Closed ninjaniels closed 11 months ago
Hi,
there have been docker-related problems, needing to upgrade BCContainerHelper or ALOps. Can you send version info on both? Or simply a full export of the pipeline?
Another tip: try to use timestamp_uri
: http://timestamp.digicert.com/
I've tried messing with the timestamp URI parameter, but it doesn't seem to help. It gives the same error
BcContainerHelper version is 6.0.0 and ALOps Sign App task version is 1.459.4971.
#Your build pipeline references an undefined variable named ‘app_name’. Create or edit the build pipeline for this YAML file, define the variable on the Variables tab. See https://go.microsoft.com/fwlink/?linkid=865972
#Your build pipeline references an undefined variable named ‘CodeSignatureCertificate’. Create or edit the build pipeline for this YAML file, define the variable on the Variables tab. See https://go.microsoft.com/fwlink/?linkid=865972
#Your build pipeline references an undefined variable named ‘cert_password’. Create or edit the build pipeline for this YAML file, define the variable on the Variables tab. See https://go.microsoft.com/fwlink/?linkid=865972
steps:
- task: Hodor.hodor-alops.alopsappsign.ALOpsAppSign@1
displayName: 'App Sign $(app_name)'
inputs:
usedocker: true
nav_artifact_app_filter: '*_$(app_name)_*_APP.app'
pfx_path: '$(CodeSignatureCertificate)'
timestamp_uri: 'http://timestamp.digicert.com/'
pfx_password: '$(cert_password)'
output
2023-10-09T18:08:55.3087527Z ##[section]Starting: App Sign EQM 365 Rental - Re-Rent
2023-10-09T18:08:55.3697875Z ==============================================================================
2023-10-09T18:08:55.3698153Z Task : ALOps App Sign
2023-10-09T18:08:55.3698281Z Description : CodeSign an AL Extension for Business Central
2023-10-09T18:08:55.3698426Z Version : 1.459.4971
2023-10-09T18:08:55.3698527Z Author : Hodor
2023-10-09T18:08:55.3698625Z Help : Codesign Business Central extension with .pfx.
2023-10-09T18:08:55.3698790Z ==============================================================================
2023-10-09T18:08:56.7083618Z *** Validate configuration
2023-10-09T18:08:56.7708398Z *** Task Inputs:
2023-10-09T18:08:56.7764359Z
2023-10-09T18:08:56.7872913Z name value
2023-10-09T18:08:56.7876454Z ---- -----
2023-10-09T18:08:56.7879029Z usedocker True
2023-10-09T18:08:56.7882470Z fixed_tag
2023-10-09T18:08:56.7885719Z batchsigncompiledapps False
2023-10-09T18:08:56.7889144Z artifact_path
2023-10-09T18:08:56.7893033Z nav_artifact_app_filter *_EQM 365 Rental - Re-Rent_*_APP.app
2023-10-09T18:08:56.7955993Z pfx_path ...23T16:35:57Z&spr=https&sv=2020-08-04&sr=b&sig=XE4bQDGJQBehMsHvEgzCfIAwqREJ0gCOawXVrlx7q4g%3D
2023-10-09T18:08:56.7958092Z timestamp_uri http://timestamp.digicert.com/
2023-10-09T18:08:56.7960870Z publish_artifact True
2023-10-09T18:08:56.7963874Z pfx_password ***
2023-10-09T18:08:56.7964829Z
2023-10-09T18:08:56.7989654Z
2023-10-09T18:08:56.8000113Z
2023-10-09T18:08:56.8204278Z *** For documentation, please visit : https://www.alops.be/documentation
2023-10-09T18:08:56.8208812Z
2023-10-09T18:08:57.2615994Z *** ALOps License:
2023-10-09T18:08:57.2653831Z * Licensed To: Armada Dynamics AS (Organization License)
2023-10-09T18:08:57.2661225Z
2023-10-09T18:08:57.3104797Z *** Importing required PS-Functions
2023-10-09T18:08:57.3808246Z *** Dynamic resolve App file.
2023-10-09T18:08:57.3820693Z *** Scanning [System.DefaultWorkingDirectory].
2023-10-09T18:08:57.4103705Z *** Scanning [System.ArtifactsDirectory].
2023-10-09T18:08:57.4152929Z *** Scanning [Pipeline.Workspace].
2023-10-09T18:08:57.5047589Z *** Multiple App files found with filter [*_EQM 365 Rental - Re-Rent_*_APP.app].
2023-10-09T18:08:57.5130572Z * C:\docker\agents\elektra\_work\26\a\Armada Dynamics AS_EQM 365 Rental - Re-Rent_22.6.202341.28239_APP.app
2023-10-09T18:08:57.5167993Z *** Resolved App File: [C:\docker\agents\elektra\_work\26\a\Armada Dynamics AS_EQM 365 Rental - Re-Rent_22.6.202341.28239_APP.app].
2023-10-09T18:08:57.5199748Z *** Starting App Sign for:
2023-10-09T18:08:57.5212244Z * C:\docker\agents\elektra\_work\26\a\Armada Dynamics AS_EQM 365 Rental - Re-Rent_22.6.202341.28239_APP.app
2023-10-09T18:08:57.5224719Z *** App Sign: C:\docker\agents\elektra\_work\26\a\Armada Dynamics AS_EQM 365 Rental - Re-Rent_22.6.202341.28239_APP.app
2023-10-09T18:08:57.5235264Z *** Connect Docker Session
2023-10-09T18:08:57.7185148Z *** Initiate Docker Session
2023-10-09T18:08:58.3430753Z *** Set Docker Container ErrorActionPreference = Stop
2023-10-09T18:08:58.6445327Z *** Setup Docker Session
2023-10-09T18:08:58.8758169Z *** Copy Artifact: [C:\docker\agents\elektra\_work\26\a\Armada Dynamics AS_EQM 365 Rental - Re-Rent_22.6.202341.28239_APP.app] => [c:\Run\DevOps\Artifacts\Armada Dynamics AS_EQM 365 Rental - Re-Rent_22.6.202341.28239_APP.app]
2023-10-09T18:09:00.2671887Z *** Fetching App to Sign in [c:\Run\DevOps\] with filter [*_EQM 365 Rental - Re-Rent_*_APP.app]
2023-10-09T18:09:00.3440263Z *** App File: C:\Run\DevOps\Artifacts\Armada Dynamics AS_EQM 365 Rental - Re-Rent_22.6.202341.28239_APP.app
2023-10-09T18:09:00.3449428Z *** Setup Pfx File
2023-10-09T18:09:00.3536248Z *** Create TempFile
2023-10-09T18:09:00.3806234Z *** Download file
2023-10-09T18:09:02.2028260Z *** PFX File: C:\Users\ContainerAdministrator\AppData\Local\Temp\tmp5430.tmp
2023-10-09T18:09:02.2033167Z *** Timestamp Service: http://timestamp.digicert.com/
2023-10-09T18:09:02.2040961Z *** Check for Powershell Authenticode CmdLets
2023-10-09T18:09:02.2159761Z *** Authenticode CmdLets exist, using Powershell
2023-10-09T18:09:02.2171774Z *** Sign App file with Pfx
2023-10-09T18:09:02.6248435Z *** Signing App with Powershell: C:\Run\DevOps\Artifacts\Armada Dynamics AS_EQM 365 Rental - Re-Rent_22.6.202341.28239_APP.app
2023-10-09T18:09:03.3175905Z
2023-10-09T18:09:03.3286267Z
2023-10-09T18:09:03.3295437Z SignerCertificate :
2023-10-09T18:09:03.3296118Z TimeStamperCertificate :
2023-10-09T18:09:03.3299691Z Status : UnknownError
2023-10-09T18:09:03.3315557Z StatusMessage : The form specified for the subject is not one supported or known by the specified trust
2023-10-09T18:09:03.3317100Z provider
2023-10-09T18:09:03.3319027Z Path : C:\Run\DevOps\Artifacts\Armada Dynamics AS_EQM 365 Rental - Re-Rent_22.6.202341.28239_APP.app
2023-10-09T18:09:03.3319686Z SignatureType : None
2023-10-09T18:09:03.3320539Z IsOSBinary : False
2023-10-09T18:09:03.3320986Z
2023-10-09T18:09:03.3322559Z
2023-10-09T18:09:03.3325750Z
2023-10-09T18:09:03.3409706Z ##[error]Signature status: UnknownError. The form specified for the subject is not one supported or known by the specified trust provider.
2023-10-09T18:09:03.3460247Z *** Transfer App Artifact from Docker container.
2023-10-09T18:09:03.5122663Z ##[error]Cannot perform operation because the session Availability is set to None.
2023-10-09T18:09:03.5746816Z ##[section]Finishing: App Sign EQM 365 Rental - Re-Rent
full pipeline
# Variable 'app_name' was defined in the Variables tab
# Variable 'bcVersion' was defined in the Variables tab
# Variable 'test_app_name' was defined in the Variables tab
# Variable Group 'License Files (from Armadas Azure Portal)' was defined in the Variables tab
# Variable Group 'Code Signature Certificate' was defined in the Variables tab
# Variable Group 'ALOpsLicense' was defined in the Variables tab
trigger:
branches:
include:
- refs/heads/master
jobs:
- job: Job_1
displayName: EQM 365 Rental - Re-Rent Build [CLEAN22]
pool:
name: EQM365
steps:
- checkout: self
clean: true
- task: PowerShell@2
displayName: Set Runtime version 11.0
inputs:
targetType: inline
script: >-
$AppJson = Get-Content $($env:BUILD_REPOSITORY_LOCALPATH + '\app\app.json') -Raw | ConvertFrom-Json
$AppJson.runtime = "11.0"
$AppJson | ConvertTo-Json | Set-Content $($env:BUILD_REPOSITORY_LOCALPATH + '\app\app.json')
- task: PowerShell@2
displayName: Set Platform version 22.0.0.0
inputs:
targetType: inline
script: >-
$AppJson = Get-Content $($env:BUILD_REPOSITORY_LOCALPATH + '\app\app.json') -Raw | ConvertFrom-Json
$AppJson.platform = "22.0.0.0"
$AppJson | ConvertTo-Json | Set-Content $($env:BUILD_REPOSITORY_LOCALPATH + '\app\app.json')
- task: PowerShell@2
displayName: Set Application version 22.0.0.0
inputs:
targetType: inline
script: >-
$AppJson = Get-Content $($env:BUILD_REPOSITORY_LOCALPATH + '\app\app.json') -Raw | ConvertFrom-Json
$AppJson.application= "22.0.0.0"
$AppJson | ConvertTo-Json | Set-Content $($env:BUILD_REPOSITORY_LOCALPATH + '\app\app.json')
- task: Hodor.hodor-alops.ALOpsDockerCreate.ALOpsDockerCreate@1
displayName: Create Docker Container
inputs:
artifactversion: 22
artifactcountry: w1
imageprefix: w1
- task: Hodor.hodor-alops.alopsdockerstart.ALOpsDockerStart@1
displayName: Start Docker Container
- task: PowerShell@2
displayName: Set Major & Minor BC Version
inputs:
targetType: inline
script: Write-Host "##vso[task.setvariable variable=bcVersion;]$(([version]$env:ALOPS_BC_IMAGE.Split('-')[1]).Major.ToString() + '.' + ([version]$env:ALOPS_BC_IMAGE.Split('-')[1]).Minor.ToString())"
- task: Hodor.hodor-alops.ALOpsDockerExec.ALOpsDockerExec@1
displayName: ALOps Docker Execute
inputs:
inline_script: >
New-Item -Path "c:\run\my" -ItemType Directory -Force:$true -Confirm:$false -ErrorAction SilentlyContinue
- task: Hodor.hodor-alops.alopsdockerwait.ALOpsDockerWait@1
displayName: Wait Docker Container
- task: PowerShell@2
displayName: Set Apps Paths
inputs:
targetType: inline
script: "$temp = New-Item -Path (Join-Path -Path $(Pipeline.Workspace) -ChildPath 'previous') -ItemType Directory \nWrite-Host \"##vso[task.setvariable variable=previous;]$($temp.FullName)\"\n\n$temp = New-Item -Path (Join-Path -Path $(Pipeline.Workspace) -ChildPath 'install') -ItemType Directory \nWrite-Host \"##vso[task.setvariable variable=install;]$($temp.FullName)\""
- task: DownloadPipelineArtifact@2
displayName: Download EQM 365 Rental
inputs:
source: specific
project: aec60e66-c7e9-4b67-8ae7-7cef3e6bedb2
pipeline: 200
allowPartiallySucceededBuilds: true
patterns: '**/*_APP.app'
path: $(System.ArtifactsDirectory)
- task: Hodor.hodor-alops.alopspublishtask.ALOpsAppPublish@1
displayName: Publish EQM 365 Rental
inputs:
usedocker: true
skip_verification: false
batch_publish_folder: $(System.ArtifactsDirectory)
- task: Hodor.hodor-alops.alopsdeploytask.ALOpsAppCompiler@1
displayName: Compiling the $(app_name)
inputs:
usedocker: true
targetproject: app/app.json
nav_app_version: $(bcVersion).[yyyyww].*
app_file_suffix: _APP
preprocessorsymbols: CLEAN17,CLEAN18,CLEAN19,CLEAN20,CLEAN21,CLEAN22
- task: Hodor.hodor-alops.alopsappsign.ALOpsAppSign@1
displayName: App Sign $(app_name)
inputs:
usedocker: true
nav_artifact_app_filter: '*_$(app_name)_*_APP.app'
pfx_path: $(CodeSignatureCertificate)
timestamp_uri: http://timestamp.digicert.com/
pfx_password: $(cert_password)
- task: Hodor.hodor-alops.alopsappsignverify.ALOpsAppSignVerify@1
displayName: App Sign Verify $(app_name)
inputs:
usedocker: true
nav_artifact_app_filter: '*_$(app_name)_*_APP.app'
- task: Hodor.hodor-alops.alopspublishtask.ALOpsAppPublish@1
displayName: Publish Compiled $(app_name)
inputs:
usedocker: true
nav_artifact_app_filter: '*_$(app_name)_*.app'
skip_verification: false
- task: DownloadPipelineArtifact@2
displayName: Download Previous EQM 365 Rental
inputs:
source: specific
project: aec60e66-c7e9-4b67-8ae7-7cef3e6bedb2
pipeline: 239
allowPartiallySucceededBuilds: true
patterns: '**/*_APP.app'
path: $(previous)
- task: DownloadPipelineArtifact@2
displayName: Download Previous Build
inputs:
source: specific
project: aec60e66-c7e9-4b67-8ae7-7cef3e6bedb2
pipeline: 244
allowPartiallySucceededBuilds: true
patterns: '**/*_APP.app'
path: $(previous)
- task: Hodor.hodor-alops.ALOpsAppValidation.ALOpsAppValidation@1
displayName: ALOps App Validation
inputs:
license_path: $(eqmLicense22)
countries: US
affixes: EQM,EQMR
artifact_filter: '*_APP.app'
installapps_path: ''
previousapps_path: $(previous)
validatecurrent: true
- task: Hodor.hodor-alops.ALOpsAppRuntimePackage.ALOpsAppRuntimePackage@1
displayName: Create Runtime Package
inputs:
usedocker: true
targetproject: app/app.json
showmycode: true
publish_artifact: false
- task: Hodor.hodor-alops.alopsappsign.ALOpsAppSign@1
displayName: App Sign $(app_name) Runtime Package
inputs:
usedocker: true
nav_artifact_app_filter: '*_runtime.app'
pfx_path: $(CodeSignatureCertificate)
pfx_password: $(cert_password)
- task: Hodor.hodor-alops.alopsappsignverify.ALOpsAppSignVerify@1
displayName: App Sign Verify $(app_name) Runtime Package
inputs:
usedocker: true
nav_artifact_app_filter: '*_runtime.app'
- task: Hodor.hodor-alops.alopsdockerremove.ALOpsDockerRemove@1
displayName: Remove Docker Container
condition: always()
...
I see you sign IN the container. Try to not sign in the container.
Like adding the compilerv2 and the sign-step at the end of the pipeline.
This example might help: https://github.com/HodorNV/ALOps/blob/master/Examples/Compiler%20V2/06_AppSigning.yml
I can confirm that the proposed solution of using compilerv2 and sign-step not using Docker container works. This will require refactoring a lot of build pipelines on our end, but they were probably ripe for an overhaul.
Thanks for your support
Yeah, sorry about that - but the part in docker we don't have under control - that's BCCH .. 🤷♂️. I'm happy to be able to give an ALOps alternative..
Describe the bug I am not sure if this is on our end or your end, but we have build pipelines that have been running error free for a long time that are failing the ALOps App Sign step with the error ##[error]Signature status: UnknownError. The form specified for the subject is not one supported or known by the specified trust provider.
The pipelines were unstable last week, sometimes failing with the above error and sometimes succeeding, but today they have been consistently failing.
the used yaml
the output
Expected behavior We expect the app to be signed. Below is the output log from a successful run.
Screenshots Not provided.
Additional context We found this old issue https://github.com/HodorNV/ALOps/issues/47 that sounds similar, but it has not helped us resolve the error.