Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-24464

NuGet Signature validation goes out to https://api.nuget.org

    XMLWordPrintable

    Details

    • Notability:
      3

      Description

      With signatureValidationMode enabled in Nuget, it fails as the signature validation goes directly to https://api.nuget.org and not through Nexus v3 nuget proxy.

      nuget install jQuery
      Feeds used:
      https://nexus3/repository/nuget.org-proxy/index.json
      
      Installing package 'jQuery' to 'C:\users\testuser\git\dotnet_test'.
      GET https://nexus3/repository/nuget.org-proxy/v3/registration/5/jquery/index.json
      OK https://nexus3/repository/nuget.org-proxy/v3/registration/5/jquery/index.json 631ms
      
      Attempting to gather dependency information for package 'jQuery.3.5.1' with respect to project 'C:\users\testuser\git\dotnet_test', targeting 'Any,Version=v0.0'
      Gathering dependency information took 38 ms
      Attempting to resolve dependencies for package 'jQuery.3.5.1' with DependencyBehavior 'Lowest'
      Resolving dependency information took 0 ms
      Resolving actions to install package 'jQuery.3.5.1'
      Resolved actions to install package 'jQuery.3.5.1'
      Retrieving package 'jQuery 3.5.1' from 'nuget.org'.
      WARNING: Install failed. Rolling back...
      Executing nuget actions took 329 ms
      Unable to get repository signature information for source https://api.nuget.org/v3-index/repository-signatures/5.0.0/index.json.
      An error occurred while sending the request.
      The remote server returned an error: (407) Proxy Authentication Required.
      

      The Nuget client gets this from the index.json rendered from Nexus:

      {
      "comment": "The endpoint for discovering information about this package source's repository signatures.",
      "@id": "https://api.nuget.org/v3-index/repository-signatures/5.0.0/index.json",
      "@type": "RepositorySignatures/5.0.0"
      },
      

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              mlukaretkyi Maksym Lukaretkyi
              Reporter:
              msurani Mahendra Surani
              Last Updated By:
              Joseph Stephens
              Team:
              NXRM - Trinity
              Votes:
              1 Vote for this issue
              Watchers:
              10 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Date of First Response:

                  tigCommentSecurity.panel-title

                    PagerDuty