Post Reply
ketteringkid
Posts: 14
Joined: Thu Mar 20, 2014 8:30 pm

Problems Signing within a Build Server

Hello! I'm having some issues signing my installer within a continuous integration environment. It seems as though our build is failing when it is attempting to sign aipackagechainer.exe.

Code: Select all

uild	18-Aug-2014 12:38:01	         "C:\Program Files (x86)\Caphyon\Advanced Installer 11.4.1\bin\x86\AdvancedInstaller.com" /edit "App\InstallerBuild.aip" /SetVersion 0.0.1.302
build	18-Aug-2014 12:38:22	         "C:\Program Files (x86)\Caphyon\Advanced Installer 11.4.1\bin\x86\AdvancedInstaller.com" /rebuild "App\InstallerBuild.aip"
build	18-Aug-2014 12:38:24	         Checking builds status... done.
build	18-Aug-2014 12:38:24	         
build	18-Aug-2014 12:38:24	         Build required.
build	18-Aug-2014 12:38:24	         
build	18-Aug-2014 12:38:24	         
build	18-Aug-2014 12:38:24	         
build	18-Aug-2014 12:38:24	         [ DefaultBuild ]
build	18-Aug-2014 12:39:54	         Creating MSI database (en)... 
build	18-Aug-2014 12:39:54	         
build	18-Aug-2014 12:39:54	     1>The digital signing of the C : \Program Files (x86)\Caphyon\Advanced Installer 11.4.1\custact\x86\aipackagechainer.exe file failed. error Message: Done Adding Additional Store [C:\BambooData\xml-data\build-dir\App-JOB1\installations\Build.xml]
build	18-Aug-2014 12:39:54	         
build	18-Aug-2014 12:39:54	         
build	18-Aug-2014 12:39:54	         
build	18-Aug-2014 12:39:54	         Number of errors: 1
build	18-Aug-2014 12:39:54	         
build	18-Aug-2014 12:39:54	         
build	18-Aug-2014 12:39:54	     1>EXEC : SignTool error : File not found: C:\Windows\system32\config\systemprofile\AppData\Local\Temp\bin454D.tmp [C:\BambooData\xml-data\build-dir\App-JOB1\installations\Build.xml]
With that being said I have tried the following:
1. Changing the external tool. The system failed with the same error.
2. Running this from a command line. Everything seems to be fine. I am logged into the system under a user account at this point opposed to as a service account though.

As far as version information, we're running Advanced Installer 11.4.1 under Windows 7 Professional SP1 (x64).

I didn't see anything within the forums that would explain this issue and based on the data found:
1. Is there anyway to verify that the correct external tool is being used when executing in more or less headless mode? Is there anyway to override these settings from the command line. I didn't see anything when I was looking through the CLI.
2. Does this file even need to be signed using our certificate? I would actually rather that it is not as we do not develop it.

Any thoughts/work around ideas? I haven't been able to resolve this and I am out of ideas at this point.

Thanks,

Ryan
Daniel
Posts: 8276
Joined: Mon Apr 02, 2012 1:11 pm
Contact: Website

Re: Problems Signing within a Build Server

Hello Ryan,

I'm not sure why you are encountering this, but you may encounter the behavior if you are using the "Use a certificate from system store" option from our "Digital Signature" page. When this option is enabled the installation project will be signed using a certificate from the certificate store of the current building user account (e.g. "System" account). So, if the related certificate is not imported in the certificate store of the "System" account the signing will fail.

Therefore, can you please enable the "Use file from disk" option in our "Digital Signature" page (and reference from disk the certificate to be used for signing ) and see if the behavior still persists? If so, can you please send us the .aip (project file) to support at advancedinstaller dot com so we can take a look over its settings?

All the best,
Daniel
Daniel Radu - Advanced Installer Team
Follow us: Twitter - Facebook - YouTube
ketteringkid
Posts: 14
Joined: Thu Mar 20, 2014 8:30 pm

Re: Problems Signing within a Build Server

Dan,

Thanks for the reply. I was using a certificate from a file already. I was able to solve the problem in a somewhat non-ideal way.

If anyone else experiences this issue, it was related attempting to run the service as local system opposed to run it as a logged in user. The default for our installation seemed to have setup the signtool.exe as the default signing application. I needed to check it to use the Advanced Installer signing tool. Sadly, this isn't as easy as you would think since the preferences for external tools is out of the context of the running user (there seems to be no CLI option to save it and it wasn't stored as a part of the project file).

To fix the issue, I had to use sysinternals Psexec (http://technet.microsoft.com/en-us/sysi ... 97553.aspx) to run the Advanced Installer UI under the local system user, then I set the externals tools up from there. Everything worked successfully thereafter.

The command to do that is: psexec -i -s PATH_TO_ADVANCED_INSTALLER_EXE

After that everything was fine. Is there a way to request that as part of the CLI in a future release?
Daniel
Posts: 8276
Joined: Mon Apr 02, 2012 1:11 pm
Contact: Website

Re: Problems Signing within a Build Server

Hello,

I'm glad you got this working.

Indeed, as you already observed the "External Tools" settings in Advanced Installer are saved in a per-user context. They are not saved in per-machine context. So, you have proceed in the right way by running the Advanced Installer application under "System" account and enabling the "SignTool.exe" tool in "External Tool" settings.

Regarding your request for adding a command line option to run Advanced Installer under "System" account, I've added this improvement on our TODO list and maybe it will be available in a future version of Advanced Installer. Thank you for your suggestion.

All the best,
Daniel
Daniel Radu - Advanced Installer Team
Follow us: Twitter - Facebook - YouTube
Post Reply

Return to “Common Problems”