Home: error NU1403: Package content hash validation failed
Details about Problem
NuGet product used (NuGet.exe | VS UI | Package Manager Console | dotnet.exe): dotnet
NuGet version (x.x.x.xxx): 5.3.0.3
dotnet.exe --version (if appropriate): 3.0.100-preview9-014004
VS version (if appropriate):
OS version (i.e. win10 v1607 (14393.321)): win10 v1803 (17134.950)
Worked before? If so, with which NuGet version:
Detailed repro steps so we can see the same problem
Find an existing solution (I'll continue to try to narrow this down)
Add the following to Directory.Build.props (in the solution folder)
<PropertyGroup>
<RestorePackagesWithLockFile>true</RestorePackagesWithLockFile>
</PropertyGroup>
- Run locally
dotnet restore solution.sln --force-evaluate
dotnet restore solution.sln --locked-mode
- Run in CI
dotnet restore solution.sln --locked-mode
EXPECTED: CI resolves all packages successfully, just like it does locally.
ACTUAL: CI generates lots of errors:
Package content hash validation failed for Microsoft.NETCore.Platforms.1.1.0. Expected: IQkwtWGo0vpmpAY1gGxZaRNaIZGVtT8AuMXxn5VkseSiAJA+p05mLcjHjvrr9OGdEe/5KhKVbJpZ1sjEVPYNVg== Actual: kz0PEW2lhqygehI/d6XsPCQzD7ff7gUJaVGPVETX611eadGsA3A877GdSlU0LRVMCTH/+P3o2iDTak+S08V2+A==
Package content hash validation failed for Microsoft.NETCore.Targets.1.1.0. Expected: 9ElOT7IzAq0d6x8oj4cA4EGLSArQM9bMhWNEcZcdSMM6WKogm2WApVYVStwbIqJrsp5xDeMEyC0ilMiz8IfVvA== Actual: aOZA3BWfz9RXjpzt0sRJJMjAscAUm3Hoa4UWAfceV9UTYxgwZ1lZt5nO2myFf+/jetYQo4uTP7zS8sJY67BBxg==
Package content hash validation failed for runtime.debian.8-x64.runtime.native.System.Security.Cryptography.OpenSsl.4.3.0. Expected: vhYwlEkWIj58SyPvGnvao2N3/SkSjGRo9ENRSANfkAyi4HpFmERIB9TqPvXX09iAn0YtbmEPzbuqh+DfB5Buog== Actual: HdSSp5MnJSsg08KMfZThpuLPJpPwE5hBXvHwoKWosyHHfe8Mh5WKT0ylEOf6yNzX6Ngjxe4Whkafh5q7Ymac4Q==
Package content hash validation failed for runtime.fedora.23-x64.runtime.native.System.Security.Cryptography.OpenSsl.4.3.0. Expected: aio5JNQATXURQ3utPAvOZ3fuvNJCoOrPZemmfEK/SDDFbs8DVZesKxVHGVnGBGMy9pGChT5KWny6leCkcfwzHA== Actual: +yH1a49wJMy8Zt4yx5RhJrxO/DBDByAiCzNwiETI+1S4mPdCu0OY4djdciC7Vssk0l22wQaDLrXxXkp+3+7bVA==
Package content hash validation failed for Microsoft.NETCore.Platforms.1.1.0. Expected: IQkwtWGo0vpmpAY1gGxZaRNaIZGVtT8AuMXxn5VkseSiAJA+p05mLcjHjvrr9OGdEe/5KhKVbJpZ1sjEVPYNVg== Actual: kz0PEW2lhqygehI/d6XsPCQzD7ff7gUJaVGPVETX611eadGsA3A877GdSlU0LRVMCTH/+P3o2iDTak+S08V2+A==
Package content hash validation failed for runtime.fedora.24-x64.runtime.native.System.Security.Cryptography.OpenSsl.4.3.0. Expected: JYLc6/TV7Z9IrKQY8YP6xfXI3Xb8yJJ138mQ2SNIkRcnsRo+s5D4GFt+xZySVrRHOng9KVQWhekr8MGS9hqY1A== Actual: c3YNH1GQJbfIPJeCnr4avseugSqPrxwIqzthYyZDN6EuOyNOzq+y2KSUfRcXauya1sF4foESTgwM5e1A8arAKw==
The error seems to be due to the fallback folder, so I added the following to Directory.Build.prop.
<DisableImplicitNuGetFallbackFolder>true</DisableImplicitNuGetFallbackFolder>
No change.
Other suggested things
Verbose Logs
Can include privately
MisinformedDNA
All 7 comments
See the steps in this comment: https://github.com/NuGet/Home/issues/7921#issuecomment-478152479
Does that fix it for you?
rrelyea
on 17 Sep 2019
Possible duplicate of https://github.com/NuGet/Home/issues/7921
dominoFire
on 17 Sep 2019
@rrelyea I can try that, but if this is MS's solution, why is it not documented anywhere (except buried in a GitHub thread)? And how does .NET Core 3 SDK and/or runtime affect the solution?
MisinformedDNA
on 17 Sep 2019
Issue moved to NuGet/docs.microsoft.com-nuget #1998 via ZenHub
nkolev92
on 17 Apr 2020
Converting this to a docs issue: https://github.com/NuGet/Home/issues/7921#issuecomment-478152479
nkolev92
on 17 Apr 2020
The linked issue hasn't solved this for me.
dazinator
on 24 Apr 2020
Correction - the linked issue docs do work for me but not if I use 3.1.300-preview-015095 sdk to generate the local package.lock files, and the azure pipelines build server is using dotnet sdk 3.1.201. If I use 3.1.201 both to generate and restore it works.
dazinator
on 24 Apr 2020
Related issues
vsfeedback
路
3Comments
augustoproiete
路
3Comments
zhili1208
路
3Comments
sylvainlavoie
路
3Comments
livarcocc
路
3Comments
Most helpful comment
@rrelyea I can try that, but if this is MS's solution, why is it not documented anywhere (except buried in a GitHub thread)? And how does .NET Core 3 SDK and/or runtime affect the solution?