donnie-msft
commented
1 year ago @dtivel could you look at the Expected section here and confirm you'd expect the same output? Thanks
Closed v-luzh closed 3 months ago
donnie-msft
commented
1 year ago @dtivel could you look at the Expected section here and confirm you'd expect the same output? Thanks
dtivel
commented
1 year ago @v-luzh, I'm a bit confused. There is no cross-verify test that has your steps 4 and 5. Step 4 signs with a timestamp. Step 5 verifies that you got a warning because you didn't timestamp. It seems you're mixing up steps from different tests. Can you please review repro steps and correct as necessary?
Also, I couldn't install 7.0.104, but 7.0.103 or 7.0.2xx. This fails:
dotnet-install.ps1 -InstallDir .\dotnet7.0 -Version 7.0.104If you are patching .NET SDK with NuGet assemblies, please send me precise repro steps.
Also, step 10 is confusing. Should I expect success or failure? The step says both.
When I try to repro this as best as I can (with above issues), I consistently get PackageSignatureVerificationLog
v-luzh
commented
1 year ago Hi @dtivel, sorry about the step4 and step5, I have updated the steps.
For the installation, we followed the pre-testing steps and got the '7.0.104' in the path: "...\dotnet\sdk" on Feb.24th.
For the step10, it should be succeed as the case said below.
Note: The bug is saying that: we will not get the line: "b. PackageSignatureVerificationLog..." after restoring (step12), instead of step 10.
erdembayar
commented
1 year ago @dtivel Is this issue under your radar?
dtivel
commented
1 year ago Yes, it's low priority for me. This looks like an occasional inconsistency under detailed logging for a particular log message with no significant user impact.
ghost
commented
1 year ago This issue has been automatically marked as stale because we have not received a response in 14 days. It will be closed if no further activity occurs within another 14 days of this comment.
v-luzh
commented
1 year ago Still repro on .NET SDK Version: 7.0.107.
nkolev92
commented
1 year ago Team Triage: Given the low user impact, assigning this to P3.
CiciLi1
commented
3 months ago This issue is fixed on .NET SDK 8.0.400-rtm.24367.3. I will close this bug soon.
NuGet Product Used
dotnet.exe
Product Version
.NET SDK 7.0.104
Worked before?
No response
Impact
It bothers me. A fix would be nice
Repro Steps & Context
Repro Steps:
.\dotnet\dotnet.exe run --project .\Entropy\MakeTestCert\MakeTestCert.csproj --framework net7.0 -- -nb "<NotBefore>" -na "<NotAfter>".\dotnet\dotnet.exe run --project .\Entropy\TrustTestCert\TrustTestCert.csproj --framework net7.0 -- add -c <CertificateFilePath>.\dotnet\dotnet.exe nuget sign .\<PackageId>\bin\Debug\<PackageId>.1.0.0.nupkg --overwrite --certificate-path <PfxFilePath> --timestamper http://timestamp.digicert.com/mkdir .\test && pushd .\test && ..\dotnet\dotnet.exe new console && copy ..\NuGet.config.template .\NuGet.configrd /s /q .\obj && ..\dotnet\dotnet.exe nuget locals --clear all..\dotnet\dotnet.exe add package <PackageId> --version 1.0.0..\dotnet\dotnet.exe restore -v detailedExpected:
Where is the test package ID, verify that the previous step succeeded with following messages in the restore output.
On Windows:
a. X.509 certificate chain validation will use the default trust store selected by .NET.
b. PackageSignatureVerificationLog: PackageIdentity: .1.0.0 Source: E:\testpass\\bin\Debug PackageSignatureValidity: True
c. Build succeeded.
0 Warning(s)
0 Error(s)
Actual:
The “PackageSignatureVerificationLog” line lost as the attached restore log. NoPackageSignatureVerificationLog.txt
Notes: