sign icon indicating copy to clipboard operation
sign copied to clipboard

Published 20 hours ago verified publisher icon dotnet

Starting with version 0.9.1-beta.24123.2 error on tempfile/folder

Open RonKoppelaar opened this issue 3 months ago • 8 comments

Describe the bug Starting with version 0.9.1-beta.24123.2 I got file in use errors when using the sign tool. Its depending on machine type/configuration but unclear why. I have two build machines both run on W2019

Repro steps Run Sign.exe for one app file (Business Central) using certificate from Azure keyvault. Invoke the cmd from PS ISE.

        . $signingToolExe code azure-key-vault `
            --azure-key-vault-url "https://$KeyVaultName.vault.azure.net/" `
            --azure-key-vault-certificate $CertificateName `
            --azure-key-vault-client-id $ClientId `
            --azure-key-vault-client-secret (Get-SecretValue $ClientSecret) `
            --azure-key-vault-tenant-id $TenantId `
            --description $Description `
            --description-url $DescriptionUrl `
            --file-digest $DigestAlgorithm `
            --timestamp-digest $DigestAlgorithm `
            --timestamp-url $TimestampService `
            --verbosity $Verbosity `
            $FileToSign

Error stack:

VERBOSE: Running Invoke-cdsaALAppSign. PSBoundParameters: KeyVaultName:CodeSignERP CertificateName:CodeSignCertificate FilesToSign:C:\temp\Zig_Zig365 Insights Connector_23.23.0.0.app Description:test signing DescriptionUrl:https:\www.zig.nl Verbose:True Verbosity:Information VERBOSE: Start find sign tool VERBOSE: Instal Sign tool VERBOSE: Installing signing tool version 0.9.1-beta.24123.2 in C:\Users\BUILDA~1.JVF\AppData\Local\Temp\1\SigningTool-0.9.1-beta.24123.2 VERBOSE: Getting sign tool C:\Users\BUILDA~1.JVF\AppData\Local\Temp\1\SigningTool-0.9.1-beta.24123.2\Sign.exe VERBOSE: Using sign tool: C:\Users\BUILDA~1.JVF\AppData\Local\Temp\1\SigningTool-0.9.1-beta.24123.2\Sign.exe VERBOSE: Signing file: C:\temp\Zig_Zig365 Insights Connector_23.23.0.0.app info: Sign.Core.ISigner[0] Submitting C:\temp\Zig_Zig365 Insights Connector_23.23.0.0.app for signing. info: Sign.Core.ISigner[0] SignAsync called for C:\temp\Zig_Zig365 Insights Connector_23.23.0.0.app. Using C:\Users\buildadmin.jvfbbmhpxp7u6\AppData\Local\Temp\1\0zx1bmjk.5ib\5sdgrzsb.app locally. info: Sign.Core.ISignatureProvider[0] Signing SignTool job with 1 files. info: Sign.Core.ISignatureProvider[0] Signing C:\Users\buildadmin.jvfbbmhpxp7u6\AppData\Local\Temp\1\0zx1bmjk.5ib\5sdgrzsb.app. fail: Sign.Core.ISignatureProvider[0] Signing failed with error -2146762749. info: Sign.Core.ISignatureProvider[0] Performing attempt #2 of 3 attempts after 5 s. info: Sign.Core.ISignatureProvider[0] Signing C:\Users\buildadmin.jvfbbmhpxp7u6\AppData\Local\Temp\1\0zx1bmjk.5ib\5sdgrzsb.app. fail: Sign.Core.ISignatureProvider[0] Signing failed with error -2147024864. info: Sign.Core.ISignatureProvider[0] Performing attempt #3 of 3 attempts after 11.1803398 s. info: Sign.Core.ISignatureProvider[0] Signing C:\Users\buildadmin.jvfbbmhpxp7u6\AppData\Local\Temp\1\0zx1bmjk.5ib\5sdgrzsb.app. fail: Sign.Core.ISignatureProvider[0] Signing failed with error -2147024864. fail: Sign.Core.ISignatureProvider[0] Failed to sign. Attempts exceeded. warn: Sign.Core.IDirectoryService[0] An exception occurred while attempting to delete directory C:\Users\buildadmin.jvfbbmhpxp7u6\AppData\Local\Temp\1\0zx1bmjk.5ib. System.IO.IOException: The process cannot access the file '5sdgrzsb.app' because it is being used by another process. at System.IO.FileSystem.RemoveDirectoryRecursive(String fullPath, WIN32_FIND_DATA& findData, Boolean topLevel) at System.IO.FileSystem.RemoveDirectory(String fullPath, Boolean recursive) at System.IO.DirectoryInfo.Delete(Boolean recursive) at Sign.Core.DirectoryService.Delete(DirectoryInfo directory) in //src/Sign.Core/FileSystem/DirectoryService.cs:line 52 fail: Sign.Core.ISigner[0] Could not sign C:\Users\buildadmin.jvfbbmhpxp7u6\AppData\Local\Temp\1\0zx1bmjk.5ib\5sdgrzsb.app. System.Exception: Could not sign C:\Users\buildadmin.jvfbbmhpxp7u6\AppData\Local\Temp\1\0zx1bmjk.5ib\5sdgrzsb.app. at Sign.Core.AzureSignToolSignatureProvider.<>c__DisplayClass7_0.<<SignAsync>b__0>d.MoveNext() in //src/Sign.Core/SignatureProviders/AzureSignToolSignatureProvider.cs:line 110 --- End of stack trace from previous location --- at System.Threading.Tasks.Parallel.<>c__531.<<ForEachAsync>b__53_0>d.MoveNext() --- End of stack trace from previous location --- at Sign.Core.AzureSignToolSignatureProvider.SignAsync(IEnumerable1 files, SignOptions options) in //src/Sign.Core/SignatureProviders/AzureSignToolSignatureProvider.cs:line 104 at Sign.Core.AggregatingSignatureProvider.SignAsync(IEnumerable1 files, SignOptions options) in /_/src/Sign.Core/SignatureProviders/AggregatingSignatureProvider.cs:line 204 at Sign.Core.Signer.<>c__DisplayClass3_0.<<SignAsync>b__0>d.MoveNext() in /_/src/Sign.Core/Signer.cs:line 153 --- End of stack trace from previous location --- at System.Threading.Tasks.Parallel.<>c__531.<<ForEachAsync>b__53_0>d.MoveNext() --- End of stack trace from previous location --- at Sign.Core.Signer.SignAsync(IReadOnlyList`1 inputFiles, String outputFile, FileInfo fileList, DirectoryInfo baseDirectory, String applicationName, String publisherName, String description, Uri descriptionUrl, Uri timestampU rl, Int32 maxConcurrency, HashAlgorithmName fileHashAlgorithm, HashAlgorithmName timestampHashAlgorithm) in //src/Sign.Core/Signer.cs:line 85 VERBOSE: Finished Invoke-cdsaALAppSign.

RonKoppelaar avatar May 08 '24 09:05 RonKoppelaar

I just created a brand new W22 machine in Azure but there I have the same issue

VERBOSE: Running Invoke-cdsaALAppSign. PSBoundParameters: KeyVaultName:CodeSignERP CertificateName:CodeSignCertificate FilesToSign:C:\temp\Zig_Zig365 Insights Connector_23.23.0.0.app Description:test signing DescriptionUrl:http s:\www.zig.nl Verbose:True Verbosity:debug SignToolVersion:0.9.1-beta.24170.3 VERBOSE: Start find sign tool version: 0.9.1-beta.24170.3 VERBOSE: Instal Sign tool VERBOSE: Installing signing tool version 0.9.1-beta.24170.3 in C:\Users\vmadmin\AppData\Local\Temp\2\SigningTool-0.9.1-beta.24170.3 VERBOSE: Getting sign tool C:\Users\vmadmin\AppData\Local\Temp\2\SigningTool-0.9.1-beta.24170.3\Sign.exe VERBOSE: Using sign tool: C:\Users\vmadmin\AppData\Local\Temp\2\SigningTool-0.9.1-beta.24170.3\Sign.exe VERBOSE: Signing file: C:\temp\Zig_Zig365 Insights Connector_23.23.0.0.app info: Sign.Core.ISigner[0] Submitting C:\temp\Zig_Zig365 Insights Connector_23.23.0.0.app for signing. info: Sign.Core.ISigner[0] SignAsync called for C:\temp\Zig_Zig365 Insights Connector_23.23.0.0.app. Using C:\Users\vmadmin\AppData\Local\Temp\2\z3xw45h1.hzs\acnxoqlw.app locally. info: Sign.Core.ISignatureProvider[0] Signing SignTool job with 1 files. info: Sign.Core.ISignatureProvider[0] Signing C:\Users\vmadmin\AppData\Local\Temp\2\z3xw45h1.hzs\acnxoqlw.app. fail: Sign.Core.ISignatureProvider[0] Signing failed with error -2146762749. info: Sign.Core.ISignatureProvider[0] Performing attempt #2 of 3 attempts after 5 s. info: Sign.Core.ISignatureProvider[0] Signing C:\Users\vmadmin\AppData\Local\Temp\2\z3xw45h1.hzs\acnxoqlw.app. fail: Sign.Core.ISignatureProvider[0] Signing failed with error -2147024864. info: Sign.Core.ISignatureProvider[0] Performing attempt #3 of 3 attempts after 11.1803398 s. info: Sign.Core.ISignatureProvider[0] Signing C:\Users\vmadmin\AppData\Local\Temp\2\z3xw45h1.hzs\acnxoqlw.app. fail: Sign.Core.ISignatureProvider[0] Signing failed with error -2147024864. fail: Sign.Core.ISignatureProvider[0] Failed to sign. Attempts exceeded. warn: Sign.Core.IDirectoryService[0] An exception occurred while attempting to delete directory C:\Users\vmadmin\AppData\Local\Temp\2\z3xw45h1.hzs. System.IO.IOException: The process cannot access the file 'acnxoqlw.app' because it is being used by another process. at System.IO.FileSystem.RemoveDirectoryRecursive(String fullPath, WIN32_FIND_DATA& findData, Boolean topLevel) at System.IO.FileSystem.RemoveDirectory(String fullPath, Boolean recursive) at System.IO.DirectoryInfo.Delete(Boolean recursive) at Sign.Core.DirectoryService.Delete(DirectoryInfo directory) in //src/Sign.Core/FileSystem/DirectoryService.cs:line 52 fail: Sign.Core.ISigner[0] Could not sign C:\Users\vmadmin\AppData\Local\Temp\2\z3xw45h1.hzs\acnxoqlw.app. System.Exception: Could not sign C:\Users\vmadmin\AppData\Local\Temp\2\z3xw45h1.hzs\acnxoqlw.app. at Sign.Core.AzureSignToolSignatureProvider.<>c__DisplayClass7_0.<<SignAsync>b__0>d.MoveNext() in //src/Sign.Core/SignatureProviders/AzureSignToolSignatureProvi der.cs:line 110 --- End of stack trace from previous location --- at System.Threading.Tasks.Parallel.<>c__531.<<ForEachAsync>b__53_0>d.MoveNext() --- End of stack trace from previous location --- at Sign.Core.AzureSignToolSignatureProvider.SignAsync(IEnumerable1 files, SignOptions options) in //src/Sign.Core/SignatureProviders/AzureSignToolSignatureProv ider.cs:line 104 at Sign.Core.AggregatingSignatureProvider.SignAsync(IEnumerable1 files, SignOptions options) in /_/src/Sign.Core/SignatureProviders/AggregatingSignatureProvider .cs:line 204 at Sign.Core.Signer.<>c__DisplayClass3_0.<<SignAsync>b__0>d.MoveNext() in /_/src/Sign.Core/Signer.cs:line 156 --- End of stack trace from previous location --- at System.Threading.Tasks.Parallel.<>c__531.<<ForEachAsync>b__53_0>d.MoveNext() --- End of stack trace from previous location --- at Sign.Core.Signer.SignAsync(IReadOnlyList`1 inputFiles, String outputFile, FileInfo fileList, DirectoryInfo baseDirectory, String applicationName, String publi sherName, String description, Uri descriptionUrl, Uri timestampUrl, Int32 maxConcurrency, HashAlgorithmName fileHashAlgorithm, HashAlgorithmName timestampHashAlgorithm) i n //src/Sign.Core/Signer.cs:line 85 VERBOSE: Finished Invoke-cdsaALAppSign.

I'm kind of out of options as the previous versions don't Sign buisness central apps.

RonKoppelaar avatar May 10 '24 19:05 RonKoppelaar

@RonKoppelaar, thanks for the report. Sorry you're having this problem.

@clairernovotny had an idea that there might be contention with an antivirus/malware scanner. Are you using a stock VM template? If yes, which one is it?

Do you see a pattern in reproducibility (e.g.: it happens every time) or is it random?

Can you share a simplified repro that doesn't have any sensitive or proprietary data?

dtivel avatar May 14 '24 18:05 dtivel

Well I did disabled AV, in this case Windows defender by uninstalling the feature. This had no affect, It happens on all my build machines accept for one. It was lacking behind with some windows updates.

So I created a brand new environment W22 based on Azure Template: image

Where I can repro the issue consistantly...

After deploy of the server I manually installed .Net 8 SDK latest version

RonKoppelaar avatar May 14 '24 18:05 RonKoppelaar

Unfortune sharing repro without sensitive is not possible as the certificate is taken from AZ Key Vault. I could however share the script without any secrets though. Will add repro to this thread tomorrow.

RonKoppelaar avatar May 14 '24 18:05 RonKoppelaar