dotnet-nuget-trust(1)

1dotnet-nuget-trust(1)         .NET Documentation         dotnet-nuget-trust(1)
2
3
4

dotnet nuget trust

6       This article applies to: ✔️ .NET 5.0.300 SDK and later versions
7

NAME

9       dotnet-nuget-trust - Gets or sets trusted signers to the NuGet configu‐
10       ration.
11

SYNOPSIS

13              dotnet nuget trust [command] [Options]
14
15              dotnet nuget trust -h|--help
16

DESCRIPTION

18       The dotnet nuget trust command manages the  trusted  signers.   By  de‐
19       fault,  NuGet accepts all authors and repositories.  These commands al‐
20       low you to specify only a specific subset of signers  whose  signatures
21       will  be  accepted,  while rejecting all others.  For more information,
22       see Common NuGet configurations.  For details on what the  nuget.config
23       schema looks like, refer to the NuGet config file reference.
24
25              This command requires a certificate root store that is valid for
26              both code signing and timestamping.  See  NuGet  signed  package
27              verification for details.
28

OPTIONS

30       • -?|-h|--help
31
32         Prints out a description of how to use the command.
33
34   Commands
35       If no command is specified, the command will default to list.
36
37   list
38       Lists  all  the trusted signers in the configuration.  This option will
39       include all the certificates (with fingerprint  and  fingerprint  algo‐
40       rithm) each signer has.  If a certificate has a preceding [U], it means
41       that certificate entry has allowUntrustedRoot set as true.
42
43   Synopsis:
44              dotnet nuget trust list [--configfile <PATH>] [-h|--help] [-v, --verbosity <LEVEL>]
45
46   Options:
47       • --configfile <FILE>
48
49         The NuGet configuration file (nuget.config) to  use.   If  specified,
50         only the settings from this file will be used.  If not specified, the
51         hierarchy of configuration files from the current directory  will  be
52         used.  For more information, see Common NuGet Configurations.
53
54       • -?|-h|--help
55
56         Prints out a description of how to use the command.
57
58       • -v|--verbosity <LEVEL>
59
60         Sets the verbosity level of the command.  Allowed values are q[uiet],
61         m[inimal], n[ormal], d[etailed], and diag[nostic].   The  default  is
62         minimal.   For  more  information,  see  <xref:Microsoft.Build.Frame‐
63         work.LoggerVerbosity>.
64
65   sync
66       Deletes the current list of certificates and replaces them with an  up-
67       to-date list from the repository.
68

SYNOPSIS

70              dotnet nuget trust sync <NAME> [--configfile <PATH>] [-h|--help] [-v, --verbosity <LEVEL>]
71

ARGUMENTS

73       • NAME
74
75         The name of the existing trusted signer to sync.
76
77   Options:
78       • --configfile <FILE>
79
80         The  NuGet  configuration  file (nuget.config) to use.  If specified,
81         only the settings from this file will be used.  If not specified, the
82         hierarchy  of  configuration files from the current directory will be
83         used.  For more information, see Common NuGet Configurations.
84
85       • -?|-h|--help
86
87         Prints out a description of how to use the command.
88
89       • -v|--verbosity <LEVEL>
90
91         Sets the verbosity level of the command.  Allowed values are q[uiet],
92         m[inimal],  n[ormal],  d[etailed],  and diag[nostic].  The default is
93         minimal.   For  more  information,  see  <xref:Microsoft.Build.Frame‐
94         work.LoggerVerbosity>.
95
96   remove
97       Removes any trusted signers that match the given name.
98

SYNOPSIS

100              dotnet nuget trust remove <NAME> [--configfile <PATH>] [-h|--help] [-v, --verbosity <LEVEL>]
101

ARGUMENTS

103       • NAME
104
105         The name of the existing trusted signer to remove.
106
107   Options:
108       • --configfile <FILE>
109
110         The  NuGet  configuration  file (nuget.config) to use.  If specified,
111         only the settings from this file will be used.  If not specified, the
112         hierarchy  of  configuration files from the current directory will be
113         used.  For more information, see Common NuGet Configurations.
114
115       • -?|-h|--help
116
117         Prints out a description of how to use the command.
118
119       • -v|--verbosity <LEVEL>
120
121         Sets the verbosity level of the command.  Allowed values are q[uiet],
122         m[inimal],  n[ormal],  d[etailed],  and diag[nostic].  The default is
123         minimal.   For  more  information,  see  <xref:Microsoft.Build.Frame‐
124         work.LoggerVerbosity>.
125
126   author
127       Adds  a  trusted signer with the given name, based on the author signa‐
128       ture of the package.
129

SYNOPSIS

131              dotnet nuget trust author <NAME> <PACKAGE> [--allow-untrusted-root] [--configfile <PATH>] [-h|--help] [-v, --verbosity <LEVEL>]
132

ARGUMENTS

134       • NAME
135
136         The name of the trusted signer to add.  If NAME already exists in the
137         configuration, the signature is appended.
138
139       • PACKAGE
140
141         The given PACKAGE should be a local path to the signed .nupkg file.
142
143   Options:
144       • --allow-untrusted-root
145
146         Specifies if the certificate for the trusted signer should be allowed
147         to chain to an untrusted root.  This is not recommended.
148
149       • --configfile <FILE>
150
151         The NuGet configuration file (nuget.config) to  use.   If  specified,
152         only the settings from this file will be used.  If not specified, the
153         hierarchy of configuration files from the current directory  will  be
154         used.  For more information, see Common NuGet Configurations.
155
156       • -?|-h|--help
157
158         Prints out a description of how to use the command.
159
160       • -v|--verbosity <LEVEL>
161
162         Sets the verbosity level of the command.  Allowed values are q[uiet],
163         m[inimal], n[ormal], d[etailed], and diag[nostic].   The  default  is
164         minimal.   For  more  information,  see  <xref:Microsoft.Build.Frame‐
165         work.LoggerVerbosity>.
166
167   repository
168       Adds a trusted signer with the given name, based on the repository sig‐
169       nature or countersignature of a signed package.
170

SYNOPSIS

172              dotnet nuget trust repository <NAME> <PACKAGE> [--allow-untrusted-root] [--configfile <PATH>] [-h|--help] [--owners <LIST>] [-v, --verbosity <LEVEL>]
173

ARGUMENTS

175       • NAME
176
177         The name of the trusted signer to add.  If NAME already exists in the
178         configuration, the signature is appended.
179
180       • PACKAGE
181
182         The given PACKAGE should be a local path to the signed .nupkg file.
183
184   Options:
185       • --allow-untrusted-root
186
187         Specifies if the certificate for the trusted signer should be allowed
188         to chain to an untrusted root.  This is not recommended.
189
190       • --configfile <FILE>
191
192         The  NuGet  configuration  file (nuget.config) to use.  If specified,
193         only the settings from this file will be used.  If not specified, the
194         hierarchy  of  configuration files from the current directory will be
195         used.  For more information, see Common NuGet Configurations.
196
197       • -?|-h|--help
198
199         Prints out a description of how to use the command.
200
201       • --owners <LIST>
202
203         Semicolon-separated list of trusted owners to  further  restrict  the
204         trust of a repository.
205
206       • -v|--verbosity <LEVEL>
207
208         Sets the verbosity level of the command.  Allowed values are q[uiet],
209         m[inimal], n[ormal], d[etailed], and diag[nostic].   The  default  is
210         minimal.   For  more  information,  see  <xref:Microsoft.Build.Frame‐
211         work.LoggerVerbosity>.
212
213   certificate
214       Adds a trusted signer with the given name, based on a certificate  fin‐
215       gerprint.
216

SYNOPSIS

218              dotnet nuget trust certificate <NAME> <FINGERPRINT> [--algorithm <ALGORITHM>] [--allow-untrusted-root] [--configfile <PATH>] [-h|--help] [-v, --verbosity <LEVEL>]
219

ARGUMENTS

221       • NAME
222
223         The  name of the trusted signer to add.  If a trusted signer with the
224         given name already exists, the certificate  item  is  added  to  that
225         signer.   Otherwise  a  trusted  author is created with a certificate
226         item from the given certificate information.
227
228       • FINGERPRINT
229
230         The fingerprint of the certificate.
231
232   Options:
233       • --algorithm <ALGORITHM>
234
235         Specifies the hash algorithm used to calculate the  certificate  fin‐
236         gerprint.   Defaults  to SHA256.  Values supported are SHA256, SHA384
237         and SHA512.
238
239       • --allow-untrusted-root
240
241         Specifies if the certificate for the trusted signer should be allowed
242         to chain to an untrusted root.  This is not recommended.
243
244       • --configfile <FILE>
245
246         The  NuGet  configuration  file (nuget.config) to use.  If specified,
247         only the settings from this file will be used.  If not specified, the
248         hierarchy  of  configuration files from the current directory will be
249         used.  For more information, see Common NuGet Configurations.
250
251       • -?|-h|--help
252
253         Prints out a description of how to use the command.
254
255       • -v|--verbosity <LEVEL>
256
257         Sets the verbosity level of the command.  Allowed values are q[uiet],
258         m[inimal],  n[ormal],  d[etailed],  and diag[nostic].  The default is
259         minimal.   For  more  information,  see  <xref:Microsoft.Build.Frame‐
260         work.LoggerVerbosity>.
261
262   source
263       Adds a trusted signer based on a given package source.
264

SYNOPSIS

266              dotnet nuget trust source <NAME> [--configfile <PATH>] [-h|--help] [--owners <LIST>] [--source-url] [-v, --verbosity <LEVEL>]
267

ARGUMENTS

269       • NAME
270
271         The  name  of  the trusted signer to add.  If only <NAME> is provided
272         without --<source-url>, the package source from your NuGet configura‐
273         tion  files  with  the  same  name  is added to the trusted list.  If
274         <NAME> already exists in the configuration, the package source is ap‐
275         pended to it.
276
277   Options:
278       • --configfile <FILE>
279
280         The  NuGet  configuration  file (nuget.config) to use.  If specified,
281         only the settings from this file will be used.  If not specified, the
282         hierarchy  of  configuration files from the current directory will be
283         used.  For more information, see Common NuGet Configurations.
284
285       • -?|-h|--help
286
287         Prints out a description of how to use the command.
288
289       • --owners <LIST>
290
291         Semicolon-separated list of trusted owners to  further  restrict  the
292         trust of a repository.
293
294       • --source-url
295
296         If a source-url is provided, it must be a v3 package source URL (like
297         https://api.nuget.org/v3/index.json).  Other package source types are
298         not supported.
299
300       • -v|--verbosity <LEVEL>
301
302         Sets the verbosity level of the command.  Allowed values are q[uiet],
303         m[inimal], n[ormal], d[etailed], and diag[nostic].   The  default  is
304         minimal.   For  more  information,  see  <xref:Microsoft.Build.Frame‐
305         work.LoggerVerbosity>.
306

EXAMPLES

308       • List trusted signers:
309
310                dotnet nuget trust list
311
312       • Trust source NuGet in specified nuget.config file:
313
314                dotnet nuget trust source NuGet --configfile ..\nuget.config
315
316       • Trust an author from signed nupkg package file foo.nupkg:
317
318                dotnet nuget trust author PackageAuthor .\foo.nupkg
319
320       • Trust a repository from signed nupkg package file foo.nupkg:
321
322                dotnet nuget trust repository PackageRepository .\foo.nupkg
323
324       • Trust a package signing certificate using its SHA256 fingerprint:
325
326                  dotnet nuget trust certificate MyCert  F99EC8CDCE5642B380296A19E22FA8EB3AEF1C70079541A2B3D6E4A93F5E1AFD --algorithm SHA256
327
328       • Trust   owners   Nuget   and   Microsoft    from    the    repository
329         https://api.nuget.org/v3/index.json:
330
331                  dotnet nuget trust source NuGetTrust --source-url https://api.nuget.org/v3/index.json --owners "Nuget;Microsoft"
332
333       • Remove trusted signer named NuGet from specified nuget.config file:
334
335                  dotnet nuget trust remove NuGet --configfile ..\nuget.config
336
337
338
339                                  2022-11-08             dotnet-nuget-trust(1)