由于证书问题解决Devops构建代理中的Nuget包问题
由于证书问题解决Devops构建代理中的Nuget包问题
提问于 2021-11-22 14:05:18
我们是托管DevOps服务器的前提与一个构建代理。如果我开始针对NuGet 5.0项目运行.NET还原,构建代理就会表现出奇怪的行为。特别针对来自VS2019的测试项目模板()。一旦我运行Nuget还原,它就失败了,出现了“NU3028”、“NU3034”、“NU3037”等问题。我已经更新了nuget.config,但是看起来什么都没有用。
操作系统:WindowsServer2019V.1809构建17763.2300
Devops: Azure DevOps Server 2020更新1.1 V. 18.181.31626.1
Nuget: 6.0.0 (x64)
Devops管:Devops管
输出:管道输出
Nuget.config:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<packageSources>
<add key="nuget.org" value="https://api.nuget.org/v3/index.json" protocolVersion="3" />
<add key="VollmerPackages" value="https://devops/Vollmer/_packaging/VollmerPackages/nuget/v3/index.json" />
</packageSources>
<trustedSigners>
<author name="Microsoft">
<certificate fingerprint="3F9001EA83C560D712C24CF213C3D312CB3BFF51EE89435D3430BD06B5D0EECE" hashAlgorithm="SHA256" allowUntrustedRoot="false" />
<certificate fingerprint="AA12DA22A49BCE7D5C1AE64CC1F3D892F150DA76140F210ABD2CBFFCA2C18A27" hashAlgorithm="SHA256" allowUntrustedRoot="false" />
</author>
<repository name="nuget.org" serviceIndex="https://api.nuget.org/v3/index.json">
<certificate fingerprint="0E5F38F57DC1BCC806D8494F4F90FBCEDD988B46760709CBEEC6F4219AA6157D" hashAlgorithm="SHA256" allowUntrustedRoot="false" />
<certificate fingerprint="5A2901D6ADA3D18260B9C6DFE2133C95D74B9EEF6AE0E5DC334C8454D1477DF4" hashAlgorithm="SHA256" allowUntrustedRoot="false" />
</repository>
</trustedSigners>
</configuration>如果我在我的VS上运行Nuget还原本地程序,那么还原就不会出现任何错误。如果我在构建代理服务器上运行它,就会出现大量的证书问题。
CMD输出Nuget还原(构建代理服务器):
Package 'System.Runtime.Handles 4.0.1' from source 'https://api.nuget.org/v3/index.json': Signature Hash Algorithm: SHA256
Package 'runtime.ubuntu.16.04-x64.runtime.native.System.Security.Cryptography.OpenSsl 4.3.0' from source 'https://api.nuget.org/v3/index.json': Signature Hash Algorithm: SHA256
NU3034: Package 'runtime.ubuntu.16.04-x64.runtime.native.System.Security.Cryptography.OpenSsl 4.3.0' from source 'https://api.nuget.org/v3/index.json': This package is signed but not by a trusted signer.
Package 'runtime.ubuntu.16.04-x64.runtime.native.System.Security.Cryptography.OpenSsl 4.3.0' from source 'https://api.nuget.org/v3/index.json':
Signature type: Repository
Package 'runtime.ubuntu.16.04-x64.runtime.native.System.Security.Cryptography.OpenSsl 4.3.0' from source 'https://api.nuget.org/v3/index.json': Service index: https://api.nuget.org/v3/index.json
Package 'runtime.ubuntu.16.04-x64.runtime.native.System.Security.Cryptography.OpenSsl 4.3.0' from source 'https://api.nuget.org/v3/index.json': Owners: dotnetframework, Microsoft
Package 'runtime.ubuntu.16.04-x64.runtime.native.System.Security.Cryptography.OpenSsl 4.3.0' from source 'https://api.nuget.org/v3/index.json': Verifying the repository primary signature with certificate:
Package 'runtime.ubuntu.16.04-x64.runtime.native.System.Security.Cryptography.OpenSsl 4.3.0' from source 'https://api.nuget.org/v3/index.json': Subject Name: CN=NuGet.org Repository by Microsoft, O=NuGet.org Repository by Microsoft, L=Redmond, S=Washington, C=US
NU3034: Package 'System.Runtime.Handles 4.0.1' from source 'https://api.nuget.org/v3/index.json': This package is signed but not by a trusted signer.
Package 'System.Runtime.Handles 4.0.1' from source 'https://api.nuget.org/v3/index.json':
Signature type: Repository
Package 'System.Runtime.Handles 4.0.1' from source 'https://api.nuget.org/v3/index.json': Service index: https://api.nuget.org/v3/index.json
Package 'runtime.ubuntu.16.04-x64.runtime.native.System.Security.Cryptography.OpenSsl 4.3.0' from source 'https://api.nuget.org/v3/index.json': SHA1 hash: 8FB6D7FCF7AD49EB774446EFE778B33365BB7BFB
Package 'runtime.ubuntu.16.04-x64.runtime.native.System.Security.Cryptography.OpenSsl 4.3.0' from source 'https://api.nuget.org/v3/index.json': SHA256 hash: 0E5F38F57DC1BCC806D8494F4F90FBCEDD988B46760709CBEEC6F4219AA6157D
Package 'runtime.ubuntu.16.04-x64.runtime.native.System.Security.Cryptography.OpenSsl 4.3.0' from source 'https://api.nuget.org/v3/index.json': Issued by: CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Package 'runtime.ubuntu.16.04-x64.runtime.native.System.Security.Cryptography.OpenSsl 4.3.0' from source 'https://api.nuget.org/v3/index.json': Valid from: 10.04.2018 02:00:00 to 14.04.2021 14:00:00
NU3037: Package 'runtime.ubuntu.16.04-x64.runtime.native.System.Security.Cryptography.OpenSsl 4.3.0' from source 'https://api.nuget.org/v3/index.json': The repository primary signature validity period has expired.
Package 'System.Runtime.Handles 4.0.1' from source 'https://api.nuget.org/v3/index.json': Owners: dotnetframework, Microsoft
Package 'System.Runtime.Handles 4.0.1' from source 'https://api.nuget.org/v3/index.json': Verifying the repository primary signature with certificate:
Package 'System.Runtime.Handles 4.0.1' from source 'https://api.nuget.org/v3/index.json': Subject Name: CN=NuGet.org Repository by Microsoft, O=NuGet.org Repository by Microsoft, L=Redmond, S=Washington, C=US
Package 'System.Runtime.Handles 4.0.1' from source 'https://api.nuget.org/v3/index.json': SHA1 hash: 8FB6D7FCF7AD49EB774446EFE778B33365BB7BFB
Package 'System.Runtime.Handles 4.0.1' from source 'https://api.nuget.org/v3/index.json': SHA256 hash: 0E5F38F57DC1BCC806D8494F4F90FBCEDD988B46760709CBEEC6F4219AA6157D
Package 'System.Runtime.Handles 4.0.1' from source 'https://api.nuget.org/v3/index.json': Issued by: CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Package 'System.Runtime.Handles 4.0.1' from source 'https://api.nuget.org/v3/index.json': Valid from: 10.04.2018 02:00:00 to 14.04.2021 14:00:00
NU3037: Package 'System.Runtime.Handles 4.0.1' from source 'https://api.nuget.org/v3/index.json': The repository primary signature validity period has expired.
Package 'runtime.ubuntu.16.04-x64.runtime.native.System.Security.Cryptography.OpenSsl 4.3.0' from source 'https://api.nuget.org/v3/index.json': Timestamp: 05.10.2018 16:36:21
Package 'runtime.ubuntu.16.04-x64.runtime.native.System.Security.Cryptography.OpenSsl 4.3.0' from source 'https://api.nuget.org/v3/index.json': Verifying repository primary signature's timestamp with timestamping service certificate:
Subject Name: CN=Symantec SHA256 TimeStamping Signer - G2, OU=Symantec Trust Network, O=Symantec Corporation, C=US
SHA1 hash: 625AEC3AE4EDA1D169C4EE909E85B3BBC61076D3
SHA256 hash: CF7AC17AD047ECD5FDC36822031B12D4EF078B6F2B4C5E6BA41F8FF2CF4BAD67
Issued by: CN=Symantec SHA256 TimeStamping CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US
Valid from: 02.01.2017 01:00:00 to 02.04.2028 01:59:59
NU3028: Package 'runtime.ubuntu.16.04-x64.runtime.native.System.Security.Cryptography.OpenSsl 4.3.0' from source 'https://api.nuget.org/v3/index.json': The repository primary signature's timestamping certificate is not trusted by the trust provider.
Package 'System.Runtime.Handles 4.0.1' from source 'https://api.nuget.org/v3/index.json': Timestamp: 13.12.2018 23:56:51
Package 'System.Runtime.Handles 4.0.1' from source 'https://api.nuget.org/v3/index.json': Verifying repository primary signature's timestamp with timestamping service certificate:
Subject Name: CN=Symantec SHA256 TimeStamping Signer - G2, OU=Symantec Trust Network, O=Symantec Corporation, C=US
SHA1 hash: 625AEC3AE4EDA1D169C4EE909E85B3BBC61076D3
SHA256 hash: CF7AC17AD047ECD5FDC36822031B12D4EF078B6F2B4C5E6BA41F8FF2CF4BAD67
Issued by: CN=Symantec SHA256 TimeStamping CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US
Valid from: 02.01.2017 01:00:00 to 02.04.2028 01:59:59
NU3028: Package 'System.Runtime.Handles 4.0.1' from source 'https://api.nuget.org/v3/index.json': The repository primary signature's timestamping certificate is not trusted by the trust provider.
Package 'System.Diagnostics.Tools 4.0.1' from source 'https://api.nuget.org/v3/index.json': Signature Hash Algorithm: SHA256
NU3034: Package 'System.Diagnostics.Tools 4.0.1' from source 'https://api.nuget.org/v3/index.json': This package is signed but not by a trusted signer.
Package 'System.Diagnostics.Tools 4.0.1' from source 'https://api.nuget.org/v3/index.json':
Signature type: Repository
Package 'System.Diagnostics.Tools 4.0.1' from source 'https://api.nuget.org/v3/index.json': Service index: https://api.nuget.org/v3/index.json
Package 'System.Diagnostics.Tools 4.0.1' from source 'https://api.nuget.org/v3/index.json': Owners: dotnetframework, Microsoft
Package 'System.Diagnostics.Tools 4.0.1' from source 'https://api.nuget.org/v3/index.json': Verifying the repository primary signature with certificate:
Package 'runtime.ubuntu.14.04-x64.runtime.native.System.Security.Cryptography.OpenSsl 4.3.0' from source 'https://api.nuget.org/v3/index.json': Signature Hash Algorithm: SHA256
Package 'System.Threading.Tasks.Extensions 4.0.0' from source 'https://api.nuget.org/v3/index.json': Signature Hash Algorithm: SHA256
NU3034: Package 'System.Threading.Tasks.Extensions 4.0.0' from source 'https://api.nuget.org/v3/index.json': This package is signed but not by a trusted signer.
Package 'System.IO.FileSystem.Primitives 4.0.1' from source 'https://api.nuget.org/v3/index.json': Signature Hash Algorithm: SHA256
Package 'System.IO.FileSystem 4.0.1' from source 'https://api.nuget.org/v3/index.json': Signature Hash Algorithm: SHA256
NU3034: Package 'System.IO.FileSystem 4.0.1' from source 'https://api.nuget.org/v3/index.json': This package is signed but not by a trusted signer.
Package 'System.Diagnostics.Tools 4.0.1' from source 'https://api.nuget.org/v3/index.json': Subject Name: CN=NuGet.org Repository by Microsoft, O=NuGet.org Repository by Microsoft, L=Redmond, S=Washington, C=US
NU3034: Package 'runtime.ubuntu.14.04-x64.runtime.native.System.Security.Cryptography.OpenSsl 4.3.0' from source 'https://api.nuget.org/v3/index.json': This package is signed but not by a trusted signer.
Package 'System.Threading.Tasks.Extensions 4.0.0' from source 'https://api.nuget.org/v3/index.json':
Signature type: Repository
NU3034: Package 'System.IO.FileSystem.Primitives 4.0.1' from source 'https://api.nuget.org/v3/index.json': This package is signed but not by a trusted signer.
Package 'System.IO.FileSystem.Primitives 4.0.1' from source 'https://api.nuget.org/v3/index.json':
Signature type: Repository
Package 'System.IO.FileSystem.Primitives 4.0.1' from source 'https://api.nuget.org/v3/index.json': Service index: https://api.nuget.org/v3/index.json
Package 'System.IO.FileSystem.Primitives 4.0.1' from source 'https://api.nuget.org/v3/index.json': Owners: dotnetframework, Microsoft
Package 'System.IO.FileSystem.Primitives 4.0.1' from source 'https://api.nuget.org/v3/index.json': Verifying the repository primary signature with certificate:
Package 'System.IO.FileSystem.Primitives 4.0.1' from source 'https://api.nuget.org/v3/index.json': Subject Name: CN=NuGet.org Repository by Microsoft, O=NuGet.org Repository by Microsoft, L=Redmond, S=Washington, C=US
Package 'System.IO.FileSystem.Primitives 4.0.1' from source 'https://api.nuget.org/v3/index.json': SHA1 hash: 8FB6D7FCF7AD49EB774446EFE778B33365BB7BFB
Package 'System.IO.FileSystem.Primitives 4.0.1' from source 'https://api.nuget.org/v3/index.json': SHA256 hash: 0E5F38F57DC1BCC806D8494F4F90FBCEDD988B46760709CBEEC6F4219AA6157D
Package 'System.Diagnostics.Tools 4.0.1' from source 'https://api.nuget.org/v3/index.json': SHA1 hash: 8FB6D7FCF7AD49EB774446EFE778B33365BB7BFB
Package 'System.Diagnostics.Tools 4.0.1' from source 'https://api.nuget.org/v3/index.json': SHA256 hash: 0E5F38F57DC1BCC806D8494F4F90FBCEDD988B46760709CBEEC6F4219AA6157D
Package 'System.IO.FileSystem 4.0.1' from source 'https://api.nuget.org/v3/index.json':
Signature type: Repository
Package 'System.IO.FileSystem 4.0.1' from source 'https://api.nuget.org/v3/index.json': Service index: https://api.nuget.org/v3/index.json
Package 'System.IO.FileSystem 4.0.1' from source 'https://api.nuget.org/v3/index.json': Owners: dotnetframework, Microsoft
Package 'System.IO.FileSystem 4.0.1' from source 'https://api.nuget.org/v3/index.json': Verifying the repository primary signature with certificate:
....如有任何建议,不胜感激。
顺便说一句,如果我在nuget还原中使用dotnet还原,它甚至不会改变。两者在服务器上的行为是一样的。最新的SDK 6.0.100安装在构建服务器上。
更新:通过将所有SHA256指纹添加到'trustedSigners‘块中,并将'allowUntrustedRott’设置为true,可以忽略与证书相关的所有向上开始的问题,从而忽略错误和正在安装的包。这仍然是处理不受信任的证书的一个丑陋的解决办法,但这是我到目前为止发现的唯一可能。
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<packageSources>
<add key="nuget.org" value="https://api.nuget.org/v3/index.json" protocolVersion="3" />
</packageSources>
<config>
<add key="signatureValidationMode" value="accept" />
</config>
<packageRestore>
<add key="enabled" value="True" />
<add key="automatic" value="True" />
</packageRestore>
<trustedSigners>
<author name="Microsoft">
<certificate fingerprint="3F9001EA83C560D712C24CF213C3D312CB3BFF51EE89435D3430BD06B5D0EECE" hashAlgorithm="SHA256" allowUntrustedRoot="true" />
<certificate fingerprint="AA12DA22A49BCE7D5C1AE64CC1F3D892F150DA76140F210ABD2CBFFCA2C18A27" hashAlgorithm="SHA256" allowUntrustedRoot="true" />
</author>
<repository name="nuget.org" serviceIndex="https://api.nuget.org/v3/index.json">
<certificate fingerprint="0E5F38F57DC1BCC806D8494F4F90FBCEDD988B46760709CBEEC6F4219AA6157D" hashAlgorithm="SHA256" allowUntrustedRoot="true" />
<certificate fingerprint="5A2901D6ADA3D18260B9C6DFE2133C95D74B9EEF6AE0E5DC334C8454D1477DF4" hashAlgorithm="SHA256" allowUntrustedRoot="true" />
<certificate fingerprint=" CF7AC17AD047ECD5FDC36822031B12D4EF078B6F2B4C5E6BA41F8FF2CF4BAD67" hashAlgorithm="SHA256" allowUntrustedRoot="true" />
<certificate fingerprint="C474CE76007D02394E0DA5E4DE7C14C680F9E282013CFEF653EF5DB71FDF61F8" hashAlgorithm="SHA256" allowUntrustedRoot="true" />
</repository>
</trustedSigners>
</configuration>回答 1
Stack Overflow用户
发布于 2021-12-02 10:56:10
Symantec SHA256 TimeStamping Signer - G2,的发行者是她:https://crt.sh/?q=Symantec+SHA256+TimeStamping+CA,并由https://crt.sh/?caid=1110发布。
将第一个放在LocalMachine的LocalMachine存储中,第二个放在IntermediateCA中。
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/70067055
复制相关文章
相似问题
腾讯云开发者
