none
Issue signing WDK driver with tfs automated build works fine with manual build. RRS feed

  • Question

  • Hello,

    We have a project setup for building a kernel mode wdf driver with the latest 8.1 WDK with the integrated visual studio support.

    From a local machine the project runs fine compiles signs the driver and catalog file and the files install correctly.

    At this point we are trying to now use our automated TFS build to build the same project. On the build machine when the project compiles it fails with the following error:

    C:\Program Files (x86)\Windows   Kits\8.1\build\WindowsDriver.common.targets (1177): Invalid argument   <D:\Builds\Illumina.Instrumentation\NS-Trunk-DMA\Sources\Spark\App\DmaDriver\IlluminaVerisignCert.pfx>   for property <ProductionCertificate>.

    When the same project, is built manually under a different user (on the same build machine) with msbuild the project builds but the first time builds it prompts for the password to the certificate file.  Once this is provided the project builds and signs the binaries properly and rebuilds without the password.

    Our guess is that we need to supply the password for the certificate for the automated build when it builds using the automated build server account.  We tried using the /p and /f options in the signtool under additional settings in the project signing properties but this did not seem to work.  Should this work? is it possible to specify the certificate password via the project settings so an automated build will work?

    Thanks.



    Wednesday, May 7, 2014 4:55 PM

Answers

  • Specifying the /p option in the driver signing command line's additional options doesn't work because of how we construct the signtool command line internally.

    You can, however, specify the password for the .pfx file in the project file:

    <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Win8.1 Release|Win32'">
      <SignMode>TestSign</SignMode>
      <ProductionCertificate></ProductionCertificate>
      <TestCertificate>C:\Temp\certs\SHAGENCert3.pfx</TestCertificate>
      <Password>shagenpw</Password>
    </PropertyGroup>

    Or you can set it on the command line:

    msbuild "C:\temp\KMDF Driver3.sln" /property:Configuration="Win8.1 Release" /property:Password=shagenpw


    Thanks,

    Steve


    This posting is provided AS IS with no warranties, and confers no rights.


    Wednesday, May 7, 2014 7:17 PM

All replies

  • Specifying the /p option in the driver signing command line's additional options doesn't work because of how we construct the signtool command line internally.

    You can, however, specify the password for the .pfx file in the project file:

    <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Win8.1 Release|Win32'">
      <SignMode>TestSign</SignMode>
      <ProductionCertificate></ProductionCertificate>
      <TestCertificate>C:\Temp\certs\SHAGENCert3.pfx</TestCertificate>
      <Password>shagenpw</Password>
    </PropertyGroup>

    Or you can set it on the command line:

    msbuild "C:\temp\KMDF Driver3.sln" /property:Configuration="Win8.1 Release" /property:Password=shagenpw


    Thanks,

    Steve


    This posting is provided AS IS with no warranties, and confers no rights.


    Wednesday, May 7, 2014 7:17 PM
  • Excellent! This worked, the automated build is now signing the driver correctly. Thank you very much Steve!

    Regards,

    Al

    BTW- our team is very excited by the visual studio integration of the WDK, it has made our driver work much more productive.

    Wednesday, May 7, 2014 8:25 PM