Cygwin LSA breaks code-signing -- how can I fix it?

Thu, 29 Sep 2011 11:53:49 -0700 

After installing Cygwin LSA authentication, code signing fails coming in over 
ssh from another machine.
This is cygwin 1.7.9 on x64 Windows 2003 (CYGWIN_NT-5.2-WOW64 AlansW2033 
1.7.9(0.237/5/3) 2011-03-29 10:10 i686 Cygwin)

Running locally, signing succeeds, but run in an ssh session the signing call 
gets:

    SignTool Error: ISignedCode::Sign returned error: 0x80092006
        No provider was specified for the store or object.

How can I get signing working with Cygwin LSA registered?

Details:

I installed and set up sshd using the ssh-host-config script (using default 
settings). At this point signing worked fine, but in a non-interactive ssh 
session Visual C++ failed (cl.exe /Zi got fatal error C1902), so the Cygwin LSA 
authentication package was registered.using cyglsa-config. Now in an ssh 
session cl.exe works but signing fails.

E.g.  

    $ ssh alansi@10.217.120.208 bash '/home/alansi/sign/signtest.sh'

where signtest.sh is

    #!/bin/sh
    /cygdrive/c/signing/signtool  sign -a -v \
    -n ' XXXXXXXX '
    -sha1 "1234567812345678123456781234567812345678" \
    -t "http://timestamp.verisign.com/scripts/timstamp.dll"; \
    -ac MSCV-VSClass3.cer -d "MyProg" ./mybinary.sys

gets this message:

    The following certificate was selected:
        Issued to: XXXXXXXX
        Issued by: VeriSign Class 3 Code Signing 2004 CA
        Expires:   2/5/2012 4:59:59 PM
        SHA1 hash: 1234567812345678123456781234567812345678

    Done Adding Additional Store
    Attempting to sign: ./mybinary.sys

    Number of files successfully Signed: 0
    Number of warnings: 0
    Number of errors: 1
    SignTool Error: ISignedCode::Sign returned error: 0x80092006
        No provider was specified for the store or object.

(Incidentally, this signing over shh does work when run on the target machine; 
i.e. when ssh'ing onto itself.)

Fwiw I've also tried signing using the certificate (pfx) file with password. 
That also works locally but fails via ssh:

    #!/bin/sh
    /cygdrive/c/signing/signtool  sign  /f mycert.pfx /p password 
./mybinary.sys 

    SignTool Error: IStore2::Load returned error: 0x80070005
        Access is denied.
    SignTool Error: An error occurred while attempting to load the signing 
certificate from: mycert.pfx

This is a showstopper, so if the machine has to be rebuilt from scratch that's 
fine. It must be able to compile with Visual C++ (gc++ is not an option, 
unfortunately) and sign over ssh.
Thanks

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Reply via email to