Robot
2023.10
false
- Release Notes
- Getting Started
- UiPath Assistant
- Installation and Upgrade
- Robot Types
- Robot Components
- Licensing
- Connecting Robots to Orchestrator
- Processes and Activities
- About Automation Projects on the Robot
- About the Activities Feeds
- Background Process Automation
- Robot API
- Package Signature Verification
- Logging
- Robot JavaScript SDK
- Specific Scenarios
- Restarting Robot Components
- Windows Sessions
- Login Using Thales Luna Credential System
- Login Using NShield Key Storage Provider
- Redirecting Robots Through a Proxy Server
- Executing Tasks in a Minimized RDP Window
- Using Mapped Network Drives
- Stopping a Process
- Disable Stop Button
- Custom Package Folders and Network Paths
- CrowdStrike Integration
- Robot Citrix Apps Virtualization
- Troubleshooting
- Common Connection Errors
- Unresponsive Robot Over RDP
- Duplicate Execution Logs
- Frequently Encountered Robot Errors
- Increased Process Execution Duration
- Enforced Package Signature Verification
- Message Too Large to Process
- Errors When Running as Administrator
- NuGet Packages Not Accessible After Migration
- User Access Control Prompt and UI Automation Activities
- .NET required during installation
- Assembly Cannot Be Loaded From Network Or Azure File Share
- Activities cannot find .NET Runtime
Robot User Guide
Last updated Apr 17, 2024
Package Signature Verification
Package Signature is a method through which NuGet Packages prove that they come from trusted sources. A package is signed by using a certificate
to validate the identity of a signer. When the deployment is set to check the Package Signature Verification, UiPath validates
against the information available in the
NuGet.config file to find the requested certificate in order to ensure consumed packages are coming from an allowed author or repository.
For an in-depth overview of how Package Signature Verification works, make sure to read through the specifics in this section of the Microsoft guide about NuGet.config file.
accept- Allows for unsigned packages to be installed.require- For a package to be installed, its signing details have to match the ones from thetrustedSignerssection ofNuGet.config.
To enforce the use of signed packages, the
signatureValidationMode parameter in the Nuget.config file must be set to require. The file is located at %ProgramFiles%\UiPath\Studio. You can do this in one of two ways:
-
During installation, by installing from the command line with the option
ENFORCE_SIGNED_EXECUTION=1.For example, the following command installs Studio, a Robot as a Windows service, and enforces the usage of signed packaged in your UiPath environment:
UiPathStudio.msi ADDLOCAL=DesktopFeature,Studio,Robot,RegisterService ENFORCE_SIGNED_EXECUTION=1UiPathStudio.msi ADDLOCAL=DesktopFeature,Studio,Robot,RegisterService ENFORCE_SIGNED_EXECUTION=1 -
After installation, by manually editing the
NuGet.configfile.If you set the parameter after installation, the changes take effect after you:
- Restart the Robot Service.
- Remove all existing .NuGet packages from
%ProgramFiles%\UiPath\Studio\Packagesand%userprofile%\.nuget\packages. - Restart Studio/Assistant.
To download, install, and run packages signed with a certain certificate, add the required certificate as a trusted source.
For this, modify the
NuGet.config file in the installation folder, in the <trustedSigners> section.
Note: More information on how to add or remove activities feeds can be found in this document.
Open the
NuGet.config file from the Install Folder and add the following values:
<config>
<add key="signatureValidationMode" value="require" />
</config>
<trustedSigners>
<author name="UiPath">
<certificate fingerprint="D179174EBC1E180D656BFB15BE369DEA8A17C178230FAC7771BF5446940C290C" hashAlgorithm="SHA256" allowUntrustedRoot="false"/>
<certificate fingerprint="ABD1E1BB749DDC96B46A1DBD91B93A2D8B3B5572D1E20A52F6165ED96FC117E0" hashAlgorithm="SHA256" allowUntrustedRoot="false" />
</author>
<repository name="UiPathRepository" serviceIndex="https://gallery.uipath.com/api/v3/index.json">
<certificate fingerprint="D179174EBC1E180D656BFB15BE369DEA8A17C178230FAC7771BF5446940C290C" hashAlgorithm="SHA256" allowUntrustedRoot="false" />
<certificate fingerprint="ABD1E1BB749DDC96B46A1DBD91B93A2D8B3B5572D1E20A52F6165ED96FC117E0" hashAlgorithm="SHA256" allowUntrustedRoot="false" />
</repository>
</trustedSigners><config>
<add key="signatureValidationMode" value="require" />
</config>
<trustedSigners>
<author name="UiPath">
<certificate fingerprint="D179174EBC1E180D656BFB15BE369DEA8A17C178230FAC7771BF5446940C290C" hashAlgorithm="SHA256" allowUntrustedRoot="false"/>
<certificate fingerprint="ABD1E1BB749DDC96B46A1DBD91B93A2D8B3B5572D1E20A52F6165ED96FC117E0" hashAlgorithm="SHA256" allowUntrustedRoot="false" />
</author>
<repository name="UiPathRepository" serviceIndex="https://gallery.uipath.com/api/v3/index.json">
<certificate fingerprint="D179174EBC1E180D656BFB15BE369DEA8A17C178230FAC7771BF5446940C290C" hashAlgorithm="SHA256" allowUntrustedRoot="false" />
<certificate fingerprint="ABD1E1BB749DDC96B46A1DBD91B93A2D8B3B5572D1E20A52F6165ED96FC117E0" hashAlgorithm="SHA256" allowUntrustedRoot="false" />
</repository>
</trustedSigners>To add a trusted author, you need to open the
NuGet.config file located at %ProgramFiles%\UiPath\Studio\NuGet.config. Then, provide the certificatefingerprint and hashAlgorithm as per the example above. Check this page to get more information about the certificate fingerprint.
Adding a trusted repository is done roughly the same as adding an author, with the difference that the
serviceIndex must also be added.
Below is an example of a trusted repository added to the
NuGet.config file:
<trustedSigners>
<repository name="UiPath Repository" serviceIndex="https://uipath.repository">
<certificate fingerprint="1234512345123451234512345123123123123123123123123123112312312E5" hashAlgorithm="SHA256" allowUntrustedRoot="true" />
</repository>
</trustedSigners><trustedSigners>
<repository name="UiPath Repository" serviceIndex="https://uipath.repository">
<certificate fingerprint="1234512345123451234512345123123123123123123123123123112312312E5" hashAlgorithm="SHA256" allowUntrustedRoot="true" />
</repository>
</trustedSigners>A repository may have multiple author-signed packages. In this case, the
<owners> tag can be used for allowing only packages signed by trusted authors to be installed.
Add the trusted authors between the
<owners> tags, as in the example below:
<trustedSigners>
<repository name="UiPath Repository" serviceIndex="https://uipath.repository">
<certificate fingerprint="1234512345123451234512345123123123123123123123123123112312312E5" hashAlgorithm="SHA256" allowUntrustedRoot="true" />
<owners>Author1;Author2</owners>
</repository>
</trustedSigners><trustedSigners>
<repository name="UiPath Repository" serviceIndex="https://uipath.repository">
<certificate fingerprint="1234512345123451234512345123123123123123123123123123112312312E5" hashAlgorithm="SHA256" allowUntrustedRoot="true" />
<owners>Author1;Author2</owners>
</repository>
</trustedSigners>Starting with the v2021.2 release, the following settings for Package Signature Verification are no longer populated in the
Nuget.config file at install:
signatureValidationModeparameter is no longer populated in theNuget.configfile at install- UiPath is no longer populated in the
Nuget.configfile at install as both repository and author in thetrustedSignerstag.
Impact:
- If Package Signature Verification is used, all trusted signers, including UiPath, must be added manually in the
NuGet.configfile. - If Package Signature Verification is not used, the
trustedSignerstag should not be present in theNuGet.configfile. - If the
NuGet.orgfeed is used, it needs to be added for both accept and require modes as NuGet announces the whole repository as signed.
To resolve the above, you need to add UiPath as a trusted signer.
