Targeting 4.8 images, it appears the certificates have expired but they only intermittently fail (not sure how a certificate verification can fail only part of the time…).
I have tried nearly everything i can think of to get past this, but the kicker is microsoft (i guess?) has removed VS 2019 build tools from their 4.8 images. And their instructions for installing it don’t work.
Things i’ve tried:
Installing 5.0 NET SDK.
Moving to a 5.0 Image.
Updated to use dotnet restore over nuget.exe.
Updated nuget version.
Added more timeouts for nuget conflicts (for the rare case where 5s was not enough to get the credential provider, i’ll probably keep this one).
Added the certs for the old and new MS certs for nuget packages to the nuget.config, using the allowuntrustedroot true and false settings.
Added the key to try to “accept” all verifications (which implies it skips the check)
Moved to a later 4.8 image and manually tried to install 2019 build tools back on.
It’s probably not even a complete list but no matter what whenever i nuget restore I get intermittent failures always with MS packages. I am unsure of any path forward but I’m definitely willing to try ideas, although I’m not able to provide much for logs.
I finally got visual studio 2019 enterprise to install after a lot of errors (even using the same base image that worked before). I updated the dockerfile to use 4.8-windowsservercore-ltsc2019 as its latest. This seemed promising but did fail during a stage with the same error:
##[error]NU3018: Package ‘Microsoft.CodeAnalysis.VersionCheckAnalyzer 2.9.4’ from source ‘C:__w\81\s\Packages’: The author primary signature found a chain building issue: UntrustedRoot: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
I am now pretty much out of ideas, this issue has completely made docker nearly useless, and we might be soon forced to revert back to using a VM based system. I’ve seen many related topics, starting earliest with a debian based similar issue several months back, but all the solutions appear to just say to update the base images past a certain baseline, which does not seem to work. There’s only so much we are able to change - the old stuff must still be supported, or nuget must have a flag that allows skipping of verification of packages.