With v1.3.0 not being fully released yet, attempting download of Net8
bits may fail if not explicitly setting v1.3.0-alpha in
`installcredprovider.sh`. Update the variable check to avoid "default"
downloads of .NET 8.
Add support for the new .NET 8 and .NET Framework 4.8.1 versions in the
`installcredprovider` command line scripts.
Invoke using the `$InstallNet8` or `$AddNetfx48` switch parameters for
the `installcredprovider.ps1` script, or
`USE_NET8_ARTIFACTS_CREDENTIAL_PROVIDER` for `installcredprovider.sh`
With the end of support for multiple .NET releases used by the artifacts
credential provider, it's time to migrate to supported .NET versions.
This includes a bump of .NET 6 -> .NET 8 and .NET Framework 4.6.1 to
.NET Framework 4.8.1.
For more info on end of support dates, see
https://github.com/dotnet/core/blob/main/releases.md
These new bits will not be set as the default version being installed
until the next major release as documented in the README. I'll also post
an announcement about the upcoming deprecation.
---------
Co-authored-by: Coby Allred <coallred@microsoft.com>
Add Program context comment to user agent header to enable tracking of
usage across our credprovider wrappers (ex conda, artifacts-keyring)
example header with changes:
`(NuGet) CredentialProvider.Microsoft/1.2.1 (Windows; X64; Microsoft
Windows 10.0.22631) CLR/6.0.33 (.NETCoreApp,Version=v6.0; win10-x64;
.NET 6.0.33)`
before:
`CredentialProvider.Microsoft/1.2.1 (Windows; X64; Microsoft Windows
10.0.22631) CLR/6.0.33 (.NETCoreApp,Version=v6.0; win10-x64; .NET
6.0.33)`
Adding support for .pem certificates to address [artifacts-keyring
issue](https://github.com/microsoft/artifacts-keyring/issues/60). Note
this is only targeting .net 6 or greater versions of the cred provider,
since the `CreateFromPemFile` is only available in .net 5 or greater.
Otherwise, we have to implement reading the pem ourselves.
Additional Considerations:
- Add certificate passwords for pfx files.
The build occurs in many phases and was relying on incremental builds
not re-building outputs, which is not deterministic. Properties were not
consistently passed at each step which results in outputs being flagged
as out-of-date, causing rebuilds and loosing signing. These properties
are now consistently passed, and --no-build used to ensure signed files
are not overridden.
# Overview
- Added MSAL Managed Identity and Service Principal Token Providers to
Microsoft.Artifacts.Authentication Library.
- Created new endpoint `ARTIFACTS_CREDENTIALPROVIDER_FEED_ENDPOINTS`
environment variable with new json schema for MI/SP required fields.
- Updated VstsBuildTaskServiceEndpointCredentialProvider to call
Microsoft.Artifacts.Authentication for MI/SP token providers.
- Reverted #485 Changes to use system.text.json for de/serialization
everywhere except for the `VSS_NUGET_EXTERNAL_FEED_ENDPOINTS`
environment variable.
## Design Decisions
- Intentionally not supporting SP secrets authentication to promote
security best practices.
- The new environment variable name and json schema were created instead
of reusing or extending the existing `VSS_NUGET_EXTERNAL_FEED_ENDPOINTS`
to reduce password usage and clarify the environment variable will be
available to our other credproviders such as the
[artifacs-keyring](https://github.com/microsoft/artifacts-keyring) not
just NuGet.
## Environment Variable
`ARTIFACTS_CREDENTIALPROVIDER_FEED_ENDPOINTS`
```javascript
{"endpointCredentials": [{"endpoint":"http://example.index.json", "clientId":"required", "clientCertificateSubjectName":"optional", "clientCertificateFilePath":"optional"}]}
```
- `endpoint`: required. Feed url to authenticate against.
- `clientId`: required for both MI/SP. For user assigned managed
identities enter the Entra client id. For system assigned variables set
the value to `system`.
- `clientCertificateSubjectName`: Subject Name of the certificate
located in the My/ CurrentUser or LocalMachine certificate store.
Optional field. Only used by SP authentication.
- `clientCertificateFilePath`: File path location of the certificate on
the machine. Optional field. Only used by SP authentication.
Will throw error if both `clientCertificateSubjectName` or
`clientCertificateFilePath` are specified.
- Reverting system.text.json #393 PR due to #484.
- Adding warning message for single quotes in endpoint message.
- Did not change swix/swr dependencies.
---------
Co-authored-by: Jonathan Myers <11822817+jmyersmsft@users.noreply.github.com>
Using output method with microBuildVstsDrop instead of
MicroBuildUploadVstsDropFolder@2 task for compatibility
---------
Co-authored-by: Abby Powell (from Dev Box) <abpowell@microsoft.com>
Bug fix#416
- Move session token cache file lock to single wait handle.
- Add new session cache specific cancel message so the cancel message is
not printed twice.
- Pass cancellation token to credential request handler.
- Update SessionTokenCache file permissions for MacOs/Linux machines to
match MSAL/NuGet.
- Log error on cache file writes and return token instead of throwing
exception.
Adds a target to output the computed version for each project, and
attempts to standardize how versions are composed. Specifically the
project system supports automatically computing
Version/PackageVersion/etc. with the right values if VersionPrefix and
VersionSuffix are specified (different outputs have separate
requirements for what formats are supported).
NuGet brings in very old versions of Newtonsoft.Json. Need to look at
upgrading NuGet dependencies, but in the meantime, bring back the
explicit version.
embetten
John Schmeichel
Coby Allred
Coby Allred
Roberto Bortolussi
amp-powell