.NET Core 通过Dockerfile 构建镜像时Nuget报错:UntrustedRoot: self signed certificate in certificate chain解决方法

本文主要介绍NET Core 通过Dockerfile文件,编译NET Core项目时Nuget报错:The author primary signature's timestamp found a chain building issue: UntrustedRoot: self signed certificate in certificate chain的解决方法。

报错信息

80.19 /app/GradingTool.Tests/GradingTool.Tests.csproj : error NU3028: Package 'Microsoft.EntityFrameworkCore 5.0.0' from source 'https://api.nuget.org/v3/index.json': The author primary signature's timestamp found a chain building issue: UntrustedRoot: self signed certificate in certificate chain [/app/GradingTool.sln]
12 80.20 /app/GradingTool.Tests/GradingTool.Tests.csproj : error NU3037: Package 'Microsoft.EntityFrameworkCore 5.0.0' from source 'https://api.nuget.org/v3/index.json': The author primary signature validity period has expired. [/app/GradingTool.sln]
12 80.20 /app/GradingTool.Tests/GradingTool.Tests.csproj : error NU3028: Package 'Microsoft.EntityFrameworkCore 5.0.0' from source 'https://api.nuget.org/v3/index.json': The repository countersignature's timestamp found a chain building issue: UntrustedRoot: self signed certificate in certificate chain [/app/GradingTool.sln]

Dockerfile文件:

FROM mcr.microsoft.com/dotnet/sdk:latest AS build-env
WORKDIR /app
RUN apt-get update -yq \
    && apt-get install curl gnupg -yq \
    && curl -sL https://deb.nodesource.com/setup_10.x | bash \
    && apt-get install nodejs -yq
# Copy csproj and restore as distinct layers
COPY . ./
RUN dotnet restore
RUN dotnet publish -c Release -o out
# Build runtime image
FROM mcr.microsoft.com/dotnet/aspnet:latest
RUN apt-get update \
    && apt-get install -y --no-install-recommends libgdiplus libc6-dev \
    && apt-get clean \
    && rm -rf /var/lib/apt/lists/*
WORKDIR /app
COPY --from=build-env /app/out .
ENV ASPNETCORE_URLS="http://+:4200"
ENV ASPNETCORE_ENVIRONMENT="Production"
ENV GOOGLE_APPLICATION_CREDENTIALS="Credentials/SchoolTools-e9f260bdf56e.json"
ENV VIRTUAL_HOST="eva.schooltools.lu,www.eva.schooltools.lu,schooltools.lu,www.schooltools.lu"
ENV LETSENCRYPT_HOST="eva.schooltools.lu,www.eva.schooltools.lu,schooltools.lu,www.schooltools.lu"
ENV LETSENCRYPT_EMAIL="wilson.silva@edutec.lu"
EXPOSE 4200
ENTRYPOINT ["dotnet", "GradingTool.dll"]

可以尝试下面四种解决方法:

1、修改Dockerfile文件的基础镜像

FROM mcr.microsoft.com/dotnet/aspnet:5.0-buster-slim 

改为 FROM mcr.microsoft.com/dotnet/sdk:5.0-alpine

或者

改为 FROM mcr.microsoft.com/dotnet/sdk:5.0-focal

相关文档https://github.com/NuGet/Announcements/issues/49

2、修改nuget.config配置文件

将下面放在nuget.config中的标签内完全禁用验证(与dotnet restore一起使用)

<config> <add key =“ signatureValidationMode” value =“ accept” />

3、安装ca-certificates软件包

将下面内容添加到Dockerfile文件中:

RUN echo "deb http://deb.debian.org/debian bullseye main" >> /etc/apt/sources.list \
&& apt-get update \
&& apt-get install -y --no-install-recommends \
     ca-certificates \
&& rm -rf /var/lib/apt/lists/* \
&& sed -i '$ d' /etc/apt/sources.list

4、降级.NET Core的版本

如果上面方法不能解决,可以尝试降级到.NET Core 3.1

相关文档https://github.com/NuGet/Home/issues/10491

推荐阅读
cjavapy编程之路首页