Reputation: 49
Getting NU3018 error while doing dotnet restore on .NET 8 project
After upgrading my .NET 6 project to .NET 8, I am getting below errors on my windows build server while doing dotnet restore.
I do not get these errors on my Windows 10 development machine:
error NU3018: Warning As Error: Package 'Polly 8.5.0' from source
error NU3018: Warning As Error: Package 'Nerdbank.GitVersioning 3.7.112' from source
error NU3018: Warning As Error: Package 'Newtonsoft.Json 13.0.3' from source
The author primary signature's signing certificate is not trusted by the trust provider
On my Windows build server, I have .NET 8 build tools installed. On my Windows 10 development machine, I have full Visual Studio 2022 17.3 installed.
After investigation, I can see latest versions of above nuget packages are signed differently.
For example:
Polly 6.1.2 : old version getting restored with no issue, is signed only using primary author certificate - https://www.nuget.org/packages/Polly/6.1.2
Polly 8.5.0 : new version on which I am getting NU3018 error, is signed using primary certificate as well as repository countersignature certificate - https://www.nuget.org/packages/Polly/8.5.0
Same for Nerdbank.GitVersioning 3.7.112 and Newtonsoft.Json 13.0.3
I ran below command to see certificate info
nuget verify -Signature polly.8.5.0.nupkg
After looking at Polly 8.5.0 primary signature, I can see it has "DigiCert CS RSA4096 Root G5" as CA root certificate which exists in Trusted Root Certificates on my local development machine where I do not get NU3018 error.
But "DigiCert CS RSA4096 Root G5" certificate is missing in Trusted Root Certificates on my build server.
(Steps used to see Trusted Root CA certificates on windows server
Run --> certlm.msc --> Trusted Root CA certificates)
I would like to know is "DigiCert CS RSA4096 Root G5" missing the cause of NU3018 error?
If yes - what is the source of "DigiCert CS RSA4096 Root G5" certificate and how do I install it on my build server?
Does it come with Visual Studio 2022? Or a Windows patch release?
I did find this deployment notice from Microsoft Trusted Root Program https://learn.microsoft.com/en-us/security/trusted-root/2021/april2021
But it is not clear if this certificate was released as Windows patch or comes with Visual Studio 2022.
Upvotes: 1
Views: 158
Answers (0)
Related Questions
- dotnet restore warning NU1701
- NuGet package, define common minumum version, allow higher?
- Signing does not work with DigiCert EV Code Signing Cert
- Dotnet Restore fails in docker build
- Nuget Package restore failing on Ubuntu 20.04 with remote certificate is invalid
- The author primary signature's timestamp found a chain building issue: UntrustedRoot: self signed certificate in certificate chain
- dotnet nuget ssl problem on linux azure devops