X-Recipient: archive-cygwin AT delorie DOT com
X-SWARE-Spam-Status: No, hits=0.4 required=5.0	tests=AWL,BAYES_50,EXECUTABLE_URI,FREEMAIL_FROM,RP_MATCHES_RCVD,T_TO_NO_BRKTS_FREEMAIL
X-Spam-Check-By: sourceware.org
Message-ID: <32579643.post@talk.nabble.com>
Date: Sun, 2 Oct 2011 15:35:57 -0700 (PDT)
From: "jan.kolar" <kolar AT math DOT cas DOT cz>
To: cygwin AT cygwin DOT com
Subject: Re: Cygwin LSA breaks code-signing -- how can I fix it?
In-Reply-To: <25171B03A3D9E24AADC227668ADE91C9DB77316E7B@SJCPMAILBOX01.citrite.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
References: <25171B03A3D9E24AADC227668ADE91C9DB77316E7B AT SJCPMAILBOX01 DOT citrite DOT net>
X-IsSubscribed: yes
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
Precedence: bulk
List-Id: <cygwin.cygwin.com>
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com




Alan Sinclair-2 wrote:
> 
> After installing Cygwin LSA authentication, code signing fails coming in
> over ssh from another machine.
> This is cygwin 1.7.9 on x64 Windows 2003 (CYGWIN_NT-5.2-WOW64 AlansW2033
> 1.7.9(0.237/5/3) 2011-03-29 10:10 i686 Cygwin)
> 
> Running locally, signing succeeds, but run in an ssh session the signing
> call gets:
> 
>     SignTool Error: ISignedCode::Sign returned error: 0x80092006
>         No provider was specified for the store or object.
> 
> How can I get signing working with Cygwin LSA registered?
> 
> Details:
> 
> I installed and set up sshd using the ssh-host-config script (using
> default settings). At this point signing worked fine, but in a
> non-interactive ssh session Visual C++ failed (cl.exe /Zi got fatal error
> C1902), so the Cygwin LSA authentication package was registered.using
> cyglsa-config. Now in an ssh session cl.exe works but signing fails.
> 
> E.g.  
> 
>     $ ssh alansi AT 10 DOT 217 DOT 120 DOT 208 bash '/home/alansi/sign/signtest.sh'
> 
> where signtest.sh is
> 
>     #!/bin/sh
>     /cygdrive/c/signing/signtool  sign -a -v \
>     -n ' XXXXXXXX '
>     -sha1 "1234567812345678123456781234567812345678" \
>     -t "http://timestamp.verisign.com/scripts/timstamp.dll" \
>     -ac MSCV-VSClass3.cer -d "MyProg" ./mybinary.sys
> 
> gets this message:
> 
>     The following certificate was selected:
>         Issued to: XXXXXXXX
>         Issued by: VeriSign Class 3 Code Signing 2004 CA
>         Expires:   2/5/2012 4:59:59 PM
>         SHA1 hash: 1234567812345678123456781234567812345678
> 
>     Done Adding Additional Store
>     Attempting to sign: ./mybinary.sys
> 
>     Number of files successfully Signed: 0
>     Number of warnings: 0
>     Number of errors: 1
>     SignTool Error: ISignedCode::Sign returned error: 0x80092006
>         No provider was specified for the store or object.
> 
> (Incidentally, this signing over shh does work when run on the target
> machine; i.e. when ssh'ing onto itself.)
> 
> Fwiw I've also tried signing using the certificate (pfx) file with
> password. That also works locally but fails via ssh:
> 
>     #!/bin/sh
>     /cygdrive/c/signing/signtool  sign  /f mycert.pfx /p password
> ./mybinary.sys 
> 
>     SignTool Error: IStore2::Load returned error: 0x80070005
>         Access is denied.
>     SignTool Error: An error occurred while attempting to load the signing
> certificate from: mycert.pfx
> 
> This is a showstopper, so if the machine has to be rebuilt from scratch
> that's fine. It must be able to compile with Visual C++ (gc++ is not an
> option, unfortunately) and sign over ssh.
> Thanks
> 
> --
> Problem reports:       http://cygwin.com/problems.html
> FAQ:                   http://cygwin.com/faq/
> Documentation:         http://cygwin.com/docs.html
> Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
> 
> 
> 

I would suggest  bash -l.
Moreover check all variables that are normally set by windows (compare
output of printenv and/or SET in normal versus remote shell)
Google has better suggestions 
Consider second solution on 
http://stackoverflow.com/questions/1045855/signtool-error-isignedcodesign-returned-error-0x80092006

-- 
View this message in context: http://old.nabble.com/Cygwin-LSA-breaks-code-signing----how-can-I-fix-it--tp32564538p32579643.html
Sent from the Cygwin list mailing list archive at Nabble.com.


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple