All geek questions in one place

How to manually set a password for the MSBuild sign?

We are creating an Outlook plugin in C #. It is built without problems in VS and is signed with a temporary pfx certificate. We want to put the build process in Jenkins and run it automatically.

We tried to launch a VS solution using MSBuild. It works fine on a development machine, but there is an error in Jenkins:

The following key file could not be imported: OutlookPlugin_TemporaryKey.pfx. The key file can be password protected. To fix this, try importing the certificate again or manually install the certificate in a strong CSP name with the following container name: VS_KEY_A688DC31A30F3EF1

We do not know how to specify the pfx password for automatic assembly. Or else automate the sign process.

One of the solutions that we found was to open the project in VS on the same computer and as the same user as for the automated process, and enter the password. This does not work, perhaps because Jenkins erases the workspace every day. If we try to compile without signing and then sign it later, he complains that the ClickOnce assembly must be signed. It seems that Office plugins should use ClickOnce.

So how do you specify the pfx password somewhere in the build file?

We are using VS 2010 with Office Tools.

+4
source share
2 answers

Create a file (local or well-known network resource) containing the password as a property and a link to that from the MSBuild script. Set permissions for the file so that only this assembly account can read this file. Please note that anyone who has administrator access to the assembly machine or knows the password of the assembly account will be able to read the password. Ultimately, there is no silver bullet. If MSBuild can find / decrypt / regardless of the password, a person can do it too.

If you are concerned about the security of the private key, consider splitting the subscription into a separate step and saving the private key on the smart card. This may be excessive, but it is one of the best available protections available.

Otherwise, just add the password as a property. As you know, project files are just MSBuild scripts. For instance:

<PropertyGroup> <PfxPassword>password</PfxPassword> </PropertyGroup> <!-- Sample sign task --> <SignTask> <File>MyOutlookPlugin.dll</File> <KeyFile>OutlookPlugin_TemporaryKey.pfx</KeyFile> <Password>$(PfxPassword)</Password> </SignTask>

For more information on MSBuild properties, see http://msdn.microsoft.com/en-us/library/ms171458(v=vs.80).aspx .

+1
source

We are having problems creating a project using MSBuild and Bamboo. The fix for us was to remove the next line from the .csproj file.

 <AssemblyOriginatorKeyFile>applicationcert.pfx</AssemblyOriginatorKeyFile>
+1
source

Source: https://habr.com/ru/post/1433539/

More articles:


All Articles