search

microsoft / navcontainerhelper

Official Microsoft repository for BcContainerHelper, a PowerShell module, which makes it easier to work with Business Central Containers on Docker.
MIT License
379 stars 243 forks source link

[Pre Release Version] Signing fails in FilesOnly-container #1636

Closed FSharpCSharp closed 3 years ago

FSharpCSharp commented 3 years ago

Describe the issue In a newly created container with the new additional option "FilesOnly" the signing fails with the following error:

SignTool Error: This file format cannot be signed because it is not recognized.

Scripts used to create container and cause the issue

$containerName = 'Test-Sign-Cont'

$securePassword = ConvertTo-SecureString -String "4334dfdf34dfgdgf" -AsPlainText -Force
$credential = New-Object System.Management.Automation.PSCredential -argumentList "tsign", $securePassword

New-BCContainer -doNotCheckHealth `
                -updateHosts `
                -artifactUrl (Get-BCArtifactUrl -country de -storageAccount bcartifacts -version 17 -type Sandbox) `
                -containerName $containerName `
                -auth "UserPassword" `
                -Credential $credential `
                -includeTestToolkit `
                -includeTestFrameworkOnly `
                -doNotUseRuntimePackages `
                -enableTaskScheduler:$false `
                -accept_eula `
                -accept_outdated `
                -shortcuts None `
                -filesOnly

$pfxFile = "C:\ProgramData\BcContainerHelper\Extensions\Test-Sign-Cont\my\Sign.pfx"
$pfxPassword = ConvertTo-SecureString -String "123456"-AsPlainText -Force

Sign-BcContainerApp -containerName $containerName `
                    -pfxFile $pfxFile `
                    -pfxPassword $pfxPassword `
                    -appFile "C:\ProgramData\BcContainerHelper\Extensions\Test-Sign-Cont\my\Test Sign App_17.0.0.0.app" `
                    -timeStampServer "http://timestamp.comodoca.com/?td=sha256" `
                    -digestAlgorithm "sha256"

Full output of scripts

BcContainerHelper is version 1.0.20-preview318
BcContainerHelper is running as administrator
Host is Microsoft Windows Server 2016 Datacenter - ltsc2016
Docker Client Version is 19.03.5
Docker Server Version is 19.03.5
Downloading application artifact /sandbox/17.3.20469.21112/de
Downloading C:\Users\Administrator\AppData\Local\Temp\19c16a4c-3750-43dd-b178-850dd854358d.zip
Unpacking application artifact to tmp folder using Expand-Archive
Downloading platform artifact /sandbox/17.3.20469.21112/platform
Downloading C:\Users\Administrator\AppData\Local\Temp\332abfe7-1f48-4508-a5ac-fef806d22d71.zip
Unpacking platform artifact to tmp folder using Expand-Archive
Downloading Prerequisite Components
Downloading c:\bcartifacts.cache\sandbox\17.3.20469.21112\platform\Prerequisite Components\Open XML SDK 2.5 for Microsoft Office\OpenXMLSDKv25.msi
Downloading c:\bcartifacts.cache\sandbox\17.3.20469.21112\platform\Prerequisite Components\IIS URL Rewrite Module\rewrite_2.0_rtw_x64.msi
Downloading c:\bcartifacts.cache\sandbox\17.3.20469.21112\platform\Prerequisite Components\DotNetCore\DotNetCore.1.0.4_1.1.1-WindowsHosting.exe
Fetching all docker images
Using image mcr.microsoft.com/businesscentral:10.0.14393.4169-filesonly
Disabling Health Check (always report healthy)
Creating Container Test-Sign-Cont
Version: 17.3.20469.21112-DE
Style: sandbox
Multitenant: Yes
Platform: 17.0.20458.21072
Generic Tag: 1.0.1.3
Container OS Version: 10.0.14393.4169 (ltsc2016)
Host OS Version: 10.0.14393.4169 (ltsc2016)
Using process isolation
Using locale de-DE
Disabling the standard eventlog dump to container log every 2 seconds (use -dumpEventLog to enable)
Additional Parameters:
--env customNavSettings=EnableTaskScheduler=False
Files in C:\ProgramData\BcContainerHelper\Extensions\Test-Sign-Cont\my:
- AdditionalOutput.ps1
- MainLoop.ps1
- SetupVariables.ps1
- updatehosts.ps1
Creating container Test-Sign-Cont from image mcr.microsoft.com/businesscentral:10.0.14393.4169-filesonly
aba48f622463fe277dea7a99b1f7e538b5cb81da41ffb73ac246f27ab752d082
Waiting for container Test-Sign-Cont to be ready
Using artifactUrl https://bcartifacts.azureedge.net/sandbox/17.3.20469.21112/de
Using installer from C:\Run\150-new
Installing Business Central
Installing from artifacts
Copying Service Tier Files
Copying PowerShell Scripts
Copying dependencies
Copying ReportBuilder
Importing PowerShell Modules
Skipping restore of Cronus database
Modifying Business Central Service Tier Config File for Docker
Installing SIP crypto provider: 'C:\Windows\System32\NavSip.dll'
Copying Web Client Files
Copying Client Files
Copying ModernDev Files
Copying additional files
Copying ConfigurationPackages
Copying Test Assemblies
Copying Extensions
Copying Applications
Copying Applications.DE
Installation took 60 seconds
Installation complete
Ready for connections!
Reading CustomSettings.config from Test-Sign-Cont
Downloading Signing Tools
Installing Signing Tools
Signing C:\Run\my\Test Sign App_17.0.0.0.app
Done Adding Additional Store

Number of errors: 1
Signing failed, retrying in 4 seconds
Done Adding Additional Store

Number of errors: 1

Signing failed, retrying in 16 seconds
Done Adding Additional Store

Number of errors: 1

Signing failed, retrying in 64 seconds
Done Adding Additional Store

Number of errors: 1

Signing failed, retrying in 256 seconds
Done Adding Additional Store

Number of errors: 1

SignTool Error: This file format cannot be signed because it is not recognized.
at <ScriptBlock>, <No file>: line 32
at Invoke-ScriptInBcContainer, C:\Program Files\WindowsPowerShell\Modules\BcContainerHelper\1.0.20\ContainerHandling\Invoke-ScriptInNavContainer.ps1: Line 44
at Sign-BcContainerApp, C:\Program Files\WindowsPowerShell\Modules\BcContainerHelper\1.0.20\AppHandling\Sign-NavContainerApp.ps1: Line 56
at <ScriptBlock>, <Keine Datei>: Line 1
SignTool Error: This file format cannot be signed because it is not recognized.
In C:\Program Files\WindowsPowerShell\Modules\BcContainerHelper\1.0.20\ContainerHandling\Invoke-ScriptInNavContainer.ps1:45 Character:13
+             throw $_.Exception.Message
+             ~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : OperationStopped: (SignTool Error:...not recognized.:String) [], RuntimeException
    + FullyQualifiedErrorId : SignTool Error: This file format cannot be signed because it is not recognized.

Screenshots

Additional context Unfortunately this error occurs with all versions.

freddydk commented 3 years ago

The reason for this is a missing msvcr120.dll in c:\windows\system32 Seems like I was a little too aggressive on saving space. The vcredist will be added to the next version of the generic image. I will add a check in Sign-BcContainerApp to check whether the dll is there and if not, then do a just-in-time install of vcredist, then this should work with the existing versions as well.

freddydk commented 3 years ago

Shipped in BcContainerHelper 2.0.0