I have an open source windows store application (UWP). When I associate the application with the store a Package.StoreAssociation.xml and a <AppName>_StoreKey.pfx is created along with some modifications to my Package.appxmanifest (Identity Tag; Name and Publisher Attributes).
Can I commit that information to a public git repository (the certificate must be in the repository because I want to build the package with AppVeyor)?
Should I encrypt it?
Could I revoke the certificate if it leaked?
Are the changes to appxmanifest sensitive?
You should not include <AppName>_StoreKey.pfx file to your public repo. However you can still use AppVeyor CI.
1.Change your *.csproj file to include this information.
<PropertyGroup Condition="('$(Configuration)' == 'Debug') Or ('$(UseTemporarySignCert)' == 'true')">
<PackageCertificateKeyFile><AppName>_TemporaryKey.pfx</PackageCertificateKeyFile>
</PropertyGroup>
<PropertyGroup Condition="('$(Configuration)' == 'Release') And ('$(UseTemporarySignCert)' != 'true')">
<PackageCertificateThumbprint><!-- Your <AppName>_StoreKey.pfx Thumbprint Here --></PackageCertificateThumbprint>
</PropertyGroup>
2.Import your <AppName>_StoreKey.pfx certificate to: store location - Current User, Certificate store - Personal
3.Add UseTemporarySignCert environment variable with value true to your AppVeyor project.
As result you will be able to build signed project by your own without <AppName>_StoreKey.pfx in release mode and publish then to the store.
And AppVeyor will work with TemporaryKey.pfx.
Can I commit that information to a public git repository (the certificate must be in the repository because I want to build the package with AppVeyor)?
For public git repository, the Store key .pfx file should not be committed(Add to .gitignore file). If you want to use the CI system, please create a private repository or append the .pfx file to your cloned project in CI backend.
Should I encrypt it?
This file has been encrypted and it's for signing your app before submitting to Windows Store, see also How to create an app package signing certificate
Could I revoke the certificate if it leaked?
You need to reserved a new app name, see here
Are the changes to appxmanifest sensitive?
Depends on what you have changed, it's very important for Identity and package information in .packagemanifest file. See App package manifest
Related
I am receiving an authentication error (401) when trying to restore a package from my other GitHub repository package source.
My project called Identity (in it's own repo) consumes my project (in a separate repo) called Core. Local build and reference in Visual Studio works fine. However my Build/Test action in the Identity repo fails to authenticate (see screenshot).
I have granted permissions to the Identity repo from the Core repo (see screenshot).
I have added specific repo location to the related Identity .csproj (see screenshot).
I think I am missing maybe something in the Action environment of the Identity project...but cannot identify what.
I'm trying to migrate from OpenShift 2 to OpenShift 3.
I have created a new app on OpenShift 3 but I'm struggling to clone my BitBucket private git repository to it. (I had no problem with OpenShift 2).
I have tried setting secrets (SSH or Basic Authentication) in Build/Advanced Options but without luck.
Here is the error message :
Cloning "git#bitbucket.org:(myusername)/(myrepository).git" ... error:
build error: Host key verification failed. fatal: Could not read from
remote repository. Please make sure you have the correct access rights
and the repository exists.
The steps if working from the command line are as follows:
1) Create a new SSH key pair for use with the repository. This cannot have a passphrase.
ssh-keygen -C "openshift-source-builder/repo#bitbucket" -f repo-at-bitbucket -N ''
This will generate files:
repo-at-bitbucket
repo-at-bitbucket.pub
being the private and public key files.
2) Go to Settings->Access keys for the repository on BitBucket, select Add key and in the popup window enter the key name openshift-source-builder and paste in the contents of the public key file. In this case repo-at-bitbucket.pub. Confirm creation by clicking on Add key on the popup window.
3) Create a secret in OpenShift for the key by running:
oc secrets new-sshauth repo-at-bitbucket --ssh-privatekey=repo-at-bitbucket
4) Enable access to the secret from the builder service account.
oc secrets link builder repo-at-bitbucket
5) In order that OpenShift knows the secret is for this specific private Git repository and automatically uses it, annotate the secret with the SSH URI for the repository.
oc annotate secret/repo-at-bitbucket \
'build.openshift.io/source-secret-match-uri-1=ssh://bitbucket.org/yourusername/private-repo.git'
Very important here is the form of the URI. In the BitBucket web interface it will show it as:
git#bitbucket.org:yourusername/private-repo.git
Do not use that. You need to use the SSH form of the URI here.
6) We can then deploy the application from the private Git repository.
oc new-app httpd~git#bitbucket.org:yourusername/private-repo.git --name mysite
Okay to use git#bitbucket.org:yourusername/private-repo.git here, or could also use the SSH form of the URI.
You can also do all this from the web console instead. Important if creating the secret as a separate step in web console to link the builder service account when doing that. If create the source secret when deploying, then it will automatically link the builder service account.
Note that if the OpenShift instance has a firewall between it and BitBucket and SSH connections are blocked, this will not work. In that case you need to fall back to using a personal access token (app password) over a SSH connection using HTTP basic authentication.
These details are now much better explained by the blog post series starting with:
https://blog.openshift.com/private-git-repositories-part-1-best-practices/
Please help me how to deploy war on openshift app.I have put our war file in webapps folder and push code but my war is not deployed.
after this default page will be open on app url.Please help me.
If you would like to deploy pre compiled java applications to your OpenShift gear, but you don't want to waste space by storing them in your git repository, then these directions are for you!
Create an application on OpenShift and select either the Tomcat 6 (JBoss EWS 1.0) or Tomcat 7 (JBoss EWS 2.0) cartridges.
Use the git clone command to download the source code for your application to your computer.
Remove the src directory and the pom.xml file from your application that you cloned to your computer.
DO NOT place your WAR files into the webapps directory.
Next, you need to do a git commit -am "some message here" to make sure that your changes are committed. Lastly, you need to do a git push to deploy your changes to your OpenShift gear.
Now comes the fun part, you need to use SCP or SFTP (with public key authentication of course) to upload your files to the correct location on your gear.
You need to place your WAR files into this folder: app-root/dependencies/jbossews/webapps on your gear.
If you run rhc tail $appname, shortly after the transfer is done you will see entries appear in the logs showing that your WAR file has been deployed and at what context.
The WAR files that you add into the webapps directory will be deployed at a context that matches the name of the WAR file.
For Example:
If you add a file called mywebsite.war, it will be available at app-domain.rhcloud.com/mywebsite. If there is an application that you would like to be available at app-domain.rhcloud.com/ (also known as the root context) then you should name that file ROOT.war.
If you need to replace them, just upload a new copy, or if you want to remove them, just ssh into your server and delete the file you uploaded and it will be un-deployed.
I am using Jenkins for our build server. I have multiple projects using the same Mercurial (Hg) repository and want to avoid each project cloning it's own local repo to build from (since the repo is rather large). This is supposed to be possible via Jenkins and the Mercurial plugin.
In my Mercurial plugin configuration I have checked both "Use Repository Caches" and "Use Repository Sharing". In each project, the same repository location (a network location specified via IP address) is listed.
However, each project still seems to want to create a clone of the repository. Any ideas?
In our setup (using Jenkins 1.506), I've defined a custom workspace under the Advanced Project Options for each of my builds, typically at [project]\repo and then build from there into a \build\ folder.
If you define the custom workspace for each Jenkins project to point to the same shared custom workspace using the same source for the repo it will reuse what is already there.
I've not tested this, but I would assume that under this setup, it is important to prevent concurrent builds from occurring in the same working directory. Bad things would follow.
As a followup question: What is your rationale for not wanting each build to have its own source code?
After installing and playing around with mercurial , I am trying to get Hudson to clone the repository so it can build my project.
At the moment the following task works.
I Can sync to my external host and the code shows up on that host.
Now I am trying to configure hudson / jenkins to access the code on my host.
But unfortunately I am rolling on a error:
Started by user anonymous
$ hg clone --rev default https://bitbucket.org/*/testproject "F:\Hudson\jobs\testproject\workspace"
abort: http authorization required
ERROR: Failed to clone https://bitbucket.org/*/testproject
[workspace] $ hg log --rev . --template {node}
java.io.IOException: Cannot run program "hg" (in directory "F:\Hudson\jobs\testproject\workspace"): CreateProcess error=267, The directory name is invalid
at java.lang.ProcessBuilder.start(ProcessBuilder.java:460)
at hudson.Proc$LocalProc.<init>(Proc.java:244)
at hudson.Proc$LocalProc.<init>(Proc.java:216)
at hudson.Launcher$LocalLauncher.launch(Launcher.java:698)
at hudson.Launcher$ProcStarter.start(Launcher.java:329)
at hudson.Launcher$ProcStarter.join(Launcher.java:336)
at hudson.plugins.mercurial.MercurialSCM.joinWithPossibleTimeout(MercurialSCM.java:298)
at hudson.plugins.mercurial.HgExe.popen(HgExe.java:191)
at hudson.plugins.mercurial.HgExe.tip(HgExe.java:171)
at hudson.plugins.mercurial.MercurialSCM.calcRevisionsFromBuild(MercurialSCM.java:254)
at hudson.scm.SCM._calcRevisionsFromBuild(SCM.java:304)
at hudson.model.AbstractProject.calcPollingBaseline(AbstractProject.java:1186)
at hudson.model.AbstractProject.checkout(AbstractProject.java:1175)
at hudson.model.AbstractBuild$AbstractRunner.checkout(AbstractBuild.java:523)
at hudson.model.AbstractBuild$AbstractRunner.run(AbstractBuild.java:418)
at hudson.model.Run.run(Run.java:1362)
at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:46)
at hudson.model.ResourceController.execute(ResourceController.java:88)
at hudson.model.Executor.run(Executor.java:145)
Caused by: java.io.IOException: CreateProcess error=267, The directory name is invalid
at java.lang.ProcessImpl.create(Native Method)
at java.lang.ProcessImpl.<init>(ProcessImpl.java:81)
at java.lang.ProcessImpl.start(ProcessImpl.java:30)
at java.lang.ProcessBuilder.start(ProcessBuilder.java:453)
... 18 more
Finished: FAILURE
What actions do i need to do to tell Hudson to use username x and password y to acces the data?
Edited => Found how to integrate ssh .
Used SSH instead of https
Download putty.exe, puttygen.exe, pageant.exe, and plink.exe from the PuTTY website.
Start puttygen and generate a key in OPENSSH FORMAT (hudsons format) (=> How to use Svn + SSH )
Click the Save private key button and save the .PPK file somewhere.
Click the Save public key button and save it.
Go to your website and enter the public ssh-key
Run pageant.exe. The pageant icon (a computer wearing a hat) will show up in the status tray.
Right-click the pageant icon and choose Add Key.
Choose the .PPK file you saved earlier and type in its passphrase.
The following (end part is copied) from Ted Naleid (Thank you!) blog witch can be found here : Hooking up hudson to your ...
Install the Mercurial plugin in Hudson
All that’s left to do now is install
the Mercurial plugin in hudson. In a
browser, go to
http://INSERT_YOUR_IP_HERE:8080.
Hudson should come up.
Click on “Manage Hudson” and go to
“Manage Plugins”. Go to the
“Available” tab, check “Hudson
Mercurial plugin” and hit the
“Install” button. Hudson will prompt
you to restart, and then it’s
installed.
After that, just create a new job and
you’ll have a new “mercurial” option
in the “source control management”
section. Select that and put the ssh
URL in the “Repository URL” field.
Then put “default” in the “branch”
field and set up the rest of the job
to build/test your code (an exercise
left to the reader).
and here it is the first succesfull build !
Conclusion : This is a summary of all the small blogpost scattered arround the internet. I hope this post helps you in starting hudson and mercurial.
I think the problem is not related to username and password. Your stacktrace tells you there's something wrong with the path F:\Hudson\jobs\testproject\workspace.
Cannot run program hg (in directory
"F:\Hudson\jobs\testproject\workspace")
The directory name is invalid
Anyway, you can specify the username and password in the URL like: http://user:password#mydomain.org.
To authenticate the Jenkins/Hudson Mercurial plugin with BitBucket I too found it useful to use the SSH protocol instead of HTTPS particularly since:
there doesn't seem to be a way to store your HTTPS credentials to BitBucket with the Mercurial Jenkins plugin, but with SSH you can safely and securely store your credentials
with SSH you can configure it to use compression, which Mercurial doesn't do natively.
Good instructions for setting up SSH access to BitBucket are available here: http://confluence.atlassian.com/display/BITBUCKET/Using+SSH+to+Access+your+Bitbucket+Repository
Notes:
If you are running Jenkins/Hudson on a *nix server, you will want to login as the user running the Jenkins process and perform these operations from that users home directory, so the configurations will be found by that user (e.g. on my Debian server installation of Jenkins standalone, the user 'jenkins' is created and the home directory is set to '/var/lib/jenkins' [not /home/jenkins] - where I performed the instructions provided at the above link).
I found it very helpful to assure the hg clone command worked from the command line before attempting to have Jenkins call it.
IMPORTANT: In order to get this to work, I had to generate a key ** without ** a passphrase.
You can add the following lines to jenkins .hgrc file (usually /var/lib/jenkins/.hgrc)
[auth]
bitbucket.prefix = https://bitbucket.org/your_user/...
bitbucket.username = your_user
bitbucket.password = ******
See http://www.selenic.com/mercurial/hgrc.5.html#auth
You can add your scm credentials in the 'Credentials` section of Jenkins:
Also change the job configuration to use the credentials: