We are using Team System Beta3 Refresh at the moment... looking to move to RTM in the near future...
If there are some 'real world' examples on how to implement strongname and digital certificate signing properly, so that it is supported in a Development (building in the VS IDE) AND Build environment (Team Builds), please let me know (if there are examples, you can stop reading here ;)). I would be interested in knowing: - which level of the builds scripts/solutions are used to reference these certs (project.sln, AssemblyInfo.cs, TFSBuild.proj, etc..) - how do you control the timing of the signing at compile time (for example, it would be ideal to allow ALL release/debug/unittesting to complete before signing the targets) - at least in the case of strongname signing (which is done before digital code authentication anyway), how can the process be made to be identical for developers AND the Team Build environment (one solution for both environments) - where the certificates should be stored (I personally do _not_ check them into source, but would appreciate other views on this) -------
Current line of thought, which works with some degree of success: <ItemGroup> <Binaries Include="*.dll;*.exe"/> </ItemGroup> <Target Name="AfterCompile" > <!-- sign binaries --> <Exec Command=""C:\Program Files\Microsoft Visual Studio 8\SDK\v2.0\Bin\sn.exe" -q -R d:\build\dev\ourproject\dev_ondemand\binaries\release\our.commonresources.dll z:\sign\mykey.snk"/> </Target>
NOTE: this is obviously a static reference to a single binary and we're looking for a 'dynamic solution' of course.
We were thinking of using Binaries.Identity in the Team Build system, but the path references seem 'messed up' as nothing is returned (no target binaries are listed)... *I'll continue to test with this line of thought*:
<ItemGroup> <Binaries Include="*.dll;*.exe"/> </ItemGroup> <Target Name="AfterCompile" > <!-- sign binaries --> <Exec Command=""C:\Program Files\Microsoft Visual Studio 8\SDK\v2.0\Bin\sn.exe" -q -R %(Binaries.Identity) z:\sign\mykey.snk"/> </Target>
NOTE: in this scenario, the build is also halted immediately after the release compile completes and the build fails (I.e. Debug compiles are never executed)
Additional Questions: 1) I believe there are issues with the output directory structure differences between a developer running a build on his/her machine verses an automated build type running the same solutions (for test purposes, we'd like strongname signing to work in both environments)... is there a 'standardized' method of addressing this
2) Should we be implementing strongname binary signing in the build script... or should this be done from the solution files
3) Should we be implementing digital certificate binary signing in the build script... or should this be done in some other manner Keeping in mind that this has to be scripted and executed in the automated system.
Thanks a lot dto
Visual Studio Team System12
|