Closed sundares80 closed 9 months ago
sundares80
commented
2 years ago Hi,
I have tried below command from Azure DevOps
AzureSignTool sign -du "https://login.microsoftonline.us" -kvu "https://devopscodesigning.vault.usgovcloudapi.net" -kvi "xxxxxxxxxxxxxxxxxxxxxxxxxxx" -kvt "xxxxxxxxxxxxxxxxxxxxxxxxxx" -kvs "xxxxxxxxxxxxxxxxxxxxxxxxx" -kvc "code-ssl-new" -tr "http://ts.ssl.com" -td sha384 -v $(Build.artifactStagingDirectory)\YamlSample.zip"
Regards, Sundar
garrett-wood
commented
2 years ago You can work around this limitation by creating a token through an external process.
See #158
sundares80
commented
2 years ago Hi Garett,
Thanks for sharing the link. I am able to use the access token and fix the issue, but I am seeing another issue. "The file cannot be signed because it is not a recognized file type for signing or it is corrupt" Please let me know any fix for this.
Regards, Sundar
garrett-wood
commented
2 years ago Sundar,
Are you sure the file is supported by the tool? There are some limitations over using SignTool listed in the documentation.
hymccord
commented
1 year ago You can specify the authority host via an environment variable before using azuresigntool. This is how I use it in our pipelines to connect to Azure Gov.
$env:AZURE_AUTHORITY_HOST="https://login.microsoftonline.us/"
azuresigntool <your_args>
philnwoha
commented
1 year ago You can specify the authority host via an environment variable before using azuresigntool. This is how I use it in our pipelines to connect to Azure Gov.
$env:AZURE_AUTHORITY_HOST="https://login.microsoftonline.us/" azuresigntool <your_args>
This worked for me thanks!!
toniavia
commented
1 year ago Hi everyone. I'm trying to sign .jar files on my project but with azuresigntool it's being impossible with the next script:
$env:AZURE_AUTHORITY_HOST="https://login.microsoftonline.com/"
AzureSignTool.exe sign -kvu "https:..." -kvt "XXX" -kvi "XXX" -kvs "XXX" -kvc "XX" -t "XXX" -v "C:\WK\Firmar\Cron.jar"
The result of the execution is:
warn: AzureSignTool.SignCommand[0] Authenticode timestamps should only be used for compatibility purposes. RFC3161 timestamps should be used. trce: AzureSignTool.SignCommand[0] Retrieving certificate WK. trce: AzureSignTool.SignCommand[0] Retrieved certificate WK. trce: AzureSignTool.SignCommand[0] Creating context info: AzureSignTool.SignCommand[0] => File: C:\WK\Firmar\Cron.jar Signing file. trce: AzureSignTool.SignCommand[0] => File: C:\WK\Firmar\Cron.jar Getting SIP Data trce: AzureSignTool.SignCommand[0] => File: C:\WK\Firmar\Cron.jar Calling SignerSignEx3 info: AzureSignTool.SignCommand[0] => File: C:\WK\Firmar\Cron.jar result: -2146762749 fail: AzureSignTool.SignCommand[0] => File: C:\WK\Firmar\Cron.jar The file cannot be signed because it is not a recognized file type for signing or it is corrupt. fail: AzureSignTool.SignCommand[0] => File: C:\WK\Firmar\Cron.jar Signing failed with error 800B0003. info: AzureSignTool.SignCommand[0] => File: C:\WK\Firmar\Cron.jar Stopping file signing. info: AzureSignTool.SignCommand[0] Successful operations: 0 info: AzureSignTool.SignCommand[0] Failed operations: 1
It seems to me that jar extensions are not allowed, but in this case, ¿ how can i sign them ? ¿ Any other tool or unknown directive on the script ?
Thank you in advance.
Toni
hymccord
commented
1 year ago This tool uses mssign.SignerSignEx3 behind the scenes which means it’s deeply windows integrated. I believe it only supports signing windows PE format files. (exe, dll,… etc)
Hi,
I want to do code signing for Azure Gov App service. I see below error below while using Azure DevOps with Azure Gov US certificate. "Confidential Client is not supported in Cross Cloud request"
I found the link below related to the issue. https://blog.jongallant.com/2020/02/azure-identity-other-clouds/
Could you please help me to fix this issue.
Regards, Sundar