NuGet restore fails with The repository primary signature validity period has expired #13070
Comments
|
ICM on this issue from another team: ICM 380022563. |
|
I'm going to try something out in dotnet-helix-machines… |
What is that? Damon's suggestion? |
After a conversation w/ @ilyas1974 and @riarenas, our initial thought was to upgrade the .NET SDK (and therefore the @dtivel's suggestion is about NU3028 but the error is actually https://learn.microsoft.com/en-us/nuget/reference/errors-and-warnings/nu3037. That said, I'll try it out. If that doesn't work, the |
The timestamp's trust fails, so the timestamped signature remains expired. A trusted timestamp basically allows a timestamped signature to not expire.
|
Yes it seems to make a significant difference, at least w/ the 6.0.404 .NET SDK. @garath thoughts on putting this workaround into job.yml or tools.ps1 and tools.sh❔ Third option would be to pass this success along to the dotnet/performance, roslyn, runtime, and sdk teams. |
/ping @garath. Our customers are still hitting this though helix machines is unblocked w/ the following workaround in place Should we put this into our eng/common/job.yml or reach out to affected customers❔ /cc @dotnet/dnceng for broader visibility since I'll be OOF tomorrow and so will @garath… |
I think we'd need to do both. I suspect our job templates might not be utilized in repositories such as runtime. |
|
The ICM was closed with no resolution even though @dtivel jumped in and gave a lot of good info. I'm not sure what the best thing to do here is. From the Known Issue stats it seems like the impact on the builds might not be too bad? |
I have a vague feeling that changing job.yml won't hurt anything and might mostly avoid flare-ups like we experienced a month or so ago. the workaround is minimal and has more words in the comments than the actual addition 😀 |
|
Sounds good to me. PRs welcome! |
sorry, just one PR: #13659 |
|
/fyi ICM 380022563 was just reopened because another team hit the same issue. turns out NuGet feels they're only able to work around a problem in Windows itself. I believe Windows has no fix (yet❔). |
|
could someone here please approve #13659❔ would be nice to put this longstanding "FR" issue behind us |
|
fix is now in (thx @AlitzelMendez). is any validation needed before closing this issue❔ |
|
Completed w/ ab7df88 |
- see #13070 - more details: <https://learn.microsoft.com/en-us/nuget/reference/errors-and-warnings/nu3028#retry-untrusted-root-failures> Co-authored-by: Doug Bunting <[email protected]>
- see #13070 - more details: <https://learn.microsoft.com/en-us/nuget/reference/errors-and-warnings/nu3028#retry-untrusted-root-failures> Co-authored-by: Doug Bunting <[email protected]>
Build
https://dev.azure.com/dnceng/internal/_build/results?buildId=2153225
Build leg reported
Build
Pull Request
https://dev.azure.com/dnceng/internal/_git/dotnet-helix-machines/pullrequest/30063
{ "ErrorMessage" : "The repository primary signature validity period has expired", "BuildRetry": true, "ErrorPattern": "", "ExcludeConsoleLog": false }Release Note Category
Release Note Description
Additional information about the issue reported
No response
Report
Summary
The text was updated successfully, but these errors were encountered: