Error: SignTool SIGN: Password is required with Certificate path but not specified.

[thomaslevesque]

What You Are Seeing?

When I use the Sign method with a CertPath specified but no Password, Sign fails with the following error:

Error: SignTool SIGN: Password is required with Certificate path but not specified.

What is Expected?

It should sign the file; the certificate I use has no password (it's a self-signed certificate for dev purpose). signtool.exe doesn't enforce a password when using a certificate file.

What version of Cake are you using?

0.18.0

Are you running on a 32 or 64 bit system?

64 bit

What environment are you running on? Windows? Linux? Mac?

Are you running on a CI Server? If so, which one?

No

How Did You Get This To Happen? (Steps to Reproduce)

void SignFiles(IEnumerable<FilePath> paths)
{
    var settings = new SignToolSignSettings
    {
        DigestAlgorithm = SignToolDigestAlgorithm.Sha256,
        TimeStampUri = new Uri(timeStampUrl),
        TimeStampDigestAlgorithm = SignToolDigestAlgorithm.Sha256
    };

    if (!string.IsNullOrEmpty(certificateThumbprint))
    {
        // On build server, use the real certificate; the thumbprint is in an environment variable.
        settings.CertThumbprint = certificateThumbprint;
    }
    else
    {
        // On dev machine, use a self-signed dev certificate
        settings.CertPath = devPfxFile.FullPath;
    }

    Sign(paths, settings);
}

Output Log

https://gist.github.com/thomaslevesque/79b70af96b15440d363c24f6942debce

[devlead]

Looking at code it password is currently required by Cake, but as you say you can have passwordless certs.

cake/src/Cake.Common/Tools/SignTool/SignToolSignRunner.cs

Lines 150 to 155 in 0632cae

	if (settings.CertPath != null && string.IsNullOrEmpty(settings.Password))
	{
	const string format = "{0}: Password is required with Certificate path but not specified.";
	var message = string.Format(CultureInfo.InvariantCulture, format, GetToolName());
	throw new CakeException(message);
	}

            if (settings.CertPath != null && string.IsNullOrEmpty(settings.Password))
            {
                const string format = "{0}: Password is required with Certificate path but not specified.";
                var message = string.Format(CultureInfo.InvariantCulture, format, GetToolName());
                throw new CakeException(message);
            }

[devlead]

@thomaslevesque is this something you would like to send a PR for?

[thomaslevesque]

@thomaslevesque is this something you would like to send a PR for?

Absolutely (in fact I intended to, but only had time to submit the issue). It should be simple enough to fix, so you can probably expect a PR later today.

[gep13]

@thomaslevesque said...
but only had time to submit the issue

Not a problem. This is exactly the correct process 👍

[gep13]

@devlead should we class this as a bug fix, and release 0.18.1?

[devlead]

@gep13 It's been like this since start, so don't think a hotfix is needed - we can ship it with next version, we can push some of the v0.19.0 features to v0.20.0 and release it sooner than later,