0

我正在尝试使用docker 映像在 Gitlab Pipeline 中进行签名.exe和文件设置:.dlldocker-windows
mcr.microsoft.com/dotnet/framework/sdk:4.8-windowsservercore-ltsc2019

我尝试调用这些命令:
> sn.exe -R myfile.exe myKey.snk
> signtool.exe sign /v /f myCert.p12 /p myPassword /fd sha256 /tr "http://sha256timestamp.ws.symantec.com/sha256/timestamp" /td sha256 myFile.exe

在我的机器文件上本地执行此操作时,已成功签名:

> sn.exe -R myfile.exe myKey.snk
Microsoft (R) .NET Framework Strong Name Utility  Version 4.0.30319.0
Copyright (c) Microsoft Corporation.  All rights reserved.

Assembly 'myFile.exe' successfully re-signed
> signtool.exe sign /v /f myCert.p12 /p myPassword /fd sha256 /tr "http://sha256timestamp.ws.symantec.com/sha256/timestamp" /td sha256 myFile.exe
The following certificate was selected:
    Issued to: someone
    Issued by: some-private-ca
    Expires:   Fri Aug 28 09:40:11 2020
    SHA1 hash: hash

Done Adding Additional Store
Successfully signed: myFile.exe

Number of files successfully Signed: 1
Number of warnings: 0
Number of errors: 0

但是,使用 Gitlab 管道强名称工具 ( sn.exe) 并signtool.exe失败:

> sn.exe -R myfile.exe myKey.snk
Microsoft (R) .NET Framework Strong Name Utility  Version 4.0.30319.0
Copyright (c) Microsoft Corporation.  All rights reserved.
Failed to re-sign the assembly -- Error code: 80131701
> signtool.exe sign /v /f myCert.p12 /p myPassword /fd sha256 /tr "http://sha256timestamp.ws.symantec.com/sha256/timestamp" /td sha256 myFile.exe
The following certificate was selected:
Done Adding Additional Store

我没有找出错误代码80131701指的是什么。
在某些情况下,人们得到了错误代码System.Runtime.InteropServices.COMException (0x80131701)

这可能是由于我的计算机上存在的 docker 映像中缺少某些证书引起的吗?

4

1 回答 1

0

为了修复sn comamnd,我不得不将本地sn.exe文件替换为C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\sn.exe

> C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\sn.exe -R myfile.exe myKey.snk

要修复signtool命令,需要在 docker 容器中导入证书:

> Set-Content myCert.pfx -Encoding Byte -Value ([System.Convert]::FromBase64String(myCert.p12))
> Import-PfxCertificate -FilePath myCert.pfx -Password (ConvertTo-SecureString -String myPassword -AsPlainText -Force) -CertStoreLocation Cert:\LocalMachine\Root
> $cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
> $cert.Import(myCert.pfx, myPassword, 'DefaultKeySet')
> Set-AuthenticodeSignature -Cert myCert.pfx -TimeStampServer http://sha256timestamp.ws.symantec.com/sha256/timestamp -FilePath myFile.exe -HashAlgorithm SHA256
于 2020-11-26T07:51:14.167 回答