\Armada Dynamics AS_EQM 365 Rental - Re-Rent_22.6.202341.28236_APP.app
2023-10-09T13:58:14.7709700Z *** Connect Docker Session
2023-10-09T13:58:14.9355750Z *** Initiate Docker Session
2023-10-09T13:58:15.5883246Z *** Set Docker Container ErrorActionPreference = Stop
2023-10-09T13:58:15.8724984Z *** Setup Docker Session
2023-10-09T13:58:16.1085482Z *** Copy Artifact: [C:\docker\agents\elektra\_work\26\a\Armada Dynamics AS_EQM 365 Rental - Re-Rent_22.6.202341.28236_APP.app] => [c:\Run\DevOps\Artifacts\Armada Dynamics AS_EQM 365 Rental - Re-Rent_22.6.202341.28236_APP.app]
2023-10-09T13:58:17.4920047Z *** Fetching App to Sign in [c:\Run\DevOps\] with filter [*_EQM 365 Rental - Re-Rent_*_APP.app]
2023-10-09T13:58:17.5867646Z *** App File: C:\Run\DevOps\Artifacts\Armada Dynamics AS_EQM 365 Rental - Re-Rent_22.6.202341.28236_APP.app
2023-10-09T13:58:17.5876633Z *** Setup Pfx File
2023-10-09T13:58:17.5966440Z *** Create TempFile
2023-10-09T13:58:17.6239310Z *** Download file
2023-10-09T13:58:19.2903712Z *** PFX File: C:\Users\ContainerAdministrator\AppData\Local\Temp\tmpCAE5.tmp
2023-10-09T13:58:19.2908248Z *** Check for Powershell Authenticode CmdLets
2023-10-09T13:58:19.2916321Z *** Authenticode CmdLets exist, using Powershell
2023-10-09T13:58:19.2921628Z *** Sign App file with Pfx
2023-10-09T13:58:19.7780574Z *** Signing App with Powershell: C:\Run\DevOps\Artifacts\Armada Dynamics AS_EQM 365 Rental - Re-Rent_22.6.202341.28236_APP.app
2023-10-09T13:58:20.2610805Z 
2023-10-09T13:58:20.2703604Z 
2023-10-09T13:58:20.2713287Z SignerCertificate      : 
2023-10-09T13:58:20.2714069Z TimeStamperCertificate : 
2023-10-09T13:58:20.2717061Z Status                 : UnknownError
2023-10-09T13:58:20.2743260Z StatusMessage          : The form specified for the subject is not one supported or known by the specified trust 
2023-10-09T13:58:20.2743883Z                          provider
2023-10-09T13:58:20.2747741Z Path                   : C:\Run\DevOps\Artifacts\Armada Dynamics AS_EQM 365 Rental - Re-Rent_22.6.202341.28236_APP.app
2023-10-09T13:58:20.2748673Z SignatureType          : None
2023-10-09T13:58:20.2751678Z IsOSBinary             : False
2023-10-09T13:58:20.2752514Z 
2023-10-09T13:58:20.2753438Z 
2023-10-09T13:58:20.2757894Z 
2023-10-09T13:58:20.2804856Z ##[error]Signature status: UnknownError. The form specified for the subject is not one supported or known by the specified trust provider.
2023-10-09T13:58:20.2842572Z *** Transfer App Artifact from Docker container.
2023-10-09T13:58:20.4206776Z ##[error]Cannot perform operation because the session Availability is set to None.
2023-10-09T13:58:20.4769118Z ##[section]Finishing: App Sign EQM 365 Rental - Re-Rent

Expected behavior We expect the app to be signed. Below is the output log from a successful run.

2023-10-05T13:41:22.6175289Z ##[section]Starting: App Sign EQM 365 Rental - Re-Rent
2023-10-05T13:41:22.6920600Z ==============================================================================
2023-10-05T13:41:22.6921368Z Task         : ALOps App Sign
2023-10-05T13:41:22.6921770Z Description  : CodeSign an AL Extension for Business Central
2023-10-05T13:41:22.6922284Z Version      : 1.459.4971
2023-10-05T13:41:22.6922663Z Author       : Hodor
2023-10-05T13:41:22.6923055Z Help         : Codesign Business Central extension with .pfx.
2023-10-05T13:41:22.6923591Z ==============================================================================
2023-10-05T13:41:24.1087509Z *** Validate configuration
2023-10-05T13:41:24.1848733Z *** Task Inputs:
2023-10-05T13:41:24.1901787Z 
2023-10-05T13:41:24.2009529Z name                                                                                                              value
2023-10-05T13:41:24.2012955Z ----                                                                                                              -----
2023-10-05T13:41:24.2016764Z usedocker                                                                                                          True
2023-10-05T13:41:24.2020326Z fixed_tag                                                                                                              
2023-10-05T13:41:24.2023914Z batchsigncompiledapps                                                                                             False
2023-10-05T13:41:24.2027287Z artifact_path                                                                                                          
2023-10-05T13:41:24.2030485Z nav_artifact_app_filter                                                            *_EQM 365 Rental - Re-Rent_*_APP.app
2023-10-05T13:41:24.2088276Z pfx_path                ...23T16:35:57Z&spr=https&sv=2020-08-04&sr=b&sig=XE4bQDGJQBehMsHvEgzCfIAwqREJ0gCOawXVrlx7q4g%3D
2023-10-05T13:41:24.2090010Z timestamp_uri                                                                                                          
2023-10-05T13:41:24.2093938Z publish_artifact                                                                                                   True
2023-10-05T13:41:24.2098046Z pfx_password                                                                                              ***
2023-10-05T13:41:24.2098598Z 
2023-10-05T13:41:24.2122139Z 
2023-10-05T13:41:24.2132699Z 
2023-10-05T13:41:24.2356718Z *** For documentation, please visit   : https://www.alops.be/documentation
2023-10-05T13:41:24.2361075Z 
2023-10-05T13:41:24.6702747Z *** ALOps License:
2023-10-05T13:41:24.6740652Z   * Licensed To: Armada Dynamics AS (Organization License)
2023-10-05T13:41:24.6747186Z 
2023-10-05T13:41:24.7215225Z *** Importing required PS-Functions
2023-10-05T13:41:24.8024916Z *** Dynamic resolve App file.
2023-10-05T13:41:24.8044853Z *** Scanning [System.DefaultWorkingDirectory].
2023-10-05T13:41:24.8472692Z *** Scanning [System.ArtifactsDirectory].
2023-10-05T13:41:24.8525779Z *** Scanning [Pipeline.Workspace].
2023-10-05T13:41:24.9428594Z *** Multiple App files found with filter [*_EQM 365 Rental - Re-Rent_*_APP.app].
2023-10-05T13:41:24.9508670Z   * C:\docker\agents\elektra\_work\26\a\Armada Dynamics AS_EQM 365 Rental - Re-Rent_22.5.202340.28185_APP.app
2023-10-05T13:41:24.9547134Z *** Resolved App File: [C:\docker\agents\elektra\_work\26\a\Armada Dynamics AS_EQM 365 Rental - Re-Rent_22.5.202340.28185_APP.app].
2023-10-05T13:41:24.9579638Z *** Starting App Sign for: 
2023-10-05T13:41:24.9591322Z   * C:\docker\agents\elektra\_work\26\a\Armada Dynamics AS_EQM 365 Rental - Re-Rent_22.5.202340.28185_APP.app
2023-10-05T13:41:24.9603886Z *** App Sign: C:\docker\agents\elektra\_work\26\a\Armada Dynamics AS_EQM 365 Rental - Re-Rent_22.5.202340.28185_APP.app
2023-10-05T13:41:24.9615623Z *** Connect Docker Session
2023-10-05T13:41:25.1257075Z *** Initiate Docker Session
2023-10-05T13:41:25.7779809Z *** Set Docker Container ErrorActionPreference = Stop
2023-10-05T13:41:26.0970352Z *** Setup Docker Session
2023-10-05T13:41:26.3468768Z *** Copy Artifact: [C:\docker\agents\elektra\_work\26\a\Armada Dynamics AS_EQM 365 Rental - Re-Rent_22.5.202340.28185_APP.app] => [c:\Run\DevOps\Artifacts\Armada Dynamics AS_EQM 365 Rental - Re-Rent_22.5.202340.28185_APP.app]
2023-10-05T13:41:27.7496421Z *** Fetching App to Sign in [c:\Run\DevOps\] with filter [*_EQM 365 Rental - Re-Rent_*_APP.app]
2023-10-05T13:41:27.8547652Z *** App File: C:\Run\DevOps\Artifacts\Armada Dynamics AS_EQM 365 Rental - Re-Rent_22.5.202340.28185_APP.app
2023-10-05T13:41:27.8577933Z *** Setup Pfx File
2023-10-05T13:41:27.8771781Z *** Create TempFile
2023-10-05T13:41:27.9097324Z *** Download file
2023-10-05T13:41:28.2687885Z *** PFX File: C:\Users\ContainerAdministrator\AppData\Local\Temp\tmpFC11.tmp
2023-10-05T13:41:28.2693157Z *** Check for Powershell Authenticode CmdLets
2023-10-05T13:41:28.2996606Z *** Authenticode CmdLets exist, using Powershell
2023-10-05T13:41:28.3017210Z *** Sign App file with Pfx
2023-10-05T13:41:28.8508069Z *** Signing App with Powershell: C:\Run\DevOps\Artifacts\Armada Dynamics AS_EQM 365 Rental - Re-Rent_22.5.202340.28185_APP.app
2023-10-05T13:41:29.4448695Z 
2023-10-05T13:41:29.4671723Z 
2023-10-05T13:41:29.4683618Z SignerCertificate      : [Subject]
2023-10-05T13:41:29.4686316Z                            CN=Armada Dynamics AS, O=Armada Dynamics AS, S=Oslo, C=NO
2023-10-05T13:41:29.4688436Z                          
2023-10-05T13:41:29.4689757Z                          [Issuer]
2023-10-05T13:41:29.4692897Z                            CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB
2023-10-05T13:41:29.4693887Z                          
2023-10-05T13:41:29.4696166Z                          [Serial Number]
2023-10-05T13:41:29.4698876Z                            09538A29192BEC52F814CA257D0B97A6
2023-10-05T13:41:29.4699727Z                          
2023-10-05T13:41:29.4702708Z                          [Not Before]
2023-10-05T13:41:29.4705336Z                            9/7/2021 2:00:00 AM
2023-10-05T13:41:29.4706130Z                          
2023-10-05T13:41:29.4709698Z                          [Not After]
2023-10-05T13:41:29.4712392Z                            9/7/2024 1:59:59 AM
2023-10-05T13:41:29.4713144Z                          
2023-10-05T13:41:29.4715810Z                          [Thumbprint]
2023-10-05T13:41:29.4718713Z                            3D18C6C52BB9C58631A9D174C8B0B2A7B42CA8DF
2023-10-05T13:41:29.4722895Z                          
2023-10-05T13:41:29.4724303Z TimeStamperCertificate : [Subject]
2023-10-05T13:41:29.4728624Z                            CN="Sectigo RSA Time Stamping Signer #4", O=Sectigo Limited, S=Manchester, C=GB
2023-10-05T13:41:29.4731273Z                          
2023-10-05T13:41:29.4733787Z                          [Issuer]
2023-10-05T13:41:29.4739626Z                            CN=Sectigo RSA Time Stamping CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB
2023-10-05T13:41:29.4741843Z                          
2023-10-05T13:41:29.4743241Z                          [Serial Number]
2023-10-05T13:41:29.4745352Z                            394C25E17CA06D27A865E23BD91D22D4
2023-10-05T13:41:29.4746920Z                          
2023-10-05T13:41:29.4749130Z                          [Not Before]
2023-10-05T13:41:29.4752341Z                            5/3/2023 2:00:00 AM
2023-10-05T13:41:29.4753821Z                          
2023-10-05T13:41:29.4757521Z                          [Not After]
2023-10-05T13:41:29.4759067Z                            8/3/2034 1:59:59 AM
2023-10-05T13:41:29.4760501Z                          
2023-10-05T13:41:29.4761833Z                          [Thumbprint]
2023-10-05T13:41:29.4765343Z                            AE62AF750A0CBD47D6461F7568E2BC8CE7CA4F94
2023-10-05T13:41:29.4765990Z                          
2023-10-05T13:41:29.4770221Z Status                 : Valid
2023-10-05T13:41:29.4773085Z StatusMessage          : Signature verified.
2023-10-05T13:41:29.4781264Z Path                   : C:\Run\DevOps\Artifacts\Armada Dynamics AS_EQM 365 Rental - Re-Rent_22.5.202340.28185_APP.app
2023-10-05T13:41:29.4783647Z SignatureType          : Authenticode
2023-10-05T13:41:29.4785196Z IsOSBinary             : False
2023-10-05T13:41:29.4785945Z 
2023-10-05T13:41:29.4786427Z 
2023-10-05T13:41:29.4787602Z 
2023-10-05T13:41:29.4816383Z *** Transfer App Artifact from Docker container.
2023-10-05T13:41:30.0690986Z *** Uploading Signed APP as Build-Artifact
2023-10-05T13:41:30.1227680Z 
2023-10-05T13:41:30.1228051Z *** Disconnect Docker session.
2023-10-05T13:41:30.1228284Z *** Remove Docker session.
2023-10-05T13:41:30.1228528Z *** Docker session removed.
2023-10-05T13:41:30.1228766Z *** Sign App Completed.
2023-10-05T13:41:30.1228990Z *** Cleanup VSTS Environment: True
2023-10-05T13:41:32.3948083Z ##[section]Async Command Start: Upload Artifact
2023-10-05T13:41:32.3949112Z Uploading 1 files
2023-10-05T13:41:32.3949631Z File upload succeed.
2023-10-05T13:41:32.3950779Z Upload 'C:\docker\agents\elektra\_work\26\a\Armada Dynamics AS_EQM 365 Rental - Re-Rent_22.5.202340.28185_APP.app' to file container: '#/33542234/EQM365'
2023-10-05T13:41:32.3952008Z Associated artifact 37550 with build 28185
2023-10-05T13:41:32.3952708Z ##[section]Async Command End: Upload Artifact
2023-10-05T13:41:32.3956760Z ##[section]Finishing: App Sign EQM 365 Rental - Re-Rent

Screenshots Not provided.

Additional context We found this old issue https://github.com/HodorNV/ALOps/issues/47 that sounds similar, but it has not helped us resolve the error.

waldo1001 commented 11 months ago

Hi,

there have been docker-related problems, needing to upgrade BCContainerHelper or ALOps. Can you send version info on both? Or simply a full export of the pipeline?

Another tip: try to use timestamp_uri: http://timestamp.digicert.com/

ninjaniels commented 11 months ago

I've tried messing with the timestamp URI parameter, but it doesn't seem to help. It gives the same error

BcContainerHelper version is 6.0.0 and ALOps Sign App task version is 1.459.4971.

#Your build pipeline references an undefined variable named ‘app_name’. Create or edit the build pipeline for this YAML file, define the variable on the Variables tab. See https://go.microsoft.com/fwlink/?linkid=865972
#Your build pipeline references an undefined variable named ‘CodeSignatureCertificate’. Create or edit the build pipeline for this YAML file, define the variable on the Variables tab. See https://go.microsoft.com/fwlink/?linkid=865972
#Your build pipeline references an undefined variable named ‘cert_password’. Create or edit the build pipeline for this YAML file, define the variable on the Variables tab. See https://go.microsoft.com/fwlink/?linkid=865972

steps:
- task: Hodor.hodor-alops.alopsappsign.ALOpsAppSign@1
  displayName: 'App Sign $(app_name)'
  inputs:
    usedocker: true
    nav_artifact_app_filter: '*_$(app_name)_*_APP.app'
    pfx_path: '$(CodeSignatureCertificate)'
    timestamp_uri: 'http://timestamp.digicert.com/'
    pfx_password: '$(cert_password)'

output

2023-10-09T18:08:55.3087527Z ##[section]Starting: App Sign EQM 365 Rental - Re-Rent
2023-10-09T18:08:55.3697875Z ==============================================================================
2023-10-09T18:08:55.3698153Z Task         : ALOps App Sign
2023-10-09T18:08:55.3698281Z Description  : CodeSign an AL Extension for Business Central
2023-10-09T18:08:55.3698426Z Version      : 1.459.4971
2023-10-09T18:08:55.3698527Z Author       : Hodor
2023-10-09T18:08:55.3698625Z Help         : Codesign Business Central extension with .pfx.
2023-10-09T18:08:55.3698790Z ==============================================================================
2023-10-09T18:08:56.7083618Z *** Validate configuration
2023-10-09T18:08:56.7708398Z *** Task Inputs:
2023-10-09T18:08:56.7764359Z 
2023-10-09T18:08:56.7872913Z name                                                                                                              value
2023-10-09T18:08:56.7876454Z ----                                                                                                              -----
2023-10-09T18:08:56.7879029Z usedocker                                                                                                          True
2023-10-09T18:08:56.7882470Z fixed_tag                                                                                                              
2023-10-09T18:08:56.7885719Z batchsigncompiledapps                                                                                             False
2023-10-09T18:08:56.7889144Z artifact_path                                                                                                          
2023-10-09T18:08:56.7893033Z nav_artifact_app_filter                                                            *_EQM 365 Rental - Re-Rent_*_APP.app
2023-10-09T18:08:56.7955993Z pfx_path                ...23T16:35:57Z&spr=https&sv=2020-08-04&sr=b&sig=XE4bQDGJQBehMsHvEgzCfIAwqREJ0gCOawXVrlx7q4g%3D
2023-10-09T18:08:56.7958092Z timestamp_uri                                                                            http://timestamp.digicert.com/
2023-10-09T18:08:56.7960870Z publish_artifact                                                                                                   True
2023-10-09T18:08:56.7963874Z pfx_password                                                                                              ***
2023-10-09T18:08:56.7964829Z 
2023-10-09T18:08:56.7989654Z 
2023-10-09T18:08:56.8000113Z 
2023-10-09T18:08:56.8204278Z *** For documentation, please visit   : https://www.alops.be/documentation
2023-10-09T18:08:56.8208812Z 
2023-10-09T18:08:57.2615994Z *** ALOps License:
2023-10-09T18:08:57.2653831Z   * Licensed To: Armada Dynamics AS (Organization License)
2023-10-09T18:08:57.2661225Z 
2023-10-09T18:08:57.3104797Z *** Importing required PS-Functions
2023-10-09T18:08:57.3808246Z *** Dynamic resolve App file.
2023-10-09T18:08:57.3820693Z *** Scanning [System.DefaultWorkingDirectory].
2023-10-09T18:08:57.4103705Z *** Scanning [System.ArtifactsDirectory].
2023-10-09T18:08:57.4152929Z *** Scanning [Pipeline.Workspace].
2023-10-09T18:08:57.5047589Z *** Multiple App files found with filter [*_EQM 365 Rental - Re-Rent_*_APP.app].
2023-10-09T18:08:57.5130572Z   * C:\docker\agents\elektra\_work\26\a\Armada Dynamics AS_EQM 365 Rental - Re-Rent_22.6.202341.28239_APP.app
2023-10-09T18:08:57.5167993Z *** Resolved App File: [C:\docker\agents\elektra\_work\26\a\Armada Dynamics AS_EQM 365 Rental - Re-Rent_22.6.202341.28239_APP.app].
2023-10-09T18:08:57.5199748Z *** Starting App Sign for: 
2023-10-09T18:08:57.5212244Z   * C:\docker\agents\elektra\_work\26\a\Armada Dynamics AS_EQM 365 Rental - Re-Rent_22.6.202341.28239_APP.app
2023-10-09T18:08:57.5224719Z *** App Sign: C:\docker\agents\elektra\_work\26\a\Armada Dynamics AS_EQM 365 Rental - Re-Rent_22.6.202341.28239_APP.app
2023-10-09T18:08:57.5235264Z *** Connect Docker Session
2023-10-09T18:08:57.7185148Z *** Initiate Docker Session
2023-10-09T18:08:58.3430753Z *** Set Docker Container ErrorActionPreference = Stop
2023-10-09T18:08:58.6445327Z *** Setup Docker Session
2023-10-09T18:08:58.8758169Z *** Copy Artifact: [C:\docker\agents\elektra\_work\26\a\Armada Dynamics AS_EQM 365 Rental - Re-Rent_22.6.202341.28239_APP.app] => [c:\Run\DevOps\Artifacts\Armada Dynamics AS_EQM 365 Rental - Re-Rent_22.6.202341.28239_APP.app]
2023-10-09T18:09:00.2671887Z *** Fetching App to Sign in [c:\Run\DevOps\] with filter [*_EQM 365 Rental - Re-Rent_*_APP.app]
2023-10-09T18:09:00.3440263Z *** App File: C:\Run\DevOps\Artifacts\Armada Dynamics AS_EQM 365 Rental - Re-Rent_22.6.202341.28239_APP.app
2023-10-09T18:09:00.3449428Z *** Setup Pfx File
2023-10-09T18:09:00.3536248Z *** Create TempFile
2023-10-09T18:09:00.3806234Z *** Download file
2023-10-09T18:09:02.2028260Z *** PFX File: C:\Users\ContainerAdministrator\AppData\Local\Temp\tmp5430.tmp
2023-10-09T18:09:02.2033167Z *** Timestamp Service: http://timestamp.digicert.com/
2023-10-09T18:09:02.2040961Z *** Check for Powershell Authenticode CmdLets
2023-10-09T18:09:02.2159761Z *** Authenticode CmdLets exist, using Powershell
2023-10-09T18:09:02.2171774Z *** Sign App file with Pfx
2023-10-09T18:09:02.6248435Z *** Signing App with Powershell: C:\Run\DevOps\Artifacts\Armada Dynamics AS_EQM 365 Rental - Re-Rent_22.6.202341.28239_APP.app
2023-10-09T18:09:03.3175905Z 
2023-10-09T18:09:03.3286267Z 
2023-10-09T18:09:03.3295437Z SignerCertificate      : 
2023-10-09T18:09:03.3296118Z TimeStamperCertificate : 
2023-10-09T18:09:03.3299691Z Status                 : UnknownError
2023-10-09T18:09:03.3315557Z StatusMessage          : The form specified for the subject is not one supported or known by the specified trust 
2023-10-09T18:09:03.3317100Z                          provider
2023-10-09T18:09:03.3319027Z Path                   : C:\Run\DevOps\Artifacts\Armada Dynamics AS_EQM 365 Rental - Re-Rent_22.6.202341.28239_APP.app
2023-10-09T18:09:03.3319686Z SignatureType          : None
2023-10-09T18:09:03.3320539Z IsOSBinary             : False
2023-10-09T18:09:03.3320986Z 
2023-10-09T18:09:03.3322559Z 
2023-10-09T18:09:03.3325750Z 
2023-10-09T18:09:03.3409706Z ##[error]Signature status: UnknownError. The form specified for the subject is not one supported or known by the specified trust provider.
2023-10-09T18:09:03.3460247Z *** Transfer App Artifact from Docker container.
2023-10-09T18:09:03.5122663Z ##[error]Cannot perform operation because the session Availability is set to None.
2023-10-09T18:09:03.5746816Z ##[section]Finishing: App Sign EQM 365 Rental - Re-Rent

full pipeline

# Variable 'app_name' was defined in the Variables tab
# Variable 'bcVersion' was defined in the Variables tab
# Variable 'test_app_name' was defined in the Variables tab
# Variable Group 'License Files (from Armadas Azure Portal)' was defined in the Variables tab
# Variable Group 'Code Signature Certificate' was defined in the Variables tab
# Variable Group 'ALOpsLicense' was defined in the Variables tab
trigger:
  branches:
    include:
    - refs/heads/master
jobs:
- job: Job_1
  displayName: EQM 365 Rental - Re-Rent Build [CLEAN22]
  pool:
    name: EQM365
  steps:
  - checkout: self
    clean: true
  - task: PowerShell@2
    displayName: Set Runtime version 11.0
    inputs:
      targetType: inline
      script: >-
        $AppJson = Get-Content $($env:BUILD_REPOSITORY_LOCALPATH + '\app\app.json') -Raw | ConvertFrom-Json

        $AppJson.runtime = "11.0"

        $AppJson | ConvertTo-Json | Set-Content $($env:BUILD_REPOSITORY_LOCALPATH + '\app\app.json')
  - task: PowerShell@2
    displayName: Set Platform version 22.0.0.0
    inputs:
      targetType: inline
      script: >-
        $AppJson = Get-Content $($env:BUILD_REPOSITORY_LOCALPATH + '\app\app.json') -Raw | ConvertFrom-Json

        $AppJson.platform = "22.0.0.0"

        $AppJson | ConvertTo-Json | Set-Content $($env:BUILD_REPOSITORY_LOCALPATH + '\app\app.json')
  - task: PowerShell@2
    displayName: Set Application version 22.0.0.0
    inputs:
      targetType: inline
      script: >-
        $AppJson = Get-Content $($env:BUILD_REPOSITORY_LOCALPATH + '\app\app.json') -Raw | ConvertFrom-Json

        $AppJson.application= "22.0.0.0"

        $AppJson | ConvertTo-Json | Set-Content $($env:BUILD_REPOSITORY_LOCALPATH + '\app\app.json')
  - task: Hodor.hodor-alops.ALOpsDockerCreate.ALOpsDockerCreate@1
    displayName: Create Docker Container
    inputs:
      artifactversion: 22
      artifactcountry: w1
      imageprefix: w1
  - task: Hodor.hodor-alops.alopsdockerstart.ALOpsDockerStart@1
    displayName: Start Docker Container
  - task: PowerShell@2
    displayName: Set Major & Minor BC Version
    inputs:
      targetType: inline
      script: Write-Host "##vso[task.setvariable variable=bcVersion;]$(([version]$env:ALOPS_BC_IMAGE.Split('-')[1]).Major.ToString() + '.' + ([version]$env:ALOPS_BC_IMAGE.Split('-')[1]).Minor.ToString())"
  - task: Hodor.hodor-alops.ALOpsDockerExec.ALOpsDockerExec@1
    displayName: ALOps Docker Execute
    inputs:
      inline_script: >
        New-Item -Path "c:\run\my" -ItemType Directory -Force:$true -Confirm:$false -ErrorAction SilentlyContinue
  - task: Hodor.hodor-alops.alopsdockerwait.ALOpsDockerWait@1
    displayName: Wait Docker Container
  - task: PowerShell@2
    displayName: Set Apps Paths
    inputs:
      targetType: inline
      script: "$temp = New-Item -Path (Join-Path -Path $(Pipeline.Workspace) -ChildPath 'previous') -ItemType Directory \nWrite-Host \"##vso[task.setvariable variable=previous;]$($temp.FullName)\"\n\n$temp = New-Item -Path (Join-Path -Path $(Pipeline.Workspace) -ChildPath 'install') -ItemType Directory \nWrite-Host \"##vso[task.setvariable variable=install;]$($temp.FullName)\""
  - task: DownloadPipelineArtifact@2
    displayName: Download EQM 365 Rental
    inputs:
      source: specific
      project: aec60e66-c7e9-4b67-8ae7-7cef3e6bedb2
      pipeline: 200
      allowPartiallySucceededBuilds: true
      patterns: '**/*_APP.app'
      path: $(System.ArtifactsDirectory)
  - task: Hodor.hodor-alops.alopspublishtask.ALOpsAppPublish@1
    displayName: Publish EQM 365 Rental
    inputs:
      usedocker: true
      skip_verification: false
      batch_publish_folder: $(System.ArtifactsDirectory)
  - task: Hodor.hodor-alops.alopsdeploytask.ALOpsAppCompiler@1
    displayName: Compiling the $(app_name)
    inputs:
      usedocker: true
      targetproject: app/app.json
      nav_app_version: $(bcVersion).[yyyyww].*
      app_file_suffix: _APP
      preprocessorsymbols: CLEAN17,CLEAN18,CLEAN19,CLEAN20,CLEAN21,CLEAN22
  - task: Hodor.hodor-alops.alopsappsign.ALOpsAppSign@1
    displayName: App Sign $(app_name)
    inputs:
      usedocker: true
      nav_artifact_app_filter: '*_$(app_name)_*_APP.app'
      pfx_path: $(CodeSignatureCertificate)
      timestamp_uri: http://timestamp.digicert.com/
      pfx_password: $(cert_password)
  - task: Hodor.hodor-alops.alopsappsignverify.ALOpsAppSignVerify@1
    displayName: App Sign Verify $(app_name)
    inputs:
      usedocker: true
      nav_artifact_app_filter: '*_$(app_name)_*_APP.app'
  - task: Hodor.hodor-alops.alopspublishtask.ALOpsAppPublish@1
    displayName: Publish Compiled $(app_name)
    inputs:
      usedocker: true
      nav_artifact_app_filter: '*_$(app_name)_*.app'
      skip_verification: false
  - task: DownloadPipelineArtifact@2
    displayName: Download Previous EQM 365 Rental
    inputs:
      source: specific
      project: aec60e66-c7e9-4b67-8ae7-7cef3e6bedb2
      pipeline: 239
      allowPartiallySucceededBuilds: true
      patterns: '**/*_APP.app'
      path: $(previous)
  - task: DownloadPipelineArtifact@2
    displayName: Download Previous Build
    inputs:
      source: specific
      project: aec60e66-c7e9-4b67-8ae7-7cef3e6bedb2
      pipeline: 244
      allowPartiallySucceededBuilds: true
      patterns: '**/*_APP.app'
      path: $(previous)
  - task: Hodor.hodor-alops.ALOpsAppValidation.ALOpsAppValidation@1
    displayName: ALOps App Validation
    inputs:
      license_path: $(eqmLicense22)
      countries: US
      affixes: EQM,EQMR
      artifact_filter: '*_APP.app'
      installapps_path: ''
      previousapps_path: $(previous)
      validatecurrent: true
  - task: Hodor.hodor-alops.ALOpsAppRuntimePackage.ALOpsAppRuntimePackage@1
    displayName: Create Runtime Package
    inputs:
      usedocker: true
      targetproject: app/app.json
      showmycode: true
      publish_artifact: false
  - task: Hodor.hodor-alops.alopsappsign.ALOpsAppSign@1
    displayName: App Sign $(app_name) Runtime Package
    inputs:
      usedocker: true
      nav_artifact_app_filter: '*_runtime.app'
      pfx_path: $(CodeSignatureCertificate)
      pfx_password: $(cert_password)
  - task: Hodor.hodor-alops.alopsappsignverify.ALOpsAppSignVerify@1
    displayName: App Sign Verify $(app_name) Runtime Package
    inputs:
      usedocker: true
      nav_artifact_app_filter: '*_runtime.app'
  - task: Hodor.hodor-alops.alopsdockerremove.ALOpsDockerRemove@1
    displayName: Remove Docker Container
    condition: always()
...
waldo1001 commented 11 months ago

I see you sign IN the container. Try to not sign in the container.

Like adding the compilerv2 and the sign-step at the end of the pipeline.

This example might help: https://github.com/HodorNV/ALOps/blob/master/Examples/Compiler%20V2/06_AppSigning.yml

ninjaniels commented 11 months ago

I can confirm that the proposed solution of using compilerv2 and sign-step not using Docker container works. This will require refactoring a lot of build pipelines on our end, but they were probably ripe for an overhaul.

Thanks for your support

waldo1001 commented 11 months ago

Yeah, sorry about that - but the part in docker we don't have under control - that's BCCH .. 🤷‍♂️. I'm happy to be able to give an ALOps alternative..