signtool: options interpreted as files on AppVeyor

Jan Gerner's Avatar

Jan Gerner

23 Oct, 2020 07:31 AM

I'm taking this discussion into here, as nobody replies on Stackoverflow and my emails seems to get stuck in you guy'ses spam folder.

My original problem is that I can't sign files on AppVeyor on Windows because the command line options of `signtool` are interpreted as files
My repo: https://github.com/typeworld/guiapp
The build: https://ci.appveyor.com/project/typeworld/guiapp

I've written a Stackoverflow post about it: https://stackoverflow.com/questions/64433096/signtool-options-interpreted-as-files-on-appveyor
Previously, I posted about another issue, which today I believe has the same cause: https://stackoverflow.com/questions/64424550/xcopy-fails-in-appveyor-works-at-home-invalid-number-of-parameters/64446089

I used to execute my build script with `sh` like so:
`- cmd: sh wxPython/build/Windows/build-all.sh`

Feodor replied by email that I should try `C:\msys64\usr\bin\bash.exe`, which I did, but that approach doesn't work because bash doesn't pick up any of the environment variables, neither my own nor the ones set by AppVeyor.

Please help me to resolve this.

  1. 1 Posted by Jan Gerner on 23 Oct, 2020 08:50 AM

    Jan Gerner's Avatar

    Actualy, forget my remark about bash not picking up environment variables.
    I replaced all calls of sh with bash, and now it seems to work.

    However, I end up with the same error for signtool as previously:

    Successfully signed: build\TypeWorld.exe
    Number of files successfully Signed: 1
    Number of errors: 10
    SignTool Error: File not found: C:/msys64/tr
    SignTool Error: File not found: http://timestamp.digicert.com
    SignTool Error: File not found: C:/msys64/td
    SignTool Error: File not found: sha256
    SignTool Error: File not found: C:/msys64/fd
    SignTool Error: File not found: SHA256
    SignTool Error: File not found: N:/
    SignTool Error: File not found: Jan Gerner
    SignTool Error: File not found: V:/
    SignTool Error: File not found: C:/msys64/debug
    
  2. Support Staff 2 Posted by Feodor Fitsner on 23 Oct, 2020 03:47 PM

    Feodor Fitsner's Avatar

    You don't need to use Unix shells, indeed as the issue could be related to that.

    For example, to sign AppVeyor installers we have the following in appveyor.yml (excerpt):

    environment:
      SIGNTOOL: '"C:\Program Files (x86)\Windows Kits\10\bin\10.0.18362.0\x86\signtool.exe"'
    
    after_test:
    - %SIGNTOOL% sign /d "AppVeyor" /f <path-to>.pfx /p %cert_pwd% %OUT_DIR%\Appveyor.msi
    

    where cert_pwd is secure environment variable.

    Hope that helps.

  3. 3 Posted by Jan Gerner on 24 Oct, 2020 06:53 AM

    Jan Gerner's Avatar

    I found it. I posted this reply to my other issue on StackOverflow, but the same answer applies to my code signing problem:

    Found the cleanest solution: Don't mix Windows and Linux (WSL) environments in AppVeyor (or probably generally).

    Either call a shell script using sh or bash and then copy folders the Unix way with cp -r $SITEPACKAGES/google build/lib/ with appveyor.yml:

      build_script: 
        - cmd: sh somecommand.sh
    

    or do it the Windows way and call a Windows batch script directly and then use Windows’ copy commands xcopy "$SITEPACKAGES\\google" "build\\lib\\google" /i /e /h with appveyor.yml:

      build_script: 
        - somecommand.bat
    
  4. Support Staff 4 Posted by Feodor Fitsner on 24 Oct, 2020 06:33 PM

    Feodor Fitsner's Avatar

    Great, thanks for the update!

  5. Feodor Fitsner closed this discussion on 24 Dec, 2020 09:03 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac