通过 TFS Build 2008 签署 ClickOnce 清单?
我在弄清楚如何从 TFS Build 中“签署应用程序的 ClickOnce 清单”时遇到问题。
我已经在 VS 2010 中配置了我的签名页面,方法是选中“对 ClickOnce 清单进行签名”复选框并从文件中选择我们的代码签名密钥,如下面的屏幕截图所示:
现在,当我从 VS 2010 发布应用程序时,清单似乎已成功签名:
但是,当我尝试从 TFS Build 构建应用程序时,它似乎没有尝试签署清单。事实上,甚至没有一条错误消息表明某些事情失败了。
我尝试设置 TFSBuild.proj 文件,以便我的构建服务器知道该证书并且我希望签署我的清单,但我不确定如何执行此操作。
我尝试过以下方法:
<CustomPropertiesForBuild>SignManifests=true;ManifestCertificateThumbprint=<thumbprint goes here></CustomPropertiesForBuild>
但这似乎没有任何区别。 (也不会产生错误)。
注意:我对程序集的强命名不感兴趣;只需签署我的代码。
有谁知道该怎么做?有人从 TFS Build 成功部署 ClickOnce 应用程序吗?
I'm having a problem figuring out how to "Sign the ClickOnce manifests" of my application from TFS Build.
I've configured my signing page in VS 2010 by checking the "Sign the ClickOnce manifests" checkbox and choosing our code-signing key from a file, as pictured in the below screenshot:
Now, when I publish the application from VS 2010, the manifest appears to be signed successfully:
However, when I try to build the application from TFS Build, it doesn't appear to attempt to sign the manifest. In fact, there's not even an error message indicating that something failed.
I tried to set up the TFSBuild.proj file so that my build server is aware of the certificate and that I wish to sign my manifests, but I wasn't sure how to do that.
I've tried the following:
<CustomPropertiesForBuild>SignManifests=true;ManifestCertificateThumbprint=<thumbprint goes here></CustomPropertiesForBuild>
But it doesn't seem to make any difference. (No errors are generated, either).
Note: I am not interested in strong naming my assemblies; just signing my code.
Does anyone know how to do this? Has anyone successfully deployed ClickOnce apps from TFS Build?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
到目前为止,我能够通过 TFSBuild 对代码进行签名的唯一方法是启动命令行代码签名工具。这基本上涉及三个步骤:
将证书导入到构建计算机上,同时以用于运行 TFSBuild 的任何 TFSService 帐户登录。导入证书后,您需要进入证书管理器以获取其指纹(我认为它在证书管理器 UI 中称为“哈希”)。
将目标添加到您的 .csproj/.wixproj/.whateverproj 中,以找到并运行signtool.exe:
在适当的时间调用您的新目标;我们只签署发布版本,因此我们这样做:
此方法也适用于开发人员计算机,假设他们安装了正确的 SDK 工具。如果他们不这样做,就会跳过签名步骤,这对我们来说效果很好。
So far, the only way I have been able to sign my code via TFSBuild is to launch the command-line code signing tool. This basically involves three steps:
Import the certificate onto the build machine, while logged in as whatever TFSService account you use to run TFSBuild. Once you've got the certificate imported, you'll need to go into Cert Manager to get it's thumbprint (I think it's called the "hash" in the cert manager UI).
Add a Target to your .csproj/.wixproj/.whateverproj that locates signtool.exe and runs it:
Call your new target at the appropriate time; we only sign release builds, so we do this:
This method also works on the developer machines, assuming they have the proper SDK tools installed. If they don't it will just skip the signing step, which for us has worked fine.
我已经为一些客户完成了这项工作,我创建了一个 MSBuild 通用“执行 Powershell”任务,然后通过 TFS Build 2008 调用的 Powershell 脚本完成了类似的繁重工作。
I've done this for a few clients where I created a MSBuild generic "Execute Powershell" task - and then did the heavy lifting for things like this via Powershell scripts called by TFS Build 2008.