a.guelle
Posts: 97
Joined: Tue May 19, 2015 2:23 pm

[solved] EV singning with CI Server

Wed Sep 02, 2020 2:41 pm

Hi Folks,

so I found a way to inject the eToken password when signing my MSI package with Advanced Installer via the command line. But if I run the call from one of our build agents, it says "SignTool Error: No private key is available."

As our build agent runs as a non interactive service in the isolated session , it seems as if the SafeNet Client or the eToken is not reachable in that session.
Did anyone find a way around that?

Cheers,

Angelo

a.guelle
Posts: 97
Joined: Tue May 19, 2015 2:23 pm

Re: [solved] EV singning with CI Server

Fri Sep 04, 2020 9:59 am

I solved it myself. Instead of running the SafeNet Client to the Session 0, I run our build agent in a user session.

For those who are intereseted, I put my complete configuration for automated EV signing with AI into a document.
@AI-Team: It would be nice if AI would allow to pass an eToken Password, public key file and the eToken container name to the Microsoft signtool.

Best regards,

Angelo

Catalin
Posts: 6543
Joined: Wed Jun 13, 2018 7:49 am

Re: [solved] EV singning with CI Server

Fri Sep 04, 2020 1:38 pm

Hello Angelo,

First of all, thank you for your followup on this and for sharing your solution with us.

I am really glad everything is working as expected now.
@AI-Team: It would be nice if AI would allow to pass an eToken Password, public key file and the eToken container name to the Microsoft signtool.
To be fully honest with you, I am not quite familiar with this.

Could you please give me some more details about this scenario? For instance, would you like to pass the password, key and eToken through the command line?

If that is what you are trying to achieve, could you please proceed as it follows:

- go to "Digital Signature" page

- under "Signing Tool" section, please select "Custom"

- select your signtool

- modify the "Command Line" field accordingly

clisigntool.png
clisigntool.png (28.79KiB)Viewed 8498 times

Hope this helps.

Best regards,
Catalin
Catalin Gheorghe - Advanced Installer Team
Follow us: Twitter - Facebook - YouTube

a.guelle
Posts: 97
Joined: Tue May 19, 2015 2:23 pm

Re: [solved] EV singning with CI Server

Mon Sep 07, 2020 9:23 am

Hi Catalin,

thank you for the screenshot, I see this changed in an AI version greater than 15.1 and will solve the problem of coding an own wrapper.
So we just have to wait for a fix of this issue:

viewtopic.php?f=2&t=45964

Thank you for brining this to attention.

Angelo

Catalin
Posts: 6543
Joined: Wed Jun 13, 2018 7:49 am

Re: [solved] EV singning with CI Server

Tue Sep 08, 2020 1:24 pm

Hello Angelo,

You are always welcome!

You are, indeed, right. We have added this support recently (in Advanced Installer 17.3 if I'm not mistaken).

In what regards the other issue you have reported, from what I can see in our reporting tool, it looks like it is over to the QA team for testing, so it might catch the next release.

Best regards,
Catalin
Catalin Gheorghe - Advanced Installer Team
Follow us: Twitter - Facebook - YouTube

Motyo
Posts: 2
Joined: Thu Mar 11, 2021 8:37 am

Re: [solved] EV singning with CI Server

Thu Mar 11, 2021 8:42 am

a.guelle wrote:
Fri Sep 04, 2020 9:59 am
I solved it myself. Instead of running the SafeNet Client to the Session 0, I run our build agent in a user session.

For those who are intereseted, I put my complete configuration for automated EV signing with AI into a document.
Hi Angelo,

Could you share your solution?
I'm already running the build agent in my user account. But since SafeNet wants to ask for the password at least one time (even if "Enable single logon" is checked), it won't work with the build agent.

a.guelle
Posts: 97
Joined: Tue May 19, 2015 2:23 pm

Re: [solved] EV singning with CI Server

Thu Mar 11, 2021 2:40 pm

Hi Motyo,

i guess the Advanced Installer guys removed my tutorial due to the company logo or something. I will try it again.
EV_certificate_code_singing_with_build_server.zip
(708.3KiB)Downloaded 759 times
Cheers,

Angelo

Catalin
Posts: 6543
Joined: Wed Jun 13, 2018 7:49 am

Re: [solved] EV singning with CI Server

Thu Mar 11, 2021 8:57 pm

Hello Motyo and welcome to our forums,

@Angelo,

Thank you very much for your followup on this.

Please note, however, that I did not delete the attachment. :)

Most likely, there was an issue that prevented it from being posted.

Best regards,
Catalin
Catalin Gheorghe - Advanced Installer Team
Follow us: Twitter - Facebook - YouTube

Motyo
Posts: 2
Joined: Thu Mar 11, 2021 8:37 am

Re: [solved] EV singning with CI Server

Thu Mar 11, 2021 9:17 pm

It worked, thank you very much for putting this together, Angelo, it's a great help!

Catalin
Posts: 6543
Joined: Wed Jun 13, 2018 7:49 am

Re: [solved] EV singning with CI Server

Fri Mar 12, 2021 2:22 pm

Thank you for your followup on this!

I'm glad everything works as expected.

Best regards,
Catalin
Catalin Gheorghe - Advanced Installer Team
Follow us: Twitter - Facebook - YouTube

Return to “Building Installers”