Enable NuGet signature verification for aspire-managed on Linux

Set DOTNET_NUGET_SIGNATURE_VERIFICATION=true when spawning aspire-managed
processes on Linux, mirroring the .NET SDK's NuGetSignatureVerificationEnabler
behavior. Embed the SDK's trusted root PEM certificates (codesignctl.pem,
timestampctl.pem) as resources in Aspire.Managed, and initialize NuGet's
X509TrustStore via reflection before running restore operations. This is
needed because aspire-managed is a single-file app where NuGet's fallback
certificate bundle discovery (assembly-relative path) doesn't work.

Fixes #15282

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Author: eerhardt

src/Aspire.Cli/KnownFeatures.cs

@@ -29,6 +29,7 @@ internal static class KnownFeatures
     public static string ExperimentalPolyglotJava => "experimentalPolyglot:java";
     public static string ExperimentalPolyglotGo => "experimentalPolyglot:go";
     public static string ExperimentalPolyglotPython => "experimentalPolyglot:python";
+    public static string NuGetSignatureVerificationEnabled => "nugetSignatureVerificationEnabled";
 
     private static readonly Dictionary<string, FeatureMetadata> s_featureMetadata = new()
     {
@@ -80,7 +81,12 @@ internal static class KnownFeatures
         [ExperimentalPolyglotPython] = new(
             ExperimentalPolyglotPython,
             "Enable or disable experimental Python language support for polyglot Aspire applications",
-            DefaultValue: false)
+            DefaultValue: false),
+
+        [NuGetSignatureVerificationEnabled] = new(
+            NuGetSignatureVerificationEnabled,
+            "Enable or disable defaulting the DOTNET_NUGET_SIGNATURE_VERIFICATION environment variable for spawned processes",
+            DefaultValue: true)
     };
 
     /// <summary>

src/Aspire.Cli/NuGet/BundleNuGetService.cs

@@ -1,6 +1,7 @@
 // Licensed to the .NET Foundation under one or more agreements.
 // The .NET Foundation licenses this file to you under the MIT license.
 
+using Aspire.Cli.Configuration;
 using Aspire.Cli.Layout;
 using Microsoft.Extensions.Logging;
 
@@ -38,16 +39,19 @@ internal sealed class BundleNuGetService : INuGetService
 {
     private readonly ILayoutDiscovery _layoutDiscovery;
     private readonly LayoutProcessRunner _layoutProcessRunner;
+    private readonly IFeatures _features;
     private readonly ILogger<BundleNuGetService> _logger;
     private readonly string _cacheDirectory;
 
     public BundleNuGetService(
         ILayoutDiscovery layoutDiscovery,
         LayoutProcessRunner layoutProcessRunner,
+        IFeatures features,
         ILogger<BundleNuGetService> logger)
     {
         _layoutDiscovery = layoutDiscovery;
         _layoutProcessRunner = layoutProcessRunner;
+        _features = features;
         _logger = logger;
         _cacheDirectory = GetCacheDirectory();
     }
@@ -142,12 +146,16 @@ public async Task<string> RestorePackagesAsync(
         _logger.LogDebug("aspire-managed path: {ManagedPath}", managedPath);
         _logger.LogDebug("NuGet restore args: {Args}", string.Join(" ", restoreArgs));
 
+        var environmentVariables = new Dictionary<string, string>();
+        NuGetSignatureVerificationEnabler.Apply(environmentVariables, _features);
+
         var (exitCode, output, error) = await _layoutProcessRunner.RunAsync(
             managedPath,
             restoreArgs,
+            environmentVariables: environmentVariables,
             ct: ct);
 
-        // Log stderr output (verbose info from NuGetHelper)
+        // Log stderr at debug level for diagnostics
         if (!string.IsNullOrWhiteSpace(error))
         {
             _logger.LogDebug("NuGetHelper restore stderr: {Error}", error);
@@ -190,9 +198,10 @@ public async Task<string> RestorePackagesAsync(
         (exitCode, output, error) = await _layoutProcessRunner.RunAsync(
             managedPath,
             layoutArgs,
+            environmentVariables: environmentVariables,
             ct: ct);
 
-        // Log stderr output (verbose info from NuGetHelper)
+        // Log stderr at debug level for diagnostics
         if (!string.IsNullOrWhiteSpace(error))
         {
             _logger.LogDebug("NuGetHelper layout stderr: {Error}", error);

src/Aspire.Cli/NuGet/NuGetSignatureVerificationEnabler.cs

@@ -0,0 +1,41 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+using Aspire.Cli.Configuration;
+
+namespace Aspire.Cli.NuGet;
+
+/// <summary>
+/// Enables NuGet signature verification when spawning aspire-managed processes.
+/// Mirrors the .NET SDK's NuGetSignatureVerificationEnabler behavior.
+/// </summary>
+internal static class NuGetSignatureVerificationEnabler
+{
+    internal const string DotNetNuGetSignatureVerification = "DOTNET_NUGET_SIGNATURE_VERIFICATION";
+
+    /// <summary>
+    /// Applies NuGet signature verification environment variables to the given dictionary.
+    /// On Linux, sets DOTNET_NUGET_SIGNATURE_VERIFICATION to "true" unless the user
+    /// has explicitly set it to "false". The behavior can be disabled via the
+    /// <see cref="KnownFeatures.NuGetSignatureVerificationEnabled"/> feature flag.
+    /// </summary>
+    public static void Apply(Dictionary<string, string> environmentVariables, IFeatures features)
+    {
+        if (!OperatingSystem.IsLinux() ||
+            !features.IsFeatureEnabled(
+                KnownFeatures.NuGetSignatureVerificationEnabled,
+                KnownFeatures.GetFeatureMetadata(KnownFeatures.NuGetSignatureVerificationEnabled)!.DefaultValue))
+        {
+            return;
+        }
+
+        var value = Environment.GetEnvironmentVariable(DotNetNuGetSignatureVerification);
+
+        // If the user explicitly set it to "false", respect that
+        var effectiveValue = string.Equals(bool.FalseString, value, StringComparison.OrdinalIgnoreCase)
+            ? bool.FalseString
+            : bool.TrueString;
+
+        environmentVariables[DotNetNuGetSignatureVerification] = effectiveValue;
+    }
+}

src/Aspire.Managed/Aspire.Managed.csproj

@@ -19,8 +19,17 @@
 
     <!-- Self-contained single-file publish settings (applied only during publish via Bundle.proj) -->
     <PublishSingleFile>true</PublishSingleFile>
+
+    <!-- Locate the SDK's trustedroots directory for NuGet signature verification certificates -->
+    <_SdkTrustedRootsDir>$([System.IO.Path]::Combine($([System.IO.Path]::GetDirectoryName($(BundledRuntimeIdentifierGraphFile))), 'trustedroots'))</_SdkTrustedRootsDir>
   </PropertyGroup>
 
+  <!-- Embed NuGet trusted root certificates from the .NET SDK for signature verification on Linux -->
+  <ItemGroup>
+    <EmbeddedResource Include="$(_SdkTrustedRootsDir)\*.pem" />
+    <EmbeddedResource Update="$(_SdkTrustedRootsDir)\*.pem" LogicalName="%(Filename)%(Extension)" />
+  </ItemGroup>
+
   <ItemGroup>
     <ProjectReference Include="..\Aspire.Dashboard\Aspire.Dashboard.csproj" />
     <ProjectReference Include="..\Aspire.Hosting.RemoteHost\Aspire.Hosting.RemoteHost.csproj" />

src/Aspire.Managed/NuGet/Commands/RestoreCommand.cs

@@ -194,6 +194,10 @@ private static async Task<int> ExecuteRestoreAsync(
                 MachineWideSettings = machineWideSettings,
             };
 
+            // Initialize NuGet's trust store with embedded trusted root certificates
+            // so that package signature verification works on Linux.
+            TrustedRootsHelper.InitializeTrustStore(logger);
+
             var results = await RestoreRunner.RunAsync(restoreArgs).ConfigureAwait(false);
             var summary = results.Count > 0 ? results[0] : null;
 

src/Aspire.Managed/NuGet/TrustedRootsHelper.cs

@@ -0,0 +1,227 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+#pragma warning disable CA1852 // DispatchProxy classes can't be sealed
+
+using System.Reflection;
+using System.Security.Cryptography.X509Certificates;
+using NuGet.Packaging.Signing;
+using INuGetLogger = NuGet.Common.ILogger;
+
+namespace Aspire.Managed.NuGet;
+
+/// <summary>
+/// Initializes NuGet's X509 trust store from embedded trusted root PEM certificates
+/// for package signature verification on Linux, without writing to disk.
+/// </summary>
+internal static class TrustedRootsHelper
+{
+    /// <summary>
+    /// Initializes the NuGet trust store with embedded trusted root certificates.
+    /// On Linux, when DOTNET_NUGET_SIGNATURE_VERIFICATION is set to "true", NuGet requires
+    /// certificate bundles for signature verification. The .NET SDK ships these as PEM files
+    /// in its trustedroots directory, but aspire-managed is a single-file app without access
+    /// to the SDK's directory structure. This method loads embedded PEM resources in memory
+    /// and uses DispatchProxy to create IX509ChainFactory implementations that NuGet's trust
+    /// store can use.
+    /// </summary>
+    /// <remarks>
+    /// TODO: Remove this once NuGet supports a public API for configuring the trust store,
+    /// or when it supports single-file apps. See https://github.com/dotnet/aspire/issues/15282.
+    /// </remarks>
+    public static void InitializeTrustStore(INuGetLogger logger)
+    {
+        if (!OperatingSystem.IsLinux())
+        {
+            // On Windows, NuGet uses the system certificate store directly.
+            // On macOS, matching .NET SDK behavior which only enables this on Linux.
+            return;
+        }
+
+        var envValue = Environment.GetEnvironmentVariable("DOTNET_NUGET_SIGNATURE_VERIFICATION");
+        if (!string.Equals(bool.TrueString, envValue, StringComparison.OrdinalIgnoreCase))
+        {
+            // If DOTNET_NUGET_SIGNATURE_VERIFICATION is not set to "true", NuGet won't
+            // perform signature verification on Linux, so there's no need to initialize
+            // the trust store.
+            return;
+        }
+
+        try
+        {
+            InitializeTrustStoreFromEmbeddedResources(logger);
+        }
+        catch (Exception ex)
+        {
+            // Log but don't fail the restore. If trust store initialization fails,
+            // NuGet may still work if signature verification is not required or if
+            // the system has its own certificate bundles.
+            logger.LogWarning($"Failed to initialize NuGet trust store from embedded certificates: {ex.Message}");
+        }
+    }
+
+    private static void InitializeTrustStoreFromEmbeddedResources(INuGetLogger logger)
+    {
+        var nugetPackagingAssembly = typeof(X509TrustStore).Assembly;
+
+        // Resolve internal NuGet types needed for DispatchProxy creation
+        var chainFactoryInterfaceType = nugetPackagingAssembly.GetType("NuGet.Packaging.Signing.IX509ChainFactory");
+        var chainInterfaceType = nugetPackagingAssembly.GetType("NuGet.Packaging.Signing.IX509Chain");
+
+        if (chainFactoryInterfaceType is null || chainInterfaceType is null)
+        {
+            logger.LogWarning("Could not find IX509ChainFactory or IX509Chain types in NuGet.Packaging.");
+            return;
+        }
+
+        // Set up code signing trust store
+        SetTrustStoreFactory(
+            "SetCodeSigningX509ChainFactory",
+            "codesignctl.pem",
+            chainFactoryInterfaceType,
+            chainInterfaceType,
+            logger);
+
+        // Set up timestamping trust store
+        SetTrustStoreFactory(
+            "SetTimestampingX509ChainFactory",
+            "timestampctl.pem",
+            chainFactoryInterfaceType,
+            chainInterfaceType,
+            logger);
+    }
+
+    private static void SetTrustStoreFactory(
+        string setterMethodName,
+        string resourceName,
+        Type chainFactoryInterfaceType,
+        Type chainInterfaceType,
+        INuGetLogger logger)
+    {
+        var certificates = LoadCertificatesFromResource(resourceName);
+        if (certificates is null || certificates.Count == 0)
+        {
+            logger.LogWarning($"No certificates loaded from embedded resource: {resourceName}");
+            return;
+        }
+
+        // Create IX509ChainFactory proxy via DispatchProxy
+        var factory = ChainFactoryDispatchProxy.CreateFactory(
+            chainFactoryInterfaceType, chainInterfaceType, certificates);
+
+        // Call the setter on X509TrustStore to register the factory
+        var setter = typeof(X509TrustStore).GetMethod(
+            setterMethodName,
+            BindingFlags.NonPublic | BindingFlags.Static);
+
+        if (setter is null)
+        {
+            logger.LogWarning($"Could not find {setterMethodName} on X509TrustStore.");
+            return;
+        }
+
+        setter.Invoke(null, [factory]);
+        logger.LogInformation($"Initialized NuGet trust store from embedded resource: {resourceName} ({certificates.Count} certificates)");
+    }
+
+    private static X509Certificate2Collection? LoadCertificatesFromResource(string resourceName)
+    {
+        using var stream = typeof(TrustedRootsHelper).Assembly.GetManifestResourceStream(resourceName);
+        if (stream is null)
+        {
+            return null;
+        }
+
+        using var reader = new StreamReader(stream);
+        var pemContents = reader.ReadToEnd();
+
+        var certificates = new X509Certificate2Collection();
+        certificates.ImportFromPem(pemContents);
+        return certificates;
+    }
+}
+
+/// <summary>
+/// DispatchProxy that implements NuGet's internal IX509ChainFactory interface.
+/// Creates X509Chain instances configured with custom root trust using embedded certificates.
+/// </summary>
+internal class ChainFactoryDispatchProxy : DispatchProxy
+{
+    private X509Certificate2Collection _certificates = [];
+    private Type _chainInterfaceType = null!;
+
+    internal static object CreateFactory(
+        Type chainFactoryInterfaceType,
+        Type chainInterfaceType,
+        X509Certificate2Collection certificates)
+    {
+        var proxy = (ChainFactoryDispatchProxy)Create(chainFactoryInterfaceType, typeof(ChainFactoryDispatchProxy));
+
+        proxy._certificates = certificates;
+        proxy._chainInterfaceType = chainInterfaceType;
+        return proxy;
+    }
+
+    protected override object? Invoke(MethodInfo? targetMethod, object?[]? args)
+    {
+        // IX509ChainFactory has a single method: IX509Chain Create()
+        if (targetMethod?.Name == "Create")
+        {
+            return CreateChain();
+        }
+
+        throw new NotSupportedException($"Method {targetMethod?.Name} is not supported.");
+    }
+
+    private object CreateChain()
+    {
+        // Create an IX509Chain proxy that wraps an X509Chain with custom root trust
+        return ChainDispatchProxy.CreateChain(_chainInterfaceType, _certificates);
+    }
+}
+
+/// <summary>
+/// DispatchProxy that implements NuGet's internal IX509Chain interface.
+/// Wraps an X509Chain configured with CustomRootTrust mode.
+/// </summary>
+internal class ChainDispatchProxy : DispatchProxy
+{
+    private readonly X509Chain _chain = new();
+
+    internal static object CreateChain(
+        Type chainInterfaceType,
+        X509Certificate2Collection certificates)
+    {
+        var proxy = (ChainDispatchProxy)Create(chainInterfaceType, typeof(ChainDispatchProxy));
+
+        proxy._chain.ChainPolicy.TrustMode = X509ChainTrustMode.CustomRootTrust;
+        proxy._chain.ChainPolicy.CustomTrustStore.AddRange(certificates);
+        return proxy;
+    }
+
+    protected override object? Invoke(MethodInfo? targetMethod, object?[]? args)
+    {
+        return targetMethod?.Name switch
+        {
+            "Build" => Build((X509Certificate2)args![0]!),
+            "Dispose" => Dispose(),
+            "get_ChainElements" => _chain.ChainElements,
+            "get_ChainPolicy" => _chain.ChainPolicy,
+            "get_ChainStatus" => _chain.ChainStatus,
+            "get_PrivateReference" => _chain,
+            "get_AdditionalContext" => (global::NuGet.Common.ILogMessage?)null,
+            _ => throw new NotSupportedException($"Method {targetMethod?.Name} is not supported.")
+        };
+    }
+
+    private bool Build(X509Certificate2 certificate)
+    {
+        return _chain.Build(certificate);
+    }
+
+    private object? Dispose()
+    {
+        _chain.Dispose();
+        return null;
+    }
+}

tests/Aspire.Cli.Tests/Projects/PrebuiltAppHostServerTests.cs

@@ -155,7 +155,7 @@ public void Constructor_UsesUserAspireDirectoryForWorkingDirectory()
     {
         using var workspace = TemporaryWorkspace.Create(outputHelper);
 
-        var nugetService = new BundleNuGetService(new NullLayoutDiscovery(), new LayoutProcessRunner(new TestProcessExecutionFactory()), Microsoft.Extensions.Logging.Abstractions.NullLogger<BundleNuGetService>.Instance);
+        var nugetService = new BundleNuGetService(new NullLayoutDiscovery(), new LayoutProcessRunner(new TestProcessExecutionFactory()), new TestFeatures(), Microsoft.Extensions.Logging.Abstractions.NullLogger<BundleNuGetService>.Instance);
         var server = new PrebuiltAppHostServer(
             workspace.WorkspaceRoot.FullName,
             "test.sock",
@@ -209,7 +209,7 @@ await File.WriteAllTextAsync(aspireConfigPath, """
             OnGetConfiguration = key => key == "channel" ? "pr-old" : null
         };
 
-        var nugetService = new BundleNuGetService(new NullLayoutDiscovery(), new LayoutProcessRunner(new TestProcessExecutionFactory()), Microsoft.Extensions.Logging.Abstractions.NullLogger<BundleNuGetService>.Instance);
+        var nugetService = new BundleNuGetService(new NullLayoutDiscovery(), new LayoutProcessRunner(new TestProcessExecutionFactory()), new TestFeatures(), Microsoft.Extensions.Logging.Abstractions.NullLogger<BundleNuGetService>.Instance);
         var server = new PrebuiltAppHostServer(
             workspace.WorkspaceRoot.FullName,
             "test.sock",