While trying to install package in Robot machine, an error is thrown : "Failed to install package RemoteException wrapping System.Exception: NU3004 : signatureValidationMode is set to require, so packages are allowed only if signed by trusted signers; however, this package is unsigned."
When a package is published from Studio or the Command Line, there is a possibility to sign it. In order to know more about signing packages -
The Robot verifies the signature of a package when a job is started. A package is not installed if its signature is not trusted.
After a job is started, the Robot on the particular machine verifies the package signature as follows:
1) The repository certificate is checked. It is represented by the certificatefingerprint tag. The fingerprint from the NuGet.config needs to be the same as the one from the package:
Different - the package is not installed.
Same - checks if the package needs to be signed by authors as well.
2) The value of the allowUntrustedRoot attribute is verified. It indicates that the package needs to be signed by an author:
="true" - only a repository signature is required, so the package is installed.
="false" - an author signature is required, so an additional check is made.
3) The author signature is verified, which needs to be in the <owners> tag, inside the <trustedSigners> tag:
Not Trusted - the package is not installed.
Trusted - the package is installed.
More information : https://docs.uipath.com/robot/docs/about-automation-projects-on-the-robot#section-package-signature-verification
Signature validation can be checked in nuget.config file present at below location : C:/Program Files (x86)/UiPath/Studio
As per the error message "signatureValidationMode is set to require", so packages are allowed only if signed by trusted signers.
In such situation, either
- the packages needs to be signed and verified : https://docs.uipath.com/robot/v2019.0.0-fastTrack/docs/package-signature-verification
- if the signature is not required then the value for the key signatureValidationMode can be made empty (""), so that this verification does not happen for the Robot machine.