Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

NuGet package verification in NugetUpgrader on mac

See original GitHub issue

Does Nuget package verification work on mac currently? nuget sign and nuget verify don’t work (and it’s documented here https://docs.microsoft.com/en-us/nuget/reference/cli-reference/cli-ref-sign and here https://docs.microsoft.com/en-us/nuget/reference/cli-reference/cli-ref-verify).

My tests to verify package signatures on mac using the NugetFeed class are failing, but perhaps I need to add the signers to some trusted list?

If package signature verification doesn’t work on Mac, what’s the plan there? Skipping package verification altogether on Mac is probably not the best idea.

Issue Analytics

  • State:open
  • Created 4 years ago
  • Comments:6 (6 by maintainers)

github_iconTop GitHub Comments

2reactions
jamillcommented, Aug 20, 2019

We are going to default to the more secure option here. This will let users running the tool know that we are not performing the verification, and give them a chance to do any additional checks or make sure they are comfortable running this command. I will update the messaging to explain this a bit more.

0reactions
jamillcommented, Aug 19, 2019

The original decision was to default to the secure option, and require the user to specify the --no-verify option if needed. This was before we implemented this on net core, where verification is not possible at this time.

It seems like we can either update this to not require this flag on the Mac, or to update the documentation. My thought was to continue with the “secure by default” during the development period, and see where nuget was with with full support when we brought this fully online.

@nickgra - have we heard any feedback on this one way or the other?

@jrbriggs - do you have any preference here?

Read more comments on GitHub >

github_iconTop Results From Across the Web

NuGet signed-package verification - .NET CLI
Learn about how NuGet performs signed-package verification using root stores that are valid for code signing and timestamping.
Read more >
Install and manage NuGet packages in Visual Studio for Mac
The NuGet Package Manager UI in Visual Studio for Mac allows you to easily install, uninstall, and update NuGet packages in projects and ......
Read more >
Verify 20.8.0
Enables verification of complex models and documents.
Read more >
Signing: re-enable signed package verification on Linux ...
Signature verification will remain disabled on macOS for the foreseeable future. See "macOS status" in dotnet/core#7688 for details.
Read more >
macos - Is it possible to find out what version of Nuget I ...
In Visual Studio, use the Help > About Microsoft Visual Studio command and look at the version displayed next to NuGet Package Manager....
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

gvfs fails with Error: Could not find git.exe. Ensure that Git is installed.

Next page

Better error message for corrupt .git/index