dotnet-nuget-trust - Man Page

Gets or sets trusted signers to the NuGet configuration.

dotnet nuget trust

This article applies to: āœ”ļø .NET 5.0.300 SDK and later versions

Synopsis

dotnet nuget trust [command] [Options]

dotnet nuget trust -h|--help

Description

The dotnet nuget trust command manages the trusted signers. By default, NuGet accepts all authors and repositories. These commands allow you to specify only a specific subset of signers whose signatures will be accepted, while rejecting all others. For more information, see Common NuGet configurations. For details on what the nuget.config schema looks like, refer to the NuGet config file reference.

This command requires a certificate root store that is valid for both code signing and timestamping. Also, this command may not be supported on some combinations of operating system and .NET SDK. For more information, see NuGet signed package verification.

Options

Commands

If no command is specified, the command will default to list.

list

Lists all the trusted signers in the configuration. This option will include all the certificates (with fingerprint and fingerprint algorithm) each signer has. If a certificate has a preceding [U], it means that certificate entry has allowUntrustedRoot set as true.

Synopsis

dotnet nuget trust list [--configfile <PATH>] [-h|--help] [-v, --verbosity <LEVEL>]

Options

  • --configfile <FILE>

    The NuGet configuration file (nuget.config) to use. If specified, only the settings from this file will be used. If not specified, the hierarchy of configuration files from the current directory will be used. For more information, see Common NuGet Configurations.

  • -?|-h|--help

    Prints out a description of how to use the command.

  • -v|--verbosity <LEVEL>

    Sets the verbosity level of the command. Allowed values are q[uiet], m[inimal], n[ormal], d[etailed], and diag[nostic]. The default is minimal. For more information, see <xref:Microsoft.Build.Framework.LoggerVerbosity>.

sync

Deletes the current list of certificates and replaces them with an up-to-date list from the repository.

Synopsis

dotnet nuget trust sync <NAME> [--configfile <PATH>] [-h|--help] [-v, --verbosity <LEVEL>]

Arguments

Options

  • --configfile <FILE>

    The NuGet configuration file (nuget.config) to use. If specified, only the settings from this file will be used. If not specified, the hierarchy of configuration files from the current directory will be used. For more information, see Common NuGet Configurations.

  • -?|-h|--help

    Prints out a description of how to use the command.

  • -v|--verbosity <LEVEL>

    Sets the verbosity level of the command. Allowed values are q[uiet], m[inimal], n[ormal], d[etailed], and diag[nostic]. The default is minimal. For more information, see <xref:Microsoft.Build.Framework.LoggerVerbosity>.

remove

Removes any trusted signers that match the given name.

Synopsis

dotnet nuget trust remove <NAME> [--configfile <PATH>] [-h|--help] [-v, --verbosity <LEVEL>]

Arguments

Options

  • --configfile <FILE>

    The NuGet configuration file (nuget.config) to use. If specified, only the settings from this file will be used. If not specified, the hierarchy of configuration files from the current directory will be used. For more information, see Common NuGet Configurations.

  • -?|-h|--help

    Prints out a description of how to use the command.

  • -v|--verbosity <LEVEL>

    Sets the verbosity level of the command. Allowed values are q[uiet], m[inimal], n[ormal], d[etailed], and diag[nostic]. The default is minimal. For more information, see <xref:Microsoft.Build.Framework.LoggerVerbosity>.

author

Adds a trusted signer with the given name, based on the author signature of the package.

Synopsis

dotnet nuget trust author <NAME> <PACKAGE> [--allow-untrusted-root] [--configfile <PATH>] [-h|--help] [-v, --verbosity <LEVEL>]

Arguments

Options

  • --allow-untrusted-root

    Specifies if the certificate for the trusted signer should be allowed to chain to an untrusted root. This is not recommended.

  • --configfile <FILE>

    The NuGet configuration file (nuget.config) to use. If specified, only the settings from this file will be used. If not specified, the hierarchy of configuration files from the current directory will be used. For more information, see Common NuGet Configurations.

  • -?|-h|--help

    Prints out a description of how to use the command.

  • -v|--verbosity <LEVEL>

    Sets the verbosity level of the command. Allowed values are q[uiet], m[inimal], n[ormal], d[etailed], and diag[nostic]. The default is minimal. For more information, see <xref:Microsoft.Build.Framework.LoggerVerbosity>.

repository

Adds a trusted signer with the given name, based on the repository signature or countersignature of a signed package.

Synopsis

dotnet nuget trust repository <NAME> <PACKAGE> [--allow-untrusted-root] [--configfile <PATH>] [-h|--help] [--owners <LIST>] [-v, --verbosity <LEVEL>]

Arguments

Options

  • --allow-untrusted-root

    Specifies if the certificate for the trusted signer should be allowed to chain to an untrusted root. This is not recommended.

  • --configfile <FILE>

    The NuGet configuration file (nuget.config) to use. If specified, only the settings from this file will be used. If not specified, the hierarchy of configuration files from the current directory will be used. For more information, see Common NuGet Configurations.

  • -?|-h|--help

    Prints out a description of how to use the command.

  • --owners <LIST>

    Semicolon-separated list of trusted owners to further restrict the trust of a repository.

  • -v|--verbosity <LEVEL>

    Sets the verbosity level of the command. Allowed values are q[uiet], m[inimal], n[ormal], d[etailed], and diag[nostic]. The default is minimal. For more information, see <xref:Microsoft.Build.Framework.LoggerVerbosity>.

certificate

Adds a trusted signer with the given name, based on a certificate fingerprint.

Synopsis

dotnet nuget trust certificate <NAME> <FINGERPRINT> [--algorithm <ALGORITHM>] [--allow-untrusted-root] [--configfile <PATH>] [-h|--help] [-v, --verbosity <LEVEL>]

Arguments

Options

  • --algorithm <ALGORITHM>

    Specifies the hash algorithm used to calculate the certificate fingerprint. Defaults to SHA256. Values supported are SHA256, SHA384 and SHA512.

  • --allow-untrusted-root

    Specifies if the certificate for the trusted signer should be allowed to chain to an untrusted root. This is not recommended.

  • --configfile <FILE>

    The NuGet configuration file (nuget.config) to use. If specified, only the settings from this file will be used. If not specified, the hierarchy of configuration files from the current directory will be used. For more information, see Common NuGet Configurations.

  • -?|-h|--help

    Prints out a description of how to use the command.

  • -v|--verbosity <LEVEL>

    Sets the verbosity level of the command. Allowed values are q[uiet], m[inimal], n[ormal], d[etailed], and diag[nostic]. The default is minimal. For more information, see <xref:Microsoft.Build.Framework.LoggerVerbosity>.

source

Adds a trusted signer based on a given package source.

Synopsis

dotnet nuget trust source <NAME> [--configfile <PATH>] [-h|--help] [--owners <LIST>] [--source-url] [-v, --verbosity <LEVEL>]

Arguments

Options

  • --configfile <FILE>

    The NuGet configuration file (nuget.config) to use. If specified, only the settings from this file will be used. If not specified, the hierarchy of configuration files from the current directory will be used. For more information, see Common NuGet Configurations.

  • -?|-h|--help

    Prints out a description of how to use the command.

  • --owners <LIST>

    Semicolon-separated list of trusted owners to further restrict the trust of a repository.

  • --source-url

    If a source-url is provided, it must be a v3 package source URL (like https://api.nuget.org/v3/index.json). Other package source types are not supported.

  • -v|--verbosity <LEVEL>

    Sets the verbosity level of the command. Allowed values are q[uiet], m[inimal], n[ormal], d[etailed], and diag[nostic]. The default is minimal. For more information, see <xref:Microsoft.Build.Framework.LoggerVerbosity>.

Examples

Info

2023-10-25 .NET Documentation