{ "id": "dotnet/nuget-package-signature-verification", "signature": "error NU3018: Package 'PackageName 1.0.0' from source 'nuget.org' is not signed by a trusted signer.", "signature_zh": "错误 NU3018: 来自源 'nuget.org' 的包 'PackageName 1.0.0' 未由受信任的签名者签名。", "regex": "NU3018:.*not signed by a trusted signer", "domain": "dotnet", "category": "install_error", "subcategory": null, "root_cause": "NuGet package signature verification fails because the package is signed with an untrusted certificate or the trusted signers list is misconfigured in nuget.config.", "root_cause_type": "generic", "root_cause_zh": "NuGet 包签名验证失败,因为包使用不受信任的证书签名,或 nuget.config 中的受信任签名者列表配置错误。", "versions": [ { "version": "NuGet 5.11.x", "introduced": null, "deprecated": null, "removed": null, "behavior_change": null, "status": "active" }, { "version": "NuGet 6.0.x", "introduced": null, "deprecated": null, "removed": null, "behavior_change": null, "status": "active" }, { "version": "NuGet 6.3.x", "introduced": null, "deprecated": null, "removed": null, "behavior_change": null, "status": "active" }, { "version": "NuGet 6.4.x", "introduced": null, "deprecated": null, "removed": null, "behavior_change": null, "status": "active" } ], "os_specific": {}, "dead_ends": [ { "action": "", "why_fails": "Setting signatureValidationMode to 'accept' globally reduces security and may violate organizational policy.", "fail_rate": 0.95, "condition": "", "sources": [] }, { "action": "", "why_fails": "Removing all trusted signers from nuget.config still requires package to be signed by a trusted root.", "fail_rate": 0.9, "condition": "", "sources": [] }, { "action": "", "why_fails": "Adding the package author's certificate as trusted signer without verifying chain can still fail if certificate is revoked.", "fail_rate": 0.8, "condition": "", "sources": [] } ], "workarounds": [ { "action": "Add the package's signing certificate to trusted signers with proper certificate fingerprint verification.", "success_rate": 0.85, "how": "Add the package's signing certificate to trusted signers with proper certificate fingerprint verification.", "condition": "", "sources": [] }, { "action": "Disable signature validation for specific package sources in nuget.config by setting signatureValidationMode to 'accept' only for that source.", "success_rate": 0.75, "how": "Disable signature validation for specific package sources in nuget.config by setting signatureValidationMode to 'accept' only for that source.", "condition": "", "sources": [] }, { "action": "Use NuGet's repository signature verification by adding the repository's service index as trusted signer.", "success_rate": 0.8, "how": "Use NuGet's repository signature verification by adding the repository's service index as trusted signer.", "condition": "", "sources": [] } ], "workarounds_zh": [ "Add the package's signing certificate to trusted signers with proper certificate fingerprint verification.", "Disable signature validation for specific package sources in nuget.config by setting signatureValidationMode to 'accept' only for that source.", "Use NuGet's repository signature verification by adding the repository's service index as trusted signer." ], "transition_graph": { "leads_to": [], "preceded_by": [], "frequently_confused_with": [] }, "official_doc_url": "https://learn.microsoft.com/en-us/nuget/reference/errors-and-warnings/nu3018", "official_doc_section": null, "error_code": "NU3018", "verification_tier": "ai_generated", "confidence": 0.83, "fix_success_rate": 0.85, "resolvable": "true", "first_seen": "2023-09-12", "last_confirmed": "2024-06-01", "last_updated": "2024-06-01", "evidence_count": 1, "tags": [], "locale": "en", "aliases": [] }