1(1) .NET (1)
2
3
4
6 This article applies to: ✔️ .NET 5.0.300 SDK and later versions
7
9 dotnet nuget trust - Gets or sets trusted signers to the NuGet configu‐
10 ration.
11
13 dotnet nuget trust [command] [Options]
14
15 dotnet nuget trust -h|--help
16
18 The dotnet nuget trust command manages the trusted signers. By de‐
19 fault, NuGet accepts all authors and repositories. These commands al‐
20 low you to specify only a specific subset of signers whose signatures
21 will be accepted, while rejecting all others. For more information,
22 see Common NuGet configurations. For details on what the nuget.config
23 schema looks like, refer to the NuGet config file reference.
24
26 • -?|-h|--help
27
28 Prints out a description of how to use the command.
29
30 Commands
31 If no command is specified, the command will default to list.
32
33 list
34 Lists all the trusted signers in the configuration. This option will
35 include all the certificates (with fingerprint and fingerprint algo‐
36 rithm) each signer has. If a certificate has a preceding [U], it means
37 that certificate entry has allowUntrustedRoot set as true.
38
39 Synopsis:
40 dotnet nuget trust list [--configfile <PATH>] [-h|--help] [-v, --verbosity <LEVEL>]
41
42 Options:
43 • --configfile <FILE>
44
45 The NuGet configuration file (nuget.config) to use. If specified,
46 only the settings from this file will be used. If not specified, the
47 hierarchy of configuration files from the current directory will be
48 used. For more information, see Common NuGet Configurations.
49
50 • -?|-h|--help
51
52 Prints out a description of how to use the command.
53
54 • -v|--verbosity <LEVEL>
55
56 Sets the verbosity level of the command. Allowed values are q[uiet],
57 m[inimal], n[ormal], d[etailed], and diag[nostic]. The default is
58 minimal. For more information, see <xref:Microsoft.Build.Frame‐
59 work.LoggerVerbosity>.
60
61 sync
62 Deletes the current list of certificates and replaces them with an up-
63 to-date list from the repository.
64
66 dotnet nuget trust sync <NAME> [--configfile <PATH>] [-h|--help] [-v, --verbosity <LEVEL>]
67
68 Arguments
69 • NAME
70
71 The name of the existing trusted signer to sync.
72
73 Options:
74 • --configfile <FILE>
75
76 The NuGet configuration file (nuget.config) to use. If specified,
77 only the settings from this file will be used. If not specified, the
78 hierarchy of configuration files from the current directory will be
79 used. For more information, see Common NuGet Configurations.
80
81 • -?|-h|--help
82
83 Prints out a description of how to use the command.
84
85 • -v|--verbosity <LEVEL>
86
87 Sets the verbosity level of the command. Allowed values are q[uiet],
88 m[inimal], n[ormal], d[etailed], and diag[nostic]. The default is
89 minimal. For more information, see <xref:Microsoft.Build.Frame‐
90 work.LoggerVerbosity>.
91
92 remove
93 Removes any trusted signers that match the given name.
94
96 dotnet nuget trust remove <NAME> [--configfile <PATH>] [-h|--help] [-v, --verbosity <LEVEL>]
97
98 Arguments
99 • NAME
100
101 The name of the existing trusted signer to remove.
102
103 Options:
104 • --configfile <FILE>
105
106 The NuGet configuration file (nuget.config) to use. If specified,
107 only the settings from this file will be used. If not specified, the
108 hierarchy of configuration files from the current directory will be
109 used. For more information, see Common NuGet Configurations.
110
111 • -?|-h|--help
112
113 Prints out a description of how to use the command.
114
115 • -v|--verbosity <LEVEL>
116
117 Sets the verbosity level of the command. Allowed values are q[uiet],
118 m[inimal], n[ormal], d[etailed], and diag[nostic]. The default is
119 minimal. For more information, see <xref:Microsoft.Build.Frame‐
120 work.LoggerVerbosity>.
121
122 author
123 Adds a trusted signer with the given name, based on the author signa‐
124 ture of the package.
125
127 dotnet nuget trust author <NAME> <PACKAGE> [--allow-untrusted-root] [--configfile <PATH>] [-h|--help] [-v, --verbosity <LEVEL>]
128
129 Arguments
130 • NAME
131
132 The name of the trusted signer to add. If NAME already exists in the
133 configuration, the signature is appended.
134
135 • PACKAGE
136
137 The given PACKAGE should be a local path to the signed .nupkg file.
138
139 Options:
140 • --allow-untrusted-root
141
142 Specifies if the certificate for the trusted signer should be allowed
143 to chain to an untrusted root. This is not recommended.
144
145 • --configfile <FILE>
146
147 The NuGet configuration file (nuget.config) to use. If specified,
148 only the settings from this file will be used. If not specified, the
149 hierarchy of configuration files from the current directory will be
150 used. For more information, see Common NuGet Configurations.
151
152 • -?|-h|--help
153
154 Prints out a description of how to use the command.
155
156 • -v|--verbosity <LEVEL>
157
158 Sets the verbosity level of the command. Allowed values are q[uiet],
159 m[inimal], n[ormal], d[etailed], and diag[nostic]. The default is
160 minimal. For more information, see <xref:Microsoft.Build.Frame‐
161 work.LoggerVerbosity>.
162
163 repository
164 Adds a trusted signer with the given name, based on the repository sig‐
165 nature or countersignature of a signed package.
166
168 dotnet nuget trust repository <NAME> <PACKAGE> [--allow-untrusted-root] [--configfile <PATH>] [-h|--help] [--owners <LIST>] [-v, --verbosity <LEVEL>]
169
170 Arguments
171 • NAME
172
173 The name of the trusted signer to add. If NAME already exists in the
174 configuration, the signature is appended.
175
176 • PACKAGE
177
178 The given PACKAGE should be a local path to the signed .nupkg file.
179
180 Options:
181 • --allow-untrusted-root
182
183 Specifies if the certificate for the trusted signer should be allowed
184 to chain to an untrusted root. This is not recommended.
185
186 • --configfile <FILE>
187
188 The NuGet configuration file (nuget.config) to use. If specified,
189 only the settings from this file will be used. If not specified, the
190 hierarchy of configuration files from the current directory will be
191 used. For more information, see Common NuGet Configurations.
192
193 • -?|-h|--help
194
195 Prints out a description of how to use the command.
196
197 • --owners <LIST>
198
199 Semicolon-separated list of trusted owners to further restrict the
200 trust of a repository.
201
202 • -v|--verbosity <LEVEL>
203
204 Sets the verbosity level of the command. Allowed values are q[uiet],
205 m[inimal], n[ormal], d[etailed], and diag[nostic]. The default is
206 minimal. For more information, see <xref:Microsoft.Build.Frame‐
207 work.LoggerVerbosity>.
208
209 certificate
210 Adds a trusted signer with the given name, based on a certificate fin‐
211 gerprint.
212
214 dotnet nuget trust certificate <NAME> <FINGERPRINT> [--algorithm <ALGORITHM>] [--allow-untrusted-root] [--configfile <PATH>] [-h|--help] [-v, --verbosity <LEVEL>]
215
216 Arguments
217 • NAME
218
219 The name of the trusted signer to add. If a trusted signer with the
220 given name already exists, the certificate item is added to that
221 signer. Otherwise a trusted author is created with a certificate
222 item from the given certificate information.
223
224 • FINGERPRINT
225
226 The fingerprint of the certificate.
227
228 Options:
229 • --algorithm <ALGORITHM>
230
231 Specifies the hash algorithm used to calculate the certificate fin‐
232 gerprint. Defaults to SHA256. Values supported are SHA256, SHA384
233 and SHA512.
234
235 • --allow-untrusted-root
236
237 Specifies if the certificate for the trusted signer should be allowed
238 to chain to an untrusted root. This is not recommended.
239
240 • --configfile <FILE>
241
242 The NuGet configuration file (nuget.config) to use. If specified,
243 only the settings from this file will be used. If not specified, the
244 hierarchy of configuration files from the current directory will be
245 used. For more information, see Common NuGet Configurations.
246
247 • -?|-h|--help
248
249 Prints out a description of how to use the command.
250
251 • -v|--verbosity <LEVEL>
252
253 Sets the verbosity level of the command. Allowed values are q[uiet],
254 m[inimal], n[ormal], d[etailed], and diag[nostic]. The default is
255 minimal. For more information, see <xref:Microsoft.Build.Frame‐
256 work.LoggerVerbosity>.
257
258 source
259 Adds a trusted signer based on a given package source.
260
262 dotnet nuget trust source <NAME> [--configfile <PATH>] [-h|--help] [--owners <LIST>] [--source-url] [-v, --verbosity <LEVEL>]
263
264 Arguments
265 • NAME
266
267 The name of the trusted signer to add. If only <NAME> is provided
268 without --<source-url>, the package source from your NuGet configura‐
269 tion files with the same name is added to the trusted list. If
270 <NAME> already exists in the configuration, the package source is ap‐
271 pended to it.
272
273 Options:
274 • --configfile <FILE>
275
276 The NuGet configuration file (nuget.config) to use. If specified,
277 only the settings from this file will be used. If not specified, the
278 hierarchy of configuration files from the current directory will be
279 used. For more information, see Common NuGet Configurations.
280
281 • -?|-h|--help
282
283 Prints out a description of how to use the command.
284
285 • --owners <LIST>
286
287 Semicolon-separated list of trusted owners to further restrict the
288 trust of a repository.
289
290 • --source-url
291
292 If a source-url is provided, it must be a v3 package source URL (like
293 https://api.nuget.org/v3/index.json). Other package source types are
294 not supported.
295
296 • -v|--verbosity <LEVEL>
297
298 Sets the verbosity level of the command. Allowed values are q[uiet],
299 m[inimal], n[ormal], d[etailed], and diag[nostic]. The default is
300 minimal. For more information, see <xref:Microsoft.Build.Frame‐
301 work.LoggerVerbosity>.
302
304 • List trusted signers:
305
306 dotnet nuget trust list
307
308 • Trust source NuGet in specified nuget.config file:
309
310 dotnet nuget trust source NuGet --configfile ..\nuget.config
311
312 • Trust an author from signed nupkg package file foo.nupkg:
313
314 dotnet nuget trust author PackageAuthor .\foo.nupkg
315
316 • Trust a repository from signed nupkg package file foo.nupkg:
317
318 dotnet nuget trust repository PackageRepository .\foo.nupkg
319
320 • Trust a package signing certificate using its SHA256 fingerprint:
321
322 dotnet nuget trust certificate MyCert F99EC8CDCE5642B380296A19E22FA8EB3AEF1C70079541A2B3D6E4A93F5E1AFD --algorithm SHA256
323
324 • Trust owners Nuget and Microsoft from the repository
325 https://api.nuget.org/v3/index.json:
326
327 dotnet nuget trust source NuGetTrust https://api.nuget.org/v3/index.json --owners "Nuget;Microsoft"
328
329 • Remove trusted signer named NuGet from specified nuget.config file:
330
331 dotnet nuget trust remove NuGet --configfile ..\nuget.config
332
333
334
335 (1)