Each slave has it's own USB DigiCert token.
- I have multiple Jenkins slaves running on a common virtual machine
host.
- I have 1 dedicated USB DigiCert token dedicated to the Windows build
slave VM
- I have a second dedicated USB DigiCert token dedicated to the OS X
build slave VM
VMware Workstate / Fusion or ESXi make it easy to share a USB token with a
specific VM.
As far as I know, you cannot connect the same USB token with multiple VMs.
However, additional DigiCert tokens are only $25.
-Ed
My Windows slave has a pop-up watcher to automatically logon written in C#
as a console app:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Diagnostics;
using System.Threading;
// System.Windows.Automation needs add reference to:
// C:\Program Files\Reference
Assemblies\Microsoft\Framework\v3.0\UIAutomationClient.dll
// C:\Program Files\Reference
Assemblies\Microsoft\Framework\v3.0\UIAutomationTypes.dll
using System.Windows.Automation;
namespace token_logon
{
class Program
{
static int SatisfyEverySafeNetTokenPasswordRequest(string password)
{
int errorCode = 1;
bool exitLoop = false;
int count = 0;
Automation.AddAutomationEventHandler(WindowPattern.WindowOpenedEvent,
AutomationElement.RootElement, TreeScope.Children, (sender, e) =>
{
var element = sender as AutomationElement;
if (element.Current.Name == "Token Logon")
{
WindowPattern pattern =
(WindowPattern)element.GetCurrentPattern(WindowPattern.Pattern);
pattern.WaitForInputIdle(10000);
var edit = element.FindFirst(TreeScope.Descendants, new
AndCondition(
new
PropertyCondition(AutomationElement.ControlTypeProperty, ControlType.Edit),
new PropertyCondition(AutomationElement.NameProperty,
"Token Password:")));
var ok = element.FindFirst(TreeScope.Descendants, new
AndCondition(
new
PropertyCondition(AutomationElement.ControlTypeProperty, ControlType.Button),
new PropertyCondition(AutomationElement.NameProperty,
"OK")));
if (edit != null && ok != null)
{
count++;
ValuePattern vp =
(ValuePattern)edit.GetCurrentPattern(ValuePattern.Pattern);
vp.SetValue(password);
Console.WriteLine("SafeNet window (count: " + count + "
window(s)) detected. Setting password...");
InvokePattern ip =
(InvokePattern)ok.GetCurrentPattern(InvokePattern.Pattern);
ip.Invoke();
// Signal do loop to exit
// If wanted to get fancey, we could look for a
password failed window
// and wait 1 second to see if "Token Logon" closes
exitLoop = true;
errorCode = 0;
}
else
{
Console.WriteLine("SafeNet window detected but not with
edit and button...");
}
}
});
Stopwatch stopwatch = new Stopwatch();
stopwatch.Start();
while (false == exitLoop)
{
Thread.Sleep(100);
if (10 < stopwatch.Elapsed.TotalSeconds)
{
exitLoop = true;
}
}
// Throws exception when console is hidden
//while (false == exitLoop)
//{
// if (Console.KeyAvailable)
// {
// ConsoleKeyInfo key = Console.ReadKey(true);
// switch (key.Key)
// {
// case ConsoleKey.Q:
// Console.WriteLine("Quit...");
// exitLoop = true;
// break;
// default:
// break;
// }
// }
// // Do something more useful
//}
Automation.RemoveAllEventHandlers();
return errorCode;
}
static void DisplayUsage()
{
Console.WriteLine("Usage: You must start token-logon.exe in it's
own process *before* calling signtool\n");
Console.WriteLine("Batch Example:");
Console.WriteLine("--------------");
Console.WriteLine("start token-logon.exe myPaswd");
Console.WriteLine("echo Use ping as delay to make sure
token-logon.exe is started");
Console.WriteLine("ping 127.0.0.1 -n 2 > nul");
Console.WriteLine("signtool sign /t http://timestamp.digicert.com
/n \"Acme, Inc.\" \"my-win-app-3.0.1234.exe\"");
}
static int Main(string[] args)
{
if (null == args)
{
DisplayUsage();
return 1;
}
if (0 >= args.Length)
{
Console.WriteLine("*** Missing arguments");
DisplayUsage();
return 1;
}
string word = args[0];
return SatisfyEverySafeNetTokenPasswordRequest(word);
}
}
}
-Ed
On Tuesday, September 1, 2015 at 4:23:22 PM UTC-5, Giuseppe Tamburello
wrote:
>
>
>>> Hi Ed... thanks for posting your solution, I was running into a similar
> issue when initially setting up the EV cert; but I have a quick question
> for you... does your Jenkins environment have multiple slaves, and is the
> 'signing' dedicated to a single slave machine or are you able to sign from
> multiple slave machine (while only having a single EV cert). Basically,
> we're moving from using a .pfx file for signing to 'the future' of using
> the EV USB dongle, and I'm not able to get jobs to successfully sign a file
> from Slave-A on Slave-B (being that Slave-B has the USB dongle connected to
> it).... have you run into this?
>
> Thanks in advance,
> -joe
>
>
--
You received this message because you are subscribed to the Google Groups
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/jenkinsci-users/517ce73f-296d-4ce2-b8fc-cbec7517749a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
