[GH-ISSUE #359] Issue running sign.py on Semaphore CI (connect ECONNREFUSED ::1:8080) #96

New issue

Closed

opened 2026-03-04 00:23:51 +03:00 by kerem · 1 comment

kerem commented 2026-03-04 00:23:51 +03:00

Owner

Copy link

Originally created by @colto1000 on GitHub (Sep 16, 2023).
Original GitHub issue: https://github.com/SignTools/SignTools/issues/359

I tried basic troubleshooting first

• Updated both SignTools and the builder (SignTools-CI or SignTools-Builder) to the latest version
• Read through the FAQ page

Describe the bug

It appears there is an issue with something related to the functionality or implementation of Node, specifically in relation to the node_download() function within sign.py. This is, however, only an assumption based on my understanding of the log file.

As sign.py begins to run within Semaphore CI, we see the parent error: connect ECONNREFUSED ::1:8080. It appears to me there may be an issue with Semaphore CI interfacing with localhost (ipv6) at port 8080. That this is localhost of Semaphore CI, and not the SignTools process (on my RPi), as I have tested running SignTools on a different port (8081) and still receive the same error.

The issue persists with the implementation of GitHub Actions, in place of Semaphore CI. Issue also persists when interfacing with SignTools directly on the host machine (and disabling Caddy, the Reverse Proxy). Although, in this case, the task was using a custom bundleID, the issue still persists when signing an application with a default configuration.

SignTools’ web interface always reports either “Waiting“ or “Failed“ four any given application.

I’m using custom/explicit certificate and mobile provisioning files, with a password text file and then file included. The directory structure outlined in the advanced install guide was followed and all other functionality seems to be working as expected.

I have done as much Googling and Stack Overflow’ing as I would find reasonable before posting this bug (colluding some research into node_fetch), but I feel they may just be an issue with my configuration of the whole setup. I have follow the advance, guide closely, as well as viewing the FAQ, I have not been able to find the answer to this issue.

To reproduce

Steps to reproduce the behavior:

1. Start an app-signing job via SignTools web interface.
2. Click ‘Status’.
3. Select the most recent CI job.
4. See error.

Expected behavior

I would expect the CI handler to successfully run sign.py, and furthermore sign the requested application.

Logs

Full Log: https://pastebin.com/fPb5PBD3

Screenshots

System configuration

• SignTools version: 2.6.2
• Installation type: Raspberry Pi (self-hosted) → Caddy Reverse Proxy
• Builder type: SignTools-CI via Semaphore CI
• Builder version: 704d7be

Additional context

I am running SignTools on a Raspberry Pi 4 and run a reverse proxy through Caddy.

Originally created by @colto1000 on GitHub (Sep 16, 2023). Original GitHub issue: https://github.com/SignTools/SignTools/issues/359 **I tried basic troubleshooting first** - [x] Updated **both** [SignTools](https://github.com/SignTools/SignTools) **and** the builder ([SignTools-CI](https://github.com/SignTools/SignTools-CI) or [SignTools-Builder](https://github.com/SignTools/SignTools-Builder)) to the latest version - [x] Read through the [FAQ page](https://github.com/SignTools/SignTools/blob/master/FAQ.md) **Describe the bug** It appears there is an issue with something related to the functionality or implementation of Node, specifically in relation to the `node_download()` function within `sign.py`. This is, however, only an assumption based on my understanding of the log file. As `sign.py` begins to run within Semaphore CI, we see the parent error: `connect ECONNREFUSED ::1:8080`. It appears to me there may be an issue with Semaphore CI interfacing with localhost (ipv6) at port 8080. That this is localhost of Semaphore CI, and not the SignTools process (on my RPi), as I have tested running SignTools on a different port (8081) and still receive the same error. The issue persists with the implementation of GitHub Actions, in place of Semaphore CI. Issue also persists when interfacing with SignTools directly on the host machine (and disabling Caddy, the Reverse Proxy). Although, in this case, the task was using a custom bundleID, the issue still persists when signing an application with a default configuration. SignTools’ web interface always reports either “Waiting“ or “Failed“ four any given application. I’m using custom/explicit certificate and mobile provisioning files, with a password text file and then file included. The directory structure outlined in the advanced install guide was followed and all other functionality seems to be working as expected. I have done as much Googling and Stack Overflow’ing as I would find reasonable before posting this bug (colluding some research into node_fetch), but I feel they may just be an issue with my configuration of the whole setup. I have follow the advance, guide closely, as well as viewing the FAQ, I have not been able to find the answer to this issue. **To reproduce** Steps to reproduce the behavior: 1. Start an app-signing job via SignTools web interface. 2. Click ‘Status’. 3. Select the most recent CI job. 4. See error. **Expected behavior** I would expect the CI handler to successfully run `sign.py`, and furthermore sign the requested application. **Logs** Full Log: https://pastebin.com/fPb5PBD3 **Screenshots**  **System configuration** - SignTools version: 2.6.2 - Installation type: Raspberry Pi (self-hosted) → Caddy Reverse Proxy - Builder type: SignTools-CI via Semaphore CI - Builder version: 704d7be **Additional context** I am running SignTools on a Raspberry Pi 4 and run a reverse proxy through Caddy.

kerem 2026-03-04 00:23:51 +03:00

• closed this issue
• added the
  bug
  label

kerem commented 2026-03-04 00:23:52 +03:00

Author

Owner

Copy link

@ViRb3 commented on GitHub (Nov 4, 2023):

Sorry for responding so late, not sure how I missed this. It looks to me that you're confusing how the CI works. The way you have it set up, it connects to itself, and it rightfully fails, as there is nothing to find there. The CI needs to connect to your SignTools server (where your web UI is hosted), and pull the files from there. Therefore, you'd need to put the server's public IP or a tunnel instead of localhost.

<!-- gh-comment-id:1793557328 --> @ViRb3 commented on GitHub (Nov 4, 2023): Sorry for responding so late, not sure how I missed this. It looks to me that you're confusing how the CI works. The way you have it set up, it connects to itself, and it rightfully fails, as there is nothing to find there. The CI needs to connect to your SignTools server (where your web UI is hosted), and pull the files from there. Therefore, you'd need to put the server's public IP or a tunnel instead of localhost.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

dependabot/npm_and_yarn/prettier-3.8.2

dependabot/docker/golang-1.26.2-alpine

dependabot/github_actions/docker/build-push-action-7.1.0

dependabot/go_modules/golang.org/x/crypto-0.50.0

dependabot/github_actions/docker/login-action-4.1.0

dependabot/github_actions/actions/setup-go-6.4.0

dependabot/go_modules/github.com/rs/zerolog-1.35.0

dependabot/go_modules/golang.org/x/oauth2-0.36.0

dependabot/github_actions/docker/metadata-action-6.0.0

dependabot/github_actions/docker/setup-buildx-action-4.0.0

dependabot/github_actions/docker/setup-qemu-action-4.0.0

dependabot/go_modules/github.com/labstack/echo/v4-4.15.1

dependabot/github_actions/goreleaser/goreleaser-action-7.0.0

dependabot/docker/alpine-3.23.3

dependabot/github_actions/actions/checkout-6.0.2

develop

v3.0.11

v3.0.10

v3.0.9

v3.0.8

v3.0.7

v3.0.6

v3.0.5

v3.0.4

v3.0.3

v3.0.2

v3.0.1

v3.0.0

v2.6.2

v2.6.1

v2.6.0

v2.5.21

v2.5.20

v2.5.19

v2.5.18

v2.5.17

v2.5.16

v2.5.15

v2.5.14

v2.5.13

v2.5.12

v2.5.11

v2.5.10

v2.5.9

v2.5.8

v2.5.7

v2.5.6

v2.5.5

v2.5.4

v2.5.3

v2.5.2

v2.5.1

v2.5.0

v2.4.18

v2.4.17

v2.4.16

v2.4.15

v2.4.14

v2.4.13

v2.4.12

v2.4.11

v2.4.10

v2.4.9

v2.4.8

v2.4.7

v2.4.6

v2.4.5

v2.4.4

v2.4.3

v2.4.2

v2.4.1

v2.4.0

v2.3.15

v2.3.14

v2.3.13

v2.3.12

v2.3.11

v2.3.10

v2.3.9

v2.3.8

v2.3.7

v2.3.6

v2.3.5

v2.3.4

v2.3.3

v2.3.2

v2.3.1

v2.3.0

v2.2.6

v2.2.5

v2.2.4

v2.2.3

v2.2.2

v2.2.1

v2.2.0

v2.1.8

v2.1.7

v2.1.6

v2.1.5

v2.1.4

v2.1.3

v2.1.2

v2.1.1

v2.1.0

v2.0.1

v2.0.0

v1.9.3

v1.9.2

v1.9.1

v1.9.0

v1.8.5

v1.8.4

v1.8.3

v1.8.2

v1.8.1

v1.8.0

v1.7.3

v1.7.2

v1.7.1

v1.7.0

v1.6.0

v1.5.4

v1.5.3

v1.5.2

v1.5.1

v1.5.0

v1.4.5

v1.4.4

v1.4.3

v1.4.2

v1.4.1

v1.4.0

v1.3.3

v1.3.2

v1.3.1

v1.3.0

v1.2.0

v1.1.0

v1.0.1

v1.0.0

Labels

Clear labels   

bug

  

enhancement

  

enhancement

  

good first issue

  

help wanted

  

pull-request

Mirrored from GitHub Pull Request

  

question

No labels

bug

enhancement

enhancement

good first issue

help wanted

pull-request

question

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/SignTools#96

No description provided.