I am establishing a new Azure DevOps build server on an Azure VM running Windows Server 2022. Running the VsixSignTool fails in the build pipeline on this server.
I am replacing an old build server where this pipeline runs correctly. The old build server has Visual Studio 2019 and 2022 Community installed; the new build server only has the Visual Studio Build Tools.
Setup
Visual Studio Build Tools 2022 (17.4.1) and other dependencies like WIX toolset etc are all installed on the server. As part of the Visual Studio Build Tools, the following components are installed (exported from the Visual Studio Installer):
{
"version": "1.0",
"components": [
"Microsoft.VisualStudio.Component.Roslyn.Compiler",
"Microsoft.Component.MSBuild",
"Microsoft.VisualStudio.Component.CoreBuildTools",
"Microsoft.VisualStudio.Workload.MSBuildTools",
"Microsoft.VisualStudio.Component.TestTools.BuildTools",
"Microsoft.Net.Component.4.8.SDK",
"Microsoft.Net.Component.4.7.2.TargetingPack",
"Microsoft.VisualStudio.Component.Windows11SDK.22621",
"Microsoft.VisualStudio.Component.NuGet.BuildTools",
"Microsoft.VisualStudio.Web.BuildTools.ComponentGroup",
"Microsoft.Net.ComponentGroup.DevelopmentPrerequisites",
"Microsoft.VisualStudio.Component.TypeScript.TSServer",
"Microsoft.Net.Component.4.8.TargetingPack",
"Microsoft.Net.ComponentGroup.4.8.DeveloperTools",
"Microsoft.NetCore.Component.Runtime.6.0",
"Microsoft.NetCore.Component.Runtime.7.0",
"Microsoft.NetCore.Component.SDK",
"Microsoft.VisualStudio.Component.DockerTools.BuildTools",
"Microsoft.Component.ClickOnce.MSBuild",
"Microsoft.VisualStudio.Wcf.BuildTools.ComponentGroup",
"Microsoft.VisualStudio.Component.WebDeploy",
"Microsoft.Net.Component.3.5.DeveloperTools",
"Microsoft.VisualStudio.Workload.WebBuildTools",
"Microsoft.VisualStudio.Workload.ManagedDesktopBuildTools",
"Microsoft.Net.Component.4.6.TargetingPack",
"Microsoft.VisualStudio.Component.VSSDKBuildTools",
"Microsoft.VisualStudio.ComponentGroup.VisualStudioExtensionBuildTools.Prerequisites",
"Microsoft.VisualStudio.Workload.VisualStudioExtensionBuildTools",
"Microsoft.VisualStudio.Component.SQL.SSDTBuildSku",
"Microsoft.NetCore.Component.Runtime.5.0"
]
}
One of the projects in my solution is a VSIX package. The project has a PackageReference to the current version of the VsixSignTool:
<PackageReference Include="Microsoft.VSSDK.Vsixsigntool">
<Version>16.2.29116.78</Version>
</PackageReference>
and it has an afterbuild target to sign the VSIX package:
<PropertyGroup>
<VsixSignTool>$(NuGetPackageRoot)microsoft.vssdk.vsixsigntool\16.2.29116.78\tools\vssdk\vsixsigntool.exe</VsixSignTool>
<VsixSignCommand>$(VsixSignTool) sign /f $(SIGN_CERTIFICATE) /p $(SIGN_PASSWORD) /sha1 $(SIGN_CERT_HASH) /fd sha256 /t $(SIGN_TIMESTAMPSERVER)</VsixSignCommand>
</PropertyGroup>
<Target Name="AfterBuild" DependsOnTargets="CoreCompile" Condition="Exists('$(SIGN_CERTIFICATE)')">
<Message Text="Signing $(TargetVsixContainer)" />
<Exec Command="$(VsixSignCommand) $(MSBuildProjectDirectory)\$(TargetVsixContainer)" />
</Target>
Problem
When the pipeline runs, it fails when attempting to sign the package. This is the output (slightly obfuscated):
"C:\Users\(AzureDevOpsAgentUser)\.nuget\packages\microsoft.vssdk.vsixsigntool\16.2.29116.78\tools\vssdk\vsixsigntool.exe sign /f (path to pfx file) /p (the password) /sha1 (the certificate hash) /fd sha256 /t (timestamp server) (path to newly built vsix file)" exited with code -1073741515.
The Azure DevOps Agent user is local administrator on the build server.
Apart from the fact that it fails, this all looks good. When I connect to the build server, the vsixsigntool.exe is indeed in the expected location. All options to the vsixsigntool are correct. In fact, I temporarily installed the OpenVsixSignTool and could use this from powershell to sign the vsix with the exact same options. So, the certificate, password, hash etc are all correct and work. A side note: I would prefer to stick to the official vsixsigntool and avoid shifting to the OpenVsixSignTool.
Trying to run the vsixsigntool by hand from an elevated PowerShell does not do anything at all. It does not sign the vsix and it gives absolutely no output whatsoever. As a matter of fact, even if I give the vsixsigntool utter rubbish as options, it just completes with absolutely no information or errors. Here a copy/paste from PowerShell (elevated):
PS C:\Users\(Azure DevOps Agent User)\.nuget\packages\microsoft.vssdk.vsixsigntool\16.2.29116.78\tools\vssdk> .\vsixsigntool.exe /absolute /rubbish /for /you mate
PS C:\Users\(Azure DevOps Agent User)\.nuget\packages\microsoft.vssdk.vsixsigntool\16.2.29116.78\tools\vssdk>
It just silently runs with bad input and gives no information at all. Nothing in the event log. I am at a total loss.
What am I missing here? Any help greatly appreciated!
