search

dotnet / dotnet-docker

Docker images for .NET and the .NET Tools.
https://hub.docker.com/_/microsoft-dotnet
MIT License
4.49k stars 1.94k forks source link

error NU1301: Unable to load the service index for source Failed to restore (in 6.21 sec). #6046

Open UriZafrir opened 3 days ago

UriZafrir commented 3 days ago

Describe the bug

in on prem Azure Devops, using azure artifacts, i try to run dotnet restore in a docker container. It results in the error below. When running on the linux hosting the container, it works. Image

error NU1301: Unable to load the service index for source 
  Failed to restore  (in 6.21 sec).

The error:

root@d553c5d80b84:/src/Common# dotnet add package curl
  Determining projects to restore...
  Writing /tmp/tmpXB2IXF.tmp
info : X.509 certificate chain validation will use the fallback certificate bundle at '/usr/share/dotnet/sdk/8.0.403/trustedroots/codesignctl.pem'.
info : X.509 certificate chain validation will use the fallback certificate bundle at '/usr/share/dotnet/sdk/8.0.403/trustedroots/timestampctl.pem'.
info : Adding PackageReference for package 'curl' into project '/src/Common/Common.csproj'.
error: Unable to load the service index for source https://<url>/<etc>/_packaging/feed/nuget/v3/index.json.
error:   The SSL connection could not be established, see inner exception.
error:   The remote certificate is invalid because of errors in the certificate chain: PartialChain

I've tried supplying the credentials in two ways, one is using commands, the other using a nuget.config file. both fail:

dotnet nuget add source -name feed dotnet nuget update source tekes-feed --valid-authentication-types basic --username "feed" --password xxxxx --store-password-in-clear-text dotnet nuget list source

 dotnet nuget list source
Registered Sources:
  1.  <feed>-feed [Enabled]
      <url>/feed/nuget/v3/index.json
<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <packageSources>
    <clear />
    <add key="feed" value="<url>/feed/nuget/v3/index.json" />
  </packageSources>
  <packageSourceCredentials>
    <tekes-feed>
      <add key="Username" value="feed" />
      <add key="ClearTextPassword" value="xxxxxxxxxxxx" />
    </tekes-feed>
  </packageSourceCredentials>
</configuration>

I would appreciate any assistance.

Which .NET image(s) are you using?

mcr.microsoft.com/dotnet/sdk:8.0

Steps to reproduce

FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build ARG BUILD_CONFIGURATION=Release

WORKDIR /src COPY ["Common/", "Common/"]

RUN dotnet nuget add source /nuget/v3/index.json --name tekes-feed RUN dotnet nuget update source tekes-feed --valid-authentication-types basic --username "-feed" --password xxx --store-password-in-clear-text RUN dotnet nuget list source RUN dotnet restore "./Common/Common.csproj"

Other information

No response

Output of docker version

docker version
Client:
 Version:           25.0.5
 API version:       1.44
 Go version:        go1.22.5
 Git commit:        5dc9bcc
 Built:             Wed Aug 21 00:00:00 2024
 OS/Arch:           linux/amd64
 Context:           default

Server:
 Engine:
  Version:          25.0.6
  API version:      1.44 (minimum version 1.24)
  Go version:       go1.22.5
  Git commit:       b08a51f
  Built:            Wed Aug 21 00:00:00 2024
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.7.22
  GitCommit:        7f7fdf5fed64eb6a7caf99b3e12efcf9d60e311c
 runc:
  Version:          1.1.14
  GitCommit:        2c9f5602f0ba3d9da1c2596322dfc4e156844890
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

Output of docker info

docker info
Client:
 Version:    25.0.5
 Context:    default
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc.)
    Version:  v0.0.0+unknown
    Path:     /usr/libexec/docker/cli-plugins/docker-buildx

Server:
 Containers: 81
  Running: 0
  Paused: 0
  Stopped: 81
 Images: 123
 Server Version: 25.0.6
 Storage Driver: overlay2
  Backing Filesystem: xfs
  Supports d_type: true
  Using metacopy: false
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: systemd
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 7f7fdf5fed64eb6a7caf99b3e12efcf9d60e311c
 runc version: 2c9f5602f0ba3d9da1c2596322dfc4e156844890
 init version: de40ad0
 Security Options:
  seccomp
   Profile: builtin
  cgroupns
 Kernel Version: 6.1.112-122.189.amzn2023.x86_64
 Operating System: Amazon Linux 2023.6.20241010
 OSType: linux
 Architecture: x86_64
 CPUs: 2
 Total Memory: 7.629GiB
 Name: ip-10-18-8-203.il-central-1.compute.internal
 ID: f06a87e8-e7bb-4174-b68a-40dcbfa93d67
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false
lbussell commented 2 days ago

Hi @UriZafrir, since you're using Azure Artifacts, can you try using the Azure Artifact Credential Provider? We have some documentation on enabling that scenario in .NET containers here: https://github.com/dotnet/dotnet-docker/blob/main/documentation/scenarios/nuget-credentials.md#using-the-azure-artifact-credential-provider. The document also includes some troubleshooting steps.

UriZafrir commented 1 day ago

Hi thanks for the response. Using it I get exactly the same error:. What can be done?

NuGet Config files used:
/src/Common/nuget.config

Feeds used:
<url>feed/nuget/v3/index.json
Done executing task "RestoreTask" -- FAILED.
Done building target "Restore" in project ".Common.csproj" -- FAILED.
Done Building Project "/src/Common/Common.csproj" (Restore target(s)) -- FAILED.

Build FAILED.

"/src/.Common/.Common.csproj" (Restore target) (1) ->
(Restore target) -> 
/src/.Common/.Common.csproj : error NU1301: Unable to load the service index for source <url>-feed/nuget/v3/index.json.
/src/.Common/.Common.csproj : error NU1301:   The SSL connection could not be established, see inner exception.
/src/.Common/.Common.csproj : error NU1301:   The remote certificate is invalid because of errors in the certificate chain: PartialChain

FROM <account>.dkr.ecr.il-central-1.amazonaws.com/dotnet/sdk:9.0 AS build
ARG BUILD_CONFIGURATION=Release

RUN echo "Build configuration is set to $BUILD_CONFIGURATION"
RUN ls

WORKDIR /src
COPY ["Common/", "Common/"]

RUN cat Common/nuget.config
ENV VSS_NUGET_EXTERNAL_FEED_ENDPOINTS="{\"endpointCredentials\": [{\"endpoint\":\"<url>-feed/nuget/v3/index.json\", \"username\":\"feed\", \"password\":\"xxxxxx\"}]}"

RUN dotnet restore --configfile Common/nuget.config "./Common/Common.csproj" --verbosity detailed