I am using github action to create archive ios build. While github runs my yml file, it gives error stating:
security: SecKeychainItemImport: MAC verification failed during PKCS12 import (wrong password?)
I rechecked my certificates and provisioning profiles, and able to create build on my local system using xcloud.
I am currently setting up a build pipeline in Azure DevOps with a self-hosted agent. Everything is working great so far except the SonarQube build steps.
When executing the Prepare SonarQube on my self-hosted agent it fails with the following error:
2018-11-19T14:14:19.1070144Z ##[debug]organization=null
2018-11-19T14:14:19.1087901Z ##[debug]scannerMode=MSBuild
2018-11-19T14:14:19.1093031Z ##[debug]projectKey=online:kiamservices:main
2018-11-19T14:14:19.1095851Z ##[debug]projectName=Online – KIAM Services
2018-11-19T14:14:19.1098962Z ##[debug]projectVersion=1.0
2018-11-19T14:14:19.1104908Z ##[debug][SQ] API GET: '/api/server/version' with query "undefined"
2018-11-19T14:14:19.2819233Z ##[debug][SQ] API GET '/api/server/version' failed, error was: {"code":"SELF_SIGNED_CERT_IN_CHAIN"}
2018-11-19T14:14:19.2832616Z ##[debug]task result: Failed
2018-11-19T14:14:19.2928009Z ##[error][SQ] API GET '/api/server/version' failed, error was: {"code":"SELF_SIGNED_CERT_IN_CHAIN"}
2018-11-19T14:14:19.2943259Z ##[debug]Processed: ##vso[task.issue type=error;][SQ] API GET '/api/server/version' failed, error was: {"code":"SELF_SIGNED_CERT_IN_CHAIN"}
2018-11-19T14:14:19.2946004Z ##[debug]Processed: ##vso[task.complete result=Failed;][SQ] API GET '/api/server/version' failed, error was: {"code":"SELF_SIGNED_CERT_IN_CHAIN"}
2018-11-19T14:14:19.3015449Z ##[section]Finishing: Prepare SonarQube
If I run the same setup on a microsoft hosted agent it runs just fine.
It is correct that my organization uses it's own Certificate Authority but the certificates are present on the self hosted agent as far as I know.
Is there a way to tell SonarQube to just ignore certificate errors?
I have looked high and low and have sadly not found any information on this error that was even remotely helpful.
Thank you in advance!
Sonar uses the Java Keystore for its certificate checks. It doesn't look at windows' keystore at all. You'll likely be able to solve this by importing the correct certificates in the JVM's keystore using the keytool utility.
See also:
https://sylvainleroy.com/2018/07/30/sonarqube-scanner-and-invalid-ssl-certificates/
The company I work on has it's own git server.
When I execute "composer update" I get the error "Host key verification failed."
I have tryed the solutions from here Git error: "Host Key Verification Failed" when connecting to remote repository
after deleting the contents on my C:/Users/myuser/.ssh/known_hosts.
A knew key was created in this file, after I executed the solution from the link above, but I still get the same error...
Any ideas?
While using signtool for code signing on our buildserver jenkins shows the following error message:
Done Adding Additional Store
Error information: "Error: SignerSign() failed." (-2147023673/0x800704c7)
SignTool Error: An unexpected internal error has occurred.
We use an EV code sign certificate on a USB token. All tools are the latest ones available actually.
Any ideas?
It is not a problem at all using the same build task and running it manually on the same machine (as the user mentioned below) that jenkins is running on, and the same environment / directory.
The Jenkins service runs on a Windows 10 pro VM as a simple user with admin rights (not as Local System).
For more details see this excerpt from the Jenkins log:
Signiere FlinkySchule.FormularEditor.exe:
Verbindung zu Token auf- bzw. abbauen
***** code signing *****
Aktueller Pfad des signtool:
c:\JW\FS\Production\Deployment\Tools\signtool\kits
Zu signierende Datei:
c:\JW\FS\Production\Application\Assemblies\FlinkySchule.FormularEditor\bin\Release\\FlinkySchule.FormularEditor.exe
The following certificate was selected:
Issued to: Dirk W.
Issued by: GlobalSign CodeSigning CA - SHA256 - G3
Expires: Fri Apr 03 15:58:51 2020
SHA1 hash: 4187Cxyxyxyxyxyxyxyxyxyxyx7978C4
Done Adding Additional Store
EXEC : error information: "Error: SignerSign() failed." (2147023673/0x800704c7) [c:\JW\FS\Production\Application\Assemblies\FlinkySchule.FormularEditor\FlinkySchule.FormularEditor.csproj]
EXEC : SignTool error : An unexpected internal error has occurred. [c:\JW\FS\Production\Application\Assemblies\FlinkySchule.FormularEditor\FlinkySchule.FormularEditor.csproj]
One issue was the over all path length:
Even in the year 2017 you will run into the 260 characters path length restriction. Annoying! But we solved this and the error still occurs sometimes.
EV codesign with Jenkins using an eToken
Found a solution using jsign
java -jar jsign-2.0.jar --keystore .\eToken.cfg --alias %yourCertAlias% --storetype PKCS11 --tsaurl http://rfc3161timestamp.globalsign.com/advanced --tsmode RFC3161 --storepass %tokenPassword% %file2sign%
eToken.cfg:
name=eToken
library=c:\WINDOWS\system32\eTPKCS11.dll
Get the certificates alias using java keytool
keytool -list -keystore NONE -storetype PKCS11 -providerclass sun.security.pkcs11.SunPKCS11 -providerArg eToken.cfg
This should output something like
Keystore-Typ: PKCS11
Keystore-Provider: SunPKCS11-eToken
Keystore enthält 1 Eintrag
te-318f471f-9a0e-4101-bf45-96a656cc2306, PrivateKeyEntry,
Zertifikat-Fingerprint (SHA1):
41:87:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:X:XX:XX:XX:XX:79:78:C4
Maybe there are some more entries in the store. To find the right have look at your certifcate's fingerprint. The alias you need for jsign's alias parameter is the string in the example that starts with "te-318f4...."
Need more detailed help about this part? Please have a look at Trustzone.
Please let me know if you are interested in knowing how we do an automated build process on a separate build machine using only one eToken USB device.
I ran into this problem as well. I was able to duplicate error outside of Jenkins by running Signtool.exe, but when the prompt appeared for the token password, click cancel. You'll get the same error.
I have a C program which watches for the Symantec prompt and automatically enters the toke password. But Jenkins clearly wasn't running Signtool.exe in the same context as my password helper program. So I then edited my program which runs Signtool.exe to run the password helper program as well. It was still no good. Then I realized that maybe the problem how Jenkins is being run on the node. I had the Jenkins node running a service. Once I stopped the service, and connected by running the java command directly on the command line, it worked!
So now I know, if I'm going to run signtool on a Windows node, make sure the node is connected by running on the command line (via scheduled task), not a service. This changes the context Jenkins is run under which allows SignTool and the Token Prompt to play nice.
I had the same issue and solved it by installing the latest Windows 10 SDK, i.e. 10.0.15063.0
I omitted the countersignature :
/tr http://tsa.starfieldtech.com
I had to specify which certificate should be used for signing
/n "My Certificate Name"
Edit: Sorry my error code was different but google brought me here, so still might be helpful.
(-2146435071/0x80100001)
I have installed mailgun on my local machine.
I am using localhost:8000 to run my laravel project. I tried to send the message and I received this message
RequestException in Client.php line 136:
SSL certificate problem: unable to get local issuer certificate
Can anyone explain how it is solved?
Download curl from https://curl.haxx.se/download.html
Download win64 version then extract.
copy ca-bundle.crt to /apache/bin/
Then open php/php.ini and edit line
curl.cainfo = "/path/to/wamp64/bin/apache/apache2.4.18/bin/ca-bundle.crt"
Restart server