StefanKert
commented
3 years ago Hi @andreab67,
afaik Linux and Mac assemblies are currently not supported by the Microsoft SignTool.
To sign files on Mac and Linux it would be required to use a tool that is available in these environments like https://github.com/mtrojnar/osslsigncode. Can you add some details on your specific use case, because IMO it would be easily possible to add Linux / Mac signing to this task too.
I have a pipeline running and I am trying to use teh sign tool, I also specified use latest version. I build the solution successfully for the three architectures. When I sign the Win x64 it works flawlessly:
2021-03-04T01:04:49.5242411Z ##[debug]exec tool: C:\Program Files (x86)\Windows Kits\10\bin\x86\signtool.exe 2021-03-04T01:04:49.5243344Z ##[debug]arguments: 2021-03-04T01:04:49.5244079Z ##[debug] sign 2021-03-04T01:04:49.5248096Z ##[debug] /fd 2021-03-04T01:04:49.5248946Z ##[debug] SHA256 2021-03-04T01:04:49.5249722Z ##[debug] /t 2021-03-04T01:04:49.5250557Z ##[debug] http://timestamp.digicert.com 2021-03-04T01:04:49.5251880Z ##[debug] /f 2021-03-04T01:04:49.5252771Z ##[debug] D:\a_temp\XXXXXXXXXXXXXX 2021-03-04T01:04:49.5253607Z ##[debug] /p 2021-03-04T01:04:49.5255895Z ##[debug] XXXXXXXXXXXXXXX 2021-03-04T01:04:49.5259943Z ##[debug] /d 2021-03-04T01:04:49.5260826Z ##[debug] XXXXXXXXXX Win64 2021-03-04T01:04:49.5262277Z ##[debug] D:\a\XXXXXXXXXXXX\bin\Release\netcoreapp3.1\publish\win-x64\XXXXXXXXX.exe 2021-03-04T01:04:49.5263704Z [command]"C:\Program Files (x86)\Windows Kits\10\bin\x86\signtool.exe" sign /fd SHA256 /t http://timestamp.digicert.com /f D:\a_temp\XXXXXXXXXXXX.pfx /p XXXXXXXXXXXXXX /d "XXXXXXXX Win64" D:\a\1\s\XXXXXXXXXXXX\bin\Release\netcoreapp3.1\publish\win-x64\XXXXXXXXXXXXXXX.exe 2021-03-04T01:04:54.1700130Z Done Adding Additional Store 2021-03-04T01:04:55.6202589Z Successfully signed:
But when I try to sign Linux or Mac assembly is a different story:
2021-03-04T01:04:56.5277503Z ##[debug]exec tool: C:\Program Files (x86)\Windows Kits\10\bin\x86\signtool.exe 2021-03-04T01:04:56.5279370Z ##[debug]arguments: 2021-03-04T01:04:56.5280051Z ##[debug] sign 2021-03-04T01:04:56.5280960Z ##[debug] /fd 2021-03-04T01:04:56.5282003Z ##[debug] SHA256 2021-03-04T01:04:56.5283829Z ##[debug] /t 2021-03-04T01:04:56.5284551Z ##[debug] http://timestamp.digicert.com 2021-03-04T01:04:56.5285522Z ##[debug] /f 2021-03-04T01:04:56.5286054Z ##[debug] D:\a_temp\XXXXXXXXXXXX.pfx 2021-03-04T01:04:56.5286549Z ##[debug] /p 2021-03-04T01:04:56.5286998Z ##[debug] XXXXXXXXXXXXXXXXXXX 2021-03-04T01:04:56.5287472Z ##[debug] /d 2021-03-04T01:04:56.5287939Z ##[debug] XXXXXXXXXXXXXXXXXX 2021-03-04T01:04:56.5288513Z ##[debug] D:\a\1\XXXXXXXXXXXXbin\Release\netcoreapp3.1\publish\macos\XXXXXXXXX 2021-03-04T01:04:56.5305095Z [command]"C:\Program Files (x86)\Windows Kits\10\bin\x86\signtool.exe" sign /fd SHA256 /t http://timestamp.digicert.com /f D:\a_temp\XXXXXXXXXXXX /p XXXXXXXXXXXXXXX /d "XXXXXXXXXXXXX" D:\a\1\s\CoreAgent1\bin\Release\netcoreapp3.1\publish\macos\XXXXXXXXXXX 2021-03-04T01:05:00.6715286Z Done Adding Additional Store 2021-03-04T01:05:00.6821226Z 2021-03-04T01:05:00.6831197Z Number of errors: 1 2021-03-04T01:05:00.6831556Z 2021-03-04T01:05:00.6834624Z SignTool Error: This file format cannot be signed because it is not recognized. 2021-03-04T01:05:00.6835704Z SignTool Error: An error occurred while attempting to sign: XXXXXXXXXXXXXX
I did specify to use latest version of the tool but it does not work.