Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
CoreCLR restore needs to ignore feeds with encryption #2942
When a user adds a Nuget feed so they can push to it, VSTS will instruct them to run a command like this:
This adds the feed to the global nuget.config, along with key information in the tag.
When that is present, restoring running on CoreCLR fails. This is exposed through the CLI, which means VS with the .NET Core SDK installed will fail to restore .NET Core projects.
Instead of just failing, on CoreCLR Nuget should ignore feeds which have credentials like this.
--packages is important for the repro as if everything can be satisfied by your cache you won't hit the correct codepath.
The config XML below has fake values, but still hits the correct codepath. The top of the stack you should see is also below (you'll first hit a failure because the URL is fake, which can be ignored.)
<?xml version="1.0" encoding="utf-8"?> <configuration> <packageSources> <add key="nuget.org" value="https://api.nuget.org/v3/index.json" protocolVersion="3" /> <add key="TestFeedForBug" value="https://thiswouldbemyfeed" /> </packageSources> <packageSourceCredentials> <TestFeedForBug> <add key="Username" value="username" /> <add key="Password" value="averylongstringofencryptedchars" /> </TestFeedForBug> </packageSourceCredentials> </configuration>
What we are going to do short term-
Change the error message to say:
Password decryption is not supported on this platform (windows/dotnetcore). The following feed uses an encrypted password: 'https://msasg.pkgs.visualstudio.com/DefaultCollection/_packaging/PrototypeDotNetCoreSupport/nuget/v3/index.json'. You can use a clear text password as a workaround, or pass it on the commandline