-
Notifications
You must be signed in to change notification settings - Fork 253
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Client policy] An error NU3018 “The author primary signature's signing certificate is not trusted by the trust provider” occurs when Install package with trusted signers and package with untrusted root #13114
Comments
I wasn't able to reproduce this in my local machine, VS version Version 17.9.0 Preview 1.0 and I didn't patched SDK, using 8.0.200-preview.23624.5 |
Hi @martinrrm,I verified this issue with the unpatched SDK using 8.0.200-preview.23620.12, this issue can also be reproduced as below: |
Team Triage: Hey @dtivel, would you mind taking a look at this issue, and help us understand whether there's a test setup issue or a product issue. Thanks! |
@CiciLi1, you said that previously this test passed when you used CreateTestCertificate.ps1. Can you please provide the exact statement you used for CreateTestCertificate.ps1 --- all arguments. In particular, did you use |
Hi @dtivel, we previously used the exact statement in the nuget client Dev\6.8.0.101 with the statement `. \CreateTestCertificate.ps1" and did not use "-AddAsTrustedRootAuthority". |
@CiciLi1, I'm going to guess that you're copying the SHA-256 fingerprint output by MakeTestCert into your nuget.config file and it fails. However, if you upper-case the fingerprint in nuget.config, it should succeed. Please confirm. |
@CiciLi1, if it helps, Visual Studio has a command which can take the selected text and make it upper case. |
Hi @dtivel, the case work well when the fingerprint is upper-case in the nuget.config file, I will close this issue. Thanks for your help. |
NuGet Product Used
NuGet.exe
Product Version
NuGet Client Dev\6.9.0.67
Worked before?
It worked in nuget client Dev\6.8.0.101 since we used the "CreateTestCertificate.ps1" file to create certificate but we use "MakeTestCert.csproj" this time.
Impact
It's more difficult to complete my work
Repro Steps & Context
Repro Steps:
1.Patch dotnet SDK: Patch dotnet SDK
2.Add NuGet.exe path into System variables and create a package with command "nuget pack .csproj" for testing.
3.Go to the patchedSDK folder and create a new test certificate:
.\dotnet run --project .\Entropy\MakeTestCert\MakeTestCert.csproj --framework net7.0
4.Sign a package:
NuGet.exe sign <PackageFilePath> -CertificatePath <PfxFilePath>
5.Create a project in VS and add required mode in nuget.config file with trusted signers list: (the SHA256 fingerprint is the one in step3)
Expected:
The signed package was successfully installed into the project without any error.
Actual:
The package failed to install with error NU3018 “The author primary signature's signing certificate is not trusted by the trust provider” as below:
Notes:
1.The repro rate is 100%.
2.It also reproes VS 17.8 (D17.8\34309.116 with implicit NuGet 6.8.0.131).
Verbose Logs
No response
The text was updated successfully, but these errors were encountered: