- Release Notes
- Getting Started
- Setup and Configuration
- Automation Projects
- Dependencies
- Types of Workflows
- File Comparison
- Automation Best Practices
- Source Control Integration
- Debugging
- The Diagnostic Tool
- Variables
- Arguments
- Imported Namespaces
- Trigger-based Attended Automation
- Recording
- UI Elements
- Control Flow
- Selectors
- Object Repository
- Data Scraping
- Image and Text Automation
- Citrix Technologies Automation
- RDP Automation
- Salesforce Automation
- SAP Automation
- VMware Horizon Automation
- Logging
- The ScreenScrapeJavaSupport Tool
- The WebDriver Protocol
- Test Suite - Studio
- Extensions
- Troubleshooting
- About troubleshooting
- Microsoft App-V support and limitations
- Internet Explorer X64 troubleshooting
- Microsoft Office issues
- Identifying UI elements in PDF with Accessibility options
- Repairing Active Accessibility support
- Automating Applications Running Under a Different Windows User
- Validation of large Windows-legacy projects takes longer than expected
Signing Packages
Package signing is available with the purpose of ensuring the security and integrity of processes and libraries published from Studio.
NuGet offers two ways in which packages can be signed, either by an author or by a repository.
signatureValidationMode
parameter in the Nuget.config
file must be set to require
. The file is located at %ProgramFiles%\UiPath\Studio
. You can do this in one of two ways:
-
During installation, by installing from the command line with the option
ENFORCE_SIGNED_EXECUTION=1
.For example, the following command installs Studio, a Robot as a Windows service, and enforces the usage of signed packaged in your UiPath environment:UiPathStudio.msi ADDLOCAL=DesktopFeature,Studio,Robot,RegisterService ENFORCE_SIGNED_EXECUTION=1
. -
After installation, by manually editing the
Nuget.config
file.If you set the parameter after installation, the changes take effect after you:
- Restart the Robot Service.
- Remove all existing .NuGet packages from
%ProgramFiles%\UiPath\Studio\Packages
and%userprofile%\.nuget\packages
. - Restart Studio/Assistant.
By default, UiPath packages are repository and author-signed. This means that such packages can be downloaded and installed using Manage Packages without having to perform any additional actions. For information on how to add additional trusted authors, repositories, and/or owners, see following sections on this page.
nuget.config
file in the
installation folder, mainly the section <trustedSigners>
.
NuGet.config
file located at
%ProgramFiles%\UiPath\Studio\NuGet.config
. Then, provide the
certificatefingerprint
and hashAlgorithm
. Check this
page to get more information
about the certificate fingerprint.
allowUntrustedRoot
to true
or
false
:
allowUntrustedRoot = "true"
- trusted signer should be allowed to chain to an untrusted root.allowUntrustedRoot = "false"
- trusted signer should not be allowed to chain to an untrusted root.
The entry should be similar to the example below:
<trustedSigners>
<author name="UiPath">
<certificate fingerprint="1234512345123451234512345123123123123123123123123123112312312E5" hashAlgorithm="SHA256" allowUntrustedRoot="true"/>
</author>
</trustedSigners>
<trustedSigners>
<author name="UiPath">
<certificate fingerprint="1234512345123451234512345123123123123123123123123123112312312E5" hashAlgorithm="SHA256" allowUntrustedRoot="true"/>
</author>
</trustedSigners>
For more information on adding UiPath as a trusted signer, see Package Signature Verification in the Robot guide.
serviceIndex
must also be added.
NuGet.config
file:
<trustedSigners>
<repository name="UiPath Repository" serviceIndex="https://uipath.repository">
<certificate fingerprint="1234512345123451234512345123123123123123123123123123112312312E5" hashAlgorithm="SHA256" allowUntrustedRoot="true" />
</repository>
</trustedSigners>
<trustedSigners>
<repository name="UiPath Repository" serviceIndex="https://uipath.repository">
<certificate fingerprint="1234512345123451234512345123123123123123123123123123112312312E5" hashAlgorithm="SHA256" allowUntrustedRoot="true" />
</repository>
</trustedSigners>
<owners>
tag can be used for allowing only packages signed by
trusted authors to be installed.
<owners>
tags, as in the example
below:
<trustedSigners>
<repository name="UiPath Repository" serviceIndex="https://uipath.repository">
<certificate fingerprint="1234512345123451234512345123123123123123123123123123112312312E5" hashAlgorithm="SHA256" allowUntrustedRoot="true" />
<owners>Author1;Author2</owners>
</repository>
</trustedSigners>
<trustedSigners>
<repository name="UiPath Repository" serviceIndex="https://uipath.repository">
<certificate fingerprint="1234512345123451234512345123123123123123123123123123112312312E5" hashAlgorithm="SHA256" allowUntrustedRoot="true" />
<owners>Author1;Author2</owners>
</repository>
</trustedSigners>
Timestamps are a secure way of keeping track of the date and time when a package was signed. To learn more about timestamping in the context of NuGet package signing, check out this link.
If the certificate timestamper is invalid, an error message containing the project name is thrown in Studio after clicking the Publish button. A similar error message is also logged in the Output panel.
Use the Mass Update Command Line tool to sign multiple packages and then publish them to a location.