Show errors from signtool.exe in the log

[rajbos]

Please capture errors from the signtool to prevent vague issues as described #1307.

We eventually found the culprit in this class Squirrel.Update.Program.cs

Method signPEFile()
{
var processResult = await Utility.InvokeProcessAsync(exe,
                String.Format("sign {0} \"{1}\"", signingOpts, exePath), CancellationToken.None);
}

If you capture the output and display that on exception, that would help the user finding the error with the calls to sign the files with the code signing certificate.

[damieng]

Doing this exposes your certificate signing key into visible logs.

[rajbos]

Then at least write out a readable message that indicates an issue with calling the signtool, instead of the current stacktrace? Currently the cause of it is hard to find (the only hint is the mention of the signtool).

[gavinhenderson]

Is there any movement on this? It would be really nice if we could make the error visible, right now its impossible to know what went wrong and signtool is very awkward to setup so without an error you are debugging blind.

I appreciate that you don't want to log secrets but it would be good if we could opt in to logs and you can put a warning in the docs that it will log secrets then its up to to the user to redact them from the logs.