I went through these resources:
- How to manage certificates and package applications in different Ubuntu setups | Tizen Developers
- javascript - CLI Tizen build-web displays Invalid Password error - Stack Overflow
I am trying to do the signing via a jenkinsfile that either spins up a docker or uses a docker file. In either case, I get failures. We are currently using a mac environment that is more manual and requires the certs to be setup on the macOS box, etc, which is a pain, but want to switch to a code-based solution where everything spins up realtime, including certificates, etcâŚ
Here is my code, a groovy script in a jenkinsfile
Attempting with the gnome-keyring stuff: âSolution 1â:
stage ('Build artifacts on docker') {
steps {
script {
docker.image('node:16.17.1').inside("--cap-add IPC_LOCK -u 0:0 -v ${WORKSPACE}:/workspace" ) {
sh 'apt-get update && apt-get install default-jre -y && apt-get install default-jdk -y'
sh 'yes | apt-get install gnome-keyring'
sh 'dbus-run-session -- bash'
sh 'useradd installuser --create-home'
sh 'wget https://download.tizen.org/sdk/Installer/tizen-studio_4.6/web-cli_Tizen_Studio_4.6_ubuntu-64.bin'
sh 'chmod +x ./web-cli_Tizen_Studio_4.6_ubuntu-64.bin'
sh 'mv ./web-cli_Tizen_Studio_4.6_ubuntu-64.bin /home/installuser'
sh "runuser -l installuser -c './web-cli_Tizen_Studio_4.6_ubuntu-64.bin --no-java-check --accept-license /home/installuser/tizen-studio'"
sh "runuser -l installuser -c '/home/installuser/tizen-studio/tools/ide/bin/tizen cli-config \"profiles.path=/home/installuser/tizen-studio-data/profile/profiles.xml\"'"
sh "runuser -l installuser -c 'echo <password> | gnome-keyring-daemon --unlock'"
sh "runuser -l installuser -c '/home/installuser/tizen-studio/tools/ide/bin/tizen security-profiles add -n gaia-samsung-tizen -a /home/installuser/dist/gaia-samsung-tizen/author.p12 -p <password> -d /home/installuser/dist/gaia-samsung-tizen/distributor.p12 -dp <password>'"
// here I attempt to write the password directly to the profiles xml, but doing this only results in error #2 AKA "Solution 2"
// sh 'sed -i -e "s/\\/home\\/installuser\\/dist\\/gaia-samsung-tizen\\/author.pwd/<password>/" /home/installuser/tizen-studio-data/profile/profiles.xml'
// sh 'sed -i -e "s/\\/home\\/installuser\\/dist\\/gaia-samsung-tizen\\/distributor.pwd/<password>/" /home/installuser/tizen-studio-data/profile/profiles.xml'
sh "runuser -l installuser -c '/home/installuser/tizen-studio/tools/ide/bin/tizen cli-config \"profiles.path=/home/installuser/tizen-studio-data/profile/profiles.xml\"'"
sh "runuser -l installuser -c 'echo <password> | gnome-keyring-daemon --unlock'"
sh "runuser -l installuser -c '/home/installuser/tizen-studio/tools/ide/bin/tizen package --type wgt --sign gaia-samsung-tizen -- /home/installuser/dist/tizen; cat /home/installuser//tizen-studio-data/cli/logs/cli.log'"
}
}
}
The error in the above case (solution 1) is:
[99%] => package-manager/PackageManagerV2.jar
[100%] =>
Installation has been completed!
Thank you for using Installer
[Pipeline] sh
- runuser -l installuser -c /home/installuser/tizen-studio/tools/ide/bin/tizen cli-config âprofiles.path=/home/installuser/tizen-studio-data/profile/profiles.xmlâ
Setting configuration is succeededâŚ
[Pipeline] sh
- runuser -l installuser -c echo | gnome-keyring-daemon --unlock
GNOME_KEYRING_CONTROL=/home/installuser/.cache/keyring-H3FUU1
SSH_AUTH_SOCK=/home/installuser/.cache/keyring-H3FUU1/ssh
[Pipeline] sh - runuser -l installuser -c /home/installuser/tizen-studio/tools/ide/bin/tizen security-profiles add -n gaia-samsung-tizen -a /home/installuser/dist/gaia-samsung-tizen/author.p12 -p -d /home/installuser/dist/gaia-samsung-tizen/distributor.p12 -dp
Loaded in â/home/installuser/tizen-studio-data/profile/profiles.xmlâ.
author path: /home/installuser/dist/gaia-samsung-tizen/author.p12
author password: ***************
distributor1 path: /home/installuser/dist/gaia-samsung-tizen/distributor.p12
distributor1 password: ***************
Wrote to â/home/installuser/tizen-studio-data/profile/profiles.xmlâ.
Succeed to add âgaia-samsung-tizenâ profile.
If want to sign by this, add the file of security profiles in CLI configuration
like âtizen cli-config âprofiles.path=/home/installuser/tizen-studio-data/profile/profiles.xmlââ.
[Pipeline] sh
- runuser -l installuser -c /home/installuser/tizen-studio/tools/ide/bin/tizen cli-config âprofiles.path=/home/installuser/tizen-studio-data/profile/profiles.xmlâ
Setting configuration is succeededâŚ
[Pipeline] sh
- runuser -l installuser -c echo | gnome-keyring-daemon --unlock
GNOME_KEYRING_CONTROL=/home/installuser/.cache/keyring-0PTDU1
SSH_AUTH_SOCK=/home/installuser/.cache/keyring-0PTDU1/ssh
[Pipeline] sh - runuser -l installuser -c /home/installuser/tizen-studio/tools/ide/bin/tizen package --type wgt --sign gaia-samsung-tizen â /home/installuser/dist/tizen; cat /home/installuser//tizen-studio-data/cli/logs/cli.log
An error has occurred. See the log file tizen-sdk/tools/ide/cli.log.
2022-10-27 20:13:04,436 [TRACE] Main.java(133) - Start running Tizen CLI Main classâŚ
2022-10-27 20:13:04,438 [TRACE] Main.java(134) - Argument count:4
2022-10-27 20:13:04,445 [TRACE] ConfigCLI.java(51) - setConfigProperty profiles.path=/home/installuser/tizen-studio-data/profile/profiles.xml
2022-10-27 20:13:04,482 [TRACE] ConfigCLI.java(76) - Execute configCLIâŚ
2022-10-27 20:13:10,059 [TRACE] Main.java(133) - Start running Tizen CLI Main classâŚ
2022-10-27 20:13:10,061 [TRACE] Main.java(134) - Argument count:14
2022-10-27 20:13:10,078 [TRACE] SecurityProfilesCLI.java(58) - Begin SecuriyProfilesCLIâŚ
2022-10-27 20:13:10,419 [TRACE] SecurityProfilesCLI.java(68) - Finish SecuriyProfilesCLIâŚ
2022-10-27 20:13:12,038 [TRACE] Main.java(133) - Start running Tizen CLI Main classâŚ
2022-10-27 20:13:12,041 [TRACE] Main.java(134) - Argument count:4
2022-10-27 20:13:12,048 [TRACE] ConfigCLI.java(51) - setConfigProperty profiles.path=/home/installuser/tizen-studio-data/profile/profiles.xml
2022-10-27 20:13:12,052 [TRACE] ConfigCLI.java(76) - Execute configCLIâŚ
2022-10-27 20:13:14,281 [TRACE] Main.java(133) - Start running Tizen CLI Main classâŚ
2022-10-27 20:13:14,283 [TRACE] Main.java(134) - Argument count:9
2022-10-27 20:13:14,296 [TRACE] PackageCLI.java(1266) - Execute PackageCLIâŚ
2022-10-27 20:13:14,296 [TRACE] PackageCLI.java(1268) - getRealWorkingPath: /home/installuser/dist/tizen
2022-10-27 20:13:14,637 [ERROR] AbstractCLI.java(93) - org.tizen.common.sign.exception.CertificationException: Invaild password
java.lang.IllegalStateException: org.tizen.common.sign.exception.CertificationException: Invaild password
at org.tizen.common.core.command.policy.UncaughtExceptionHandlingPolicy.uncaughtException(UncaughtExceptionHandlingPolicy.java:84)
at org.tizen.common.core.command.Executor.execute(Executor.java:179)
at org.tizen.common.core.command.Executor.execute(Executor.java:150)
at org.tizen.ncli.subcommands.sign.SignCLICommand.getSigningProfile(SignCLICommand.java:139)
at org.tizen.ncli.subcommands.sign.SignCLICommand.call(SignCLICommand.java:73)
at org.tizen.ncli.subcommands.sign.SignCLICommand.call(SignCLICommand.java:58)
at org.tizen.ncli.subcommands.AbstractSubCommand.runCommand(AbstractSubCommand.java:76)
at org.tizen.ncli.subcommands.packages.PackageCLICommand.call(PackageCLICommand.java:177)
at org.tizen.ncli.subcommands.packages.PackageCLICommand.call(PackageCLICommand.java:77)
at org.tizen.ncli.subcommands.AbstractSubCommand.runCommand(AbstractSubCommand.java:76)
at org.tizen.ncli.ide.shell.PackageCLI.doPackageForWgt(PackageCLI.java:925)
at org.tizen.ncli.ide.shell.PackageCLI.execute(PackageCLI.java:1343)
at org.tizen.ncli.ide.shell.AbstractCLI.execute(AbstractCLI.java:91)
at org.tizen.ncli.ide.shell.Main.run(Main.java:189)
at org.tizen.ncli.ide.shell.Main.main(Main.java:122)
Caused by: org.tizen.common.sign.exception.CertificationException: Invaild password
at org.tizen.common.sign.command.ReadSigningProfileFileCommand.checkPkcs12Password(ReadSigningProfileFileCommand.java:131)
at org.tizen.common.sign.command.ReadSigningProfileFileCommand.validateSigningInfo(ReadSigningProfileFileCommand.java:146)
at org.tizen.common.sign.command.ReadSigningProfileFileCommand.run(ReadSigningProfileFileCommand.java:101)
at org.tizen.common.core.command.Executor.execute(Executor.java:164)
⌠13 more
2022-10-27 20:13:14,639 [ERROR] Main.java(197) - org.tizen.common.sign.exception.CertificationException: Invaild password
[Pipeline] }
$ docker stop --time=1 3f93ed98cb451eca0b6dbee806a9009cfadac53231cabe50cb11e5d4bdaadccc
$ docker rm -f 3f93ed98cb451eca0b6dbee806a9009cfadac53231cabe50cb11e5d4bdaadccc
If I try Solution #2 where I put the password in the profiles.xml, this is the errorâŚ
- runuser -l installuser -c echo | gnome-keyring-daemon --unlock
GNOME_KEYRING_CONTROL=/home/installuser/.cache/keyring-XZBLU1
SSH_AUTH_SOCK=/home/installuser/.cache/keyring-XZBLU1/ssh
[Pipeline] sh - runuser -l installuser -c /home/installuser/tizen-studio/tools/ide/bin/tizen package --type wgt --sign gaia-samsung-tizen â /home/installuser/dist/tizen; cat /home/installuser//tizen-studio-data/cli/logs/cli.log
Author password: An error has occurred. See the log file tizen-sdk/tools/ide/cli.log.
2022-10-27 19:55:47,038 [TRACE] Main.java(133) - Start running Tizen CLI Main classâŚ
2022-10-27 19:55:47,040 [TRACE] Main.java(134) - Argument count:4
2022-10-27 19:55:47,047 [TRACE] ConfigCLI.java(51) - setConfigProperty profiles.path=/home/installuser/tizen-studio-data/profile/profiles.xml
2022-10-27 19:55:47,082 [TRACE] ConfigCLI.java(76) - Execute configCLIâŚ
2022-10-27 19:57:43,453 [TRACE] Main.java(133) - Start running Tizen CLI Main classâŚ
2022-10-27 19:57:43,455 [TRACE] Main.java(134) - Argument count:14
2022-10-27 19:57:43,469 [TRACE] SecurityProfilesCLI.java(58) - Begin SecuriyProfilesCLIâŚ
2022-10-27 19:57:43,855 [TRACE] SecurityProfilesCLI.java(68) - Finish SecuriyProfilesCLIâŚ
2022-10-27 19:57:46,505 [TRACE] Main.java(133) - Start running Tizen CLI Main classâŚ
2022-10-27 19:57:46,507 [TRACE] Main.java(134) - Argument count:4
2022-10-27 19:57:46,514 [TRACE] ConfigCLI.java(51) - setConfigProperty profiles.path=/home/installuser/tizen-studio-data/profile/profiles.xml
2022-10-27 19:57:46,518 [TRACE] ConfigCLI.java(76) - Execute configCLIâŚ
2022-10-27 19:57:48,625 [TRACE] Main.java(133) - Start running Tizen CLI Main classâŚ
2022-10-27 19:57:48,628 [TRACE] Main.java(134) - Argument count:9
2022-10-27 19:57:48,643 [TRACE] PackageCLI.java(1266) - Execute PackageCLIâŚ
2022-10-27 19:57:48,643 [TRACE] PackageCLI.java(1268) - getRealWorkingPath: /home/installuser/dist/tizen
2022-10-27 19:57:48,758 [ERROR] AbstractCLI.java(93) - java.lang.NullPointerException
java.lang.IllegalStateException: java.lang.NullPointerException
at org.tizen.common.core.command.policy.UncaughtExceptionHandlingPolicy.uncaughtException(UncaughtExceptionHandlingPolicy.java:84)
at org.tizen.common.core.command.Executor.execute(Executor.java:179)
at org.tizen.common.core.command.Executor.execute(Executor.java:150)
at org.tizen.ncli.subcommands.sign.SignCLICommand.getSigningProfile(SignCLICommand.java:139)
at org.tizen.ncli.subcommands.sign.SignCLICommand.call(SignCLICommand.java:73)
at org.tizen.ncli.subcommands.sign.SignCLICommand.call(SignCLICommand.java:58)
at org.tizen.ncli.subcommands.AbstractSubCommand.runCommand(AbstractSubCommand.java:76)
at org.tizen.ncli.subcommands.packages.PackageCLICommand.call(PackageCLICommand.java:177)
at org.tizen.ncli.subcommands.packages.PackageCLICommand.call(PackageCLICommand.java:77)
at org.tizen.ncli.subcommands.AbstractSubCommand.runCommand(AbstractSubCommand.java:76)
at org.tizen.ncli.ide.shell.PackageCLI.doPackageForWgt(PackageCLI.java:925)
at org.tizen.ncli.ide.shell.PackageCLI.execute(PackageCLI.java:1343)
at org.tizen.ncli.ide.shell.AbstractCLI.execute(AbstractCLI.java:91)
at org.tizen.ncli.ide.shell.Main.run(Main.java:189)
at org.tizen.ncli.ide.shell.Main.main(Main.java:122)
Caused by: java.lang.NullPointerException
at org.tizen.ncli.core.ConsolePrompter.password(ConsolePrompter.java:188)
at org.tizen.ncli.core.ConsolePrompter.batch(ConsolePrompter.java:262)
at org.tizen.ncli.core.ConsolePrompter.batch(ConsolePrompter.java:223)
at org.tizen.ncli.core.ConsolePrompter.batch(ConsolePrompter.java:204)
at org.tizen.common.sign.command.ReadSigningProfileFileCommand.interactForPassword(ReadSigningProfileFileCommand.java:221)
at org.tizen.common.sign.command.ReadSigningProfileFileCommand.run(ReadSigningProfileFileCommand.java:100)
at org.tizen.common.core.command.Executor.execute(Executor.java:164)
⌠13 more
2022-10-27 19:57:48,760 [ERROR] Main.java(197) - java.lang.NullPointerException
[Pipeline] }
Other things I tried:
- created a new author certificate using the latest IDE on my local machine - Creating Development Certificates for Samsung Tizen TVs â j2i.net and https://developer.samsung.com/smarttv/develop/getting-started/setting-up-sdk/creating-certificates.html
- running in a dockerfile without gnome-keyring and just updating the password in the file (solution 2)
- various configuration modifications on gnome-keyring
- looked at this https://developer.tizen.org/zh-hans/forums/sdk-ide/pwd-fle-format-profile.xml-certificates?langredirect=1
- Looked at this Invalid password when signing Tizen package - Stack Overflow
- looked at this Using GNOME Keyring in Docker Container | by alex_ber | Medium
- looked at this can't Using Keyring on headless ubuntu container. ¡ Issue #477 ¡ jaraco/keyring ¡ GitHub
- looked at this javascript - CLI Tizen build-web displays Invalid Password error - Stack Overflow
- looked t this tizen package wrong password ¡ Issue #66 ¡ jellyfin/jellyfin-tizen ¡ GitHub
- looked at this, wondering if I was missing a package, but it looks like Samsung cert is already installed - How to: Install Tizen Studio with CLI | by NowSecure | Mobile Application Security Testing with NowSecure | Medium
- looked at this Command Line Interface Commands | Tizen Developers
- looked at Command Line Interface Commands | Tizen Docs
In all cases the 2 errors are consistent. Canât get it to package when signing with my profile (i can package if i donât use the --sign option, but of course thatâs useless because i canât deploy). Working on this for several days now.
What am i missing? Has anyone been able to build and sign a wgt from within a docker container? The doc from samsung (listed at the top of this thread) is not very clear and has no example code. Why am i getting the error with ConsolePrompter when i hardcode the password in the profile.xml? And why is the error âinvalid passwordâ when i donât hardcode it, but have properly setup the gnome keychain?
Is there a way to generate a new author certificate on docker from an existing author cert used to deploy an existing app? maybe i canât use a cert generated on macos within ubuntu (though this wouldnât make sense cuz itâs all java anyway).
very frustrating.