dotnet-nuget-trust(1)

1(1)                                  .NET                                  (1)
2
3
4

dotnet nuget trust

6       This article applies to: ✔️ .NET 5.0.300 SDK and later versions
7

NAME

9       dotnet nuget trust - Gets or sets trusted signers to the NuGet configu‐
10       ration.
11

SYNOPSIS

13              dotnet nuget trust [command] [Options]
14
15              dotnet nuget trust -h|--help
16

DESCRIPTION

18       The dotnet nuget trust command manages the  trusted  signers.   By  de‐
19       fault,  NuGet accepts all authors and repositories.  These commands al‐
20       low you to specify only a specific subset of signers  whose  signatures
21       will  be  accepted,  while rejecting all others.  For more information,
22       see Common NuGet configurations.  For details on what the  nuget.config
23       schema looks like, refer to the NuGet config file reference.
24

OPTIONS

26       • -?|-h|--help
27
28         Prints out a description of how to use the command.
29
30   Commands
31       If no command is specified, the command will default to list.
32
33   list
34       Lists  all  the trusted signers in the configuration.  This option will
35       include all the certificates (with fingerprint  and  fingerprint  algo‐
36       rithm) each signer has.  If a certificate has a preceding [U], it means
37       that certificate entry has allowUntrustedRoot set as true.
38
39   Synopsis:
40              dotnet nuget trust list [--configfile <PATH>] [-h|--help] [-v, --verbosity <LEVEL>]
41
42   Options:
43       • --configfile <FILE>
44
45         The NuGet configuration file (nuget.config) to  use.   If  specified,
46         only the settings from this file will be used.  If not specified, the
47         hierarchy of configuration files from the current directory  will  be
48         used.  For more information, see Common NuGet Configurations.
49
50       • -?|-h|--help
51
52         Prints out a description of how to use the command.
53
54       • -v|--verbosity <LEVEL>
55
56         Sets the verbosity level of the command.  Allowed values are q[uiet],
57         m[inimal], n[ormal], d[etailed], and diag[nostic].   The  default  is
58         minimal.   For  more  information,  see  <xref:Microsoft.Build.Frame‐
59         work.LoggerVerbosity>.
60
61   sync
62       Deletes the current list of certificates and replaces them with an  up-
63       to-date list from the repository.
64

SYNOPSIS

66              dotnet nuget trust sync <NAME> [--configfile <PATH>] [-h|--help] [-v, --verbosity <LEVEL>]
67
68   Arguments
69       • NAME
70
71         The name of the existing trusted signer to sync.
72
73   Options:
74       • --configfile <FILE>
75
76         The  NuGet  configuration  file (nuget.config) to use.  If specified,
77         only the settings from this file will be used.  If not specified, the
78         hierarchy  of  configuration files from the current directory will be
79         used.  For more information, see Common NuGet Configurations.
80
81       • -?|-h|--help
82
83         Prints out a description of how to use the command.
84
85       • -v|--verbosity <LEVEL>
86
87         Sets the verbosity level of the command.  Allowed values are q[uiet],
88         m[inimal],  n[ormal],  d[etailed],  and diag[nostic].  The default is
89         minimal.   For  more  information,  see  <xref:Microsoft.Build.Frame‐
90         work.LoggerVerbosity>.
91
92   remove
93       Removes any trusted signers that match the given name.
94

SYNOPSIS

96              dotnet nuget trust remove <NAME> [--configfile <PATH>] [-h|--help] [-v, --verbosity <LEVEL>]
97
98   Arguments
99       • NAME
100
101         The name of the existing trusted signer to remove.
102
103   Options:
104       • --configfile <FILE>
105
106         The  NuGet  configuration  file (nuget.config) to use.  If specified,
107         only the settings from this file will be used.  If not specified, the
108         hierarchy  of  configuration files from the current directory will be
109         used.  For more information, see Common NuGet Configurations.
110
111       • -?|-h|--help
112
113         Prints out a description of how to use the command.
114
115       • -v|--verbosity <LEVEL>
116
117         Sets the verbosity level of the command.  Allowed values are q[uiet],
118         m[inimal],  n[ormal],  d[etailed],  and diag[nostic].  The default is
119         minimal.   For  more  information,  see  <xref:Microsoft.Build.Frame‐
120         work.LoggerVerbosity>.
121
122   author
123       Adds  a  trusted signer with the given name, based on the author signa‐
124       ture of the package.
125

SYNOPSIS

127              dotnet nuget trust author <NAME> <PACKAGE> [--allow-untrusted-root] [--configfile <PATH>] [-h|--help] [-v, --verbosity <LEVEL>]
128
129   Arguments
130       • NAME
131
132         The name of the trusted signer to add.  If NAME already exists in the
133         configuration, the signature is appended.
134
135       • PACKAGE
136
137         The given PACKAGE should be a local path to the signed .nupkg file.
138
139   Options:
140       • --allow-untrusted-root
141
142         Specifies if the certificate for the trusted signer should be allowed
143         to chain to an untrusted root.  This is not recommended.
144
145       • --configfile <FILE>
146
147         The NuGet configuration file (nuget.config) to  use.   If  specified,
148         only the settings from this file will be used.  If not specified, the
149         hierarchy of configuration files from the current directory  will  be
150         used.  For more information, see Common NuGet Configurations.
151
152       • -?|-h|--help
153
154         Prints out a description of how to use the command.
155
156       • -v|--verbosity <LEVEL>
157
158         Sets the verbosity level of the command.  Allowed values are q[uiet],
159         m[inimal], n[ormal], d[etailed], and diag[nostic].   The  default  is
160         minimal.   For  more  information,  see  <xref:Microsoft.Build.Frame‐
161         work.LoggerVerbosity>.
162
163   repository
164       Adds a trusted signer with the given name, based on the repository sig‐
165       nature or countersignature of a signed package.
166

SYNOPSIS

168              dotnet nuget trust repository <NAME> <PACKAGE> [--allow-untrusted-root] [--configfile <PATH>] [-h|--help] [--owners <LIST>] [-v, --verbosity <LEVEL>]
169
170   Arguments
171       • NAME
172
173         The name of the trusted signer to add.  If NAME already exists in the
174         configuration, the signature is appended.
175
176       • PACKAGE
177
178         The given PACKAGE should be a local path to the signed .nupkg file.
179
180   Options:
181       • --allow-untrusted-root
182
183         Specifies if the certificate for the trusted signer should be allowed
184         to chain to an untrusted root.  This is not recommended.
185
186       • --configfile <FILE>
187
188         The  NuGet  configuration  file (nuget.config) to use.  If specified,
189         only the settings from this file will be used.  If not specified, the
190         hierarchy  of  configuration files from the current directory will be
191         used.  For more information, see Common NuGet Configurations.
192
193       • -?|-h|--help
194
195         Prints out a description of how to use the command.
196
197       • --owners <LIST>
198
199         Semicolon-separated list of trusted owners to  further  restrict  the
200         trust of a repository.
201
202       • -v|--verbosity <LEVEL>
203
204         Sets the verbosity level of the command.  Allowed values are q[uiet],
205         m[inimal], n[ormal], d[etailed], and diag[nostic].   The  default  is
206         minimal.   For  more  information,  see  <xref:Microsoft.Build.Frame‐
207         work.LoggerVerbosity>.
208
209   certificate
210       Adds a trusted signer with the given name, based on a certificate  fin‐
211       gerprint.
212

SYNOPSIS

214              dotnet nuget trust certificate <NAME> <FINGERPRINT> [--algorithm <ALGORITHM>] [--allow-untrusted-root] [--configfile <PATH>] [-h|--help] [-v, --verbosity <LEVEL>]
215
216   Arguments
217       • NAME
218
219         The  name of the trusted signer to add.  If a trusted signer with the
220         given name already exists, the certificate  item  is  added  to  that
221         signer.   Otherwise  a  trusted  author is created with a certificate
222         item from the given certificate information.
223
224       • FINGERPRINT
225
226         The fingerprint of the certificate.
227
228   Options:
229       • --algorithm <ALGORITHM>
230
231         Specifies the hash algorithm used to calculate the  certificate  fin‐
232         gerprint.   Defaults  to SHA256.  Values supported are SHA256, SHA384
233         and SHA512.
234
235       • --allow-untrusted-root
236
237         Specifies if the certificate for the trusted signer should be allowed
238         to chain to an untrusted root.  This is not recommended.
239
240       • --configfile <FILE>
241
242         The  NuGet  configuration  file (nuget.config) to use.  If specified,
243         only the settings from this file will be used.  If not specified, the
244         hierarchy  of  configuration files from the current directory will be
245         used.  For more information, see Common NuGet Configurations.
246
247       • -?|-h|--help
248
249         Prints out a description of how to use the command.
250
251       • -v|--verbosity <LEVEL>
252
253         Sets the verbosity level of the command.  Allowed values are q[uiet],
254         m[inimal],  n[ormal],  d[etailed],  and diag[nostic].  The default is
255         minimal.   For  more  information,  see  <xref:Microsoft.Build.Frame‐
256         work.LoggerVerbosity>.
257
258   source
259       Adds a trusted signer based on a given package source.
260

SYNOPSIS

262              dotnet nuget trust source <NAME> [--configfile <PATH>] [-h|--help] [--owners <LIST>] [--source-url] [-v, --verbosity <LEVEL>]
263
264   Arguments
265       • NAME
266
267         The  name  of  the trusted signer to add.  If only <NAME> is provided
268         without --<source-url>, the package source from your NuGet configura‐
269         tion  files  with  the  same  name  is added to the trusted list.  If
270         <NAME> already exists in the configuration, the package source is ap‐
271         pended to it.
272
273   Options:
274       • --configfile <FILE>
275
276         The  NuGet  configuration  file (nuget.config) to use.  If specified,
277         only the settings from this file will be used.  If not specified, the
278         hierarchy  of  configuration files from the current directory will be
279         used.  For more information, see Common NuGet Configurations.
280
281       • -?|-h|--help
282
283         Prints out a description of how to use the command.
284
285       • --owners <LIST>
286
287         Semicolon-separated list of trusted owners to  further  restrict  the
288         trust of a repository.
289
290       • --source-url
291
292         If a source-url is provided, it must be a v3 package source URL (like
293         https://api.nuget.org/v3/index.json).  Other package source types are
294         not supported.
295
296       • -v|--verbosity <LEVEL>
297
298         Sets the verbosity level of the command.  Allowed values are q[uiet],
299         m[inimal], n[ormal], d[etailed], and diag[nostic].   The  default  is
300         minimal.   For  more  information,  see  <xref:Microsoft.Build.Frame‐
301         work.LoggerVerbosity>.
302

EXAMPLES

304       • List trusted signers:
305
306                dotnet nuget trust list
307
308       • Trust source NuGet in specified nuget.config file:
309
310                dotnet nuget trust source NuGet --configfile ..\nuget.config
311
312       • Trust an author from signed nupkg package file foo.nupkg:
313
314                dotnet nuget trust author PackageAuthor .\foo.nupkg
315
316       • Trust a repository from signed nupkg package file foo.nupkg:
317
318                dotnet nuget trust repository PackageRepository .\foo.nupkg
319
320       • Trust a package signing certificate using its SHA256 fingerprint:
321
322                  dotnet nuget trust certificate MyCert  F99EC8CDCE5642B380296A19E22FA8EB3AEF1C70079541A2B3D6E4A93F5E1AFD --algorithm SHA256
323
324       • Trust   owners   Nuget   and   Microsoft    from    the    repository
325         https://api.nuget.org/v3/index.json:
326
327                  dotnet nuget trust source NuGetTrust https://api.nuget.org/v3/index.json --owners "Nuget;Microsoft"
328
329       • Remove trusted signer named NuGet from specified nuget.config file:
330
331                  dotnet nuget trust remove NuGet --configfile ..\nuget.config
332
333
334
335                                                                           (1)