TFS2008: Restrict Target Framework Version task

October 22, 2007 at 9:02 pm | In Team Foundation Server | 1 Comment

The Visual Studio 2008 (Orcas) version of MSBuild supports “Multi-targeting”. ScottGu’s blog post and the MSBuild Team blog sum it up nicely:

One of the big changes we are making starting with the VS 2008 release is to support what we call “Multi-Targeting” - which means that Visual Studio will now support targeting multiple versions of the .NET Framework, and developers will be able to start taking advantage of the new features Visual Studio provides without having to always upgrade their existing projects and deployed applications to use a new version of the .NET Framework library.

This is great news. It means that you can start using Team Build 2008 and/or Visual Studio 2008 to build existing solutions that target the .NET 2.0 runtime. This gives you the flexibility to upgrade to .NET 3.5 when your development cycle allows. (As a side note, if you want to build .NET 3.5 applications with Team Build 2005, this should help)

But what if you work in an organisation that has standardised on .NET 2.0 for the production end-user’s environment? In this scenario you probably don’t want anybody building assemblies that target the .NET 3.5 runtime. Or maybe you are living on the edge and you want to ONLY build assemblies that target the .NET 3.5 runtime, etc.

Well here’s a no-custom-code solution - all done with a snippet for your TFSBuild.proj file.

  • The build will fail if any of the projects within the build don’t match the <AllowedTargetFrameworkVersion> that has been set.
  • You will need at least the v1.2.0.306 MSBuild Community Tasks installed/available.
  • Currently it matches all *.csproj files recursively, regardless of whether they are in the build configuration or not.
  • If you want to actually enforce this, make sure that developers can’t change the file. It might be useful to store it on the server and use an <Include>.
<!-- TFS Build 2008.
     This snippet checks the <TargetFrameworkVersion> of a Visual Studio 2008 project file.
     It fails the build if the version does not match the allowed version.

     This should be used when you want to use VS2008, but ensure that your binaries remain as .NET 2.0
-->

  <PropertyGroup>
    <!-- The TargetFrameworkVersion that you want to match. e.g. v2.0, v3.0 or v3.5 -->
    <AllowedTargetFrameworkVersion>v2.0</AllowedTargetFrameworkVersion>
  </PropertyGroup>
  
  <!-- Override the Team Build AfterGet target, before any compilation starts -->
  <Target Name="AfterGet" >
    <CallTarget Targets="CheckTargetFrameworkVersions" />
  </Target>

  <UsingTask AssemblyFile="$(MSBuildExtensionsPath)\MSBuildCommunityTasks\MSBuild.Community.Tasks.dll" TaskName="MSBuild.Community.Tasks.Xml.XmlQuery" />

  <!-- Only run if the AllowedTragetFrameworkVersion property is set -->
  <Target Name="CheckTargetFrameworkVersions" Condition=" '$(AllowedTargetFrameworkVersion)' != '' ">
    <Message Text="Allowed Target Framework Version is: $(AllowedTargetFrameworkVersion)" Importance="high" />

    <!-- Get all *.csproj files in the working directory.
    Ideally this should look at the current build configuration
    and return the filenames of the projects to be built.
    But as Team Build passes SolutionToBuild to MSBuild, we can't get
    the list of projects easily.
    -->
    <CreateItem Include="$(SolutionRoot)\**\*.csproj">
      <Output TaskParameter="Include" ItemName="ProjectFiles" />
    </CreateItem>

    <!-- Extract the TargetFrameworkVersion element from each of the project files -->
    <Xml.XmlQuery
      NamespaceDefinitions="n=http://schemas.microsoft.com/developer/msbuild/2003"
      XmlFileName="%(ProjectFiles.FullPath)"
      XPath="/n:Project/n:PropertyGroup/n:TargetFrameworkVersion">
      <Output TaskParameter="Values" ItemName="TargetFrameworkVersions" />
    </Xml.XmlQuery>

    <Message Text="Found Target Framework Version: %(TargetFrameworkVersions._value)" Importance="low" />

    <!-- Throw an error if any of the target versions don't match -->
    <Error Condition="'%(TargetFrameworkVersions._value)' != '$(AllowedTargetFrameworkVersion)'"
           Text="Target Framework Version is not allowed: %(TargetFrameworkVersions._value). Allowed version: $(AllowedTargetFrameworkVersion)" />

  </Target>

This makes use of the excellent <Xml.XmlQuery> task that uses ITaskItem parameters. By using ITaskItem as the parameter type instead of say, string - this allows us to pass an array of values and the task gets performed for each item in the array.

I’ve left Readify

October 20, 2007 at 6:49 pm | In Life, Readify | 7 Comments

Readify_logo_small Last Friday I handed in my resignation from Readify, my last day is Friday 26th October. Readify has always done everything right by me and I’m not leaving because of anything that’s happened or happening in the company. I still consider them a top employer with some exceptionally talented people that are really on the (b)leading edge of .NET and Microsoft technologies.

I’ve been with them for two and a half years and I’ve been engaged with a wide variety of clients. I did a brief (intense) stint as the IT Manager before returning to consulting in August this year. (The good news is that I haven’t had a migraine since then.)

Why?

I left mainly for personal reasons. Life as a consultant can be lonely. Sure, you have a whole company of smart people at your fingertips via email/phone - but when you’re engaged with a client for extended periods of time, it’s easy to feel disconnected from your peers without the daily face-to-face time. The other reason is independence. Opportunities come and go, and without a level of independence that you control it’s hard to take advantage of them.

What are you going to do now?

I’m going off on my own as an independent TFS consultant. Initially I’ve taken a 12 month contract at a place in Canberra as a ‘TFS guru and build master‘ (you might remember them from the lock-note at TechEd).

Of all the TFS sites that I’ve spoken to, these guys are the only ones having significant frustrations. My goal is to make a difference. There’s also a great team forming with members from the Canberra VSTS community, so it’s a chance to interact socially as well as professionally.

Frequently asked questions

  • Q: Is Readify suffering from growing too fast too quickly? A: No, I don’t think so. If anything, it’s not being able to grow fast enough.
  • Q: What happens to Readify’s hosted TFS offering - TFS Now? A: Nothing at all - Readify still has top TFS consultants that will drive the product forward.
  • Q: What happens to OzTFS and the Canberra VSTS User Group? A: I’ll still continue running these and being an active member of the wider VSTS community.
  • Q: What happens to the Readify Bloggers OPML? A: It will be orphaned unless somebody puts their hand up to look after it.
  • Q: Hey, why don’t you come and work for us? A: Sorry, not right now. Let the dust settle.
  • Q: Didn’t you interview at Microsoft? A: Yes, back in July. Unfortunately I didn’t make it through the tech-screen. However my wife and I have decided to stay-put for at least 12 months before considering it again - it’s still something I want to do.

Is it the right decision?

At this stage, I don’t know - it may not be, but I hope it is. All I can do is give it my best shot and see what happens.

Thank you

Lastly I’d like to thank everybody that I’ve worked with during my time at Readify. This is not the end - it’s almost certain that we’ll cross paths again in this industry. Please keep in touch.

Securing your TFS server

October 13, 2007 at 10:59 am | In Team Foundation Server | 5 Comments

As I mentioned in my last post, I’m presenting at Security Camp Oz this year.

Here is the slide deck PPTX for those that are interested:

TFSBUILD

One of the nuggets in the presentation is “Don’t run the Team Build server under the TFSSERVICE account” (as the install docco incorrectly states - it will be fixed soon).

The reason is that TFSSERVICE is a member of “[SERVER]\Service Accounts”, which is a member of the “[SERVER]\Team Foundation Server Administrators” global group.

So what you have here, is a service running as a privileged account within TFS that executes build scripts. If you look inside the slide deck you can see how easy it is to exploit this.

Fortunately it’s easy to protect against this kind of attack - don’t run Team Build as TFSSERVICE - run it as another account called TFSBUILD, and don’t make this account a TFS administrator.

Presenting at Security Camp Oz

October 10, 2007 at 1:27 am | In Readify, Team Foundation Server | No Comments

This weekend I’m off to Charles Sturt University at Wagga Wagga for the inaugural Security Camp Oz (SCO):

This is a FREE event open to all those interested in IT Security.  There will be presentations by community and industry experts, wine and cheese tasting, and plenty of chances to network and chat about IT Security.

SCO is being held in conjunction with SQL Down Under Camp.  This means that if you’re interested in some of the SQL Server sessions, you can go between “camps”.  If there’s a session you’d like to see in Security Camp, and a few you’d like to see at SQL Down Under camp, feel free to wander between sessions all you like.

My good friend (and fellow Canberran) Rocky Heckman is organising the camp with Readify colleague Greg Low.

I’ll also be presenting the first presentation of the day at 8:05 AM on Saturday.

Secure your TFS development environment (aka TFS for IT Pros)

In this session you will learn how to secure your Visual Studio 2005 Team Foundation Server environment. I’ll share with you an overview of the TFS security model, some problems, how to avoid them and tips for easier administration of TFS in your environment.

I’m going to cover some interesting problems around the TFS service accounts and project administrator permissions. Slides will be posted up here after the presentation.

« Previous PageNext Page »

Blog at WordPress.com. | Theme: Pool by Borja Fernandez.
Entries and comments feeds.