如何在从 Windows 服务启动的子 shell 中设置 http 代理
我正在编写一个 Windows 服务,它接受上传的文件,在其上运行signtool.exe 来进行签名和时间戳记,然后返回签名的文件。
当使用twisted作为独立服务器运行时,此代码可以工作,但是如果我尝试将其作为服务运行,它会失败并显示错误“签名成功,但尝试添加时间戳时发生错误”。
如果我用显式使用代理的curl.exe 调用替换signcode 子进程调用,则此操作会成功。
我已在 Internet Explorer 中设置代理并手动运行该命令。 是否有另一种方法为signtool/signcode设置http代理或其他方法来做到这一点(我热衷于将它作为一项服务,以便于集成到其他一些监控系统中)?
I am writing a windows service which takes an uploaded file, runs signtool.exe on it to do the signing and timestamping and then serves the signed file back.
The code for this works when run as a standalone server using twisted however if I try and run it as a service it fails with the error "Signing succeeded, but an error occurred while attempting to timestamp".
If I replace the signcode subprocess call with a curl.exe call which explicitly uses the proxy then this succeeds.
I have set the proxy in internet explorer and running the command manually works. Is there another way of setting an http proxy for signtool/signcode or another way of doing this (I am keen for it to be a service for ease of integration in to some other monitoring systems)?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我有同样的问题,但通过 cygwin ssh (使用密码)运行signtool。 如果我通过 gui(例如通过 rdesktop)至少登录一次,则时间戳仅通过代理和 ssh 起作用。 之后我什至不需要登录 gui 就可以通过 ssh 工作,我只需要确保我通过 gui 至少登录一次。 无论它在图形登录时所做的是什么,在重新启动后也不会消失。 然而,一个区别是我使用通过 ssh 启动的相同 powershell 动态设置代理设置:
我尝试启动 explorer.exe &、notepad & 和 iexplorer.exe & 来自 ssh 但没有帮助。 我将了解如何对代理设置进行硬编码,以及是否可以让签名用户在启动后登录到 GUI。 还将检查以确保使用 cygrunsrv -i 启动 ssh,或者在服务中检查是否允许与桌面交互。
如果系统停止,它会恢复其映像(vmware 增量映像)(这就是我能够重复问题的方式),但我总是可以更改它,看起来我可能必须这样做才能解决这个问题。
终于在此处评论的帮助下找到了答案:
http://blogs.msdn.com/b/askie /archive/2013/05/09/user-proxy-settings-showing-up-in-local-system-account- Correct-way-to-apply-proxy-settings.aspx#10606266
看起来像设置实际上必须在二进制文件中设置:
即使使用我上面所做的 powershell 设置,直到图形登录后,该二进制文件才会在注册表中创建。 最简单的方法是登录(假设你有我上面用powershell所做的注册表设置,或者通过gui中的internet选项ui手动设置),导出HKEY_Current_User\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections路径,并使用以下命令导入它:
如果您希望它适用于所有用户,您需要在以下位置应用相同的文件:
如帖子中所述。 可能还有这里提到的其他方法 https://serverfault。 com/questions/34940/how-do-i-configure-proxy-settings-for-local-system ,但以上对我来说是最简单的。
I have the same issue but running signtool via cygwin ssh (using a password). The timestamping only works via the proxy and over ssh if I login at least once through the gui (e.g. via rdesktop). I don't even have to be logged in to the gui after that for it to work via ssh, I just have to make sure I login at least once via the gui. Whatever it's doing upon graphical login survives a reboot too. One difference however is that I'm setting the proxy settings dynamically using the same powershell that I'm launching via ssh :
I tried launching explorer.exe &, notepad &, and iexplorer.exe & from ssh but it didn't help. I'll see about hard coding the proxy settings and also if its possible to have the signing user be logged into the gui after boot. Also will check to make sure ssh is launched with cygrunsrv -i or that it's allowed to interact with the desktop is checked in services.
The system reverts its image if it's halted (vmware delta image) (that's how I'm able to duplicate the problem), but I can always change it, which it looks like I might have to do to figure out this problem.
Finally figured it out with some help from the comment here :
http://blogs.msdn.com/b/askie/archive/2013/05/09/user-proxy-settings-showing-up-in-local-system-account-correct-way-to-apply-proxy-settings.aspx#10606266
Looks like the setting actually has to be set in the binary file :
This binary file doesn't get created in the registry until after graphical login even with the powershell settings I made above. Easiest way is to login (assuming you have the registry settings I made with powershell above, or set it manually through the internet options ui in the gui), export the HKEY_Current_User\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections path, and the import it with :
If you want it to apply for all users you need to apply the same file under:
as mentioned in the post. There may be other ways as mentioned here https://serverfault.com/questions/34940/how-do-i-configure-proxy-settings-for-local-system , but the above was the easiest for me.