| delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| X-SWARE-Spam-Status: | No, hits=2.8 required=5.0 tests=AWL,BAYES_00,EXECUTABLE_URI,RP_MATCHES_RCVD,SPF_HELO_PASS |
| X-Spam-Check-By: | sourceware.org |
| From: | Alan Sinclair <Alan DOT Sinclair AT citrix DOT com> |
| To: | "cygwin AT cygwin DOT com" <cygwin AT cygwin DOT com> |
| CC: | Alan Sinclair <Alan DOT Sinclair AT citrix DOT com> |
| Date: | Thu, 29 Sep 2011 11:53:20 -0700 |
| Subject: | Cygwin LSA breaks code-signing -- how can I fix it? |
| Message-ID: | <25171B03A3D9E24AADC227668ADE91C9DB77316E7B@SJCPMAILBOX01.citrite.net> |
| MIME-Version: | 1.0 |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
| X-MIME-Autoconverted: | from quoted-printable to 8bit by delorie.com id p8TIrkv5025166 |
After installing Cygwin LSA authentication, code signing fails coming in over ssh from another machine.
This is cygwin 1.7.9 on x64 Windows 2003 (CYGWIN_NT-5.2-WOW64 AlansW2033 1.7.9(0.237/5/3) 2011-03-29 10:10 i686 Cygwin)
Running locally, signing succeeds, but run in an ssh session the signing call gets:
SignTool Error: ISignedCode::Sign returned error: 0x80092006
No provider was specified for the store or object.
How can I get signing working with Cygwin LSA registered?
Details:
I installed and set up sshd using the ssh-host-config script (using default settings). At this point signing worked fine, but in a non-interactive ssh session Visual C++ failed (cl.exe /Zi got fatal error C1902), so the Cygwin LSA authentication package was registered.using cyglsa-config. Now in an ssh session cl.exe works but signing fails.
E.g.
$ ssh alansi AT 10 DOT 217 DOT 120 DOT 208 bash '/home/alansi/sign/signtest.sh'
where signtest.sh is
#!/bin/sh
/cygdrive/c/signing/signtool sign -a -v \
-n ' XXXXXXXX '
-sha1 "1234567812345678123456781234567812345678" \
-t "http://timestamp.verisign.com/scripts/timstamp.dll" \
-ac MSCV-VSClass3.cer -d "MyProg" ./mybinary.sys
gets this message:
The following certificate was selected:
Issued to: XXXXXXXX
Issued by: VeriSign Class 3 Code Signing 2004 CA
Expires: 2/5/2012 4:59:59 PM
SHA1 hash: 1234567812345678123456781234567812345678
Done Adding Additional Store
Attempting to sign: ./mybinary.sys
Number of files successfully Signed: 0
Number of warnings: 0
Number of errors: 1
SignTool Error: ISignedCode::Sign returned error: 0x80092006
No provider was specified for the store or object.
(Incidentally, this signing over shh does work when run on the target machine; i.e. when ssh'ing onto itself.)
Fwiw I've also tried signing using the certificate (pfx) file with password. That also works locally but fails via ssh:
#!/bin/sh
/cygdrive/c/signing/signtool sign /f mycert.pfx /p password ./mybinary.sys
SignTool Error: IStore2::Load returned error: 0x80070005
Access is denied.
SignTool Error: An error occurred while attempting to load the signing certificate from: mycert.pfx
This is a showstopper, so if the machine has to be rebuilt from scratch that's fine. It must be able to compile with Visual C++ (gc++ is not an option, unfortunately) and sign over ssh.
Thanks
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |