Reputation: 72
Docker dotnet restore private feed fails
I have the following dockerfile
FROM mcr.microsoft.com/dotnet/sdk:6.0-alpine3.16 as build
WORKDIR /app
RUN apk add --no-cache bash
RUN wget -qO- https://aka.ms/install-artifacts-credprovider.sh | bash
ENV VSS_NUGET_EXTERNAL_FEED_ENDPOINTS '{"endpointCredentials": [{"endpoint":"https://<myprivatefeed>/_packaging/<myName>/nuget/v3/index.json", "password":"<PAT>"}]}'
COPY . .
RUN dotnet restore
RUN dotnet publish -o /app/published-app
FROM mcr.microsoft.com/dotnet/aspnet:6.0-alpine3.16 as runtime
WORKDIR /app
COPY --from=build /app/published-app /app
ENTRYPOINT [ "dotnet", "/app/ApplicationConfigurationApi.WebApi.dll" ]
but when I try to build an image I get the following error:
/app/ApplicationConfigurationApi.WebApi/ApplicationConfigurationApi.WebApi.csproj : error NU1301: Unable to load the service index for source https://<myprivatefeed>/_packaging/<myName>/nuget/v3/index.json. [/app/ApplicationConfigurationApi.sln]
I try to copy my gitlab *.crt downloaded from chrome, inside the container adding these instruction:
...
COPY . .
COPY ./mycert.crt /usr/local/share/ca-certificates/mycert.crt
RUN cat /usr/local/share/ca-certificates/mycert.crt >> /etc/ssl/certs/mycert.crt && \
apk --no-cache add \
curl
RUN update-ca-certificates
RUN dotnet restore
...
I also try to add (without the certificate) this RUN line:
...
COPY . .
RUN dotnet nuget update source "gitlab" --username "<my-userName>" --password "<PAT>" --store-password-in-clear-text --valid-authentication-types basic
RUN dotnet restore
...
Using this feed on my host machine does not cause any issue and I can perform restore operation correctly. I tried to use 'dotnet restore --verbosity detailed' and on the output seems that the feed has been persisted succesfully.
NuGet Config files used:
/app/nuget.config
/root/.nuget/NuGet/NuGet.Config
Feeds used:
https://api.nuget.org/v3/index.json
https://<myprivatefeed>/_packaging/<myName>/nuget/v4/index.json
Nuget packages coming from api.nuget.org are successfully fetched, the ones from my private feed not.
docker version output is:
Server: Docker Desktop 4.15.0 (93002)
Engine:
Version: 20.10.21
API version: 1.41 (minimum version 1.12)
Go version: go1.18.7
Git commit: 3056208
Built: Tue Oct 25 18:00:19 2022
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.6.10
GitCommit: 770bd0108c32f3fb5c73ae1264f7e503fe7b2661
runc:
Version: 1.1.4
GitCommit: v1.1.4-0-g5fd4c4d
docker-init:
Version: 0.19.0
GitCommit: de40ad0
dotnet solution is net6.0
----UPDATE Here I will put the dockerfile updated with some suggestion in comments below:
FROM mcr.microsoft.com/dotnet/sdk:6.0-focal as build
WORKDIR /app
RUN wget -O - https://raw.githubusercontent.com/Microsoft/artifacts-credprovider/master/helpers/installcredprovider.sh | bash
RUN wget -qO- https://aka.ms/install-artifacts-credprovider.sh | bash
ENV NUGET_CREDENTIALPROVIDER_SESSIONTOKENCACHE_ENABLED true
ENV VSS_NUGET_EXTERNAL_FEED_ENDPOINTS "{\"endpointCredentials\": [{\"endpoint\":\"${MY-PRIVATE-FEED-BASE-URL}\", \"username\":\"${USERNAME}\", \"password\":\"${PAT}\"}]}"
COPY . .
RUN echo | openssl s_client -host <my-private-feed-base-url> -port 443 -prexit -showcerts> tmpfile
RUN echo | sed -n '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' tmpfile > /usr/local/share/ca-certificates/<my-private-feed-base-url>.crt
RUN apt-get install -y ca-certificates
RUN chmod 644 /usr/local/share/ca-certificates/<my-private-feed-base-url>.crt && update-ca-certificates
RUN dotnet restore
RUN dotnet publish -o /app/published-app
FROM mcr.microsoft.com/dotnet/aspnet:6.0-focal as runtime
WORKDIR /app
COPY --from=build /app/published-app /app
ENTRYPOINT [ "dotnet", "/app/ApplicationConfigurationApi.WebApi.dll" ]
The error is the same as with the first dockerfile.
I will attach also a screenshot about solution structure (maybe could be helpful)
----END UPDATE
I tried also the following solution but no one worked:
- Nuget package restore error in Docker Compose build
- NuGet in Docker: Error NU1301: Unable to load the service index for source - Sequence contains no elements
- Restore NuGet Packages from a Private Feed when building Docker Containers
- Docker "Dotnet Restore" fails with private package with .net 6.0 SDK
Thanks in advance, Dave.
Upvotes: 2
Views: 1922
Answers (1)
Reputation: 423
You probably did not install the certificate for your private feed.
For debian-based docker images you can use following snipped in your Dockerfile to download and install the certificate:
RUN echo | openssl s_client -host <private-feed-domain> -port 443 -prexit -showcerts> tmpfile
RUN echo | sed -n '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' tmpfile > /usr/local/share/ca-certificates/<private-feed-domain>.crt
RUN apt-get install -y ca-certificates
RUN chmod 644 /usr/local/share/ca-certificates/<private-feed-domain>.crt && update-ca-certificates
Disclaimer: Use this snippet only if you are in charge of the destination, otherwise its a security risk.
For a more secure approach, download your CA manuelly (if its a chained one ,the root and any intermediate CA as well), verify it and copy it to your docker container:
RUN apt-get install -y ca-certificates
COPY <private-feed-domain>.crt /usr/local/share/ca-certificates/<private-feed-domain>.crt
RUN chmod 644 /usr/local/share/ca-certificates/<private-feed-domain>.crt && update-ca-certificates
Upvotes: 1
Related Questions
- Creating double boxplots- i.e two boxes for each x-value
- Creating multiple boxplots on the same graph from a dictionary
- Multiple boxplots on the same graph
- Multiple boxplot in a single Graphic in Python
- Adding labels to boxplots in one graph (matplotlib)
- Plot multiple boxplot in one graph in pandas or matplotlib?
- Two dataframe boxplots on one graph python
- How to plot two groups of boxplots on the same figure?
- How Can I draw a plot of box plots in python (multiple box-plots in one plot)
- Multiple boxplots on one graph