Signed software install fails - was OK before the signing

Expected behavior

As part of a Jenkins build pipeline, we try to install a generated installer into a clean container. The container itself is a thin derivative of microsoft/windowsservercore:ltsc2016 with VC_redist.x64.exe added, little more. The Jenkins system runs the container and then uses stop/copy/start/exec commands to run the new container - we then exercise the installed software to check (it is only really a smoke test) and destroy the container.

This has been working fine, but I’ve extended the build steps so we sign the installed and installer binaries with signtool. The generated installer appears fine - it works OK in a normal PC - but in the test environment it fails with error code 1. Actually it fails very quickly and seems to generate no logs. I tried repeating it iteractively using the base image and the behaviour was very similar except the generated status code seemed to be 0, although it did not actually install anything as far as I can see - it definitely fails more quickly than I would expect.

It feels like I am missing some feature or package in the standard image.

Any suggestions welcome.

OK I can reply myself. Turns out I was not comparing like-with-like concerning docker and non-docker behaviour. I was comparing running from cmd within a docker container and opening the installer via GUI. When I tried to run the installer from a command window the same effect as docker occured. Seems I need to use powershell start-process -wait…

Spoke too soon. I’d not realised that Start-Process does not do anything (e.g. throw) on failure. I needed to add -PassThru, pick up the returned object (p = Start-Process...) and then look at ($p.ExitCode). It now seems to be going through the motions (takes several seconds and is not instantaneous) but on a container I get an error code of 1 (generic failure I believe) - works on an actual machine.

Still feels like I’ve missed a step.