- Release Notes
- Getting Started
- Setup and Configuration
- Automation Projects
- Dependencies
- Types of Workflows
- File Comparison
- Automation Best Practices
- Source Control Integration
- Debugging
- The Diagnostic Tool
- Workflow Analyzer
- About Workflow Analyzer
- ST-NMG-001 - Variables Naming Convention
- ST-NMG-002 - Arguments Naming Convention
- ST-NMG-004 - Display Name Duplication
- ST-NMG-005 - Variable Overrides Variable
- ST-NMG-006 - Variable Overrides Argument
- ST-NMG-008 - Variable Length Exceeded
- ST-NMG-009 - Prefix Datatable Variables
- ST-NMG-011 - Prefix Datatable Arguments
- ST-NMG-012 - Argument Default Values
- ST-NMG-016 - Argument Length Exceeded
- ST-DBP-002 - High Arguments Count
- ST-DBP-003 - Empty Catch Block
- ST-DBP-007 - Multiple Flowchart Layers
- ST-DBP-020 - Undefined Output Properties
- ST-DBP-023 - Empty Workflow
- ST-DBP-024 - Persistence Activity Check
- ST-DBP-025 - Variables Serialization Prerequisite
- ST-DBP-026 - Delay Activity Usage
- ST-DBP-027 - Persistence Best Practice
- ST-DBP-028 - Arguments Serialization Prerequisite
- ST-USG-005 - Hardcoded Activity Arguments
- ST-USG-009 - Unused Variables
- ST-USG-010 - Unused Dependencies
- ST-USG-014 - Package Restrictions
- ST-USG-020 - Minimum Log Messages
- ST-USG-024 - Unused Saved for Later
- ST-USG-025 - Saved Value Misuse
- ST-USG-026 - Activity Restrictions
- ST-USG-027 - Required Packages
- ST-USG-028 - Restrict Invoke File Templates
- Variables
- Arguments
- Imported Namespaces
- Recording
- UI Elements
- Control Flow
- Selectors
- Object Repository
- Data Scraping
- Image and Text Automation
- Automating Citrix Technologies
- RDP Automation
- Salesforce Automation
- SAP Automation
- VMware Horizon Automation
- Logging
- The ScreenScrapeJavaSupport Tool
- The WebDriver Protocol
- Test Suite - Studio
- Extensions
- Troubleshooting
Signing Packages
Package signing is available with the purpose of ensuring the security and integrity of processes and libraries published from Studio.
NuGet offers two ways in which packages can be signed, either by an author or by a repository.
signatureValidationMode
parameter in the Nuget.config
file must be set to require
. The file is located at %ProgramFiles%\UiPath\Studio
. You can do this in one of two ways:
-
During installation, by installing from the command line with the option
ENFORCE_SIGNED_EXECUTION=1
.For example, the following command installs Studio, a Robot as a Windows service, the local activities packages, and enforces the usage of signed packaged in your UiPath environment:UiPathStudio.msi ADDLOCAL=DesktopFeature,Studio,Robot,RegisterService,Packages ENFORCE_SIGNED_EXECUTION=1
. -
After installation, by manually editing the
Nuget.config
file.If you set the parameter after installation, the changes take effect after you:
- Restart the Robot Service.
- Remove all existing .NuGet packages from
%ProgramFiles%\UiPath\Studio\Packages
and%userprofile%\.nuget\packages
. - Restart Studio/Assistant.
By default, UiPath packages are repository and author-signed. This means that such packages can be downloaded and installed using Manage Packages without having to perform any additional actions. For information on how to add additional trusted authors, repositories, and/or owners, see following sections on this page.
nuget.config
file in the
installation folder, mainly the section <trustedSigners>
.
NuGet.config
file located at
%ProgramFiles%\UiPath\Studio\NuGet.config
. Then, provide the
certificatefingerprint
and hashAlgorithm
. Check this
page to get more information
about the certificate fingerprint.
allowUntrustedRoot
to true
or
false
:
allowUntrustedRoot = "true"
- trusted signer should be allowed to chain to an untrusted root.allowUntrustedRoot = "false"
- trusted signer should not be allowed to chain to an untrusted root.
The entry should be similar to the example below:
<trustedSigners>
<author name="UiPath">
<certificate fingerprint="1234512345123451234512345123123123123123123123123123112312312E5" hashAlgorithm="SHA256" allowUntrustedRoot="true"/>
</author>
</trustedSigners>
<trustedSigners>
<author name="UiPath">
<certificate fingerprint="1234512345123451234512345123123123123123123123123123112312312E5" hashAlgorithm="SHA256" allowUntrustedRoot="true"/>
</author>
</trustedSigners>
For more information on adding UiPath as a trusted signer, see Package Signature Verification in the Robot guide.
serviceIndex
must also be added.
NuGet.config
file:
<trustedSigners>
<repository name="UiPath Repository" serviceIndex="https://uipath.repository">
<certificate fingerprint="1234512345123451234512345123123123123123123123123123112312312E5" hashAlgorithm="SHA256" allowUntrustedRoot="true" />
</repository>
</trustedSigners>
<trustedSigners>
<repository name="UiPath Repository" serviceIndex="https://uipath.repository">
<certificate fingerprint="1234512345123451234512345123123123123123123123123123112312312E5" hashAlgorithm="SHA256" allowUntrustedRoot="true" />
</repository>
</trustedSigners>
<owners>
tag can be used for allowing only packages signed by
trusted authors to be installed.
<owners>
tags, as in the example
below:
<trustedSigners>
<repository name="UiPath Repository" serviceIndex="https://uipath.repository">
<certificate fingerprint="1234512345123451234512345123123123123123123123123123112312312E5" hashAlgorithm="SHA256" allowUntrustedRoot="true" />
<owners>Author1;Author2</owners>
</repository>
</trustedSigners>
<trustedSigners>
<repository name="UiPath Repository" serviceIndex="https://uipath.repository">
<certificate fingerprint="1234512345123451234512345123123123123123123123123123112312312E5" hashAlgorithm="SHA256" allowUntrustedRoot="true" />
<owners>Author1;Author2</owners>
</repository>
</trustedSigners>
Timestamps are a secure way of keeping track of the date and time when a package was signed. To learn more about timestamping in the context of NuGet package signing, check out this link.
If the certificate timestamper is invalid, an error message containing the project name is thrown in Studio after clicking the Publish button. A similar error message is also logged in the Output panel.
Use the Mass Update Command Line tool to sign multiple packages and then publish them to a location.