I am trying to publish a NuGet package to a NuGet feed I created in Azure Devops. I have experience in doing these kind of things (I published on NuGet.org) but for some reason I do not understand, it is not working when I try to do this for my employer.
When I click "Connect To Feed", I see this explanation:
This clearly shows where to put my package path and where to put the source. However, it does not show where to put the API key I generated.
But I gave it a try and typed (after generating the package file):
dotnet nuget push --source "Test" --api-key az ClassLibrary1.1.0.0.nupkg
This was not working (401)
I really do not understand this part of the explanation: "API Key (any string will do)". Why possibly "any string will do". I need a valid API key.... Not "any string".
After that I tried to publish in way I have good experience with (when publishing nuget.org public nuget packages). In this statement, the source and key are clearly specified.
Here is how I did it:
Also that does not work. I got a 401 again.
My API key that should give me access (and thus prevents a 401) should be fine. This is how I generated the API key:
Most likely, there is something wrong with the way I specified my API key, not with the API key itself. So how do I specify it correctly in my command-line statement in order to successfully publish my package?
There are a few steps you'll have to take before you can push to your NuGet feed locally:
Install the Azure Artifact Credential Provider: https://go.microsoft.com/fwlink/?linkid=2099625
Run dotnet restore --interactive, this will prompt you for credentials
Run dotnet nuget push --source "BackgroundJobs" --api-key anyapikey <package-path>
Note: You can use any API key.
Related
I am using Azure CI/CD pipelines for Flutter build. In my Pubspec yaml file, I have dependencies that are private to my project and the code is hosted in same azure devops project but in different repository. During Build (i.e. Flutter Packages get) it gives me error saying Authentication failed?. I tried with PAT token where in prior to flutter build task i used git command to set that token, but it didn't solve the issue. Can anyone help me out?
I am open to being shown a better way but these are the steps I took to solve this issue a little while ago.
Assuming you are referencing the package in your pubspec.yaml using git over ssh on azure devops like:
repo_name:
git:
ref: 'tag or other identifier'
url: you#vs-ssh.visualstudio.com:v3/you/project/repo_name
Generate a new ssh key pair on your machine.
Upload the private key to the library secure files section on azure devops.
Add the install ssh key task to your azure pipelines build, using the key pair generated in the previous steps and referencing the private key uploaded to the secure files library. link
Upload the public key to your list of public keys. (This step I'm not 100% sure is necessary but I did it initially and things have worked so I haven't changed removed it)
So in my azure-pipelines.yaml the install ssh key step looks kinda like this where id_rsa is the name of the private key in my secure files.
- task: InstallSSHKey#0
inputs:
knownHostsEntry: 'vs-ssh.visualstudio.com, ...etc'
sshPublicKey: 'ssh-rsa ...etc'
sshKeySecureFile: id_rsa
A private feed is created with permissions such that only you have access.
The build agent run with user(build service account), give to this user permissions in the feed. From Feed settings->Permissions, assign your build service account owner permission.
Also verify the token is working, make sure you have selected sufficient scopes for this token to authorize for your specific tasks.
Besides try adding a variable system.debug with a value of true you’ll get more information in the failure. That might help pinpoint the problem.
I am trying to configure the Azure Artifacts Credential Provider to allow me to connect to Azure DevOps and publish NuGet packages to the Artifacts feed. I have installed the credential provider on my build server. However every time that I run the build I get the following error:
Am I supposed to pass in a PAT to the Credential Provider or is the account that is running the build need to have access to Azure DevOps so that it can generate credentials? The documentation was a little unclear to me about how this works. My TeamCity instance is a little out of date so maybe I need to work on getting that upgraded first.
Please, add NuGet Credentials Provider build feature for your build configuration. Specify an URL for the feed (the same way as you did in NuGet Publish build step), a valid username + PAT (not a password in there).
The accepted answer seems to no longer be working. On TeamCity 2019.1.4 running on Windows Server 2016 and using .NET Core 2.2.105:
[push] WARNING: The credential plugin model used by 'C:\TeamCity\buildAgent\plugins\nuget-agent\bin\credential-provider\CredentialProvider.TeamCity.exe' is deprecated. Please contact the provider of the plugin for an alternative. More information about the recommended plugin model can be found at 'https://aka.ms/nuget-cross-platform-authentication-plugin'.
[17:18:31][push] Please provide credentials for: https://pkgs.dev.azure.com/org/project/_packaging/feed/nuget/v3/index.json
[17:18:31][push] Unable to load the service index for source https://pkgs.dev.azure.com/org/project/_packaging/feed/nuget/v3/index.json.
[17:18:31][push] Response status code does not indicate success: 401 (Unauthorized).
Manually installing and running the https://github.com/microsoft/artifacts-credprovider works from the command line if I log in to the server and set the env vars for non-interactive use, but does not work within the context of a TeamCity Build job.
Is there a newer TeamCity runner than can handle authentication for dotnet nuget push to Azure Artifacts?
When pushing I see this:
nuget push blah.1.0.0.nupkg -source repo
WARNING: No API Key was provided and no API Key could be found for 'https://meeee.jfrog.io/meeee/api/nuget/repo'. To save an API Key for a source use the 'setApiKey' command.
Pushing blah.1.0.0.nupkg to 'https://meeee.jfrog.io/meeeee/api/nuget/repo'...
PUT https://meeee.jfrog.io/meeee/api/nuget/repo/
Created https://meeee.jfrog.io/meeee/api/nuget/repo/ 8585ms
Still works and it has to be using the API key because otherwise I'd get access denied - so I'm not sure what it's warning me about. Maybe because I don't have a default machine wide API key? I had to add the nuget source with user name and password because nuget is a mess and won't pull the default API key for it without setting it for each source.
Also I noticed even if I upload the same exact package a bunch of times in a row it still uploads it - I thought maybe Artifactory would see it was the same and not upload or tell me that?
You probably have your credentials specified in your nuget.config file for repo to authenticate.
To get rid of the warning, simply specify a dummy API key using --api-key 0 in your request.
The warning went away for me after using the following nuget command:
nuget setapikey YOUR_API_KEY -source YOUR_SOURCE_NAME
I am attempting to restore packages that I've uploaded to my AppVeyor account NuGet feed, yet it is failing to connect to the feed during the build.
In my appveyor.yml file I have:-
nuget:
account_feed: true
And I have confirmed that the account feed mentioned in the logs is the correct URL for my account feed.
I have also opened that feed by connecting to it using Visual Studio and entering my account credentials. When doing that, I have confirmed that the packages I'm trying to restore exist as expected.
However the build fails with this in the logs:-
https://ci.appveyor.com/nuget/xxxxxxxxxx-yyyyyyyyyyyy: Unable to load the service index for source https://ci.appveyor.com/nuget/xxxxxxxxxx-yyyyyyyyyyyy.
The HTTP request to 'GET https://ci.appveyor.com/nuget/xxxxxxxxxx-yyyyyyyyyyyy' has timed out after 100000ms.
NuGet Config files used:
C:\projects\MyProjectName\Source\NuGet.Config
C:\Users\appveyor\AppData\Roaming\NuGet\NuGet.Config
C:\ProgramData\nuget\Config\Microsoft.VisualStudio.Offline.config
C:\ProgramData\nuget\Config\ServiceFabricSDK.config
Feeds used:
C:\Users\appveyor\.nuget\packages\
https://www.nuget.org/api/v2
https://A-CUSTOM-EXTERNAL-NUGET-FEED-I-ALSO-ACCESS/nuget
https://ci.appveyor.com/nuget/xxxxxxxxxx-yyyyyyyyyyyy
C:\Program Files (x86)\Microsoft SDKs\NuGetPackages\
C:\Program Files\Microsoft SDKs\Service Fabric\packages\
Note: The custom external NuGet feed should be unrelated. I have other packages that successfully restore from there before my build breaks with the private account repo attempt.
Is there something I'm missing that will allow me to connect to my AppVeyor account NuGet repo for the restoring of a package?
Could it have anything to do with the package itself?
AppVeyor has made some changes not allowing you to implicitly include your private account NuGet repository for public code respositories.
As in #ilyaf's answer, the discussion here confirms this, and says the following is the reason.
In previous implementation having this enabled and working for public
project was a vulnerability rather than a feature because on your
account feed you can have NuGet packages from both public and private
projects and anyone submitting PR to public build would have been able
to grab private packages from your account feed. It's fixed now.
So to still get this working, as mentioned in #Feodor Fitsner's comment, you need to configure a new nuget source mentioning your account's NuGet repo.
Here's what you need to do.
Go to the Project in AppVeyor that you're trying to build and select the Settings for that project. On the 'Environments' settings tab, add two new Environment Variables:-
'nuget_user'
'nuget_password'
...placing your AppVeyor credentials in the values for each of those.
In your appveyor.yml, add a new NuGet source under the install node.
install:
- nuget sources add -Name MyAccountFeed -Source <feed-url> -UserName %nuget_user% -Password %nuget_password%
...where <feed-url> is your NuGet feed URL.
Note: These two steps are defined in steps 2 and 3 or this doc.
https://www.appveyor.com/docs/nuget/#configuring-external-private-nuget-feed-for-your-builds
Now, ensure that you have account_feed and project_feed off for your build (otherwise the build will complain that there are duplicate feeds).
Do this by either deleting the following:-
nuget: account_feed:
OR ensure you have
nuget:
account_feed: false
project_feed: false
Your project should now build correctly, retrieving your NuGet packages from your NuGet account.
This, however, may be a workaround to what AppVeyor were trying to initially block with their change.
Please take a look at this discussion.
I am using Artifactory as NuGet repository to store all the nuget packages.
When we use this Artifactory link as source, the package Manager in Visual Studio prompts for credentials and worked very fine.
As soon as we moved to build machine (with out VS) and try to build application it is throwing error :
.nuget\NuGet.targets(100,9): error : Key not valid for use in
specified state.
I added source with -user -password and put config at local user location. I tried with ClearText password and encrypted password both are throwing same error.
Am I missing anything here? Please advice.
I believe the error isn't related to Artifactory.
The issue NuGet reports is related with encrypting/decrypting user credentials in nuget.config files.
I encountered the error when I tried to set apiKey for a repo:
NuGet setapikey user:pwd -Config .\NuGet.test.Config -Source .\packages
NuGet reported "Key not valid for use in specified state".
I had NuGet.config file located near NuGet.test.Config. That nuget.config contained packageSourceCredentials section with credentials of other user (than one which was passed to setapikey).
After I remove that credentials from nuget.config the error gone.
Please check Nuget.Config in %AppData%\NuGet
You may want re-create it in order to resolve the issue.
FYI, I had the same problem with my build agent, the issue is resolved by removing "nuget.config" in "C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\NuGet"
I encountered the same error when I logged into Windows using a new user account (story: our network admin at our company had removed our users due to an infection by a ransomware and created a new user account for each of us).
We have a local nuget server at our company (created using free Nuget Server).
As #Jinsoo stated, I needed to remove the nuget settings in Nuget.Config (at %AppData%/Roaming/Nuget folder) and set again the apikey for our nuget source using such a command:
nuget setApiKey abcdefghijklmn -Source http://www.our-company-nuget-server.com/nuget
After that I was able again to issue 'nuget push' commands.
Got this issue in TeamCity after adding a global nuget config to the build servers.
Had to change to a newer version of nuget.exe in the build configs, as the old version probably could not cope with some setting in the nuget config.
I had the same problem.
For me the problem could be resolved by simply putting a dotnet restore task in front of the dotnet build task.
In the dotnet restore task I could then specify my feed. With just the dotnet build task it tried to restore nugets with the NuGet.conf file and the local logins, which is more error prone.
It seems that NuGet setapikey encrypts the credentials using the currently-logged-on-user's private key. Therefore, only that user can use these encrypted credentials. If a different user (a service account for CI/CD etc.) tries, they get Key not valid for use in specified state.