Home > Back-end >  Unable to download secure files from azure devops
Unable to download secure files from azure devops

Time:12-31

Good morning, I have problems checking out a secure file during the build process in azure devops 2019. My task is defined as:

- task: DownloadSecureFile@1
  inputs:
    secureFile: 'oimPictureEditor_test'
  displayName: 'download configuration'

enter image description here

but it fails with:

2022-12-30T10:10:27.9053899Z ##[section]Starten: download configuration
2022-12-30T10:10:28.0009766Z ==============================================================================
2022-12-30T10:10:28.0010142Z Task         : Sichere Datei herunterladen
2022-12-30T10:10:28.0010245Z Description  : Hiermit wird eine sichere Datei an einen temporären Speicherort auf dem Agent-Computer heruntergeladen.
2022-12-30T10:10:28.0010357Z Version      : 1.151.2
2022-12-30T10:10:28.0010489Z Author       : Microsoft Corporation
2022-12-30T10:10:28.0010653Z Help         : https://docs.microsoft.com/azure/devops/pipelines/tasks/utility/download-secure-file
2022-12-30T10:10:28.0010783Z ==============================================================================
2022-12-30T10:10:28.5506559Z ##[error]Error: unable to get local issuer certificate
2022-12-30T10:10:28.5593478Z ##[section]Abschließen: download configuration

does anyone has any idea how to fix this?

thx in advance iisiggi

CodePudding user response:

Place your secure files on Azure Pipeline and download it.

*Here are the steps:

  1. Upload the secure file in Library on Pipeline
  2. Download the files in the agent machine with using DownloadSecureFile@1 task

enter image description here

Download the secure files

use the download task DownloadSecureFIle@1 task like below.

- task: DownloadSEcureFile@1  
  name: <nameof the Task>  
  inputs:  
    secureFile: <secure file Name>

The secure file is downloaded to $(Agent.TempDirectory). you can check the path with using the prepared variable such as $(<task name>.secureFIlePath)

Reference taken from MSDoc.

CodePudding user response:

This is a known issue for Azure DevOps Server, and you can try the way below to resolve the issue.

  steps:
  . . .

  - task: PowerShell@2
    displayName: 'Set CA Cert'
    inputs:
      targetType: inline
      script: |
        if ($env:AGENT_HOMEDIRECTORY -ne $null) { $TargetFolder = $env:AGENT_HOMEDIRECTORY }
        else { $TargetFolder = [System.Environment]::GetEnvironmentVariable('TEMP','Machine') }
        Get-ChildItem -Path Cert:\LocalMachine\CA | ForEach-Object {
          $Cert = "-----BEGIN CERTIFICATE-----`n"
          $Cert = $([System.Convert]::ToBase64String($_.export([System.Security.Cryptography.X509Certificates.X509ContentType]::Cert),'InsertLineBreaks'))
          $Cert = "`n-----END CERTIFICATE-----`n"
          $Chain = $Cert
        }
        $CertFile = "$TargetFolder\TrustedRootCAs.pem"
        $Chain | Out-File $CertFile -Force -Encoding ASCII
        $Chain = $null
        Write-Host "##vso[task.setvariable variable=NODE.EXTRA.CA.CERTS]$CertFile"

  - task: DownloadSecureFile@1
    displayName: 'download configuration'
    inputs:
      secureFile: 'oimPictureEditor_test'

  . . .

The step 'Set CA Cert' will try to get the CA certificate and set it as the variable "NODE.EXTRA.CA.CERTS" for use.

For more details about this issue and the solution, you can reference the following tickets:

CodePudding user response:

I put the content of my secret file into a secret variable. That worked for me, but is for sure no general solution.

  • Related