search

actions / runner-images

GitHub Actions runner images
MIT License
10.24k stars 3.08k forks source link

windows 2022 image: Install-VisualStudio.ps1 script fails with error "Signature thumbprint do not match expected." #11024

Closed isandulache closed 3 days ago

isandulache commented 5 days ago

Description

Description

Install-VisualStudio.ps1 script fails with error Signature thumbprint do not match expected. and breaks the build.

After a little debugging I've found out that the visualStudio.signature value in the toolset-2022.json file does not match the one tested on the downloaded bootstrapper.

toolset-2022.json file :

...
    "visualStudio": {
        "version" : "2022",
        "subversion" : "17",
        "edition" : "Enterprise",
        "channel": "release",
        "signature": "8F985BE8FD256085C90A95D3C74580511A1DB975",
        "workloads": [
...

I've composed the URL from the variable found in VisualStudioHelpers.ps1 file ( $bootstrapperUrl = "https://aka.ms/vs/${Version}/${Channel}/vs_${Edition}.exe" ) downloaded the bootstrapper, run a check on the Thumbrint and got the following result which is different from the value in toolset-2022.json file:.

> (Get-AuthenticodeSignature "vs_Enterprise.exe").SignerCertificate.Thumbprint
245D262748012A4FE6CE8BA6C951A4C4AFBC3E5D

Build error log : 

==> azure-arm.image: Provisioning with powershell script: /home/vsts/work/1/s/Packer/runner-images/images/windows/scripts/build/Install-VisualStudio.ps1
    azure-arm.image: Downloading Bootstrapper ...
    azure-arm.image: Downloading package from https://aka.ms/vs/17/release/vs_Enterprise.exe to C:\Users\INSTAL~1\AppData\Local\Temp\vs_Enterprise.exe...
    azure-arm.image: Package downloaded in 0.5 seconds
    azure-arm.image: Signature thumbprint do not match expected.
    azure-arm.image: At C:\Program Files\WindowsPowerShell\Modules\ImageHelpers\InstallHelpers.ps1:972 char:9
    azure-arm.image: +         throw "Signature thumbprint do not match expected."
    azure-arm.image: +         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    azure-arm.image:     + CategoryInfo          : OperationStopped: (Signature thumb...match expected.:String) [], RuntimeException
    azure-arm.image:     + FullyQualifiedErrorId : Signature thumbprint do not match expected.
    azure-arm.image:
==> azure-arm.image: Provisioning step had errors: Running the cleanup provisioner, if present...

More details:

Platforms affected

Runner images affected

Image version and build link

N/A

Is it regression?

No

Expected behavior

Install-VisualStudio.ps1 script should run without errors

Actual behavior

Install-VisualStudio.ps1 script fails with error "Signature thumbprint do not match expected."

Repro steps

run Install-VisualStudio.ps1 script

kishorekumar-anchala commented 5 days ago

we're working on this issue, we will update ASAP. thank you !

m-soltani commented 4 days ago

We faced the same issue, thanks for prompt response @kishorekumar-anchala :)

DushanthaS commented 4 days ago

We have the same issue, does anyone know where to find the correct sig so we can manually run it?

ghostdox commented 4 days ago

@DushanthaS, you can download the installer from Microsoft: https://aka.ms/vs/17/release/vs_Enterprise.exe Then, from a Powershell command line, run the following:

PowerShell 7.4.6
YUKI.N>cd C:\Downloads\
YUKI.N>$sig = Get-AuthenticodeSignature -FilePath "C:\Downloads\vs_Enterprise.exe"
YUKI.N>$sig | Format-Table | Out-String | Write-Host

    Directory: C:\Downloads

SignerCertificate                         Status                    StatusMessage            Path
-----------------                         ------                    -------------            ----
245D262748012A4FE6CE8BA6C951A4C4AFBC3E5D  Valid                     Signature verified.      vs_Enterprise.exe
kishorekumar-anchala commented 3 days ago

Hi @ghostdox , THanks for your comments , currently there is a issue with latest Visualstudio from Microsoft team. we're waiting for it , we'll inform you very soon. thank you !

kishorekumar-anchala commented 3 days ago

Fixed with the PR