Skip to content

Use a deterministic order for adding files to nuget packages #14448

New issue
New issue
Open
NuGet/NuGet.Client
#6649
Open
Use a deterministic order for adding files to nuget packages#14448
NuGet/NuGet.Client
#6649
Labels
Functionality:PackPriority:3Issues under consideration. With enough upvotes, will be reconsidered to be added to the backlog.Product:dotnet.exeType:Feature
@omajid

Description

@omajid
omajid
opened on Jul 24, 2025

NuGet Product(s) Involved

dotnet.exe

The Elevator Pitch

With reproducible builds, software can become more trustworthy, transparent and secure. It becomes easier to verify that binaries have not been tampered with it, and easier to identify some types of security attacks.

As part of that, it would be great if nupkgs were fully reproducible.

One current area of non-reproducibility in nuget packages is order of files in the .nupkg files. NuGet.Client's PackageBuilder uses a HashSet to order the files when adding them to a nupkg, and the order can change randomly from build to build. It would be great if the the order of the files in a nuget package were deterministic.

Additional Context and Details

This ties to dotnet/source-build#4963

Metadata

Metadata

Assignees

No one assigned

    Labels

    Functionality:PackPriority:3Issues under consideration. With enough upvotes, will be reconsidered to be added to the backlog.Product:dotnet.exeType:Feature

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions