Hi,
we are currently in the process of evaluating Final Builder, and it seems to be a great product. However we have a problem getting the signtool action to work. We have configured the action to replicate our current batch script:
signtool.exe /v /sha1 /a /t http://timestamp.verisign.com/scripts/timestamp.dll
Unfortunately the action never terminates. signtool.exe is running (according to process explorer) - it just doesn't do any work. It doesn't seem to matter if we provide the action with the password or not. When the command is manually executed on a console, a window pops up, asking for the password (as expected).
We then tried to replicate the expected behaviour of the signtool action using an Asynchronous action that executes signtool and one that waits for the password dialog to spawn. After it spawned, the password is entered and Okay is clicked using the Gui Automation Actions (those are very powerful and are really easy to use . However this only works if the computer is not locked. Is the signtool action able to solve this problem?
Hi Simon,
I am able to reproduce this issue but I am afraid that this is a Windows security measure and there is no way that I can modify the Signtool action to handle this.
If I import a certificate to my local certificate store and enable Strong Private Key Protection as a part of this process, this will activate a Windows security prompt every time the certificate is accessed. There is no Signtool switch to de-activate this prompt as this would defeat the purpose of the increased certificate protection.
To work around this issue you can either re-import the certificate into the certificate store, without enabling Strong Private Key Protection, or you can sign your application using a specific PFX file (the PFX password can be specified via the Certificate Password field within the action).
Regards,
Steve
Hello Steve,
thank you for your answer. I will have to check if importing the certificate is allowed by our policy (we seem to be storing it on a smartcard, not the build computer).
However I find it odd that when using the signtool action, no such Windows security prompt pops up. I would have expected that, since running the same command outside of Final Builder does bring up that dialog.
Hi Simon,
The output window is suppressed while the action executes to prevent the console window being displayed. If we did not suppress the console window you would be able to see the security prompt being displayed when you run your command.
Regards,
Steve