Provided by: dotnet-host-8.0_8.0.11-0ubuntu1~22.04.1_amd64 bug

dotnet nuget trust

       This article applies to: ✔️ .NET 5.0.300 SDK and later versions

NAME

       dotnet-nuget-trust - Gets or sets trusted signers to the NuGet configuration.

SYNOPSIS

              dotnet nuget trust [command] [Options]

              dotnet nuget trust -h|--help

DESCRIPTION

       The dotnet nuget trust command manages the trusted signers.  By default, NuGet accepts all
       authors and repositories.  These commands allow you to specify only a specific  subset  of
       signers  whose  signatures  will  be  accepted,  while  rejecting  all  others.   For more
       information, see Common NuGet configurations.  For details on what the nuget.config schema
       looks like, refer to the NuGet config file reference.

              This  command requires a certificate root store that is valid for both code signing
              and timestamping.  Also, this command may not be supported on some combinations  of
              operating  system  and  .NET  SDK.   For more information, see NuGet signed package
              verification.

OPTIONS

-?|-h|--help

         Prints out a description of how to use the command.

   Commands
       If no command is specified, the command will default to list.

   list
       Lists all the trusted signers in the configuration.  This  option  will  include  all  the
       certificates  (with  fingerprint  and  fingerprint  algorithm)  each  signer  has.   If  a
       certificate has a preceding [U], it means that certificate  entry  has  allowUntrustedRoot
       set as true.

   Synopsis:
              dotnet nuget trust list [--configfile <PATH>] [-h|--help] [-v, --verbosity <LEVEL>]

   Options:--configfile <FILE>

         The  NuGet  configuration  file  (nuget.config) to use.  If specified, only the settings
         from this file will be used.  If not specified, the  hierarchy  of  configuration  files
         from  the  current  directory  will  be  used.   For  more information, see Common NuGet
         Configurations.

       • -?|-h|--help

         Prints out a description of how to use the command.

       • -v|--verbosity <LEVEL>

         Sets the verbosity level  of  the  command.   Allowed  values  are  q[uiet],  m[inimal],
         n[ormal],  d[etailed], and diag[nostic].  The default is minimal.  For more information,
         see <xref:Microsoft.Build.Framework.LoggerVerbosity>.

   sync
       Deletes the current list of certificates and replaces them with an  up-to-date  list  from
       the repository.

SYNOPSIS

              dotnet nuget trust sync <NAME> [--configfile <PATH>] [-h|--help] [-v, --verbosity <LEVEL>]

ARGUMENTS

NAME

         The name of the existing trusted signer to sync.

   Options:--configfile <FILE>

         The  NuGet  configuration  file  (nuget.config) to use.  If specified, only the settings
         from this file will be used.  If not specified, the  hierarchy  of  configuration  files
         from  the  current  directory  will  be  used.   For  more information, see Common NuGet
         Configurations.

       • -?|-h|--help

         Prints out a description of how to use the command.

       • -v|--verbosity <LEVEL>

         Sets the verbosity level  of  the  command.   Allowed  values  are  q[uiet],  m[inimal],
         n[ormal],  d[etailed], and diag[nostic].  The default is minimal.  For more information,
         see <xref:Microsoft.Build.Framework.LoggerVerbosity>.

   remove
       Removes any trusted signers that match the given name.

SYNOPSIS

              dotnet nuget trust remove <NAME> [--configfile <PATH>] [-h|--help] [-v, --verbosity <LEVEL>]

ARGUMENTS

NAME

         The name of the existing trusted signer to remove.

   Options:--configfile <FILE>

         The NuGet configuration file (nuget.config) to use.  If  specified,  only  the  settings
         from  this  file  will  be used.  If not specified, the hierarchy of configuration files
         from the current directory will  be  used.   For  more  information,  see  Common  NuGet
         Configurations.

       • -?|-h|--help

         Prints out a description of how to use the command.

       • -v|--verbosity <LEVEL>

         Sets  the  verbosity  level  of  the  command.   Allowed  values are q[uiet], m[inimal],
         n[ormal], d[etailed], and diag[nostic].  The default is minimal.  For more  information,
         see <xref:Microsoft.Build.Framework.LoggerVerbosity>.

   author
       Adds a trusted signer with the given name, based on the author signature of the package.

SYNOPSIS

              dotnet nuget trust author <NAME> <PACKAGE> [--allow-untrusted-root] [--configfile <PATH>] [-h|--help] [-v, --verbosity <LEVEL>]

ARGUMENTS

NAME

         The name of the trusted signer to add.  If NAME already exists in the configuration, the
         signature is appended.

       • PACKAGE

         The given PACKAGE should be a local path to the signed .nupkg file.

   Options:--allow-untrusted-root

         Specifies if the certificate for the trusted signer should be allowed  to  chain  to  an
         untrusted root.  This is not recommended.

       • --configfile <FILE>

         The  NuGet  configuration  file  (nuget.config) to use.  If specified, only the settings
         from this file will be used.  If not specified, the  hierarchy  of  configuration  files
         from  the  current  directory  will  be  used.   For  more information, see Common NuGet
         Configurations.

       • -?|-h|--help

         Prints out a description of how to use the command.

       • -v|--verbosity <LEVEL>

         Sets the verbosity level  of  the  command.   Allowed  values  are  q[uiet],  m[inimal],
         n[ormal],  d[etailed], and diag[nostic].  The default is minimal.  For more information,
         see <xref:Microsoft.Build.Framework.LoggerVerbosity>.

   repository
       Adds a trusted  signer  with  the  given  name,  based  on  the  repository  signature  or
       countersignature of a signed package.

SYNOPSIS

              dotnet nuget trust repository <NAME> <PACKAGE> [--allow-untrusted-root] [--configfile <PATH>] [-h|--help] [--owners <LIST>] [-v, --verbosity <LEVEL>]

ARGUMENTS

NAME

         The name of the trusted signer to add.  If NAME already exists in the configuration, the
         signature is appended.

       • PACKAGE

         The given PACKAGE should be a local path to the signed .nupkg file.

   Options:--allow-untrusted-root

         Specifies if the certificate for the trusted signer should be allowed  to  chain  to  an
         untrusted root.  This is not recommended.

       • --configfile <FILE>

         The  NuGet  configuration  file  (nuget.config) to use.  If specified, only the settings
         from this file will be used.  If not specified, the  hierarchy  of  configuration  files
         from  the  current  directory  will  be  used.   For  more information, see Common NuGet
         Configurations.

       • -?|-h|--help

         Prints out a description of how to use the command.

       • --owners <LIST>

         Semicolon-separated  list  of  trusted  owners  to  further  restrict  the  trust  of  a
         repository.

       • -v|--verbosity <LEVEL>

         Sets  the  verbosity  level  of  the  command.   Allowed  values are q[uiet], m[inimal],
         n[ormal], d[etailed], and diag[nostic].  The default is minimal.  For more  information,
         see <xref:Microsoft.Build.Framework.LoggerVerbosity>.

   certificate
       Adds a trusted signer with the given name, based on a certificate fingerprint.

SYNOPSIS

              dotnet nuget trust certificate <NAME> <FINGERPRINT> [--algorithm <ALGORITHM>] [--allow-untrusted-root] [--configfile <PATH>] [-h|--help] [-v, --verbosity <LEVEL>]

ARGUMENTS

NAME

         The  name of the trusted signer to add.  If a trusted signer with the given name already
         exists, the certificate item is added to that signer.  Otherwise  a  trusted  author  is
         created with a certificate item from the given certificate information.

       • FINGERPRINT

         The fingerprint of the certificate.

   Options:--algorithm <ALGORITHM>

         Specifies the hash algorithm used to calculate the certificate fingerprint.  Defaults to
         SHA256.  Values supported are SHA256, SHA384 and SHA512.

       • --allow-untrusted-root

         Specifies if the certificate for the trusted signer should be allowed  to  chain  to  an
         untrusted root.  This is not recommended.

       • --configfile <FILE>

         The  NuGet  configuration  file  (nuget.config) to use.  If specified, only the settings
         from this file will be used.  If not specified, the  hierarchy  of  configuration  files
         from  the  current  directory  will  be  used.   For  more information, see Common NuGet
         Configurations.

       • -?|-h|--help

         Prints out a description of how to use the command.

       • -v|--verbosity <LEVEL>

         Sets the verbosity level  of  the  command.   Allowed  values  are  q[uiet],  m[inimal],
         n[ormal],  d[etailed], and diag[nostic].  The default is minimal.  For more information,
         see <xref:Microsoft.Build.Framework.LoggerVerbosity>.

   source
       Adds a trusted signer based on a given package source.

SYNOPSIS

              dotnet nuget trust source <NAME> [--configfile <PATH>] [-h|--help] [--owners <LIST>] [--source-url] [-v, --verbosity <LEVEL>]

ARGUMENTS

NAME

         The name of the trusted signer to add.  If only <NAME> is  provided  without  --<source-
         url>, the package source from your NuGet configuration files with the same name is added
         to the trusted list.  If <NAME> already exists in the configuration, the package  source
         is appended to it.

   Options:--configfile <FILE>

         The  NuGet  configuration  file  (nuget.config) to use.  If specified, only the settings
         from this file will be used.  If not specified, the  hierarchy  of  configuration  files
         from  the  current  directory  will  be  used.   For  more information, see Common NuGet
         Configurations.

       • -?|-h|--help

         Prints out a description of how to use the command.

       • --owners <LIST>

         Semicolon-separated  list  of  trusted  owners  to  further  restrict  the  trust  of  a
         repository.

       • --source-url

         If   a   source-url   is   provided,   it   must  be  a  v3  package  source  URL  (like
         https://api.nuget.org/v3/index.json).  Other package source types are not supported.

       • -v|--verbosity <LEVEL>

         Sets the verbosity level  of  the  command.   Allowed  values  are  q[uiet],  m[inimal],
         n[ormal],  d[etailed], and diag[nostic].  The default is minimal.  For more information,
         see <xref:Microsoft.Build.Framework.LoggerVerbosity>.

EXAMPLES

       • List trusted signers:

                dotnet nuget trust list

       • Trust source NuGet in specified nuget.config file:

                dotnet nuget trust source NuGet --configfile ..\nuget.config

       • Trust an author from signed nupkg package file foo.nupkg:

                dotnet nuget trust author PackageAuthor .\foo.nupkg

       • Trust a repository from signed nupkg package file foo.nupkg:

                dotnet nuget trust repository PackageRepository .\foo.nupkg

       • Trust a package signing certificate using its SHA256 fingerprint:

                  dotnet nuget trust certificate MyCert  F99EC8CDCE5642B380296A19E22FA8EB3AEF1C70079541A2B3D6E4A93F5E1AFD --algorithm SHA256

       • Trust      owners      Nuget      and      Microsoft      from      the       repository
         https://api.nuget.org/v3/index.json:

                  dotnet nuget trust source NuGetTrust --source-url https://api.nuget.org/v3/index.json --owners "Nuget;Microsoft"

       • Remove trusted signer named NuGet from specified nuget.config file:

                  dotnet nuget trust remove NuGet --configfile ..\nuget.config

                                            2023-10-25                      dotnet-nuget-trust(1)