Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug] SourceLink is not enabled on NuGet packages #8900

Closed
filzrev opened this issue Jun 23, 2023 · 3 comments
Closed

[Bug] SourceLink is not enabled on NuGet packages #8900

filzrev opened this issue Jun 23, 2023 · 3 comments
Labels
bug A bug to fix fundamental Engineering system and core components

Comments

@filzrev
Copy link
Contributor

filzrev commented Jun 23, 2023

Describe the bug
Source Link is not enabled on published NuGet packages.

To Reproduce

  1. Open Microsoft.DocAsCode.App NuGet package page
  2. Select specific version. then click Open in NuGet Package Explorer link on side menu.
  3. Following health checks failed.
  • Source Link: Missing Symbols
  • Deterministic (dll/exe): Non deterministic
  • Compiler Flags: Missing

Expected behavior
Pass above health checks.

Context (please complete the following information):

  • Docfx version: All package versions published on NuGet.

Additional context
It seems there is no problems on NuGet artifacts created by GitHub Actions. (confirmed by NuGet Package Explorer)
https://github.com/dotnet/docfx/actions/runs/5330807012

So this issue caused by *.snupkg symbols is not published to NuGet.
If *snupkg is published. NuGet package page have Download symbols link,
@filzrev filzrev added the bug A bug to fix label Jun 23, 2023
@yufeih yufeih added the fundamental Engineering system and core components label Jun 30, 2023
@yufeih
Copy link
Contributor

yufeih commented Jul 6, 2023

Plan to fix it as part of #8930 where it adjusts the NuGet sign and publish pipeline.

@yufeih yufeih mentioned this issue Jul 6, 2023
Closed
13 tasks
@yufeih yufeih closed this as completed in 8f411e0 Jul 13, 2023
@filzrev
Copy link
Contributor Author

filzrev commented Jul 17, 2023

I've confirmed 2.7.0.0 package's that are created by CI.
https://github.com/dotnet/docfx/actions/runs/5538868981

Latest packages use .NET Foundation's certificate and signed with dotnet/sign tool.
In this case, NuGet Package Explorer will fail to validate certificate on some specific environment (when using .NET SDK 6.0.300.xxx)

Because dotnet/sign tool's default timestamp server (http://timestamp.acs.microsoft.com) is not trusted on older version of .NET SDK 6 (6.0.300.xxx).

These problems are reported & discussed at following repositories.

  • https://github.com/dotnet/sdk/issues/33928
  • https://github.com/dotnet/sign/issues/638

For temporary workaround. It need to add following argument to sign tool.

--timestamp-url http://timestamp.digicert.com

xUnit v2.5.1 seems to using this temporary workaround.
xunit/xunit@3d9ab61#diff-5f3a0255c3c91683858126f61079c6ad62b6f762fb008215404d67203a171f13

yufeih added a commit that referenced this issue Jul 17, 2023
@yufeih
fix: dotnet/sign's default timestamp server not trusted on .NET SDK 6
1aa67a6 
#8900
@yufeih
Copy link
Contributor

yufeih commented Jul 17, 2023

Aha. Thanks for checking!

p-kostov pushed a commit to ErpNetDocs/docfx that referenced this issue Jun 28, 2024
@yufeih @p-kostov
fix: snupkg not pushed
274f73f 
fixes dotnet#8900

NuGet/Home#8016 (comment)
p-kostov pushed a commit to ErpNetDocs/docfx that referenced this issue Jun 28, 2024
@yufeih @p-kostov
fix: dotnet/sign's default timestamp server not trusted on .NET SDK 6
894b209 
dotnet#8900
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug A bug to fix fundamental Engineering system and core components
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@yufeih @filzrev