Skip to content

Commit 01af86c

Browse files
AArnottAArnott
committed
Secure nuget packages to require signatures by known parties
1 parent 1b7708e commit 01af86c

File tree

2 files changed

+17
-3
lines changed

2 files changed

+17
-3
lines changed

azure-pipelines/official.yml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -29,6 +29,9 @@ parameters:
2929
type: boolean
3030
default: false
3131

32+
variables:
33+
NugetSecurityAnalysisWarningLevel: none # nuget.config requires signed packages by trusted owners
34+
3235
stages:
3336

3437
- stage: Build

nuget.config

Lines changed: 14 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -2,12 +2,23 @@
22
<configuration>
33
<config>
44
<add key="repositorypath" value="packages" />
5+
<add key="signatureValidationMode" value="require" />
56
</config>
67
<packageSources>
78
<clear />
8-
<add key="api.nuget.org" value="https://api.nuget.org/v3/index.json" protocolVersion="3" />
9-
<add key="vs-impl-public" value="https://pkgs.dev.azure.com/azure-public/vside/_packaging/vs-impl/nuget/v3/index.json" protocolVersion="3" />
10-
<add key="vssdk-public" value="https://pkgs.dev.azure.com/azure-public/vside/_packaging/vssdk/nuget/v3/index.json" protocolVersion="3" />
9+
<add key="nuget" value="https://api.nuget.org/v3/index.json" />
10+
<add key="vs-impl-public" value="https://pkgs.dev.azure.com/azure-public/vside/_packaging/vs-impl/nuget/v3/index.json" />
11+
<add key="vssdk-public" value="https://pkgs.dev.azure.com/azure-public/vside/_packaging/vssdk/nuget/v3/index.json" />
1112
<add key="dotnet-tools" value="https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-tools/nuget/v3/index.json" />
1213
</packageSources>
14+
<trustedSigners>
15+
<repository name="nuget" serviceIndex="https://api.nuget.org/v3/index.json">
16+
<owners>Microsoft;xunit;manuel.roemer;sharwell;jamesnk;aarnott;MarcoRossignoli;Thecentury;clairernovotny;reg;mmanela</owners>
17+
<certificate fingerprint="0e5f38f57dc1bcc806d8494f4f90fbcedd988b46760709cbeec6f4219aa6157d" hashAlgorithm="SHA256" allowUntrustedRoot="false" />
18+
</repository>
19+
<author name="Microsoft">
20+
<certificate fingerprint="aa12da22a49bce7d5c1ae64cc1f3d892f150da76140f210abd2cbffca2c18a27" hashAlgorithm="SHA256" allowUntrustedRoot="false" />
21+
<certificate fingerprint="3f9001ea83c560d712c24cf213c3d312cb3bff51ee89435d3430bd06b5d0eece" hashAlgorithm="SHA256" allowUntrustedRoot="false" />
22+
</author>
23+
</trustedSigners>
1324
</configuration>

0 commit comments

Comments
 (0)