MSBuild无法使用临时密钥对ClickOnce清单进行签名(错误MSB3326和MSB3321) [英] MSBuild cannot sign a ClickOnce manifest using a temporary key (errors MSB3326 and MSB3321)
问题描述
我正在尝试建立一个ClickOnce Windows窗体项目(.NET 3.5/Visual Studio 2010). ((为了使用 Hudson CI .)
I am trying to build a ClickOnce Windows Forms project (.NET 3.5 / Visual Studio 2010) on a Windows Server computer. (In an effort to automate the build process with Hudson CI.)
为签署ClickOnce清单,我在Visual Studio temp.pfx中创建了一个临时键.我可以从工作站上的Visual Studio成功构建和部署项目.但是在服务器上运行 MSBuild 时,出现以下错误消息:
For signing the ClickOnce manifest I created a temporary key in Visual Studio, temp.pfx. I can successfully build and deploy the project from Visual Studio on my workstation. But when running MSBuild on the server I get the following error messages:
C:\ Windows \ Microsoft.NET \ Framework64 \ v4.0.30319 \ Microsoft.Common.targets(1970,9):错误MSB3326:无法导入以下密钥文件:.密钥文件可能受密码保护.若要更正此问题,请尝试再次导入证书或将证书手动导入当前用户的个人证书存储中. [C:.hudson \ jobs [...].csproj]
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Common.targets(1970,9): error MSB3326: Cannot import the following key file: . The key file may be password protected. To correct this, try to import the certificate again or import the certificate manually into the current user's personal certificate store. [C:.hudson\jobs[...].csproj]
C:\ Windows \ Microsoft.NET \ Framework64 \ v4.0.30319 \ Microsoft.Common.targets(1970,9):错误MSB3321:导入密钥文件"temp.pfx"被取消. [C:.hudson \ jobs [...].csproj]
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Common.targets(1970,9): error MSB3321: Importing key file "temp.pfx" was canceled. [C:.hudson\jobs[...].csproj]
我没有运气就尝试了以下所有问题和答案:
I tried all of the following questions and answers without luck:
=>就我而言,该错误消息并不表示证书存储的名称,而是显示当前用户的个人证书存储".
=> In my case, the error message does not indicate a name of a certificate store but says "the current user's personal certificate store" instead.
=>即使使用个人"作为容器名称(sn -i temp.pfx personal)尝试接受的答案时,它也无法解析密钥:
=> Even when trying the accepted answer with "Personal" as the container name (sn -i temp.pfx personal), it fails to parse the key:
无法解析ALiS_TemporaryKey.pfx中的PKCS#12 Blob-内部错误o 发生了.
Failed to parse the PKCS#12 blob in ALiS_TemporaryKey.pfx -- An internal error o ccurred.
Stack Overflow question Using MSBuild to sign ClickOnce or assembly results in error MSB3321
=>我尝试了接受的答案,但是无法导入密钥文件,因为"要么用户配置文件不可访问,要么您导入的私钥可能需要未安装密码服务的提供商系统"
=> I tried the accepted answer, but the key file cannot be imported because "Either the user profile is not accessible or the private key that you are importing might require a cryptographic service provider that is not installed on your system"
=>如果我尝试通过在Windows资源管理器中双击文件来导入文件,也会发生同样的情况(RobinDotNet的建议)
=> The same happens if I try to import the file by double-clicking it in Windows Explorer (RobinDotNet's suggestion)
堆栈溢出问题 使用MSBuild,Team Build和TFS中的PFX文件签名程序集
Stack Overflow question Signing assemblies with PFX files in MSBuild, Team Build, and TFS
=>该问题的操作也无法通过以上两个答案获得成功,但不幸的是,即使他得到的答案也无法帮助我:
=> The OP of that question was unsuccessful with the above two answers, too, but unfortunately not even the answers that he got would help me:
以在构建计算机上运行MSBuild的用户身份登录,手动调用MSBuild,然后在出现提示时输入密码.
Log in as the user that runs MSBuild on the build machine, manually invoke MSBuild, and then type in the password when prompted.
=>我登录并运行msbuild myproject.sln,但它甚至不会提示我输入密码.
=> I logged in and ran msbuild myproject.sln but it would not even prompt me for the password.
最终为我解决的问题是使用TFS Build服务在本地计算机上运行管理员的帐户.
What finally fixed it for me was making the account under which TFS Build service runs an administrator on the local machine.
=>运行Hudson(更准确地说是 Tomcat )的帐户是本地管理员.我甚至尝试从以管理员身份运行"命令行运行MSBuild,仍然会收到相同的错误消息.
=> The account that runs Hudson (more precisely: Tomcat) already is a local administrator. I tried to run MSBuild from a "Run As Administrator" command line even and would get the same error messages still.
更新:我试图在同一服务器上的Visual Studio中打开解决方案并进行构建.我犯了同样的错误.当我尝试在项目属性的签名"选项卡中重新导入PFX文件时,它告诉我无效密码".如果我尝试在工作站上的Visual Studio的完全相同的解决方案中导入完全相同的文件并提供相同的密码,则会接受该密码.
Update: I tried to open the solution in Visual Studio on the same server and build it. I get the same error. When I try to re-import the PFX file in the project properties' Signing tab, it tells me "invalid password". If I try to import the very same file in the very same solution in Visual Studio on my workstation and provide the very same password, it is accepted.
更新2:如果我使用在Visual Studio 2008中生成的旧临时密钥,则可以成功将其导入到我们服务器的证书存储中;我使用Visual Studio 2010新创建的任何临时密钥都无法导入.
Update 2: If I take an old temporary key which I had generated with Visual Studio 2008, it can be successfully imported in the certificate store of our server; any temporary keys I newly create with Visual Studio 2010 cannot be imported.
更新3:我能够在服务器上的Visual Studio中创建一个新的临时密钥",并在服务器以及我的工作站上都使用它来签署ClickOnce清单.我只能对此做出合理的解释-两台计算机都是64位,并且我在两台计算机上都使用Visual Studio 2010.两者都安装了v3.5和v4(4.0.30319).NET框架.我的工作站是Windows 7 Professional,服务器是 Windows Server 2008 R2标准. /p>
Update 3: I was able to create a new "temporary key" in Visual Studio on the server and use it both on the server as well as on my workstation for signing the ClickOnce manifest. I only cannot make up a reasonable explanation for it - both computers are 64-bit, and I am using Visual Studio 2010 on both. Both have the v3.5 and v4 (4.0.30319) .NET framework installed. My workstation is a Windows 7 Professional, and the server is a Windows Server 2008 R2 Standard.
推荐答案
将PFX文件复制到进行构建的计算机上.双击它,然后将其安装在计算机上的证书管理器中.确保您已登录到用于进行构建的帐户.
Copy the PFX file over to the machine you are doing the builds on. Double-click on it, and install it in the certificate manager on the machine. Be sure you are logged into the account used to do the builds.
其他建议/问题:您是否在计算机上安装了正确版本的.NET?您是否有特权写到该计算机上的证书存储区?
Other suggestions/questions: Do you have the right version of .NET installed on the machine? Do you have privileges to write to the certificate store on that machine?
如果打开Visual Studio项目,请转到项目属性并尝试创建一个新证书,它有效吗?它应该创建一个PFX文件并将其添加到项目中.您可以在证书存储区(菜单开始"/certmgr.msc)中看到它吗?
If you open the Visual Studio project, go to the project properties and try to create a new certificate, does it work? It should create a PFX file and add it to the project. And can you see it in the certificate store (menu Start/certmgr.msc)?
这篇关于MSBuild无法使用临时密钥对ClickOnce清单进行签名(错误MSB3326和MSB3321)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
