-
Notifications
You must be signed in to change notification settings - Fork 478
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
5 changed files
with
51 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,44 @@ | ||
--- | ||
title: NuGet Warning NU3042 | ||
description: NU3042 warning code | ||
author: dtivel | ||
ms.author: dtivel | ||
ms.date: 03/22/2023 | ||
ms.topic: reference | ||
ms.reviewer: | ||
f1_keywords: | ||
- "NU3042" | ||
--- | ||
|
||
# NuGet Warning NU3042 | ||
|
||
*NuGet 6.6.0+ on Linux and macOS only* | ||
|
||
<pre>The following X.509 root certificate is untrusted because it is not present in the certificate bundle at <file-path>. For more information, see documentation for NU3042. | ||
Subject: <certificate subject> | ||
Fingerprint (SHA-256): <certificate fingerprint> | ||
Certificate (PEM): | ||
<PEM-encoded certificate></pre> | ||
|
||
### Issue | ||
Warning NU3042 is raised when signed package verification failed because a root certificate was not found in the appropriate trusted root certificate bundle, either code signing or timestamping. This warning will only be raised on Linux and macOS when signed package verification is enabled, never on Windows. NU3042 should accompany an [NU3018](NU3018.md) or [NU3028](NU3028.md). | ||
|
||
Each .NET 7+ SDK release contains two root certificate bundles sourced from the [Microsoft Trusted Root Program](https://aka.ms/RootCert). One certificate bundle contains all trusted roots valid for code signing, while the other contains all trusted roots valid for timestamping. NuGet uses these certificate bundles on Linux and macOS when signed package verification is enabled. | ||
|
||
On Linux, NuGet will prefer a system-wide code signing certificate bundle over the .NET SDK's code signing certificate bundle. | ||
|
||
The root cause for NU3042 is likely one of the following: | ||
|
||
* (Linux only) The system-wide code signing certificate bundle does not contain the root certificate referenced in the warning. | ||
* The .NET SDK's certificate bundles are out of date. | ||
|
||
For more information, see [NuGet signed-package verification](/dotnet/core/tools/nuget-signed-package-verification). | ||
|
||
### Solution | ||
On Linux, if you trust the certificate and are using a system-wide code signing certificate bundle, consider adding the root certificate to the bundle. This solution may not be suitable because it will grant system-wide trust. | ||
|
||
If the .NET SDK's certificate bundles are out-of-date, update to a more recent release of the .NET SDK. | ||
|
||
If all else fails, opt out of signed package verification by setting the environment variable `DOTNET_NUGET_SIGNATURE_VERIFICATION` to `false` and [open an issue with the NuGet team](https://github.com/NuGet/Home/issues) to suggest how signed package verification can be improved on your platform. | ||
|
||
For more information, see [NuGet signed-package verification](/dotnet/core/tools/nuget-signed-package-verification). |