Mirrors
/
NuGet.Home
mirror of https://github.com/NuGet/Home.git
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
dev-nyenework-dlp-auditsources
dev-oliag-update-command
dev
dev-nyenework-audit-packagedownlaod
dev-martinrrm-origins-paths-in-pmui
end-of-life
albarry-bluecheck
dev-donnie-msft-recommenderService
dev-nyenework-pmui-packagesource
dev-nyenework-disableTLScertificateValidation
dev-nkolev92-tfmaliases
dev-donnie-msft-sourceMapperVS
sponsor-link
dev-nyenework-spec-for-nuget-search
dev-nkolev92-removeRedundantTemplateInfo
dev-kpms-dcr-feature-compliance-reminder-bot
vs-filters-sorts
dev-martinrrm-allow-version-property-in-projectreference
dev-eryondon-privateasset-vs-includeexclude-asset
dev-eryondon-ExcludedAssetsFlow
dev-zivkan-plain-text-apikey
dev-eryondon-privateasset-vs-includeexclude-asset2
package-status-indicators
fabricbot-configuration-migration
package-scoring-v1
dev-pragnya17-CPMDotnetCLISupport
zivkan-icebox-upvote-watcher
dotnet-update-package
transitive-list-expanded-by-default
dev-hengliu-sign-verbosity
dotnet-audit
dev-donnie-msft-pmuiArchRefactoringMd
chgill-proposal-login-auth-for-dotnet-nuget-push
donnie-msft-FloatingVersionsSpecFix
dev-donnie-msft-NuGetPMUIWindowAPI
dev-kartheekp-ms-uidelay8675-spec
3.2-RC-10488
2.8.7
3.1
3.1.1
3.2
3.3
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'fa972093c3'
${ noResults }
NuGet.Home/accepted/archive/DotNetSignCommands.md

6.2 KiB
Raw Blame History

Spec Name

  • Status: In Review
  • Author(s): Kat Marchán
  • Issue: 9010 Signing: Design dotnet package signing commands

Problem Background

We recently released cross-platform signature verification during restore for dotnet.exe. This means dotnet.exe users are going to start relying on this feature during restore for security. Unfortunately, nuget.exe has some signing-related commands that are not yet available in dotnet.exe, making the experience essentially incomplete for these customers.

Who are the customers

This feature is for dotnet.exe users who want to take advantage of more package signing-related features of nuget without needing to install nuget.exe.

Goals

Design and implement equivalent commands for the following nuget.exe commands:

  • nuget.exe sign
  • nuget.exe verify
  • nuget.exe trusted-signers

These commands should have dotnet.exe-compatible syntax and ergonomics, and feel like proper dotnet.exe commands.

Non-Goals

Adding additional signing-related commands, or significantly changing/improving the behavior of the commands as currently designed.

Solution

The following commands will be implemented in the dotnet.exe CLI.

Options marked with * indicate a notable change in behavior/naming.

dotnet nuget sign

Signs a NuGet package at <package-path> with the specified certificate.

USAGE:
    dotnet nuget sign [OPTIONS] <package-path>

OPTIONS:
    -o, --output* <output-directory>    Directory where the signed package should be saved. By default, the original package is overwritten by the signed package.
        --certificate-path              File path to the certificate to be used while signing the package.
        --certificate-store-name        Name of the X.509 certificate store. (...)
        --certificate-store-location    Name of the X.509 certificate store to use to search for the certificate.
        --certificate-subject-name      Subject name of the certificate used to search a local certificate store for the certificate.
        --certificate-fingerprint       SHA-1 fingerprint of the certificate used to search a local certificate store for the certificate.
        --certificate-password          Password for the certificate, if needed.
        --hash-algorithm                Hash algorithm to be used to sign the package. Defaults to SHA256.
        --timestamper                   URL to an RFC 3161 timestamping server.
        --timestamp-hash-algorithm      Hash algorithm to be used by the RFC 3161 timestamping server. Defaults to SHA256.
        --overwrite                     Switch to indicate if the current signature should be overwritten.
    -h, --help                          Prints help information.
    -v, --verbosity* <LEVEL>            Set the MSBuild verbosity level. Allowed values are q[uiet], m[inimal], n[ormal], d[etailed], and diag[nostic].
        --interactive*                  Allows command to stop and wait for user input or action.
        --configfile                    The NuGet configuration file. If specified, only the settings from this file will be used. If not specified, the hierarchy of configuration files from the current directory will be used.

EXAMPLES:

    dotnet nuget sign --timestamper https://foo.bar MyPackage.nupkg

    dotnet nuget sign --timestamper https://foo.bar --output ../signed ../MyPackage.nupkg

Notable deviations from nuget.exe version:

  • No -ForceEnglishOutput equivalent. dotnet.exe doesn't seem to do this at all.
  • Use MSBuild verbosity levels for --verbosity instead of NuGet levels.
  • Use --interactive instead of --non-interactive, because that's how dotnet.exe does it.
  • Use --output instead of --output-directory for consistency with dotnet.exe.

dotnet nuget verify

Verifies a signed NuGet package at <package-path>.

USAGE:
    dotnet nuget verify [OPTIONS] <package-path>...*

OPTIONS:
        --all*                                  Specifies that all verifications possible should be performed on the package(s). By default, only signatures are verified.
        --certificate-fingerprint <fingerprint> Verify that the signer certificate matches with one of the specified SHA256 fingerprints. This option may be supplied multiple times to provide multiple fingerprints.
    -h, --help                                  Prints help information.
        --interactive*                          Allows command to stop and wait for user input or action.
        --configfile                    The NuGet configuration file. If specified, only the settings from this file will be used. If not specified, the hierarchy of configuration files from the current directory will be used.

Notable deviations from nuget.exe version:

  • -Signatures has been removed and is now default. Use --all to perform -All.
  • Multiple position arguments can be passed in to verify multiple packages, instead of only supporting globbing.
  • No -ForceEnglishOutput equivalent. dotnet.exe doesn't seem to do this at all.
  • Use MSBuild verbosity levels for --verbosity instead of NuGet levels.
  • Use --interactive instead of --non-interactive, because that's how dotnet.exe does it.

Future Work

For now, we're not doing trusted-signer, and specifying all the behavior probably deserves its own spec because of the complexity of the command and the ergonomic expectations of dotnet.exe. Below is an initial stab at a design that should NOT be considered normative, but establishes some direction. Most notably, it splits the very complicated add, which has multiple gestures, into multiple, more specific subcommands with their own options and behavior.

dotnet nuget trusted-signer

Provides the ability to manage the list of trusted signers.

USAGE:
    dotnet nuget trusted-signer [OPTIONS] [COMMAND]

COMMANDS:
    list (default)
    add-repository <name> <repository> [<package>...]
    add-author <name> <author> [<package>...]
    add-service-index <name> <index>
    add-certificate <name> <fingerprint>
    remove <name>
    sync <name>

Open Questions

Is there any precedent at all in dotnet.exe for a --config-file option? Anywhere?

Considerations

References