sign
sign copied to clipboard
dotnet
Retry on `Azure.RequestFailedException`?
Problem One of our CI/CD builds failed recently because SignTool failed. (Private build, can't link to it.)
The ultimate cause appears to be a service error with Azure Trusted Signing. We "fixed" the problem by re-running the build; when it tried again, it succeeded.
Describe the solution you'd like
Is it reasonable for sign to retry a few times for transient Azure Trusted Signing issues (i.e., not 401, etc.)?
Describe alternatives you've considered
Could check the return value from sign (if there is a value that specifically indicates this problem) and call it again in our build script.
Additional context
fail: Sign.Core.IDataFormatSigner[0]
Service request failed.
Status: 500 (Internal Server Error)
Content:
{"errorDetail":{"code":"InternalError","message":"An internal error has occurred.","target":null}}
Headers:
Date: Wed, 05 Nov 2025 16:47:24 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache,no-store
Pragma: no-cache
api-supported-versions: REDACTED
x-azure-ref: REDACTED
X-Cache: REDACTED
Content-Type: application/json
Expires: -1
Azure.RequestFailedException: Service request failed.
Status: 500 (Internal Server Error)
Content:
{"errorDetail":{"code":"InternalError","message":"An internal error has occurred.","target":null}}
Headers:
Date: Wed, 05 Nov 2025 16:47:24 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache,no-store
Pragma: no-cache
api-supported-versions: REDACTED
x-azure-ref: REDACTED
X-Cache: REDACTED
Content-Type: application/json
Expires: -1
at Azure.CodeSigning.CertificateProfileRestClient.Sign(String codeSigningAccountName, String certificateProfileName, SignRequest body, String xCorrelationId, String clientVersion, CancellationToken cancellationToken)
at Azure.CodeSigning.CertificateProfileClient.StartSign(String codeSigningAccountName, String certificateProfileName, SignRequest body, String xCorrelationId, String clientVersion, CancellationToken cancellationToken)
at Sign.SignatureProviders.TrustedSigning.RSATrustedSigning.SignHash(Byte[] hash, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding) in /_/src/Sign.SignatureProviders.TrustedSigning/RSATrustedSigning.cs:line 63
at AzureSign.Core.AuthenticodeKeyVaultSigner.SignCallback(IntPtr pCertContext, IntPtr pvExtra, UInt32 algId, Byte[] pDigestToSign, UInt32 dwDigestToSign, CRYPTOAPI_BLOB& blob)
at AzureSign.Core.Interop.mssign32.SignerSignEx3(SignerSignEx3Flags dwFlags, SIGNER_SUBJECT_INFO* pSubjectInfo, SIGNER_CERT* pSignerCert, SIGNER_SIGNATURE_INFO* pSignatureInfo, IntPtr pProviderInfo, SignerSignTimeStampFlags dwTimestampFlags, Byte* pszTimestampAlgorithmOid, Char* pwszHttpTimeStamp, IntPtr psRequest, Void* pSipData, IntPtr* ppSignerContext, IntPtr pCryptoPolicy, SIGN_INFO* pSignInfo, IntPtr pReserved)
at AzureSign.Core.AuthenticodeKeyVaultSigner.SignFile(ReadOnlySpan`1 path, ReadOnlySpan`1 description, ReadOnlySpan`1 descriptionUrl, Nullable`1 pageHashing, ILogger logger)
at Sign.Core.AzureSignToolSigner.RunSignTool(AuthenticodeKeyVaultSigner signer, FileInfo file, SignOptions options) in /_/src/Sign.Core/DataFormatSigners/AzureSignToolSigner.cs:line 177
fail: Sign.Core.IDataFormatSigner[0]
Service request failed.
Status: 500 (Internal Server Error)
