search

microsoft / navcontainerhelper

Official Microsoft repository for BcContainerHelper, a PowerShell module, which makes it easier to work with Business Central Containers on Docker.
MIT License
382 stars 246 forks source link

SignTool Error with .app Files Using New Code Signing Certificate #3712

Open ivandjordjevic opened 2 days ago

ivandjordjevic commented 2 days ago

I encountered a problem with signing .app files using signtool.exe after switching to a new code signing certificate. Previously, I used a .pfx file locally, but since transitioning to the new setup, signtool successfully signs .dll and other file types, but fails with .app files.

I am using the Install-NAVSipCryptoProviderFromNavContainer to get the NavSip.dll file but still get the same issue. I've also updated the ContainerHelper library and tried with different versions of SDK.

Scripts used

# Define variables
$containerName = "dev2"
$signtoolPath = "C:\Program Files (x86)\Windows Kits\10\bin\10.0.20348.0\x86\signtool.exe"
$timestampUrl = "http://ts.ssl.com"
$certThumbprint = "[CERTIFICATE THUMBRINT]"
$appFilePath = "C:\temp\sign\test.app"

# Step 1: Install the required NAVSipCryptoProvider from the specified container
Install-NAVSipCryptoProviderFromNavContainer -containername $containerName

# Step 2: Use Invoke-Expression to run signtool.exe with the defined variables
Invoke-Expression "& '$signtoolPath' sign /fd sha256 /tr $timestampUrl /td sha256 /sha1 $certThumbprint '$appFilePath'"

Full output of scripts

Copy SIP crypto provider from container dev2
Copy from container dev2 (C:\Windows\System32\NavSip.dll) to C:\Windows\System32\NavSip.dll
Copy from container dev2 (C:\Windows\SysWow64\NavSip.dll) to C:\Windows\SysWow64\NavSip.dll
Cannot find path 'C:\Windows\SysWow64\NavSip.dll' because it does not exist.

Container Free Physical Memory: 15.4Gb
Disk C: Free 121Gb from 127Gb

Services in container dev2:
C:\Windows\SysWow64\NavSip.dll doesn't exist.
C:\Windows\System32\NavSip.dll successfully registered.
Done Adding Additional Store

Number of errors: 1

signtool.exe : SignTool Error: This file format cannot be signed because it is not recognized.
At line:1 char:1
+ & 'C:\Program Files (x86)\Windows Kits\10\bin\10.0.20348.0\x86\signto ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (SignTool Error:...not recognized.:String) [], RemoteException
    + FullyQualifiedErrorId : NativeCommandError

SignTool Error: An error occurred while attempting to sign: C:\temp\sign\test.app
...

The dev2 container is using insider version BC 24.6.24915.0.

ivandjordjevic commented 2 days ago

This issue is similar to https://github.com/microsoft/navcontainerhelper/issues/3089 but I don't see any follow-up or resolution there