Hi, > > Because the code signing tool requires interaction with the desktop, it > > requires that you must be logged in (or at least that is my theory). There > > are techniques to configure processes to run without being logged in, but > > they all tend to leave the process with no access to the desktop or limited > > access to the desktop.
Sorry I'm late to the party. We use signtool just fine without a Desktop login. The important bit is that the Jenkins service needs to run as the user that installed the certificate to the certificate store. Code signing certificates are personal certificates, so they are attached to the user account. I've created a separate user for Jenkins, logged in as that user, installed the certificate to the user's certificate store and then configured to run the Jenkins service as that user. The service does not need Desktop access (in fact that is suboptimal, as some errors during build are then reported through inaccessible dialogs, causing the build to hang. Simon -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/20190906093411.GE5841%40psi5.com.
