Re-enable code-signing NuGet packages for stable builds #14030
Assignees
Labels
Area: Compliance
bug
Workstream: ES Compliance SFI
Provide regular ES infrastructure and ensure RNW meets internal security and compliance requirements
Milestone
Comments
jonthysell
added
Area: Compliance
Workstream: ES Compliance SFI
microsoft-github-policy-service
bot
added
the
Needs: Triage 🔍
chrisglein
removed
the
Needs: Triage 🔍
jonthysell
added a commit
that referenced
this issue
Oct 24, 2024
## Description This PR temporarily disables NuGet code-signing during publish and also forces all new projects to include our public ADO feed which will contain unsigned packages. ### Type of Change - Bug fix (non-breaking change which fixes an issue) ### Why See #14030 for why this is necessary. ### What See above. ## Screenshots N/A ## Testing N/A ## Changelog Should this change be included in the release notes: _yes_ [0.74] Temporarily disable code-signing of NuGet packages
jonthysell
added a commit
to jonthysell/react-native-windows
that referenced
this issue
Oct 24, 2024
…14031) ## Description This PR temporarily disables NuGet code-signing during publish and also forces all new projects to include our public ADO feed which will contain unsigned packages. ### Type of Change - Bug fix (non-breaking change which fixes an issue) ### Why See microsoft#14030 for why this is necessary. ### What See above. ## Screenshots N/A ## Testing N/A ## Changelog Should this change be included in the release notes: _yes_ [0.75] Temporarily disable code-signing of NuGet packages
jonthysell
added a commit
to jonthysell/react-native-windows
that referenced
this issue
Oct 24, 2024
…14031) ## Description This PR temporarily disables NuGet code-signing during publish and also forces all new projects to include our public ADO feed which will contain unsigned packages. ### Type of Change - Bug fix (non-breaking change which fixes an issue) ### Why See microsoft#14030 for why this is necessary. ### What See above. ## Screenshots N/A ## Testing N/A ## Changelog Should this change be included in the release notes: _yes_ [0.76] Temporarily disable code-signing of NuGet packages
microsoft-github-policy-service
bot
added
the
Invalid Triage
jonthysell
added a commit
that referenced
this issue
Oct 25, 2024
…14032) ## Description This PR temporarily disables NuGet code-signing during publish and also forces all new projects to include our public ADO feed which will contain unsigned packages. ### Type of Change - Bug fix (non-breaking change which fixes an issue) ### Why See #14030 for why this is necessary. ### What See above. ## Screenshots N/A ## Testing N/A ## Changelog Should this change be included in the release notes: _yes_ [0.75] Temporarily disable code-signing of NuGet packages
jonthysell
added
bug
and removed
Invalid Triage
jonthysell
added a commit
that referenced
this issue
Oct 25, 2024
…14033) ## Description This PR temporarily disables NuGet code-signing during publish and also forces all new projects to include our public ADO feed which will contain unsigned packages. ### Type of Change - Bug fix (non-breaking change which fixes an issue) ### Why See #14030 for why this is necessary. ### What See above. ## Screenshots N/A ## Testing N/A ## Changelog Should this change be included in the release notes: _yes_ [0.76] Temporarily disable code-signing of NuGet packages
jonthysell
added a commit
to jonthysell/react-native-windows
that referenced
this issue
Oct 25, 2024
## Description This PR temporarily disables NuGet code-signing during publish and also forces all new projects to include our public ADO feed which will contain unsigned packages. ### Type of Change - Bug fix (non-breaking change which fixes an issue) ### Why See microsoft#14030 for why this is necessary. ### What See above. ## Screenshots N/A ## Testing N/A ## Changelog Should this change be included in the release notes: _yes_ Temporarily disable code-signing of NuGet packages
jonthysell
added a commit
that referenced
this issue
Oct 25, 2024
## Description This PR temporarily disables NuGet code-signing during publish and also forces all new projects to include our public ADO feed which will contain unsigned packages. ### Type of Change - Bug fix (non-breaking change which fixes an issue) ### Why See #14030 for why this is necessary. ### What See above. ## Screenshots N/A ## Testing N/A ## Changelog Should this change be included in the release notes: _yes_ Temporarily disable code-signing of NuGet packages
jonthysell
changed the title
|
This has now been resolved for main and stable branches >= 0.74. 
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Due to some internal policy changes and misconfigurations, we needed to temporarily stop signing our NuGet packages for stable builds in order to keep releasing them. This issue is to track re-enabling the code-signing.
In the meantime, this means we will be unable to publish the various
Microsoft.ReactNative.*packages to NuGet.org (which requires them to be signed).We will be still publishing unsigned packages to our public ADO feed. If you are using these NuGet packages (default for Fabric and experimental for Paper via
--experimentalNuGetDependency) you will need to make sure yourNuGet.configfile in the root of your repo has ourreact-native-publicfeed in addition to NuGet.org.For example:
Note this may mean that there will be specific missing versions of the
Microsoft.ReactNative.*packages on NuGet.org. When we get code-signing working again, we will publish at least one new stable release of each pacakage NuGet.org so customers can avoid this workaround.Customers building from source should not be affected in any way.
The text was updated successfully, but these errors were encountered: