自托管vsts构建代理上的signtool命令未完成

Question

我有一个自托管的生成代理，用于从VSTS生成.NET 4.7.2应用程序。在我的管道中，我使用Squirrel.Windows构建了一个Installer，除了二进制文件和随后的安装程序签名之外，其他所有程序都运行顺利。

• 代理在nt权限/网络服务下运行
• 正确的证书已安装在该用户的个人证书存储中

这是打包安装程序的Powershell脚本的一部分：

function Squirrelify{
param(
    $AppName,
    $BuildConfiguration,
    $BinariesDirectory
)

Set-Alias Squirrel '.\imBackend\util\squirrel_tools\Squirrel.exe'
Set-Alias Signtool 'C:\Program Files (x86)\Microsoft SDKs\ClickOnce\SignTool\signtool.exe'

$ReleaseDirectory = "$BinariesDirectory\Releases"

# build paths
$OutputDirectory = "$ReleaseDirectory\DeployPackages\$AppName\" + $BuildInfo.Branch
$BasePath = $BinariesDirectory + "\$AppName\bin\Release"

# create Nuspec file from template
$NugetInfo = (MakeNuspec -ApplicationName $AppName)

# sign binaries
Write-Host Trying to sign binaries in $BasePath

Signtool sign /v /n Dresen /t http://timestamp.digicert.com $BasePath\*.dll $BasePath\*.exe | Write-Host

# pack it
Write-Host Trying to pack Configuration $BuildConfiguration from $NugetInfo.NuspecFileName to $NugetInfo.NupkgFileName into $OutputDirectory BasePath is $BasePath
nuget pack $NugetInfo.NuspecFileName -Version $BuildInfo.SemVer -Properties Configuration="$BuildConfiguration" -OutputDirectory "$OutputDirectory" -BasePath "$BasePath"

###########################
# create squirrel installer
###########################

$SquirrelSourcePackage = "$OutputDirectory\" + $NugetInfo.NupkgFileName
$SquirrelReleaseDirectory = "$ReleaseDirectory\$AppName\" + $BuildInfo.Branch

# releasify
Write-Host "Releasifying $SquirrelSourcePackage -> $SquirrelReleaseDirectory"
Squirrel --releasify $SquirrelSourcePackage --releaseDir $SquirrelReleaseDirectory | Write-Host

# sign installer files
Signtool sign /v /n Dresen /t http://timestamp.digicert.com $SquirrelReleaseDirectory\Setup.exe $SquirrelReleaseDirectory\Setup.msi | Write-Host

}

这是该任务的完整输出：

2018-07-28T11:42:31.8123466Z ##[section]Starting: Create Squirrel Installer
2018-07-28T11:42:31.8127937Z ==============================================================================
2018-07-28T11:42:31.8128218Z Task         : PowerShell
2018-07-28T11:42:31.8128330Z Description  : Run a PowerShell script on Windows, macOS, or Linux.
2018-07-28T11:42:31.8128453Z Version      : 2.136.0
2018-07-28T11:42:31.8128548Z Author       : Microsoft Corporation
2018-07-28T11:42:31.8128663Z Help         : [More Information](https://go.microsoft.com/fwlink/?LinkID=613736)
2018-07-28T11:42:31.8128785Z ==============================================================================
2018-07-28T11:42:32.9293302Z Generating script.
2018-07-28T11:42:32.9393795Z Formatted command: . 'C:\agent\_work\1\s\imBackend\PostBuildScript.ps1' -BuildConfiguration Release -BinariesDirectory C:\agent\_work\1\a
2018-07-28T11:42:33.0109805Z ##[command]"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoLogo -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -Command ". 'C:\agent\_work\_temp\b93f5747-c0d9-49e9-a079-0deb8ab3bc4a.ps1'"
2018-07-28T11:42:33.9288388Z Updating NugetPackageName Variable for Process
2018-07-28T11:42:33.9318288Z Trying to sign binaries in C:\agent\_work\1\a\WPFDeployTest\bin\Release
2018-07-28T11:42:33.9568860Z The following certificate was selected:
2018-07-28T11:42:33.9569695Z     Issued to: Dresen und Grun GbR
2018-07-28T11:42:33.9569859Z 
2018-07-28T11:42:33.9570033Z     Issued by: thawte SHA256 Code Signing CA - G2
2018-07-28T11:42:33.9570188Z 
2018-07-28T11:42:33.9570354Z     Expires:   Sat Mar 02 23:59:59 2019
2018-07-28T11:42:33.9570484Z 
2018-07-28T11:42:33.9570651Z     SHA1 hash: 547CDFE07FB478033E0B9F1E9C10FF22AA90E9E3
2018-07-28T11:42:33.9570802Z 
2018-07-28T11:42:33.9570924Z 
2018-07-28T11:42:33.9571083Z Done Adding Additional Store
2018-07-28T11:42:34.2674054Z Trying to pack Configuration Release from C:\agent\_work\1\s\imBackend\WPFDeployTest.nuspec to WPFDeployTest.1.0.34.nupkg into C:\agent\_work\1\a\Releases\DeployPackages\WPFDeployTest\Stable BasePath is C:\agent\_work\1\a\WPFDeployTest\bin\Release
2018-07-28T11:42:34.7840009Z Attempting to build package from 'WPFDeployTest.nuspec'.
2018-07-28T11:42:35.2935047Z Successfully created package 'C:\agent\_work\1\a\Releases\DeployPackages\WPFDeployTest\Stable\WPFDeployTest.1.0.34.nupkg'.
2018-07-28T11:42:35.3411736Z Releasifying C:\agent\_work\1\a\Releases\DeployPackages\WPFDeployTest\Stable\WPFDeployTest.1.0.34.nupkg -> C:\agent\_work\1\a\Releases\WPFDeployTest\Stable
2018-07-28T11:42:36.9636469Z 
2018-07-28T11:42:39.8226626Z The following certificate was selected:
2018-07-28T11:42:39.8227431Z     Issued to: Dresen und Grun GbR
2018-07-28T11:42:39.8227599Z 
2018-07-28T11:42:39.8227782Z     Issued by: thawte SHA256 Code Signing CA - G2
2018-07-28T11:42:39.8227944Z 
2018-07-28T11:42:39.8228117Z     Expires:   Sat Mar 02 23:59:59 2019
2018-07-28T11:42:39.8228251Z 
2018-07-28T11:42:39.8228430Z     SHA1 hash: 547CDFE07FB478033E0B9F1E9C10FF22AA90E9E3
2018-07-28T11:42:39.8228633Z 
2018-07-28T11:42:39.8228760Z 
2018-07-28T11:42:39.8228930Z Done Adding Additional Store
2018-07-28T11:42:39.9227507Z PostBuildScript done.
2018-07-28T11:42:40.0272475Z ##[error]PowerShell exited with code '1'.
2018-07-28T11:42:40.0621056Z ##[section]Finishing: Create Squirrel Installer

您可以看到选择了（正确的）证书，然后在“完成添加其他存储”之后，继续进行下一步。

奇怪的是，该脚本以错误代码退出，但是一切都按预期进行了打包，管道完成并且安装程序被升级-但未签名。

当我在Powershell上以“ nt权限/网络服务”用户身份在托管构建代理的服务器上运行完全相同的命令时，该命令将完成而不会出现问题。

PS C:\Windows\system32> Signtool sign /v /n Dresen /t http://timestamp.digicert.com C:\agent\_work\1\a\WPFDeployTest\bin\Release\*.dll C:\agent\_work\1\a\WPFDeployTest\bin\Release\*.exe
The following certificate was selected:
    Issued to: Dresen und Grun GbR
    Issued by: thawte SHA256 Code Signing CA - G2
    Expires:   Sat Mar 02 23:59:59 2019
    SHA1 hash: 547CDFE07FB478033E0B9F1E9C10FF22AA90E9E3

Done Adding Additional Store
Successfully signed: C:\agent\_work\1\a\WPFDeployTest\bin\Release\CSharpLibrary.dll
Successfully signed: C:\agent\_work\1\a\WPFDeployTest\bin\Release\DeltaCompressionDotNet.dll
Successfully signed: C:\agent\_work\1\a\WPFDeployTest\bin\Release\DeltaCompressionDotNet.MsDelta.dll
Successfully signed: C:\agent\_work\1\a\WPFDeployTest\bin\Release\DeltaCompressionDotNet.PatchApi.dll
Successfully signed: C:\agent\_work\1\a\WPFDeployTest\bin\Release\imLogging.dll
Successfully signed: C:\agent\_work\1\a\WPFDeployTest\bin\Release\imUtilities.dll
Successfully signed: C:\agent\_work\1\a\WPFDeployTest\bin\Release\imUtilitiesNET46.dll
Successfully signed: C:\agent\_work\1\a\WPFDeployTest\bin\Release\log4net.dll
Successfully signed: C:\agent\_work\1\a\WPFDeployTest\bin\Release\Microsoft.Web.Infrastructure.dll
Successfully signed: C:\agent\_work\1\a\WPFDeployTest\bin\Release\Mono.Cecil.dll
Successfully signed: C:\agent\_work\1\a\WPFDeployTest\bin\Release\Mono.Cecil.Mdb.dll
Successfully signed: C:\agent\_work\1\a\WPFDeployTest\bin\Release\Mono.Cecil.Pdb.dll
Successfully signed: C:\agent\_work\1\a\WPFDeployTest\bin\Release\Mono.Cecil.Rocks.dll
Successfully signed: C:\agent\_work\1\a\WPFDeployTest\bin\Release\Newtonsoft.Json.dll
Successfully signed: C:\agent\_work\1\a\WPFDeployTest\bin\Release\NuGet.Squirrel.dll
Successfully signed: C:\agent\_work\1\a\WPFDeployTest\bin\Release\PropertyChanged.dll
Successfully signed: C:\agent\_work\1\a\WPFDeployTest\bin\Release\SharpCompress.dll
Successfully signed: C:\agent\_work\1\a\WPFDeployTest\bin\Release\Splat.dll
Successfully signed: C:\agent\_work\1\a\WPFDeployTest\bin\Release\Squirrel.dll
Successfully signed: C:\agent\_work\1\a\WPFDeployTest\bin\Release\System.Web.Helpers.dll
Successfully signed: C:\agent\_work\1\a\WPFDeployTest\bin\Release\System.Web.Razor.dll
Successfully signed: C:\agent\_work\1\a\WPFDeployTest\bin\Release\System.Web.WebPages.Deployment.dll
Successfully signed: C:\agent\_work\1\a\WPFDeployTest\bin\Release\System.Web.WebPages.dll
Successfully signed: C:\agent\_work\1\a\WPFDeployTest\bin\Release\UpdateManager.dll
Successfully signed: C:\agent\_work\1\a\WPFDeployTest\bin\Release\WPFDeployTest.exe

Number of files successfully Signed: 25
Number of warnings: 0
Number of errors: 0

我偶然发现了许多问题，无法完成这个复杂的构建流程，但是我无法克服。我在这里想念什么？