skip to Main Content

Good morning,
I have problems checking out a secure file during the build process in azure devops 2019. My task is defined as:

- task: DownloadSecureFile@1
  inputs:
    secureFile: 'oimPictureEditor_test'
  displayName: 'download configuration'

enter image description here

but it fails with:

2022-12-30T10:10:27.9053899Z ##[section]Starten: download configuration
2022-12-30T10:10:28.0009766Z ==============================================================================
2022-12-30T10:10:28.0010142Z Task         : Sichere Datei herunterladen
2022-12-30T10:10:28.0010245Z Description  : Hiermit wird eine sichere Datei an einen temporären Speicherort auf dem Agent-Computer heruntergeladen.
2022-12-30T10:10:28.0010357Z Version      : 1.151.2
2022-12-30T10:10:28.0010489Z Author       : Microsoft Corporation
2022-12-30T10:10:28.0010653Z Help         : https://docs.microsoft.com/azure/devops/pipelines/tasks/utility/download-secure-file
2022-12-30T10:10:28.0010783Z ==============================================================================
2022-12-30T10:10:28.5506559Z ##[error]Error: unable to get local issuer certificate
2022-12-30T10:10:28.5593478Z ##[section]Abschließen: download configuration

does anyone has any idea how to fix this?

thx in advance
iisiggi

4

Answers


  1. Chosen as BEST ANSWER

    I put the content of my secret file into a secret variable. That worked for me, but is for sure no general solution.


  2. Place your secure files on Azure Pipeline and download it.

    *Here are the steps:

    1. Upload the secure file in Library on Pipeline
    2. Download the files in the agent machine with using DownloadSecureFile@1 task

    enter image description here

    Download the secure files

    use the download task DownloadSecureFIle@1 task like below.

    - task: DownloadSEcureFile@1  
      name: <nameof the Task>  
      inputs:  
        secureFile: <secure file Name>
    

    The secure file is downloaded to $(Agent.TempDirectory). you can check the path with using the prepared variable such as $(<task name>.secureFIlePath)

    Reference taken from MSDoc.

    Login or Signup to reply.
  3. This is a known issue for Azure DevOps Server, and you can try the way below to resolve the issue.

      steps:
      . . .
    
      - task: PowerShell@2
        displayName: 'Set CA Cert'
        inputs:
          targetType: inline
          script: |
            if ($env:AGENT_HOMEDIRECTORY -ne $null) { $TargetFolder = $env:AGENT_HOMEDIRECTORY }
            else { $TargetFolder = [System.Environment]::GetEnvironmentVariable('TEMP','Machine') }
            Get-ChildItem -Path Cert:LocalMachineCA | ForEach-Object {
              $Cert = "-----BEGIN CERTIFICATE-----`n"
              $Cert+= $([System.Convert]::ToBase64String($_.export([System.Security.Cryptography.X509Certificates.X509ContentType]::Cert),'InsertLineBreaks'))
              $Cert+= "`n-----END CERTIFICATE-----`n"
              $Chain+= $Cert
            }
            $CertFile = "$TargetFolderTrustedRootCAs.pem"
            $Chain | Out-File $CertFile -Force -Encoding ASCII
            $Chain = $null
            Write-Host "##vso[task.setvariable variable=NODE.EXTRA.CA.CERTS]$CertFile"
    
      - task: DownloadSecureFile@1
        displayName: 'download configuration'
        inputs:
          secureFile: 'oimPictureEditor_test'
    
      . . .
    

    The step ‘Set CA Cert‘ will try to get the CA certificate and set it as the variable "NODE.EXTRA.CA.CERTS" for use.

    For more details about this issue and the solution, you can reference the following tickets:

    Login or Signup to reply.
  4. I set NODE_EXTRA_CA_CERTS as system variable manually, than restarted the agent service. That worked for me.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search