Each slave has it's own USB DigiCert token.
- I have multiple Jenkins slaves running on a common virtual machine
host.
- I have 1 dedicated USB DigiCert token dedicated to the Windows build
slave VM
- I have a second dedicated USB DigiCert token dedicated to the OS X
build slave VM
VMware Workstate / Fusion or ESXi make it easy to share a USB token with a
specific VM.
As far as I know, you cannot connect the same USB token with multiple VMs.
However, additional DigiCert tokens are only $25.
-Ed
My Windows slave has a pop-up watcher to automatically logon written in C#
as a console app:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Diagnostics;
using System.Threading;
// System.Windows.Automation needs add reference to:
// C:\Program Files\Reference
Assemblies\Microsoft\Framework\v3.0\UIAutomationClient.dll
// C:\Program Files\Reference
Assemblies\Microsoft\Framework\v3.0\UIAutomationTypes.dll
using System.Windows.Automation;
namespace token_logon
{
class Program
{
static int SatisfyEverySafeNetTokenPasswordRequest(string password)
{
int errorCode = 1;
bool exitLoop = false;
int count = 0;
Automation.AddAutomationEventHandler(WindowPattern.WindowOpenedEvent,
AutomationElement.RootElement, TreeScope.Children, (sender, e) =>
{
var element = sender as AutomationElement;
if (element.Current.Name == "Token Logon")
{
WindowPattern pattern =
(WindowPattern)element.GetCurrentPattern(WindowPattern.Pattern);
pattern.WaitForInputIdle(10000);
var edit = element.FindFirst(TreeScope.Descendants, new
AndCondition(
new
PropertyCondition(AutomationElement.ControlTypeProperty, ControlType.Edit),
new PropertyCondition(AutomationElement.NameProperty,
"Token Password:")));
var ok = element.FindFirst(TreeScope.Descendants, new
AndCondition(
new
PropertyCondition(AutomationElement.ControlTypeProperty, ControlType.Button),
new PropertyCondition(AutomationElement.NameProperty,
"OK")));
if (edit != null && ok != null)
{
count++;
ValuePattern vp =
(ValuePattern)edit.GetCurrentPattern(ValuePattern.Pattern);
vp.SetValue(password);
Console.WriteLine("SafeNet window (count: " + count + "
window(s)) detected. Setting password...");
InvokePattern ip =
(InvokePattern)ok.GetCurrentPattern(InvokePattern.Pattern);
ip.Invoke();
// Signal do loop to exit
// If wanted to get fancey, we could look for a
password failed window
// and wait 1 second to see if "Token Logon" closes
exitLoop = true;
errorCode = 0;
}
else
{
Console.WriteLine("SafeNet window detected but not with
edit and button...");
}
}
});
Stopwatch stopwatch = new Stopwatch();
stopwatch.Start();
while (false == exitLoop)
{
Thread.Sleep(100);
if (10 < stopwatch.Elapsed.TotalSeconds)
{
exitLoop = true;
}
}
// Throws exception when console is hidden
//while (false == exitLoop)
//{
// if (Console.KeyAvailable)
// {
// ConsoleKeyInfo key = Console.ReadKey(true);
// switch (key.Key)
// {
// case ConsoleKey.Q:
// Console.WriteLine("Quit...");
// exitLoop = true;
// break;
// default:
// break;
// }
// }
// // Do something more useful
//}
Automation.RemoveAllEventHandlers();
return errorCode;
}
static void DisplayUsage()
{
Console.WriteLine("Usage: You must start token-logon.exe in it's
own process *before* calling signtool\n");
Console.WriteLine("Batch Example:");
Console.WriteLine("--------------");
Console.WriteLine("start token-logon.exe myPaswd");
Console.WriteLine("echo Use ping as delay to make sure
token-logon.exe is started");
Console.WriteLine("ping 127.0.0.1 -n 2 > nul");
Console.WriteLine("signtool sign /t http://timestamp.digicert.com
/n \"Acme, Inc.\" \"my-win-app-3.0.1234.exe\"");
}
static int Main(string[] args)
{
if (null == args)
{
DisplayUsage();
return 1;
}
if (0 >= args.Length)
{
Console.WriteLine("*** Missing arguments");
DisplayUsage();
return 1;
}
string word = args[0];
return SatisfyEverySafeNetTokenPasswordRequest(word);
}
}
}
-Ed
On Tuesday, September 1, 2015 at 4:23:22 PM UTC-5, Giuseppe Tamburello
wrote:
>
>
>>> Hi Ed... thanks for posting your solution, I was running into a similar
> issue when initially setting up the EV cert; but I have a quick question
> for you... does your Jenkins environment have multiple slaves, and is the
> 'signing' dedicated to a single slave machine or are you able to sign from
> multiple slave machine (while only having a single EV cert). Basically,
> we're moving from using a .pfx file for signing to 'the future' of using
> the EV USB dongle, and I'm not able to get jobs to successfully sign a file
> from Slave-A on Slave-B (being that Slave-B has the USB dongle connected to
> it).... have you run into this?
>
> Thanks in advance,
> -joe
>
>
--
You received this message because you are subscribed to the Google Groups
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/jenkinsci-users/517ce73f-296d-4ce2-b8fc-cbec7517749a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
