3

I have a TeamCity (8.1) build project which runs fine most of the time. A part of my MSBuild script is, that the built executable should be code-signed, and there the build fails sometimes.

<Target Name="AfterBuild">
   <Exec Command="sign.exe /D &quot;$(OutputName)&quot; &quot;$(TargetPath)&quot; &quot;certificate.pfx&quot; password" />
</Target>

The sign.exe is a helper command line tool, which internally calls the signtool.exe from the Microsoft Windows SDK (it detects which version is installed) using hard coded timestamp servers in an iteration, because sometimes, a timestamp server is not reachable.

foreach (var tsServer in TimestampServer)
{
    var p = new Process
    {
        StartInfo =
        {
            UseShellExecute = false,
            RedirectStandardOutput = true,
            RedirectStandardError = true,
            FileName = signtool,
            Arguments = String.Format("sign /f \"{0}\" /p {1} {4} /d \"{3}\" \"{2}\"", cert, pass, file, description ?? Path.GetFileName(file), tsServer)
        }
    };
    p.Start();
    p.WaitForExit();

    if (p.ExitCode == 0)
    {
        // signing succeeded
        Environment.Exit(0);
    }
}
// if all failed issue a nonzero exit code
Environment.Exit(-1);

My custom sign.exe only returns a nonzero exit code if signing with all timestamp servers failed (edit: which not happened yet). But TeamCity marks the build as failed, because it detects, that a child process of my sign.exe exited with a nonzero exit code (edit:) even if a later call to signtool.exe was successful and sign.exe returns a zero exit code.

I know the option, to ignore nonzero exit codes, but I only want to ignore the exit codes of the child processes of my sign tool (edit) not the exit code of my sign.exe, because my tool was written exactly for the purpose to handle this issue.

Is there a way within TeamCity to handle this issue, or do I have an option to modify my custom C# command line tool to not propagate the exit codes of the child processes?

DanielB
  • 19,910
  • 2
  • 44
  • 50

1 Answers1

0

I know the option, to ignore nonzero exit codes, but I only want to ignore the exit codes of the child processes of my sign tool.

Are you sure that is a safe thing to do? It is OK in your environment if signing fails, and yet the build is created?

Is there a way within TeamCity to handle this issue, or do I have an option to modify my custom C# command line tool to not propagate the exit codes of the child processes?

I'm not sure about options within TeamCity, but since sign.exe is under your control, you can always have it return 0 whether or not the child process succeeded.

If all time servers occasionally fail, have you investigated potential causes? Perhaps a temporary internet disruption on your end? You could try pinging something highly reliable outside of your network from sign.exe after all time servers fail, to see if there is a general internet disruption.

It might be worth retrying the entire foreach loop one or more times after a delay, to allow for whatever condition causes the occasional failure to self-correct.

Eric J.
  • 147,927
  • 63
  • 340
  • 553
  • Thanks for your answer. No it's not okay, that the build is created if signing failed. That's exactly what my sign.exe is trying to handle. It tries to sign with the first timestamp server, if that fails, it takes the next one and so on. And only if all are failed the sign.exe returns nonzero. Most of the time the first timestamp server fails, the second one succeeds and my sign.exe returns zero exit code, but TeamCity detects the exit code from the (failed) first call to signtool.exe from within my sign.exe and marks my build as failed. That's what I want to workaround. – DanielB May 19 '15 at 16:17
  • I don't understand your question then... `it's not okay, that the build is created if signing failed` seems to imply that ` marks my build as failed` is the correct behavior. – Eric J. May 19 '15 at 16:33
  • 1
    Yes, it should mark my build as failed if my `sign.exe` returns a non zero exit code, but not, if it returns zero exit code (even if a sub process returns a non zero exit code). But TeamCity seams to 'listen' to all processes and it exit codes. (I've edited my question and hopefully clarified it a bit) – DanielB May 19 '15 at 16:54
  • I have this problem with MSBuild and TFS. I have a child process returning non-zeros that aren't a failure, yet even though the parent exits 0, ContinueOnError=false is still triggering a build failure. This is so frustrating... – kayleeFrye_onDeck Jul 16 '16 at 02:30