使用 Microsoft 的可信签名对 nuget 包的内部程序集进行签名

问题描述 投票:0回答:1

目前使用 Azure DevOps 在内部托管 NuGet 工件,但需要对内容进行签名(不需要对 NuGet 包本身进行签名)。目前,以下管道任务用于生成 NuGet 包:

- task: DotNetCoreCLI@2
  displayName: 'Build Nuget Package'
  inputs:
    command: 'build'
    projects: '$(solution)'
    arguments: '-c $(buildConfiguration)'

但这会自动生成 *.nupkg 文件,里面是几个需要签名的各种运行时的程序集。如何使用 Microsoft 的可信签名来做到这一点?

.net-core nuget-package trusted-signing
1个回答
0
投票

是的,所以...从 *.csproj 中删除 

<GeneratePackageOnBuild>True</GeneratePackageOnBuild>
并运行 
dotnet build {solution}
,然后签名,然后运行 
dotnet pack {solution} --no-build
可以工作...对于 YAML 任务,您必须在打包时指定 
nobuild: true
.

以下是完整的管道供参考:

trigger:
- refs/tags/v*.*.*

pool:
  vmImage: 'windows-latest'

variables:
  solution: '**/*.sln'
  buildPlatform: 'Any CPU'
  buildConfiguration: 'Release'
  ARM_CLIENT_ID: ''
  ARM_ID_TOKEN: ''
  ARM_TENANT_ID: ''
  
steps:
    
- task: DotNetCoreCLI@2
  displayName: 'Build Solution'
  inputs:
    command: 'build'
    projects: '$(solution)'
    arguments: '-c $(buildConfiguration)'

- task: AzureCLI@2
  displayName: 'Azure Connection'
  inputs:
    azureSubscription: 'Azure Trusted Signing Connection'
    scriptType: 'ps'
    scriptLocation: 'inlineScript'
    inlineScript: |
      Write-Host "##vso[task.setvariable variable=ARM_CLIENT_ID;issecret=true]$env:servicePrincipalId"
      Write-Host "##vso[task.setvariable variable=ARM_ID_TOKEN;issecret=true]$env:idToken"
      Write-Host "##vso[task.setvariable variable=ARM_TENANT_ID;issecret=true]$env:tenantId"
    addSpnToEnvironment: true

- task: PowerShell@2
  displayName: 'Federated Login'
  inputs:
    targetType: 'inline'
    script: 'az login --service-principal -u $(ARM_CLIENT_ID) --tenant $(ARM_TENANT_ID) --allow-no-subscriptions --federated-token $(ARM_ID_TOKEN)'

- task: TrustedSigning@0
  displayName: Trusted Signing
  inputs:
    ExcludeEnvironmentCredential: true
    ExcludeWorkloadIdentityCredential: true
    ExcludeManagedIdentityCredential: true
    ExcludeSharedTokenCacheCredential: true
    ExcludeVisualStudioCredential: true
    ExcludeVisualStudioCodeCredential: true
    ExcludeAzureCliCredential: false
    ExcludeAzurePowershellCredential: true
    ExcludeAzureDeveloperCliCredential: true
    ExcludeInteractiveBrowserCredential: true
    Endpoint: 'https://eus.codesigning.azure.net'
    TrustedSigningAccountName: '{TrustedSigningAccountNameHere}'
    CertificateProfileName: '{CertificateProfileNameHere}'
    FilesFolder: '$(Build.SourcesDirectory)/src/code/{ProjectNameHere}/bin/$(buildConfiguration)'
    FilesFolderFilter: 'dll'
    FilesFolderRecurse: true
    FileDigest: 'SHA256'
    TimestampRfc3161: 'http://timestamp.acs.microsoft.com'
    TimestampDigest: 'SHA256'
    
- task: DotNetCoreCLI@2
  displayName: 'Bundle Nuget Package'
  inputs:
    command: 'pack'
    projects: '$(solution)'
    nobuild: true

- task: CmdLine@2
  displayName: 'List Artifact Folder'
  inputs:
    script: 'tree $(System.DefaultWorkingDirectory) /f'

- task: DotNetCoreCLI@2
  displayName: 'Publish Nuget Package'
  inputs:
    command: 'push'
    packagesToPush: '$(Build.ArtifactStagingDirectory)/*.nupkg'
    nuGetFeedType: 'internal'
    publishVstsFeed: '{publishVstsFeedHere}'
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.