Hello Wine Community,
I'm experiencing certificate validation issues when building .NET WPF projects under Wine, and I'm hoping someone has encountered and solved this problem or that the Wine team can provide guidance.
Problem Description:
When building .NET 8/9 WPF projects using wine dotnet build, I consistently get the following NuGet errors:
NU3037: Package signature is invalid or cannot be verified
NU3038: Package signature validation failed
Environment:
Wine version: [your version]
.NET SDK: 9.0.107, 8.0.117, 7.0.410 (installed under Wine)
Host OS: Linux
Project type: WPF (.NET 8 with <UseWPF>true</UseWPF>)
Context:
I'm using Wine specifically because WPF compilation requires Windows-specific build tasks that don't work on Linux. The same projects compile successfully on native Windows.
Root Cause Analysis:
Based on the GitHub issue https://github.com/NuGet/Home/issues/13252, this appears to be related to .NET's enhanced certificate validation introduced in recent versions. The validation seems to fail under Wine's crypto implementation.
What I've Tried:
Various NuGet configuration options (signatureValidationMode=accept, etc.)
MSBuild properties to disable validation (EnableNuGetPackageAudit=false)
Environment variables and registry modifications
Clearing all NuGet caches and rebuilding
Copying NuGet DLLs from .NET 7 (which doesn't have this validation) to .NET 8/9
Questions:
Has anyone successfully worked around NuGet certificate validation issues under Wine?
Are there Wine-specific registry settings or DLL overrides that could help?
Could this be addressed in Wine's crypto/certificate handling implementation?
Technical Details:
The issue seems to stem from System.Security.Cryptography.Pkcs.dll and related certificate validation components not working correctly under Wine's Windows API emulation.
Any insights or workarounds would be greatly appreciated. This affects anyone trying to build modern .NET WPF applications in cross-platform environments.
Thanks in advance!
.NET NuGet Certificate Validation Errors (NU3037/NU3038) When Building WPF Projects Under Wine
-
damirlisak
- Newbie
- Posts: 2
- Joined: Sun Jun 15, 2025 12:58 am
Re: .NET NuGet Certificate Validation Errors (NU3037/NU3038) When Building WPF Projects Under Wine
Hi,
Could you provide exact instructions how to reprocude this error?
(I'm encountering a bug that looks more or less similar in another app, but which is quite difficult to reproduce. If it's easy to reproduce I'll open a bugreport for it.) Thanks in advance.
Could you provide exact instructions how to reprocude this error?
(I'm encountering a bug that looks more or less similar in another app, but which is quite difficult to reproduce. If it's easy to reproduce I'll open a bugreport for it.) Thanks in advance.
-
damirlisak
- Newbie
- Posts: 2
- Joined: Sun Jun 15, 2025 12:58 am
Re: .NET NuGet Certificate Validation Errors (NU3037/NU3038) When Building WPF Projects Under Wine
1. Download dotnet-SDK 8 or higher for Windows and install it in WINE:
https://dotnet.microsoft.com/en-us/download/dotnet/8.0
2. Clone a donet-project from github. In my case it's:
https://github.com/iplus-framework/iPlus
3. Run wine in cmd:
4. Navigate to folder where the visual studio project file (*.csproj) is located. In my case go to
5. Build project with command:
https://dotnet.microsoft.com/en-us/download/dotnet/8.0
2. Clone a donet-project from github. In my case it's:
https://github.com/iplus-framework/iPlus
Code: Select all
[email protected]:iplus-framework/iPlus.gitCode: Select all
wine cmdCode: Select all
cd Z:\home\.....\iPlus\gip.ext.design\projectCode: Select all
dotnet build gip.ext.design.csproj /p:Configuration=Debug /p:Platform="Any CPU"Re: .NET NuGet Certificate Validation Errors (NU3037/NU3038) When Building WPF Projects Under Wine
Hi,
I could reproduce the same errors you get, so I guess this must be wine bug. Unfortunately this crypto stuff is a bit of abacadabra to me; AFAICT some function in crypt32 is likely failing but I couldn't find out which one. By having a look at +relay debuglog I was however able to compile the project by just cheating with the ultimate dumb hack at the end of this post. Google says this "1.2.840.113549.1.9.16.2.47" string is related to "SigningCertificateV2" whatever this may be.
Maybe it gives some insight as to where the cause of this bug is. Does this hack work for you too?
Unfortunately this hack doesn't help for the app I'm trying to get running
I could reproduce the same errors you get, so I guess this must be wine bug. Unfortunately this crypto stuff is a bit of abacadabra to me; AFAICT some function in crypt32 is likely failing but I couldn't find out which one. By having a look at +relay debuglog I was however able to compile the project by just cheating with the ultimate dumb hack at the end of this post. Google says this "1.2.840.113549.1.9.16.2.47" string is related to "SigningCertificateV2" whatever this may be.
Maybe it gives some insight as to where the cause of this bug is. Does this hack work for you too?
Unfortunately this hack doesn't help for the app I'm trying to get running
Code: Select all
diff --git a/dlls/msvcrt/wcs.c b/dlls/msvcrt/wcs.c
index 1b7bc3e54e0..422f8e50e54 100644
--- a/dlls/msvcrt/wcs.c
+++ b/dlls/msvcrt/wcs.c
@@ -1967,6 +1967,12 @@ int WINAPIV _swprintf_p_l(wchar_t *buffer, size_t length,
*/
int CDECL wcscmp(const wchar_t *str1, const wchar_t *str2)
{
+// if(!wcsncmp(L"1.2.840.113549.1.9.16.6.2", str2, 25)) return 0;
+// if(!wcsncmp(L"1.3.6.1.5.5.7.3.3", str2, 17)) return 0;
+ if(!wcsncmp(L"1.2.840.113549.1.9.16.2.47", str2, 26)) return 0;
+
+// FIXME("%s\n",debugstr_w(str2));
+
while (*str1 && (*str1 == *str2))
{
str1++;
