I am using an EV Code Token USB for this process.
I've got this .bat which signs an .exe with the help of signtool.exe
The bat works fine when i call it locally from cmd. It first calls an Autohotkey script (that is looking for the Windows Security window that is triggered by the signtool.exe (where you have to enter the PIN in order to successfully sign the .exe), starts the signtool process, the pin is entered automatically and all's good.
I'm trying to call the same .bat with the help of Jenkins, but no matter what I do, I keep getting this error
Error information: "Error: SignerSign() failed." (-2147023892/0x800703ec)
SignTool Error: An unexpected internal error has occurred.
The error means invalid flags but I literally do not know what that means.
The signing command line looks like this:
signtool.exe sign /tr http://timestamp.globalsign.com/?signature=sha2 /td SHA256 /sha1 [thumbprint] .exe
It doesn't change a thing if I run just the above command in Jenkins' "execute windows batch command" build step.
How could I get past this?
Related
I have a job that needs to run a script on a remote computer. I'm doing so by using psexec via "Execute windows batch command":
C:\PsExec.exe \\computername -u username -p password -accepteula c:\xxx.exe
When I run the job I get the following error:
c:\PsExec.exe is not recognized as an internal or external command
** PsExec.exe is located under c:\
Any ideas?
First Define psexec.exe path in environment varaiable "PATH" or else place psexec.exe file in C:\Windows\System32\
And to Download Psexec.exe file
https://download.sysinternals.com/files/PSTools.zip
One possible explanation is the version of PsExec.exe: 32bits or 64bits.
If you have the 32 one on a 64bits machine, that command would not be recognized indeed. PsExec64.exe would.
I can see the age of this question and my answer may not be relevant to this topic since I was technically trying to solve a different problem, but maybe this will help other people who are stuck.
c:\PsExec.exe is not recognized as an internal or external command
I was trying to disable the Maintenance Configurator with PSExec (my problem is the never ending maintenance bug) and kept running into the same error as the OP BUT I got PSexec64 to run this command:
C:\PsExec64.exe -s schtasks /change /tn >"\Microsoft\Windows\TaskScheduler\Maintenance Configurator" /DISABLE
BY checking the "Run this program as an administrator" option under the Compatibility settings for "PsExec64.exe"
Don't know if this has solved my problem yet, but I think the OP would have been able to run his process if he had done this. Dear OP did you ever solve that?
I have the following line in my Inno Setup script:
SignTool=MySign cmd /c C:\SigningTools\signtool.exe sign /f C:\MyCert.pfx /p MyPassword $f
This works on my local machine.
I then commit my changes to our server and Jenkins will compile and make a build automatically. Jenkins does not work and I get the following error.
Error on line 43 in C:\Windows\TEMP\fxbundler8328922406343131203\images\win-exe.image\MyProgram.iss: Value of [Setup] section directive "SignTool" is invalid.
Compile aborted.
I have no idea what the issue is, I have tried numerous things but can't seem to figure it out. I would settle with learning some better options to output error messages with Inno Setup.
I have verired that MySign exists on the server's compiler IDE (http://www.jrsoftware.org/ishelp/index.php?topic=setup_signtool)
I have tried numerous variations of having $q surround file paths
I have verified that the file paths match the two machines
You need to define the SignTool in your call to the compiler via the /s switch.
Example: "/sMySign$q=sign_application.bat$q $f"
sign_application.bat receives the path of the file to sign as first parameter and calls signtool.exe as you've already tried.
Take a look here: http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdline
Do not forget to Configure Sign Tools in the Inno Setup Compiler. I simply added signtool $p string.
In my case, the certificate has expired.
I found the following article usefull:
https://www.nextofwindows.com/how-to-check-a-pfx-certifications-expiry-date-on-windows
I opened a command prompt in the directory where my pfx file was and used this command to get details about the certificate:
certutil -dump "nameofcertfile.pfx"
Change nameofcertfile.pfx to your file name. You probably will be prompted for a password. Enter the password you used in your script (MyPassword in the OPs script). You may also copy/paste it.
NOTE: You will not see any character beeing typed while entering or pasting the password - so don't be confused.
I have build a custom deployment Action based on TFS 2010 command-line utility, TF.exe. When executed from a DOS prompt on the deployment agent server, it runs fine.
TF view /collection:uri "$source path" > "local path"
and the file does get downloaded, without a need of a workspace. However, when executed through VS2013RM, I get an error:
Illegal characters in path.
When I hover over the message column it reads:
The installation command \"my correct command line here\" failed with the exit code \"100\"
What gives? How come it executes fine in one place, but not the other? The RM Client runs under a network service account, which is part of the local admins and collection's service accounts.
After enabling log
I was able to capture this command:
Deployment: **********Installing component using command "C:\DevOps\TfsClient\TF.exe view /collection:http://[removed detail] "$/[removed detail]/MetastoreCS.xml" > "F:\[removed detail]\MetastoreCS.xml""
Than the error
9/24/2014 10:58:10 AM - Information - (12628, 26560) - Deployment: Exception The installation command \"C:\DevOps\TfsClient\TF.exe view /collection:http://[removed detail] "$/[removed detail]/MetastoreCS.xml" > "F:\[removed detail]\MetastoreCS.xml"\" failed with the exit code \"100\".
It seems like the redirecting character '>' is causing issue.
I was able to make it work using the /output option. Refer to the tf view documentation.
C:\DevOps\TfsClient\TF.exe view /collection:http://[removed detail] "$/[removed detail]/MetastoreCS.xml" /output:"F:\[removed detail]\MetastoreCS.xml"
It seems that i have a permission problem to execute a .exe under windows with jenkins.
Things to know about the system:
I have a windows user called 'Tester'. This user has Administrator rights
Jenkins run as a service using Tester username
I have a job which does the following:
cd C:\Program Files (x86)\Jenkins\workspace\sahi\tools
toggle_IE_proxy.exe enable
The process is silent, no output. The executable must probably change some values in registry.
This command tick the checkbox "Use a proxy..."
Note: it is working fine when i execute the command above in a cmd.exe as user 'Tester'.
Do you have an idea what's happening there ?
Many thanks
It seems that turning Off UAC solved my problem
I'm working on an automatic build using Jenkins and ClearCase and I have a problem.
I wrote a batch script to create a view in ClearCase using the cleartool command mkview.
When I execute the script by clicking on it, everything works, the view is created in ClearCase. But when I launch the script via Jenkins, I have the following errors :
C:\Program Files\Jenkins\workspace\JenkinsLecon1>
"C:\Program Files\IBM\RationalSDLC\ClearCase\bin\cleartool.exe"
mkview -sna -tag AUTOBUILD_VIEW_TEST1_CFW_INFRA_V5.10_Dev -str CFW_INFRA_V5.10_Dev#\projects -host sasla15001 -hpath d:\ClearCase_Storage\views\DOM3\268875\ -gpath \\sasla15001\ccstg_d\views\DOM3\268875\ CFW_INFRA_V5.10_Dev
Selected Server Storage Location "sasla15001_ccstg_d_views".
cleartool: Error: unable to set access control list for \\sasla15001\ccstg_d\views\AUTORITE+NT\SYSTEM\CFW_INFRA_V5.10_Dev.22.vws: Accès refusé.
cleartool: Error: protection on \\sasla15001\ccstg_d\views\AUTORITE+NT\SYSTEM\CFW_INFRA_V5.10_Dev.22.vws is out-of-synch with identity.sd and groups.sd
cleartool: Error: Failed to set identity on view: Permission denied
cleartool: Error: unable to set access control list for \\sasla15001\ccstg_d\views\AUTORITE+NT\SYSTEM\CFW_INFRA_V5.10_Dev.22.vws: Accès refusé.
cleartool: Error: \\sasla15001\ccstg_d\views\AUTORITE+NT\SYSTEM\CFW_INFRA_V5.10_Dev.22.vws:
Permission denied
cleartool: Error: Unable to create view "\\sasla15001\ccstg_d\views\AUTORITE+NT\SYSTEM\CFW_INFRA_V5.10_Dev.22.vws".
I pretty sure that the error come from an access right problem.
But I did not find an mkview option like -user or something like that to user my clearcase user account.
I hop that someone had the same problem and solve it or just someone who can help me!
For those who have the same problem, the solution is start Jenkins as administrator.
To do this :
1) open a prompt command as administrator
start/accessories/
Then right click on prompt command and choose start as
2) go to Jenkins directory
cd /D C:\Program Files\Jenkins
3) start Jenkins Server
java -jar jenkins.war --httpPort=8081 not 8080
wait until the sever is running this line will appear INFO:Jenkins is fully up and running
now the Jenkins server is running as administrator
4)open your web browser and go to
http ://localhost:8081
5) create your job!!!
to know where is the workspace just create a new batch script add the command line
cd
save and build the job. Next go to the console and just read the path
See for instance the Error: unable to set access control list for : Access is denied
The cause of this problem relates to restrictive permissions on either the view share or directory to which the view is being created.
Make sure who (i.e. which account) is executing those commands when run by Jenkins (is it the local system account?). As the OP Bastien mentions, running with elevated privileges is key.
Make also sure of the CLEARCASE_PRIMARY_GROUP environment variable value at the time of the Jenkins job.
It must be set to the group of the vob you want to access (or one of its secondary group).