Fails to installs : Using AzureSignTool to sign files with Azure DevOps

[cadology]

I'm trying to install AzureSignTool in my pipeline in Azure DevOps. I'm using the following YAML to install

steps:

• task: DotNetCoreCLI@2 displayName: 'Install AzureSignTool' inputs: command: custom custom: tool arguments: 'install --global azuresigntool --version 3.0.0'

I get...

_The tool package could not be restored. Tool 'azuresigntool' failed to install. This failure may have been caused by:

• You are attempting to install a preview release and did not use the --version option to specify the version.
• A package by this name was found, but it was not a .NET tool.
• The required NuGet feed cannot be accessed, perhaps because of an Internet connection problem.
• You mistyped the name of the tool._

My code uses a package from one of my other products stored as a package in Artifacts in another DevOps project and when trying to install AzureSignTool, I see this message in the output..

C:\Users\VssAdministrator\AppData\Local\Temp\ke50zurg.yof\restore.csproj : error NU1301: Unable to load the service index for source https://fpassistant.pkgs.visualstudio.com/_packaging/FPAssistantSCL/nuget/v3/index.json.

At this stage, I'm just trying to install AzureSignTool so I can't understand why this NU1301 message is coming from!!

Any thoughts please?

Thanks

[conanthedev]

How are you providing the nuget.config for your project restore? Do you have a nuget.org source in there?

[cadology]

How are you providing the nuget.config for your project restore? Do you have a nuget.org source in there?

I'm not as I don't want my project to restore. Instead, I have added a .NET Core task to my devops pipeline with a custom Command to restore (YAML in message above). I can't use the project as the package is not compatible with my project target.

Thanks for replying...I'm going to try and give access from this DevOps project to my other so it can access the package in the Artifacts.

[conanthedev]

I was asking about the nuget sources, because if the nuget.org source was cleared, I don't think the global tool could be restored. Perhaps you could double-check with dotnet nuget list source to list the current sources before your install sign tool task.

Here's how i'm installing the package in my pipeline:

      - script: 'dotnet tool install AzureSignTool --version 3.0.0 --tool-path src/MyPath/'
        displayName: 'Install AzureSignTool'

[cadology]

Hi, I think the source are there as I get...

Registered Sources:

1. FPAssistantSCL [Enabled] https://fpassistant.pkgs.visualstudio.com/_packaging/FPAssistantSCL/nuget/v3/index.json
2. nuget.org [Enabled] https://api.nuget.org/v3/index.json

Hmmm, not sure what to try next

[conanthedev]

Maybe try to do this, before installing the sign tool: dotnet nuget disable source FPAssistantSCL

If one source fails authentication, restore will fail. Dumb question, but does the Build Service for that DevOps project has access to the FPAssistantSCL artifact feed?

[cadology]

Thanks for your suggestions, I have solved the problem now.

I had added a nuget.config to the repo and this was being used for the DevOps task but it did not have permission; whereas the other task that was using the nuget.config did have permission assigned.

All working good and my software certificate is being assigned both in Visual Studio and in Azure pipelines.