How to use DigiCert Signing Manager Controller (smctl) in Azure DevOps classic pipeline?
This following task, which signs a setup program using DigiCert Signing Manager Controller (smctl), works without any problem, if I use it in a Azure YAML pipeline.
- task: CmdLine@2
displayName: 'Sign setup file'
inputs:
script:
smctl sign --verbose --keypair-alias=$(digicert-key-pair-alias) --certificate=$(Agent.TempDirectory)\KeyCert.pem --config-file $(SSMClientToolsSetup.PKCS11_CONFIG) --input $(System.ArtifactsDirectory)
env:
SM_HOST: $(CodeSigningHost)
SM_API_KEY: $(digicert-api-key)
SM_CLIENT_CERT_PASSWORD: $(digicert-cert-pw)
SM_CLIENT_CERT_FILE: $(caCertificate.secureFilePath)
Using the exact same task in an Azure DevOps release pipeline doesn't work: See this screenshot:
I'm getting this error:
Command :
signtool sign /tr http://timestamp.digicert.com /td SHA256 /fd SHA256 /csp "DigiCert Signing Manager KSP" /kc "***" /f "D:\a\_temp\KeyCert.pem" "D:\a\1\a\setup\ApplicationService_Setup_4.2.0.57.exe"
Error :
Done Adding Additional Store
Error information: "Error: SignerSign() failed." (-2146893779/0x8009002d)
exit status 1: SignTool Error: An unexpected internal error has occurred.
I'm calling in both pipelines the same necessary tasks as described in DigiCert instructions. The DigiCert tools are downloaded and installed correctly in both pipelines. The necessary certificate and all environment variables are also there.
For my understanding the signing process should work in both types of pipelines. I'm calling the same tasks in both pipelines. Both pipelines have access to the secure file containing the certificate to sign and to the variable group, that contains the secret parameters used by the DigiCert tools.
I found out, that the error -2146893779/0x8009002d means, that I'm running out of signatures. Signing certificate with keyLocker provisioning method comes with a fix number of signatures. I would expect DigiCert to mention this in their docs (s. SignTool errors and solutions), which isn't the case.
- Azure yaml trigger pipeline every 14 days on a Saturday
- How to assign organization-level permissions to create repositories across all projects in organization in Azure DevOps?
- Updating Node js on internal windows ADO build agent
- Authenticating using the Azure CLI is only supported as a User (not a Service Principal)
- DotNetCLI@2 pack seems to be ignoring configuration inputs
- Build a pipeline in AzureDevOps for Sql Server on prem to run sql scripts
- How to format Azure DevOps console Logs
- How to follow the entire wiki in Azure DevOps?
- Issue with Azure key vault and Azure storage account deployment
- Publishing external POM Package to Azure Artifacts Feed Error
- lionbridge-connector on Azure Artifacts gives Dependency Error
- How to allow an empty string for a runtime parameter?
- Azure - RBAC to Management Group
- Python (Dash) web app deployment on Azure with pipeline running too long with message Building wheel for pandas still running. How to optimize?
- No 'Import a pipeline' button in Azure DevOps
- ASP.NET Azure Web App Pipeline: No package found with specified pattern: D:\a\1\s\**\*.zip
- Error when creating a pipeline. "You don’t appear to have an active Azure subscription."
- ADO YAML Pipelines | How to get secret variable from a variable group based on the value of another variable
- Azure Devops - Get release definitions by agent pool ID
- Azure Pipelines using YAML for multiple environments (stages) with different variable values but no YAML duplication
- How to specify which version of nuget.exe to use with self-hosted agent in Azure DevOps?
- Login failed for user '<token-identified principal>' while authorizing to SQL Server via Service Principal from AAD group assigned
- Azure DevOps - JFrogNuget Error - Error occurred while executing task: Error: Command failed
- Access Azure DevOps Pipeline Artifacts from different organization
- Initiate Azure DevOps Release Pipeline from Logic App and Retrieve Environment Variable Output from the pipeline
- Is it necessary to switch from the Hosted XML to the Inheritance Process Model after a migration
- Why is Azure Pipelines installing the wrong .NET SDK version (according to global.json)
- Azure pipeline does't allow to git push throwing 'GenericContribute' permission is needed
- Azure Devops - How to START one stage before parallel stages?
- Dynamically populate DependsOn in Azure DevOps Yaml job