ערוך

שתף באמצעות


NuGet Error NU3034

Package 'SamplePackage v1.0.0' from source 'https://contoso.com/index.json': signatureValidationMode is set to require, so packages are allowed only if signed by trusted signers; however, no trusted signers were specified.

Package 'SamplePackage v1.0.0' from source 'https://contoso.com/index.json': The package signature certificate fingerprint does not match any certificate fingerprint in the allow list.

Package 'SamplePackage v1.0.0' from source 'https://contoso.com/index.json': This repository indicated that all its packages are repository signed; however, it listed no signing certificates.

Package 'SamplePackage v1.0.0' from source 'https://contoso.com/index.json': This package was not repository signed with a certificate listed by this repository.

Issue

There is a missing allow list, or the package signer does not match any signer in the list. This list could either be sent by the repository or specified in the trustedSigners section of the nuget.config.

Solution

If in require mode, only packages signed by a trusted signer will pass validation. Otherwise, contact the repository where this was downloaded from to let them know they have a package that does not comply with the repository signing security guidelines.