Team Foundation Server的建立与密码保护codesigning失败 [英] Team Foundation Server Build with password protected codesigning fails

问题描述

我试图安装在TFS 2008的持续集成构建在该项目中我想我建立用于签名的密钥。该密钥使用密码。我不能让它打造，因为构建TFS要显示其无法显示一个对话框中。我想我需要手工在服务器上构建项目，但只有TFS探险家，并建立部分安装在服务器上。如何让我的项目有什么建议适当建立？

这是TFS给出的错误：

  

C：\\ WINDOWS \\ Microsoft.NET \\框架\\ v3.5版本\\ Microsoft.Common.targets（1805,7）：
  错误MSB4018：该ResolveKeySource
  任务意外失败。
  System.InvalidOperationException：
  显示一个模式对话框或窗体
  当应用程序没有运行
  UserInteractive模式不是有效的
  操作。指定
  ServiceNotification或
  DefaultDesktopOnly样式，以显示
  从服务通知
  应用。在
  System.Windows.Forms.Form.ShowDialog（IWin32Window
  老板）在
  System.Windows.Forms.Form.ShowDialog（）
  在
  Microsoft.Build.Tasks.ResolveKeySource.ResolveAssemblyKey（）
  在
  Microsoft.Build.Tasks.ResolveKeySource.Execute（）

解决方案

这<一个href=\"http://ozgrant.com/2008/03/13/strong-name-your-assemblies-with-team-build-using-a-private-key/\">blog后下详细介绍了具体步骤

设置键文件

创建一个密码保护的公钥/私钥使用项目的属性中的Visual Studio的签名标签对（KeyPair.pfx）
提取密钥对的公共密钥并将其复制到一个单独的文件（Key.snk）
SN.EXE -p KeyPair.pfx Key.snk

在KeyPair.pfx复制到构建服务器。我使用C：\\ Program Files文件\\的MSBuild \\ KeyFile.pfx，因为它可以再由$（MSBuildExtensionsPath）的MSBuild属性来访问。
移动KeyPair.pfx文件到一个安全＆放大器;安全位置。请将密码保密为好。
在Key.snk复制到你的开发人员可以访问的共享位置。
对于签约安装项目

对于要签名的每个组件：

1. 打开项目属性|签名页


2. 选择[X]注册的程序集复选框。


3. 选择[X]延迟只签复选框。


4. 从密钥文件下拉菜单中选择。


5. 浏览到共享位置并选择Key.snk文件


6. 的SNK文件将被复制到每个项目目录，你把它分配给


7. 从您的项目之一的密钥文件复制到解决方案的项目，这样就可以使用它的测试运行配置

设置测试运行配置为重新签署

如果你想你的仪表总成，并启用code覆盖面为你的单元测试，那么你需要指定重新签名的密钥文件。

打开LocalTestRun.testrunco​​nfig文件
在code覆盖选项卡，选择键作为重新签名的密钥文件

在开发者工作站禁用强名称验证

既然你是延迟签约只用公钥，.NET CLR装配验证将失败，当地建造集。如果验证失败，您将无法运行或调试的程序集。

要在发展中解决这个问题，你需要禁用强名称验证，你在本地构建和你的公钥延迟迹象组件。

打开Visual Studio命令提示符
类型：
SN.EXE -tp Key.snk

这将输出一些数据，包括令牌。

类型：
SN -Vr *，YOUR_KEY_TOKEN

例如： SN -Vr *，0123456789ABCDEF

这将禁用强名称验证与您的公钥签署的所有组件。
可以列出为强名称验证与当前设置：
SN -Vl

作为团队安装私钥生成

由于私钥（Key.pfx）是密码保护 - 团队建设不能访问它。由于 Nagaraju帕拉博客：使用密码保护的团队签名密钥生成，我们有解决的办法。

登录到团队生成服务器生成服务帐户
打开Visual Studio中的项目
建立在Visual Studio项目
系统将提示您输入密码私钥文件。
输入密码
关闭Visual Studio中＆安培;注销
私钥文件已经安装在生成服务帐户的本地证书存储和团队建设都可以访问它而不会再次提示输入密码。此证书存储是构建服务帐户的密码安全。 （提示：请它就像作为密钥文件的密码强）

更新TFSBuild.proj生成脚本

团队建设已访问私人密钥文件和密码。这使得它完全签名的程序集。

要覆盖项目设置和指导团队建设使用私人密钥文件和禁用部分签名，我们需要设置在TFSBuild.proj的CustomPropertiesForBuild财产

退房您的TFSBuild.proj生成脚本
搜索占位符属性（近默认行130）
用以下替换它：  SignAssembly = TRUE; DelaySign = FALSE; AssemblyOriginatorKeyFile = $（MSBuildExtensionsPath）\\ Key.pfx入住更改
队列中的构建
验证团队生成输出

要检查团队建设已经正确地强命名程序集，可以使用sn.exe实用程序验证强名称签名。

打开Visual Studio命令提示符
类型：
SN.EXE -vf assemblyname.dll

您还可以验证所有的组件在同一时间：

打开Visual Studio命令提示符
类型：
FOR％一IN（* .DLL）DO SN.EXE -vf％A

I'm trying to setup a continuous integration build on TFS 2008. In the project I want to build I use a key for signing. This key uses a password. I can't get it to build, because during the build TFS wants to show a dialog which can't be shown. I think I need to build the project by hand on the server, but only the TFS explorer and build parts are installed on the server. Any suggestions on how to get my project to build properly?

This is the error given by TFS:

C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft.Common.targets(1805,7): error MSB4018: The "ResolveKeySource" task failed unexpectedly. System.InvalidOperationException: Showing a modal dialog box or form when the application is not running in UserInteractive mode is not a valid operation. Specify the ServiceNotification or DefaultDesktopOnly style to display a notification from a service application. at System.Windows.Forms.Form.ShowDialog(IWin32Window owner) at System.Windows.Forms.Form.ShowDialog() at Microsoft.Build.Tasks.ResolveKeySource.ResolveAssemblyKey() at Microsoft.Build.Tasks.ResolveKeySource.Execute()

解决方案

This blog post below details the exact steps

Setup Key Files

Create a password-protected private/public key pair (KeyPair.pfx) using the Visual Studio "Signing" tab within a project’s properties Extract the public key from the key pair and copy it to a separate file (Key.snk) sn.exe -p KeyPair.pfx Key.snk

Copy the KeyPair.pfx to your build server. I use C:\Program Files\MSBuild\KeyFile.pfx, because it can then be accessed by the $(MSBuildExtensionsPath) MSBuild property. Move the KeyPair.pfx file to a safe & secure location. Keep the password secret as well. Copy the Key.snk to a shared location where your developers can access it. Setup Projects for Signing

For each assembly that you want to sign:

1. Open the Project Properties | Signing page
2. Select the [X] Sign the assembly checkbox.
3. Select the [X] Delay sign only checkbox.
4. Select from the key file dropdown.
5. Browse to the shared location and select the Key.snk file
6. The snk file will be copied to each project directory that you assign it to
7. Copy the key file from one of your projects into Solution Items so that you can use it for the test run configuration

Setup Test Run Configuration for Re-Signing

If you want to instrument your assemblies and enable Code Coverage for your unit tests, then you need to specify a key file for re-signing.

Open the LocalTestRun.testrunconfig file On the Code Coverage tab, select the key as the Re-Signing key file

Disable Strong-Name Verification on Developer Workstations

Since you are delay-signing with only the public key, .NET CLR assembly verification will fail with assemblies built locally. When the verification fails you won’t be able to run or debug the assemblies.

To overcome this in development, you need to disable strong-name verification for assemblies that you build locally and delay-sign with your public key.

Open a Visual Studio Command Prompt Type: sn.exe -tp Key.snk

This will output some data including the token.

Type: sn -Vr *,YOUR_KEY_TOKEN

example: sn -Vr *,0123456789abcdef

This will disable strong name verification for all assemblies signed with your public key. You can list current settings for strong name verification with: sn -Vl

Installing the Private Key for Team Build

Since the private key (Key.pfx) is password protected – Team Build cannot access it. Thanks to Nagaraju Palla’s Blog: Using Password Protected Signing Keys in Team Build, we have a solution.

Logon to the Team Build server as the build service account Open the project in Visual Studio Build the project in Visual Studio You will be prompted for the password to the private key file. Enter the password Close Visual Studio & Log off The private key file is now installed in the build service account’s local certificate store and Team Build can access it without prompting for the password again. This certificate store is as secure as the build service account’s password. (Hint: Make it just as strong as your keyfile’s password)

Updating TFSBuild.proj Build Script

Team Build has access to the private keyfile and password. This allows it to fully-sign the assemblies.

To override the project settings and instruct Team Build to use the private keyfile and disable partial-signing, we need to set the CustomPropertiesForBuild property in TFSBuild.proj

Check-out your TFSBuild.proj build script Search for the placeholder property (near line 130 by default) Replace it with the following: SignAssembly=true;DelaySign=false;AssemblyOriginatorKeyFile=$(MSBuildExtensionsPath)\Key.pfx Check-in your changes Queue a build Verifying Team Build output

To check that Team Build has correctly strongly named your assemblies, you can use the sn.exe utility to verify the strong name signature.

Open a Visual Studio Command Prompt Type: sn.exe -vf assemblyname.dll

You can also verify all your assemblies at the same time:

Open a Visual Studio Command Prompt Type: FOR %a IN (*.dll) DO sn.exe -vf %a

这篇关于Team Foundation Server的建立与密码保护codesigning失败的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！