From f7ddf14b40532bc67f0412ff1720a6ffd48778ba Mon Sep 17 00:00:00 2001
From: JL03-Yue <59816815+JL03-Yue@users.noreply.github.com>
Date: Wed, 28 Aug 2024 11:28:32 -0700
Subject: [PATCH] add signature VerifySigning for dotnet tools (#39268)

Fixes #37469

Add signature verifications for NuGet Tools
---
 .../CommandFactoryUsingResolver.cs            | 18 ++--
 .../DefaultCommandResolverPolicy.cs           | 14 +--
 .../ICommandResolverPolicy.cs                 |  2 +-
 .../LocalToolsCommandResolver.cs              |  5 +-
 .../PathCommandResolverPolicy.cs              |  2 +-
 .../dotnet/CommandFactory/CommandResolver.cs  |  7 +-
 src/Cli/dotnet/DotNetCommandFactory.cs        |  6 +-
 .../FirstPartyNuGetPackageSigningVerifier.cs  |  4 +-
 .../LocalizableStrings.resx                   |  9 +-
 .../NuGetPackageDownloader.cs                 | 53 ++++++----
 .../xlf/LocalizableStrings.cs.xlf             | 16 ++-
 .../xlf/LocalizableStrings.de.xlf             | 16 ++-
 .../xlf/LocalizableStrings.es.xlf             | 16 ++-
 .../xlf/LocalizableStrings.fr.xlf             | 16 ++-
 .../xlf/LocalizableStrings.it.xlf             | 16 ++-
 .../xlf/LocalizableStrings.ja.xlf             | 16 ++-
 .../xlf/LocalizableStrings.ko.xlf             | 16 ++-
 .../xlf/LocalizableStrings.pl.xlf             | 16 ++-
 .../xlf/LocalizableStrings.pt-BR.xlf          | 16 ++-
 .../xlf/LocalizableStrings.ru.xlf             | 16 ++-
 .../xlf/LocalizableStrings.tr.xlf             | 16 ++-
 .../xlf/LocalizableStrings.zh-Hans.xlf        | 16 ++-
 .../xlf/LocalizableStrings.zh-Hant.xlf        | 16 ++-
 .../ToolPackage/IToolPackageDownloader.cs     |  3 +-
 .../ToolPackage/ToolPackageDownloader.cs      | 30 +++---
 .../dotnet/ToolPackage/ToolPackageFactory.cs  |  6 +-
 .../ToolInstallGlobalOrToolPathCommand.cs     | 16 ++-
 .../ToolUpdateGlobalOrToolPathCommand.cs      |  3 +-
 .../NuGetPackageInstallerTests.cs             | 17 ----
 .../ToolPackageDownloaderTests.cs             | 72 +++++++++-----
 .../ToolPackageInstallerNugetCacheTests.cs    |  6 +-
 .../ToolPackageUninstallerTests.cs            |  3 +-
 .../ToolPackageDownloaderMock.cs              |  3 +-
 test/dotnet.Tests/CommandObjectTests.cs       |  2 +-
 ...ToolInstallGlobalOrToolPathCommandTests.cs | 99 +++++++++++--------
 ...olUninstallGlobalOrToolPathCommandTests.cs |  2 +-
 .../ToolUpdateGlobalOrToolPathCommandTests.cs | 12 +--
 37 files changed, 413 insertions(+), 189 deletions(-)

diff --git a/src/Cli/dotnet/CommandFactory/CommandFactoryUsingResolver.cs b/src/Cli/dotnet/CommandFactory/CommandFactoryUsingResolver.cs
index 72132ccf9d17..99c7b7f7f6e1 100644
--- a/src/Cli/dotnet/CommandFactory/CommandFactoryUsingResolver.cs
+++ b/src/Cli/dotnet/CommandFactory/CommandFactoryUsingResolver.cs
@@ -15,12 +15,14 @@ public static Command CreateDotNet(
             string commandName,
             IEnumerable<string> args,
             NuGetFramework framework = null,
-            string configuration = Constants.DefaultConfiguration)
+            string configuration = Constants.DefaultConfiguration,
+            string currentWorkingDirectory = null)
         {
             return Create("dotnet",
                 new[] { commandName }.Concat(args),
                 framework,
-                configuration: configuration);
+                configuration: configuration,
+                currentWorkingDirectory);
         }
 
         /// <summary>
@@ -35,7 +37,8 @@ public static Command Create(
             NuGetFramework framework = null,
             string configuration = Constants.DefaultConfiguration,
             string outputPath = null,
-            string applicationName = null)
+            string applicationName = null,
+            string currentWorkingDirectory = null)
         {
             return Create(
                 new DefaultCommandResolverPolicy(),
@@ -44,7 +47,8 @@ public static Command Create(
                 framework,
                 configuration,
                 outputPath,
-                applicationName);
+                applicationName,
+                currentWorkingDirectory);
         }
 
         public static Command Create(
@@ -54,7 +58,8 @@ public static Command Create(
             NuGetFramework framework = null,
             string configuration = Constants.DefaultConfiguration,
             string outputPath = null,
-            string applicationName = null)
+            string applicationName = null,
+            string currentWorkingDirectory = null)
         {
             var commandSpec = CommandResolver.TryResolveCommandSpec(
                 commandResolverPolicy,
@@ -63,7 +68,8 @@ public static Command Create(
                 framework,
                 configuration: configuration,
                 outputPath: outputPath,
-                applicationName: applicationName);
+                applicationName: applicationName,
+                currentWorkingDirectory: currentWorkingDirectory);
 
             if (commandSpec == null)
             {
diff --git a/src/Cli/dotnet/CommandFactory/CommandResolution/DefaultCommandResolverPolicy.cs b/src/Cli/dotnet/CommandFactory/CommandResolution/DefaultCommandResolverPolicy.cs
index a9fd45472161..acdd93509560 100644
--- a/src/Cli/dotnet/CommandFactory/CommandResolution/DefaultCommandResolverPolicy.cs
+++ b/src/Cli/dotnet/CommandFactory/CommandResolution/DefaultCommandResolverPolicy.cs
@@ -7,12 +7,12 @@ namespace Microsoft.DotNet.CommandFactory
 {
     public class DefaultCommandResolverPolicy : ICommandResolverPolicy
     {
-        public CompositeCommandResolver CreateCommandResolver()
+        public CompositeCommandResolver CreateCommandResolver(string currentWorkingDirectory = null)
         {
-            return Create();
+            return Create(currentWorkingDirectory);
         }
 
-        public static CompositeCommandResolver Create()
+        public static CompositeCommandResolver Create(string currentWorkingDirectory = null)
         {
             var environment = new EnvironmentProvider();
             var packagedCommandSpecFactory = new PackagedCommandSpecFactoryWithCliRuntime();
@@ -32,20 +32,22 @@ public static CompositeCommandResolver Create()
                 environment,
                 packagedCommandSpecFactory,
                 platformCommandSpecFactory,
-                publishedPathCommandSpecFactory);
+                publishedPathCommandSpecFactory,
+                currentWorkingDirectory);
         }
 
         public static CompositeCommandResolver CreateDefaultCommandResolver(
             IEnvironmentProvider environment,
             IPackagedCommandSpecFactory packagedCommandSpecFactory,
             IPlatformCommandSpecFactory platformCommandSpecFactory,
-            IPublishedPathCommandSpecFactory publishedPathCommandSpecFactory)
+            IPublishedPathCommandSpecFactory publishedPathCommandSpecFactory,
+            string currentWorkingDirectory = null)
         {
             var compositeCommandResolver = new CompositeCommandResolver();
 
             compositeCommandResolver.AddCommandResolver(new MuxerCommandResolver());
             compositeCommandResolver.AddCommandResolver(new DotnetToolsCommandResolver());
-            compositeCommandResolver.AddCommandResolver(new LocalToolsCommandResolver());
+            compositeCommandResolver.AddCommandResolver(new LocalToolsCommandResolver(currentWorkingDirectory: currentWorkingDirectory));
             compositeCommandResolver.AddCommandResolver(new RootedCommandResolver());
             compositeCommandResolver.AddCommandResolver(
                 new ProjectToolsCommandResolver(packagedCommandSpecFactory, environment));
diff --git a/src/Cli/dotnet/CommandFactory/CommandResolution/ICommandResolverPolicy.cs b/src/Cli/dotnet/CommandFactory/CommandResolution/ICommandResolverPolicy.cs
index 13782cc7ef3e..1e6ac839a837 100644
--- a/src/Cli/dotnet/CommandFactory/CommandResolution/ICommandResolverPolicy.cs
+++ b/src/Cli/dotnet/CommandFactory/CommandResolution/ICommandResolverPolicy.cs
@@ -5,6 +5,6 @@ namespace Microsoft.DotNet.CommandFactory
 {
     public interface ICommandResolverPolicy
     {
-        CompositeCommandResolver CreateCommandResolver();
+        CompositeCommandResolver CreateCommandResolver(string currentWorkingDirectory = null);
     }
 }
diff --git a/src/Cli/dotnet/CommandFactory/CommandResolution/LocalToolsCommandResolver.cs b/src/Cli/dotnet/CommandFactory/CommandResolution/LocalToolsCommandResolver.cs
index 524ea1eb0d04..6b1db04c20de 100644
--- a/src/Cli/dotnet/CommandFactory/CommandResolution/LocalToolsCommandResolver.cs
+++ b/src/Cli/dotnet/CommandFactory/CommandResolution/LocalToolsCommandResolver.cs
@@ -21,9 +21,10 @@ internal class LocalToolsCommandResolver : ICommandResolver
         public LocalToolsCommandResolver(
             ToolManifestFinder toolManifest = null,
             ILocalToolsResolverCache localToolsResolverCache = null,
-            IFileSystem fileSystem = null)
+            IFileSystem fileSystem = null,
+            string currentWorkingDirectory = null)
         {
-            _toolManifest = toolManifest ?? new ToolManifestFinder(new DirectoryPath(Directory.GetCurrentDirectory()));
+            _toolManifest = toolManifest ?? new ToolManifestFinder(new DirectoryPath(currentWorkingDirectory ?? Directory.GetCurrentDirectory()));
             _localToolsResolverCache = localToolsResolverCache ?? new LocalToolsResolverCache();
             _fileSystem = fileSystem ?? new FileSystemWrapper();
         }
diff --git a/src/Cli/dotnet/CommandFactory/CommandResolution/PathCommandResolverPolicy.cs b/src/Cli/dotnet/CommandFactory/CommandResolution/PathCommandResolverPolicy.cs
index f0b6ea222ddc..f21d60cf7f02 100644
--- a/src/Cli/dotnet/CommandFactory/CommandResolution/PathCommandResolverPolicy.cs
+++ b/src/Cli/dotnet/CommandFactory/CommandResolution/PathCommandResolverPolicy.cs
@@ -7,7 +7,7 @@ namespace Microsoft.DotNet.CommandFactory
 {
     public class PathCommandResolverPolicy : ICommandResolverPolicy
     {
-        public CompositeCommandResolver CreateCommandResolver()
+        public CompositeCommandResolver CreateCommandResolver(string CurrentWorkingDirectory = null)
         {
             return Create();
         }
diff --git a/src/Cli/dotnet/CommandFactory/CommandResolver.cs b/src/Cli/dotnet/CommandFactory/CommandResolver.cs
index 3649fddfbb53..678600e8227a 100644
--- a/src/Cli/dotnet/CommandFactory/CommandResolver.cs
+++ b/src/Cli/dotnet/CommandFactory/CommandResolver.cs
@@ -33,20 +33,21 @@ public static CommandSpec TryResolveCommandSpec(
             NuGetFramework framework = null,
             string configuration = Constants.DefaultConfiguration,
             string outputPath = null,
-            string applicationName = null)
+            string applicationName = null,
+            string currentWorkingDirectory = null)
         {
             var commandResolverArgs = new CommandResolverArguments
             {
                 CommandName = commandName,
                 CommandArguments = args,
                 Framework = framework,
-                ProjectDirectory = Directory.GetCurrentDirectory(),
+                ProjectDirectory = currentWorkingDirectory ?? Directory.GetCurrentDirectory(),
                 Configuration = configuration,
                 OutputPath = outputPath,
                 ApplicationName = applicationName
             };
 
-            var defaultCommandResolver = commandResolverPolicy.CreateCommandResolver();
+            var defaultCommandResolver = commandResolverPolicy.CreateCommandResolver(currentWorkingDirectory);
 
             return defaultCommandResolver.Resolve(commandResolverArgs);
         }
diff --git a/src/Cli/dotnet/DotNetCommandFactory.cs b/src/Cli/dotnet/DotNetCommandFactory.cs
index 22b04fd9df81..190b2385abde 100644
--- a/src/Cli/dotnet/DotNetCommandFactory.cs
+++ b/src/Cli/dotnet/DotNetCommandFactory.cs
@@ -12,10 +12,12 @@ namespace Microsoft.DotNet.Cli
     public class DotNetCommandFactory : ICommandFactory
     {
         private bool _alwaysRunOutOfProc;
+        private readonly string _currentWorkingDirectory;
 
-        public DotNetCommandFactory(bool alwaysRunOutOfProc = false)
+        public DotNetCommandFactory(bool alwaysRunOutOfProc = false, string currentWorkingDirectory = null)
         {
             _alwaysRunOutOfProc = alwaysRunOutOfProc;
+            _currentWorkingDirectory = currentWorkingDirectory;
         }
 
         public ICommand Create(
@@ -32,7 +34,7 @@ public ICommand Create(
                 return new BuiltInCommand(commandName, args, builtInCommand);
             }
 
-            return CommandFactoryUsingResolver.CreateDotNet(commandName, args, framework, configuration);
+            return CommandFactoryUsingResolver.CreateDotNet(commandName, args, framework, configuration, _currentWorkingDirectory);
         }
 
         private bool TryGetBuiltInCommand(string commandName, out Func<string[], int> commandFunc)
diff --git a/src/Cli/dotnet/NugetPackageDownloader/FirstPartyNuGetPackageSigningVerifier.cs b/src/Cli/dotnet/NugetPackageDownloader/FirstPartyNuGetPackageSigningVerifier.cs
index 4da9fa2a744e..58fafb5b5ec0 100644
--- a/src/Cli/dotnet/NugetPackageDownloader/FirstPartyNuGetPackageSigningVerifier.cs
+++ b/src/Cli/dotnet/NugetPackageDownloader/FirstPartyNuGetPackageSigningVerifier.cs
@@ -74,10 +74,10 @@ internal bool IsFirstParty(FilePath nupkgToVerify)
             }
         }
 
-        private static bool NuGetVerify(FilePath nupkgToVerify, out string commandOutput)
+        public static bool NuGetVerify(FilePath nupkgToVerify, out string commandOutput, string currentWorkingDirectory = null)
         {
             var args = new[] { "verify", "--all", nupkgToVerify.Value };
-            var command = new DotNetCommandFactory(alwaysRunOutOfProc: true)
+            var command = new DotNetCommandFactory(alwaysRunOutOfProc: true, currentWorkingDirectory)
                 .Create("nuget", args);
 
             var commandResult = command.CaptureStdOut().Execute();
diff --git a/src/Cli/dotnet/NugetPackageDownloader/LocalizableStrings.resx b/src/Cli/dotnet/NugetPackageDownloader/LocalizableStrings.resx
index f5e51e2e900d..422f35b8f83f 100644
--- a/src/Cli/dotnet/NugetPackageDownloader/LocalizableStrings.resx
+++ b/src/Cli/dotnet/NugetPackageDownloader/LocalizableStrings.resx
@@ -132,11 +132,18 @@
   <data name="NuGetPackageSignatureVerificationSkipped" xml:space="preserve">
     <value>Skipping NuGet package signature verification.</value>
   </data>
+  <data name="VerifyingNuGetPackageSignature" xml:space="preserve">
+    <value>Verified that the NuGet package "{0}" has a valid signature.</value>
+  </data>
+  <data name="NuGetPackageShouldNotBeSigned" xml:space="preserve">
+    <value>Skipping signature verification for NuGet package "{0}" because it comes from a source that does not require signature validation.</value>
+  </data>
   <data name="SkipNuGetpackageSigningValidationmacOSLinux" xml:space="preserve">
     <value>Skip NuGet package signing validation. NuGet signing validation is not available on Linux or macOS https://aka.ms/workloadskippackagevalidation .</value>
   </data>
   <data name="FailedToValidatePackageSigning" xml:space="preserve">
-    <value>Failed to validate package signing.</value>
+    <value>Failed to validate package signing.
+{0}</value>
   </data>
   <data name="FailedToFindSourceUnderPackageSourceMapping" xml:space="preserve">
     <value>Package Source Mapping is enabled, but no source found under the specified package ID: {0}. See the documentation for Package Source Mapping at https://aka.ms/nuget-package-source-mapping for more details.</value>
diff --git a/src/Cli/dotnet/NugetPackageDownloader/NuGetPackageDownloader.cs b/src/Cli/dotnet/NugetPackageDownloader/NuGetPackageDownloader.cs
index b24c6dc730ca..65a39dbe1779 100644
--- a/src/Cli/dotnet/NugetPackageDownloader/NuGetPackageDownloader.cs
+++ b/src/Cli/dotnet/NugetPackageDownloader/NuGetPackageDownloader.cs
@@ -1,13 +1,10 @@
 // Licensed to the .NET Foundation under one or more agreements.
 // The .NET Foundation licenses this file to you under the MIT license.
 
-using System.Text.RegularExpressions;
-using System.Threading;
 using Microsoft.DotNet.Cli.Utils;
 using Microsoft.DotNet.ToolPackage;
 using Microsoft.DotNet.Tools;
 using Microsoft.Extensions.EnvironmentAbstractions;
-using Microsoft.TemplateEngine.Abstractions;
 using NuGet.Common;
 using NuGet.Configuration;
 using NuGet.Credentials;
@@ -43,6 +40,7 @@ internal class NuGetPackageDownloader : INuGetPackageDownloader
 
         private bool _verifySignatures;
         private VerbosityOptions _verbosityOptions;
+        private readonly string _currentWorkingDirectory;
 
         public NuGetPackageDownloader(
             DirectoryPath packageInstallDir,
@@ -54,8 +52,10 @@ public NuGetPackageDownloader(
             Func<IEnumerable<Task>> timer = null,
             bool verifySignatures = false,
             bool shouldUsePackageSourceMapping = false,
-            VerbosityOptions verbosityOptions = VerbosityOptions.normal)
+            VerbosityOptions verbosityOptions = VerbosityOptions.normal,
+            string currentWorkingDirectory = null)
         {
+            _currentWorkingDirectory = currentWorkingDirectory;
             _packageInstallDir = packageInstallDir;
             _reporter = reporter ?? Reporter.Output;
             _verboseLogger = verboseLogger ?? new NuGetConsoleLogger();
@@ -130,22 +130,22 @@ public async Task<string> DownloadPackageAsync(PackageId packageId,
                         packageVersion.ToNormalizedString()));
             }
 
-            VerifySigning(nupkgPath);
-
+            await VerifySigning(nupkgPath, repository);
+            
             return nupkgPath;
         }
 
-        private bool verbosityGreaterThanMinimal()
-        {
-            return _verbosityOptions != VerbosityOptions.quiet && _verbosityOptions != VerbosityOptions.q
-                && _verbosityOptions != VerbosityOptions.minimal && _verbosityOptions != VerbosityOptions.m;
-        }
+        private bool VerbosityGreaterThanMinimal() =>
+            _verbosityOptions != VerbosityOptions.quiet && _verbosityOptions != VerbosityOptions.q &&
+            _verbosityOptions != VerbosityOptions.minimal && _verbosityOptions != VerbosityOptions.m;
 
-        private void VerifySigning(string nupkgPath)
+        private bool DiagnosticVerbosity() => _verbosityOptions == VerbosityOptions.diag || _verbosityOptions == VerbosityOptions.diagnostic;
+
+        private async Task VerifySigning(string nupkgPath, SourceRepository repository)
         {
             if (!_verifySignatures && !_validationMessagesDisplayed)
             {
-                if (verbosityGreaterThanMinimal())
+                if (VerbosityGreaterThanMinimal())
                 {
                     _reporter.WriteLine(LocalizableStrings.NuGetPackageSignatureVerificationSkipped);
                 }
@@ -157,15 +157,28 @@ private void VerifySigning(string nupkgPath)
                 return;
             }
 
-            if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
+            if (repository is not null &&
+                await repository.GetResourceAsync<RepositorySignatureResource>().ConfigureAwait(false) is RepositorySignatureResource resource &&
+                resource.AllRepositorySigned)
             {
-                if (!_firstPartyNuGetPackageSigningVerifier.Verify(new FilePath(nupkgPath),
-                    out string commandOutput))
+                string commandOutput;
+                // The difference between _firstPartyNuGetPackageSigningVerifier.Verify and FirstPartyNuGetPackageSigningVerifier.NuGetVerify is that while NuGetVerify
+                // just ensures that the package is signed properly, Verify additionally requires that the package be from Microsoft. NuGetVerify does not require that
+                // the package be from Microsoft.
+                if ((!_shouldUsePackageSourceMapping && !_firstPartyNuGetPackageSigningVerifier.Verify(new FilePath(nupkgPath), out commandOutput)) ||
+                    (_shouldUsePackageSourceMapping && !FirstPartyNuGetPackageSigningVerifier.NuGetVerify(new FilePath(nupkgPath), out commandOutput, _currentWorkingDirectory)))
                 {
-                    throw new NuGetPackageInstallerException(LocalizableStrings.FailedToValidatePackageSigning +
-                                                             Environment.NewLine +
-                                                             commandOutput);
+                    throw new NuGetPackageInstallerException(string.Format(LocalizableStrings.FailedToValidatePackageSigning, commandOutput));
                 }
+
+                if (DiagnosticVerbosity())
+                {
+                    _reporter.WriteLine(LocalizableStrings.VerifyingNuGetPackageSignature, Path.GetFileNameWithoutExtension(nupkgPath));
+                }
+            }
+            else if (DiagnosticVerbosity())
+            {
+                _reporter.WriteLine(LocalizableStrings.NuGetPackageShouldNotBeSigned, Path.GetFileNameWithoutExtension(nupkgPath));
             }
         }
 
@@ -308,7 +321,7 @@ private static bool PackageIsInAllowList(IEnumerable<string> files)
         private IEnumerable<PackageSource> LoadNuGetSources(PackageId packageId, PackageSourceLocation packageSourceLocation = null, PackageSourceMapping packageSourceMapping = null)
         {
             List<PackageSource> defaultSources = new List<PackageSource>();
-            string currentDirectory = Directory.GetCurrentDirectory();
+            string currentDirectory = _currentWorkingDirectory ?? Directory.GetCurrentDirectory();
             ISettings settings;
             if (packageSourceLocation?.NugetConfig != null)
             {
diff --git a/src/Cli/dotnet/NugetPackageDownloader/xlf/LocalizableStrings.cs.xlf b/src/Cli/dotnet/NugetPackageDownloader/xlf/LocalizableStrings.cs.xlf
index b8746dd50ae4..247518b3dd22 100644
--- a/src/Cli/dotnet/NugetPackageDownloader/xlf/LocalizableStrings.cs.xlf
+++ b/src/Cli/dotnet/NugetPackageDownloader/xlf/LocalizableStrings.cs.xlf
@@ -28,8 +28,10 @@
         <note />
       </trans-unit>
       <trans-unit id="FailedToValidatePackageSigning">
-        <source>Failed to validate package signing.</source>
-        <target state="translated">Nepodařilo se ověřit podepisování balíčku.</target>
+        <source>Failed to validate package signing.
+{0}</source>
+        <target state="new">Failed to validate package signing.
+{0}</target>
         <note />
       </trans-unit>
       <trans-unit id="IsNotFoundInNuGetFeeds">
@@ -37,6 +39,11 @@
         <target state="needs-review-translation">Balíček {0} se nenašel v informačních kanálech NuGet {1}.</target>
         <note />
       </trans-unit>
+      <trans-unit id="NuGetPackageShouldNotBeSigned">
+        <source>Skipping signature verification for NuGet package "{0}" because it comes from a source that does not require signature validation.</source>
+        <target state="new">Skipping signature verification for NuGet package "{0}" because it comes from a source that does not require signature validation.</target>
+        <note />
+      </trans-unit>
       <trans-unit id="NuGetPackageSignatureVerificationSkipped">
         <source>Skipping NuGet package signature verification.</source>
         <target state="translated">Přeskakuje se ověření podpisu balíčku NuGet.</target>
@@ -72,6 +79,11 @@
         <target state="translated">Přeskočit ověřování podepisování balíčku NuGet. Ověřování podepisování balíčku NuGet není k dispozici na Linuxu nebo v macOS https://aka.ms/workloadskippackagevalidation.</target>
         <note />
       </trans-unit>
+      <trans-unit id="VerifyingNuGetPackageSignature">
+        <source>Verified that the NuGet package "{0}" has a valid signature.</source>
+        <target state="new">Verified that the NuGet package "{0}" has a valid signature.</target>
+        <note />
+      </trans-unit>
     </body>
   </file>
 </xliff>
\ No newline at end of file
diff --git a/src/Cli/dotnet/NugetPackageDownloader/xlf/LocalizableStrings.de.xlf b/src/Cli/dotnet/NugetPackageDownloader/xlf/LocalizableStrings.de.xlf
index d7f2feaee60f..e2ba700cde0a 100644
--- a/src/Cli/dotnet/NugetPackageDownloader/xlf/LocalizableStrings.de.xlf
+++ b/src/Cli/dotnet/NugetPackageDownloader/xlf/LocalizableStrings.de.xlf
@@ -28,8 +28,10 @@
         <note />
       </trans-unit>
       <trans-unit id="FailedToValidatePackageSigning">
-        <source>Failed to validate package signing.</source>
-        <target state="translated">Fehler bei der Überprüfung der Paketsignierung.</target>
+        <source>Failed to validate package signing.
+{0}</source>
+        <target state="new">Failed to validate package signing.
+{0}</target>
         <note />
       </trans-unit>
       <trans-unit id="IsNotFoundInNuGetFeeds">
@@ -37,6 +39,11 @@
         <target state="needs-review-translation">"{0}" wurde in NuGet-Feeds "{1}" nicht gefunden.</target>
         <note />
       </trans-unit>
+      <trans-unit id="NuGetPackageShouldNotBeSigned">
+        <source>Skipping signature verification for NuGet package "{0}" because it comes from a source that does not require signature validation.</source>
+        <target state="new">Skipping signature verification for NuGet package "{0}" because it comes from a source that does not require signature validation.</target>
+        <note />
+      </trans-unit>
       <trans-unit id="NuGetPackageSignatureVerificationSkipped">
         <source>Skipping NuGet package signature verification.</source>
         <target state="translated">Die Überprüfung der NuGet-Paketsignatur wird übersprungen.</target>
@@ -72,6 +79,11 @@
         <target state="translated">Überprüfung der NuGet-Paketsignierung überspringen. Die Überprüfung der NuGet-Signierung ist auf Linux- oder macOS nicht verfügbar https://aka.ms/workloadskippackagevalidation.</target>
         <note />
       </trans-unit>
+      <trans-unit id="VerifyingNuGetPackageSignature">
+        <source>Verified that the NuGet package "{0}" has a valid signature.</source>
+        <target state="new">Verified that the NuGet package "{0}" has a valid signature.</target>
+        <note />
+      </trans-unit>
     </body>
   </file>
 </xliff>
\ No newline at end of file
diff --git a/src/Cli/dotnet/NugetPackageDownloader/xlf/LocalizableStrings.es.xlf b/src/Cli/dotnet/NugetPackageDownloader/xlf/LocalizableStrings.es.xlf
index 8f7665c41707..dec73cef95c2 100644
--- a/src/Cli/dotnet/NugetPackageDownloader/xlf/LocalizableStrings.es.xlf
+++ b/src/Cli/dotnet/NugetPackageDownloader/xlf/LocalizableStrings.es.xlf
@@ -28,8 +28,10 @@
         <note />
       </trans-unit>
       <trans-unit id="FailedToValidatePackageSigning">
-        <source>Failed to validate package signing.</source>
-        <target state="translated">No se pudo validar la firma del paquete.</target>
+        <source>Failed to validate package signing.
+{0}</source>
+        <target state="new">Failed to validate package signing.
+{0}</target>
         <note />
       </trans-unit>
       <trans-unit id="IsNotFoundInNuGetFeeds">
@@ -37,6 +39,11 @@
         <target state="needs-review-translation">No se encuentra {0} en las fuentes de NuGet {1}.</target>
         <note />
       </trans-unit>
+      <trans-unit id="NuGetPackageShouldNotBeSigned">
+        <source>Skipping signature verification for NuGet package "{0}" because it comes from a source that does not require signature validation.</source>
+        <target state="new">Skipping signature verification for NuGet package "{0}" because it comes from a source that does not require signature validation.</target>
+        <note />
+      </trans-unit>
       <trans-unit id="NuGetPackageSignatureVerificationSkipped">
         <source>Skipping NuGet package signature verification.</source>
         <target state="translated">Omitiendo la comprobación de la firma del paquete NuGet.</target>
@@ -72,6 +79,11 @@
         <target state="translated">Omitir la validación de firma del paquete NuGet. La validación de firma de NuGet no está disponible en Linux o macOS https://aka.ms/workloadskippackagevalidation.</target>
         <note />
       </trans-unit>
+      <trans-unit id="VerifyingNuGetPackageSignature">
+        <source>Verified that the NuGet package "{0}" has a valid signature.</source>
+        <target state="new">Verified that the NuGet package "{0}" has a valid signature.</target>
+        <note />
+      </trans-unit>
     </body>
   </file>
 </xliff>
\ No newline at end of file
diff --git a/src/Cli/dotnet/NugetPackageDownloader/xlf/LocalizableStrings.fr.xlf b/src/Cli/dotnet/NugetPackageDownloader/xlf/LocalizableStrings.fr.xlf
index 371e037ff4cb..0b472a33c100 100644
--- a/src/Cli/dotnet/NugetPackageDownloader/xlf/LocalizableStrings.fr.xlf
+++ b/src/Cli/dotnet/NugetPackageDownloader/xlf/LocalizableStrings.fr.xlf
@@ -28,8 +28,10 @@
         <note />
       </trans-unit>
       <trans-unit id="FailedToValidatePackageSigning">
-        <source>Failed to validate package signing.</source>
-        <target state="translated">Échec de la validation de la signature du package.</target>
+        <source>Failed to validate package signing.
+{0}</source>
+        <target state="new">Failed to validate package signing.
+{0}</target>
         <note />
       </trans-unit>
       <trans-unit id="IsNotFoundInNuGetFeeds">
@@ -37,6 +39,11 @@
         <target state="needs-review-translation">{0} est introuvable dans les flux NuGet {1}.</target>
         <note />
       </trans-unit>
+      <trans-unit id="NuGetPackageShouldNotBeSigned">
+        <source>Skipping signature verification for NuGet package "{0}" because it comes from a source that does not require signature validation.</source>
+        <target state="new">Skipping signature verification for NuGet package "{0}" because it comes from a source that does not require signature validation.</target>
+        <note />
+      </trans-unit>
       <trans-unit id="NuGetPackageSignatureVerificationSkipped">
         <source>Skipping NuGet package signature verification.</source>
         <target state="translated">La vérification de la signature du package NuGet est ignorée.</target>
@@ -72,6 +79,11 @@
         <target state="translated">Ignorer la validation de signature de package NuGet. La validation de signature NuGet n’est pas disponible sur Linux ou macOS https://aka.ms/workloadskippackagevalidation.</target>
         <note />
       </trans-unit>
+      <trans-unit id="VerifyingNuGetPackageSignature">
+        <source>Verified that the NuGet package "{0}" has a valid signature.</source>
+        <target state="new">Verified that the NuGet package "{0}" has a valid signature.</target>
+        <note />
+      </trans-unit>
     </body>
   </file>
 </xliff>
\ No newline at end of file
diff --git a/src/Cli/dotnet/NugetPackageDownloader/xlf/LocalizableStrings.it.xlf b/src/Cli/dotnet/NugetPackageDownloader/xlf/LocalizableStrings.it.xlf
index 49643fd5d074..7c6ed1fe9ab1 100644
--- a/src/Cli/dotnet/NugetPackageDownloader/xlf/LocalizableStrings.it.xlf
+++ b/src/Cli/dotnet/NugetPackageDownloader/xlf/LocalizableStrings.it.xlf
@@ -28,8 +28,10 @@
         <note />
       </trans-unit>
       <trans-unit id="FailedToValidatePackageSigning">
-        <source>Failed to validate package signing.</source>
-        <target state="translated">Impossibile convalidare la firma del pacchetto.</target>
+        <source>Failed to validate package signing.
+{0}</source>
+        <target state="new">Failed to validate package signing.
+{0}</target>
         <note />
       </trans-unit>
       <trans-unit id="IsNotFoundInNuGetFeeds">
@@ -37,6 +39,11 @@
         <target state="needs-review-translation">{0} non è stato trovato nei feed NuGet {1}.</target>
         <note />
       </trans-unit>
+      <trans-unit id="NuGetPackageShouldNotBeSigned">
+        <source>Skipping signature verification for NuGet package "{0}" because it comes from a source that does not require signature validation.</source>
+        <target state="new">Skipping signature verification for NuGet package "{0}" because it comes from a source that does not require signature validation.</target>
+        <note />
+      </trans-unit>
       <trans-unit id="NuGetPackageSignatureVerificationSkipped">
         <source>Skipping NuGet package signature verification.</source>
         <target state="translated">La verifica della firma del pacchetto NuGet verrà ignorata.</target>
@@ -72,6 +79,11 @@
         <target state="translated">Ignorare la convalida della firma del pacchetto NuGet. La convalida della firma NuGet non è disponibile in Linux o macOS https://aka.ms/workloadskippackagevalidation.</target>
         <note />
       </trans-unit>
+      <trans-unit id="VerifyingNuGetPackageSignature">
+        <source>Verified that the NuGet package "{0}" has a valid signature.</source>
+        <target state="new">Verified that the NuGet package "{0}" has a valid signature.</target>
+        <note />
+      </trans-unit>
     </body>
   </file>
 </xliff>
\ No newline at end of file
diff --git a/src/Cli/dotnet/NugetPackageDownloader/xlf/LocalizableStrings.ja.xlf b/src/Cli/dotnet/NugetPackageDownloader/xlf/LocalizableStrings.ja.xlf
index 0471c7d97648..ab863ece68de 100644
--- a/src/Cli/dotnet/NugetPackageDownloader/xlf/LocalizableStrings.ja.xlf
+++ b/src/Cli/dotnet/NugetPackageDownloader/xlf/LocalizableStrings.ja.xlf
@@ -28,8 +28,10 @@
         <note />
       </trans-unit>
       <trans-unit id="FailedToValidatePackageSigning">
-        <source>Failed to validate package signing.</source>
-        <target state="translated">パッケージ署名を検証できませんでした。</target>
+        <source>Failed to validate package signing.
+{0}</source>
+        <target state="new">Failed to validate package signing.
+{0}</target>
         <note />
       </trans-unit>
       <trans-unit id="IsNotFoundInNuGetFeeds">
@@ -37,6 +39,11 @@
         <target state="needs-review-translation">{0} が NuGet フィード {1} に見つかりません。</target>
         <note />
       </trans-unit>
+      <trans-unit id="NuGetPackageShouldNotBeSigned">
+        <source>Skipping signature verification for NuGet package "{0}" because it comes from a source that does not require signature validation.</source>
+        <target state="new">Skipping signature verification for NuGet package "{0}" because it comes from a source that does not require signature validation.</target>
+        <note />
+      </trans-unit>
       <trans-unit id="NuGetPackageSignatureVerificationSkipped">
         <source>Skipping NuGet package signature verification.</source>
         <target state="translated">NuGet パッケージ署名の認証をスキップしています。</target>
@@ -72,6 +79,11 @@
         <target state="translated">NuGet パッケージ署名の検証をスキップします。NuGet 署名の検証は、Linux または macOS https://aka.ms/workloadskippackagevalidation では使用できません。</target>
         <note />
       </trans-unit>
+      <trans-unit id="VerifyingNuGetPackageSignature">
+        <source>Verified that the NuGet package "{0}" has a valid signature.</source>
+        <target state="new">Verified that the NuGet package "{0}" has a valid signature.</target>
+        <note />
+      </trans-unit>
     </body>
   </file>
 </xliff>
\ No newline at end of file
diff --git a/src/Cli/dotnet/NugetPackageDownloader/xlf/LocalizableStrings.ko.xlf b/src/Cli/dotnet/NugetPackageDownloader/xlf/LocalizableStrings.ko.xlf
index 5a17478c9016..47d65686a53b 100644
--- a/src/Cli/dotnet/NugetPackageDownloader/xlf/LocalizableStrings.ko.xlf
+++ b/src/Cli/dotnet/NugetPackageDownloader/xlf/LocalizableStrings.ko.xlf
@@ -28,8 +28,10 @@
         <note />
       </trans-unit>
       <trans-unit id="FailedToValidatePackageSigning">
-        <source>Failed to validate package signing.</source>
-        <target state="translated">패키지 서명의 유효성을 검사하지 못했습니다.</target>
+        <source>Failed to validate package signing.
+{0}</source>
+        <target state="new">Failed to validate package signing.
+{0}</target>
         <note />
       </trans-unit>
       <trans-unit id="IsNotFoundInNuGetFeeds">
@@ -37,6 +39,11 @@
         <target state="needs-review-translation">NuGet 피드 {1} 에서 {0}을(를) 찾을 수 없습니다.</target>
         <note />
       </trans-unit>
+      <trans-unit id="NuGetPackageShouldNotBeSigned">
+        <source>Skipping signature verification for NuGet package "{0}" because it comes from a source that does not require signature validation.</source>
+        <target state="new">Skipping signature verification for NuGet package "{0}" because it comes from a source that does not require signature validation.</target>
+        <note />
+      </trans-unit>
       <trans-unit id="NuGetPackageSignatureVerificationSkipped">
         <source>Skipping NuGet package signature verification.</source>
         <target state="translated">NuGet 패키지 서명 확인을 건너뛰는 중입니다.</target>
@@ -72,6 +79,11 @@
         <target state="translated">NuGet 패키지 서명 유효성 검사를 건너뜁니다. NuGet 서명 유효성 검사는 Linux 또는 macOS https://aka.ms/workloadskippackagevalidation에서 사용할 수 없습니다.</target>
         <note />
       </trans-unit>
+      <trans-unit id="VerifyingNuGetPackageSignature">
+        <source>Verified that the NuGet package "{0}" has a valid signature.</source>
+        <target state="new">Verified that the NuGet package "{0}" has a valid signature.</target>
+        <note />
+      </trans-unit>
     </body>
   </file>
 </xliff>
\ No newline at end of file
diff --git a/src/Cli/dotnet/NugetPackageDownloader/xlf/LocalizableStrings.pl.xlf b/src/Cli/dotnet/NugetPackageDownloader/xlf/LocalizableStrings.pl.xlf
index daa713f0e271..7ab618796e0e 100644
--- a/src/Cli/dotnet/NugetPackageDownloader/xlf/LocalizableStrings.pl.xlf
+++ b/src/Cli/dotnet/NugetPackageDownloader/xlf/LocalizableStrings.pl.xlf
@@ -28,8 +28,10 @@
         <note />
       </trans-unit>
       <trans-unit id="FailedToValidatePackageSigning">
-        <source>Failed to validate package signing.</source>
-        <target state="translated">Nie można zweryfikować podpisywania pakietu.</target>
+        <source>Failed to validate package signing.
+{0}</source>
+        <target state="new">Failed to validate package signing.
+{0}</target>
         <note />
       </trans-unit>
       <trans-unit id="IsNotFoundInNuGetFeeds">
@@ -37,6 +39,11 @@
         <target state="needs-review-translation">Nie znaleziono pakietu {0} w kanałach informacyjnych NuGet {1}.</target>
         <note />
       </trans-unit>
+      <trans-unit id="NuGetPackageShouldNotBeSigned">
+        <source>Skipping signature verification for NuGet package "{0}" because it comes from a source that does not require signature validation.</source>
+        <target state="new">Skipping signature verification for NuGet package "{0}" because it comes from a source that does not require signature validation.</target>
+        <note />
+      </trans-unit>
       <trans-unit id="NuGetPackageSignatureVerificationSkipped">
         <source>Skipping NuGet package signature verification.</source>
         <target state="translated">Pomijanie weryfikacji podpisu pakietu NuGet.</target>
@@ -72,6 +79,11 @@
         <target state="translated">Pomiń weryfikację podpisywania pakietu NuGet. Sprawdzanie podpisywania NuGet nie jest dostępne w systemie Linux ani MacOS https://aka.ms/workloadskippackagevalidation .</target>
         <note />
       </trans-unit>
+      <trans-unit id="VerifyingNuGetPackageSignature">
+        <source>Verified that the NuGet package "{0}" has a valid signature.</source>
+        <target state="new">Verified that the NuGet package "{0}" has a valid signature.</target>
+        <note />
+      </trans-unit>
     </body>
   </file>
 </xliff>
\ No newline at end of file
diff --git a/src/Cli/dotnet/NugetPackageDownloader/xlf/LocalizableStrings.pt-BR.xlf b/src/Cli/dotnet/NugetPackageDownloader/xlf/LocalizableStrings.pt-BR.xlf
index eccae44c1a30..4e743bd9ad7e 100644
--- a/src/Cli/dotnet/NugetPackageDownloader/xlf/LocalizableStrings.pt-BR.xlf
+++ b/src/Cli/dotnet/NugetPackageDownloader/xlf/LocalizableStrings.pt-BR.xlf
@@ -28,8 +28,10 @@
         <note />
       </trans-unit>
       <trans-unit id="FailedToValidatePackageSigning">
-        <source>Failed to validate package signing.</source>
-        <target state="translated">Falhou ao validar a assinatura do pacote.</target>
+        <source>Failed to validate package signing.
+{0}</source>
+        <target state="new">Failed to validate package signing.
+{0}</target>
         <note />
       </trans-unit>
       <trans-unit id="IsNotFoundInNuGetFeeds">
@@ -37,6 +39,11 @@
         <target state="needs-review-translation">{0} não foi encontrado no NuGet feeds {1}.</target>
         <note />
       </trans-unit>
+      <trans-unit id="NuGetPackageShouldNotBeSigned">
+        <source>Skipping signature verification for NuGet package "{0}" because it comes from a source that does not require signature validation.</source>
+        <target state="new">Skipping signature verification for NuGet package "{0}" because it comes from a source that does not require signature validation.</target>
+        <note />
+      </trans-unit>
       <trans-unit id="NuGetPackageSignatureVerificationSkipped">
         <source>Skipping NuGet package signature verification.</source>
         <target state="translated">Ignorando a verificação de assinatura do pacote NuGet.</target>
@@ -72,6 +79,11 @@
         <target state="translated">Ignorar a validação da assinatura do pacote NuGet. A validação da assinatura do NuGet não está disponível no Linux ou macOS https://aka.ms/workloadskippackagevalidation .</target>
         <note />
       </trans-unit>
+      <trans-unit id="VerifyingNuGetPackageSignature">
+        <source>Verified that the NuGet package "{0}" has a valid signature.</source>
+        <target state="new">Verified that the NuGet package "{0}" has a valid signature.</target>
+        <note />
+      </trans-unit>
     </body>
   </file>
 </xliff>
\ No newline at end of file
diff --git a/src/Cli/dotnet/NugetPackageDownloader/xlf/LocalizableStrings.ru.xlf b/src/Cli/dotnet/NugetPackageDownloader/xlf/LocalizableStrings.ru.xlf
index 0bf016d6bd56..9a356067e055 100644
--- a/src/Cli/dotnet/NugetPackageDownloader/xlf/LocalizableStrings.ru.xlf
+++ b/src/Cli/dotnet/NugetPackageDownloader/xlf/LocalizableStrings.ru.xlf
@@ -28,8 +28,10 @@
         <note />
       </trans-unit>
       <trans-unit id="FailedToValidatePackageSigning">
-        <source>Failed to validate package signing.</source>
-        <target state="translated">Не удалось проверить подпись пакета.</target>
+        <source>Failed to validate package signing.
+{0}</source>
+        <target state="new">Failed to validate package signing.
+{0}</target>
         <note />
       </trans-unit>
       <trans-unit id="IsNotFoundInNuGetFeeds">
@@ -37,6 +39,11 @@
         <target state="needs-review-translation">{0} не найдено в веб-каналах NuGet {1}.</target>
         <note />
       </trans-unit>
+      <trans-unit id="NuGetPackageShouldNotBeSigned">
+        <source>Skipping signature verification for NuGet package "{0}" because it comes from a source that does not require signature validation.</source>
+        <target state="new">Skipping signature verification for NuGet package "{0}" because it comes from a source that does not require signature validation.</target>
+        <note />
+      </trans-unit>
       <trans-unit id="NuGetPackageSignatureVerificationSkipped">
         <source>Skipping NuGet package signature verification.</source>
         <target state="translated">Пропуск проверки подписи пакета NuGet.</target>
@@ -72,6 +79,11 @@
         <target state="translated">Пропустить проверку подписи пакета NuGet. Проверка подписи NuGet недоступна в Linux или macOS https://aka.ms/workloadskippackagevalidation.</target>
         <note />
       </trans-unit>
+      <trans-unit id="VerifyingNuGetPackageSignature">
+        <source>Verified that the NuGet package "{0}" has a valid signature.</source>
+        <target state="new">Verified that the NuGet package "{0}" has a valid signature.</target>
+        <note />
+      </trans-unit>
     </body>
   </file>
 </xliff>
\ No newline at end of file
diff --git a/src/Cli/dotnet/NugetPackageDownloader/xlf/LocalizableStrings.tr.xlf b/src/Cli/dotnet/NugetPackageDownloader/xlf/LocalizableStrings.tr.xlf
index 4e8dc04150e3..6e7684eee25c 100644
--- a/src/Cli/dotnet/NugetPackageDownloader/xlf/LocalizableStrings.tr.xlf
+++ b/src/Cli/dotnet/NugetPackageDownloader/xlf/LocalizableStrings.tr.xlf
@@ -28,8 +28,10 @@
         <note />
       </trans-unit>
       <trans-unit id="FailedToValidatePackageSigning">
-        <source>Failed to validate package signing.</source>
-        <target state="translated">Paket imzası doğrulanamadı.</target>
+        <source>Failed to validate package signing.
+{0}</source>
+        <target state="new">Failed to validate package signing.
+{0}</target>
         <note />
       </trans-unit>
       <trans-unit id="IsNotFoundInNuGetFeeds">
@@ -37,6 +39,11 @@
         <target state="needs-review-translation">{0}, {1} NuGet akışlarında bulunamadı.</target>
         <note />
       </trans-unit>
+      <trans-unit id="NuGetPackageShouldNotBeSigned">
+        <source>Skipping signature verification for NuGet package "{0}" because it comes from a source that does not require signature validation.</source>
+        <target state="new">Skipping signature verification for NuGet package "{0}" because it comes from a source that does not require signature validation.</target>
+        <note />
+      </trans-unit>
       <trans-unit id="NuGetPackageSignatureVerificationSkipped">
         <source>Skipping NuGet package signature verification.</source>
         <target state="translated">NuGet paket imzası doğrulaması atlanıyor.</target>
@@ -72,6 +79,11 @@
         <target state="translated">NuGet paketi imza doğrulamasını atlayın. NuGet imza doğrulaması Linux veya macOS üzerinde kullanılamıyor. Daha fazla bilgi için bkz. https://aka.ms/workloadskippackagevalidation.</target>
         <note />
       </trans-unit>
+      <trans-unit id="VerifyingNuGetPackageSignature">
+        <source>Verified that the NuGet package "{0}" has a valid signature.</source>
+        <target state="new">Verified that the NuGet package "{0}" has a valid signature.</target>
+        <note />
+      </trans-unit>
     </body>
   </file>
 </xliff>
\ No newline at end of file
diff --git a/src/Cli/dotnet/NugetPackageDownloader/xlf/LocalizableStrings.zh-Hans.xlf b/src/Cli/dotnet/NugetPackageDownloader/xlf/LocalizableStrings.zh-Hans.xlf
index f7303342d2a0..bdae9aa573c5 100644
--- a/src/Cli/dotnet/NugetPackageDownloader/xlf/LocalizableStrings.zh-Hans.xlf
+++ b/src/Cli/dotnet/NugetPackageDownloader/xlf/LocalizableStrings.zh-Hans.xlf
@@ -28,8 +28,10 @@
         <note />
       </trans-unit>
       <trans-unit id="FailedToValidatePackageSigning">
-        <source>Failed to validate package signing.</source>
-        <target state="translated">验证包签名失败。</target>
+        <source>Failed to validate package signing.
+{0}</source>
+        <target state="new">Failed to validate package signing.
+{0}</target>
         <note />
       </trans-unit>
       <trans-unit id="IsNotFoundInNuGetFeeds">
@@ -37,6 +39,11 @@
         <target state="needs-review-translation">在 NuGet 源 {1} 中找不到 {0}。</target>
         <note />
       </trans-unit>
+      <trans-unit id="NuGetPackageShouldNotBeSigned">
+        <source>Skipping signature verification for NuGet package "{0}" because it comes from a source that does not require signature validation.</source>
+        <target state="new">Skipping signature verification for NuGet package "{0}" because it comes from a source that does not require signature validation.</target>
+        <note />
+      </trans-unit>
       <trans-unit id="NuGetPackageSignatureVerificationSkipped">
         <source>Skipping NuGet package signature verification.</source>
         <target state="translated">正在跳过 NuGet 包签名验证。</target>
@@ -72,6 +79,11 @@
         <target state="translated">跳过 NuGet 包签名验证。Linux 或 macOS 上不提供 NuGet 签名验证。https://aka.ms/workloadskippackagevalidation。</target>
         <note />
       </trans-unit>
+      <trans-unit id="VerifyingNuGetPackageSignature">
+        <source>Verified that the NuGet package "{0}" has a valid signature.</source>
+        <target state="new">Verified that the NuGet package "{0}" has a valid signature.</target>
+        <note />
+      </trans-unit>
     </body>
   </file>
 </xliff>
\ No newline at end of file
diff --git a/src/Cli/dotnet/NugetPackageDownloader/xlf/LocalizableStrings.zh-Hant.xlf b/src/Cli/dotnet/NugetPackageDownloader/xlf/LocalizableStrings.zh-Hant.xlf
index 37eece9cf07e..54b36d357a03 100644
--- a/src/Cli/dotnet/NugetPackageDownloader/xlf/LocalizableStrings.zh-Hant.xlf
+++ b/src/Cli/dotnet/NugetPackageDownloader/xlf/LocalizableStrings.zh-Hant.xlf
@@ -28,8 +28,10 @@
         <note />
       </trans-unit>
       <trans-unit id="FailedToValidatePackageSigning">
-        <source>Failed to validate package signing.</source>
-        <target state="translated">無法驗證套件簽署。</target>
+        <source>Failed to validate package signing.
+{0}</source>
+        <target state="new">Failed to validate package signing.
+{0}</target>
         <note />
       </trans-unit>
       <trans-unit id="IsNotFoundInNuGetFeeds">
@@ -37,6 +39,11 @@
         <target state="needs-review-translation">在 NuGet 摘要 {1} 中找不到 {0}"。</target>
         <note />
       </trans-unit>
+      <trans-unit id="NuGetPackageShouldNotBeSigned">
+        <source>Skipping signature verification for NuGet package "{0}" because it comes from a source that does not require signature validation.</source>
+        <target state="new">Skipping signature verification for NuGet package "{0}" because it comes from a source that does not require signature validation.</target>
+        <note />
+      </trans-unit>
       <trans-unit id="NuGetPackageSignatureVerificationSkipped">
         <source>Skipping NuGet package signature verification.</source>
         <target state="translated">正在略過 NuGet 套件簽章驗證。</target>
@@ -72,6 +79,11 @@
         <target state="translated">略過 NuGet 套件簽署驗證。NuGet 套件簽署驗證在 Linux 或 macOS 上無法使用 https://aka.ms/workloadskippackagevalidation。</target>
         <note />
       </trans-unit>
+      <trans-unit id="VerifyingNuGetPackageSignature">
+        <source>Verified that the NuGet package "{0}" has a valid signature.</source>
+        <target state="new">Verified that the NuGet package "{0}" has a valid signature.</target>
+        <note />
+      </trans-unit>
     </body>
   </file>
 </xliff>
\ No newline at end of file
diff --git a/src/Cli/dotnet/ToolPackage/IToolPackageDownloader.cs b/src/Cli/dotnet/ToolPackage/IToolPackageDownloader.cs
index 45a72e6aadf6..4071fb2330e5 100644
--- a/src/Cli/dotnet/ToolPackage/IToolPackageDownloader.cs
+++ b/src/Cli/dotnet/ToolPackage/IToolPackageDownloader.cs
@@ -15,7 +15,8 @@ IToolPackage InstallPackage(PackageLocation packageLocation,
             VersionRange versionRange = null,
             string targetFramework = null,
             bool isGlobalTool = false,
-            bool isGlobalToolRollForward = false
+            bool isGlobalToolRollForward = false,
+            bool verifySignatures = true
         );
 
         NuGetVersion GetNuGetVersion(
diff --git a/src/Cli/dotnet/ToolPackage/ToolPackageDownloader.cs b/src/Cli/dotnet/ToolPackage/ToolPackageDownloader.cs
index 1359a001ca5e..3442803960aa 100644
--- a/src/Cli/dotnet/ToolPackage/ToolPackageDownloader.cs
+++ b/src/Cli/dotnet/ToolPackage/ToolPackageDownloader.cs
@@ -1,21 +1,17 @@
 // Copyright (c) .NET Foundation and contributors. All rights reserved.
 // Licensed under the MIT license. See LICENSE file in the project root for full license information.
 
-using System;
-using System.Collections.Generic;
-using System.IO;
-using System.Linq;
-using System.CommandLine;
 using System.Reflection;
-using System.Runtime.InteropServices;
-using System.Threading.Tasks;
 using Microsoft.DotNet.Cli.NuGetPackageDownloader;
 using Microsoft.DotNet.Cli.Utils;
 using Microsoft.DotNet.ToolPackage;
 using Microsoft.DotNet.Tools;
 using Microsoft.Extensions.EnvironmentAbstractions;
+using Microsoft.TemplateEngine.Utils;
+using Newtonsoft.Json.Linq;
 using NuGet.Client;
 using NuGet.Common;
+using NuGet.Configuration;
 using NuGet.ContentModel;
 using NuGet.Frameworks;
 using NuGet.LibraryModel;
@@ -25,12 +21,6 @@
 using NuGet.Repositories;
 using NuGet.RuntimeModel;
 using NuGet.Versioning;
-using NuGet.Configuration;
-using Microsoft.TemplateEngine.Utils;
-using System.Text.Json;
-using System.Xml;
-using System.Text.Json.Nodes;
-using Newtonsoft.Json.Linq;
 
 namespace Microsoft.DotNet.Cli.ToolPackage
 {
@@ -58,15 +48,19 @@ internal class ToolPackageDownloader : IToolPackageDownloader
 
         protected readonly string _runtimeJsonPath;
 
+        private readonly string _currentWorkingDirectory;
+
         public ToolPackageDownloader(
             IToolPackageStore store,
-            string runtimeJsonPathForTests = null
+            string runtimeJsonPathForTests = null,
+            string currentWorkingDirectory = null
         )
         {
             _toolPackageStore = store ?? throw new ArgumentNullException(nameof(store));
             _globalToolStageDir = _toolPackageStore.GetRandomStagingDirectory();
-            ISettings settings = Settings.LoadDefaultSettings(Directory.GetCurrentDirectory());
+            ISettings settings = Settings.LoadDefaultSettings(currentWorkingDirectory ?? Directory.GetCurrentDirectory());
             _localToolDownloadDir = new DirectoryPath(SettingsUtility.GetGlobalPackagesFolder(settings));
+            _currentWorkingDirectory = currentWorkingDirectory;
             
             _localToolAssetDir = new DirectoryPath(PathUtilities.CreateTempSubdirectory());
             _runtimeJsonPath = runtimeJsonPathForTests ?? Path.Combine(Path.GetDirectoryName(Assembly.GetExecutingAssembly().Location), "RuntimeIdentifierGraph.json");
@@ -77,7 +71,8 @@ public IToolPackage InstallPackage(PackageLocation packageLocation, PackageId pa
             VersionRange versionRange = null,
             string targetFramework = null,
             bool isGlobalTool = false,
-            bool isGlobalToolRollForward = false
+            bool isGlobalToolRollForward = false,
+            bool verifySignatures = true
             )
         {
             var packageRootDirectory = _toolPackageStore.GetRootPackageDirectory(packageId);
@@ -100,7 +95,8 @@ public IToolPackage InstallPackage(PackageLocation packageLocation, PackageId pa
 
                     var toolDownloadDir = isGlobalTool ? _globalToolStageDir : _localToolDownloadDir;
                     var assetFileDirectory = isGlobalTool ? _globalToolStageDir : _localToolAssetDir;
-                    var nugetPackageDownloader = new NuGetPackageDownloader.NuGetPackageDownloader(toolDownloadDir, verboseLogger: nugetLogger, shouldUsePackageSourceMapping: true, verbosityOptions: verbosity);
+
+                    var nugetPackageDownloader = new NuGetPackageDownloader.NuGetPackageDownloader(toolDownloadDir, verboseLogger: nugetLogger, verifySignatures: verifySignatures, shouldUsePackageSourceMapping: true, verbosityOptions: verbosity, currentWorkingDirectory: _currentWorkingDirectory);
 
                     var packageSourceLocation = new PackageSourceLocation(packageLocation.NugetConfig, packageLocation.RootConfigDirectory, null, packageLocation.AdditionalFeeds);
 
diff --git a/src/Cli/dotnet/ToolPackage/ToolPackageFactory.cs b/src/Cli/dotnet/ToolPackage/ToolPackageFactory.cs
index ad8d8be753c9..92fbc0490a85 100644
--- a/src/Cli/dotnet/ToolPackage/ToolPackageFactory.cs
+++ b/src/Cli/dotnet/ToolPackage/ToolPackageFactory.cs
@@ -36,10 +36,10 @@ public static (IToolPackageStore,
             IToolPackageDownloader,
             IToolPackageUninstaller)
             CreateToolPackageStoresAndDownloaderAndUninstaller(
-                DirectoryPath? nonGlobalLocation = null, IEnumerable<string> additionalRestoreArguments = null)
+                DirectoryPath? nonGlobalLocation = null, IEnumerable<string> additionalRestoreArguments = null, string currentWorkingDirectory = null)
         {
             ToolPackageStoreAndQuery toolPackageStore = CreateConcreteToolPackageStore(nonGlobalLocation);
-            var toolPackageDownloader = new ToolPackageDownloader(toolPackageStore);
+            var toolPackageDownloader = new ToolPackageDownloader(toolPackageStore, currentWorkingDirectory: currentWorkingDirectory);
             var toolPackageUninstaller = new ToolPackageUninstaller(
                 toolPackageStore);
 
@@ -47,7 +47,7 @@ public static (IToolPackageStore,
         }
 
 
-        public static IToolPackageStoreQuery CreateToolPackageStoreQuery(
+        public static ToolPackageStoreAndQuery CreateToolPackageStoreQuery(
             DirectoryPath? nonGlobalLocation = null)
         {
             return CreateConcreteToolPackageStore(nonGlobalLocation);
diff --git a/src/Cli/dotnet/commands/dotnet-tool/install/ToolInstallGlobalOrToolPathCommand.cs b/src/Cli/dotnet/commands/dotnet-tool/install/ToolInstallGlobalOrToolPathCommand.cs
index 5a5cb487aedd..9315f0f96701 100644
--- a/src/Cli/dotnet/commands/dotnet-tool/install/ToolInstallGlobalOrToolPathCommand.cs
+++ b/src/Cli/dotnet/commands/dotnet-tool/install/ToolInstallGlobalOrToolPathCommand.cs
@@ -52,7 +52,8 @@ internal class ToolInstallGlobalOrToolPathCommand : CommandBase
         private readonly bool _allowRollForward;
         private readonly bool _allowPackageDowngrade;
         private readonly bool _updateAll;
-
+        private readonly string _currentWorkingDirectory;
+        private readonly bool? _verifySignatures;
 
         public ToolInstallGlobalOrToolPathCommand(
             ParseResult parseResult,
@@ -62,9 +63,13 @@ public ToolInstallGlobalOrToolPathCommand(
             IEnvironmentPathInstruction environmentPathInstruction = null,
             IReporter reporter = null,
             INuGetPackageDownloader nugetPackageDownloader = null,
-            IToolPackageStoreQuery store = null)
+            IToolPackageStoreQuery store = null,
+            string currentWorkingDirectory = null,
+            bool? verifySignatures = null)
             : base(parseResult)
         {
+            _verifySignatures = verifySignatures;
+            _currentWorkingDirectory = currentWorkingDirectory;
             var packageIdArgument = parseResult.GetValue(ToolInstallCommandParser.PackageIdArgument);
             _packageId = packageId ?? (packageIdArgument is not null ? new PackageId(packageIdArgument) : null);
             _packageVersion = parseResult.GetValue(ToolInstallCommandParser.VersionOption);
@@ -89,7 +94,7 @@ public ToolInstallGlobalOrToolPathCommand(
                 NoCache: (parseResult.GetValue(ToolCommandRestorePassThroughOptions.NoCacheOption) || parseResult.GetValue(ToolCommandRestorePassThroughOptions.NoHttpCacheOption)),
                 IgnoreFailedSources: parseResult.GetValue(ToolCommandRestorePassThroughOptions.IgnoreFailedSourcesOption),
                 Interactive: parseResult.GetValue(ToolCommandRestorePassThroughOptions.InteractiveRestoreOption));
-            nugetPackageDownloader ??= new NuGetPackageDownloader(tempDir, verboseLogger: new NullLogger(), restoreActionConfig: restoreAction, verbosityOptions: _verbosity);
+            nugetPackageDownloader ??= new NuGetPackageDownloader(tempDir, verboseLogger: new NullLogger(), restoreActionConfig: restoreAction, verbosityOptions: _verbosity, verifySignatures: verifySignatures ?? true);
             _shellShimTemplateFinder = new ShellShimTemplateFinder(nugetPackageDownloader, tempDir, packageSourceLocation);
             _store = store;
 
@@ -151,7 +156,7 @@ private int ExecuteInstallCommand(PackageId packageId)
             (IToolPackageStore toolPackageStore,
              IToolPackageStoreQuery toolPackageStoreQuery,
              IToolPackageDownloader toolPackageDownloader,
-             IToolPackageUninstaller toolPackageUninstaller) = _createToolPackageStoreDownloaderUninstaller(toolPath, _forwardRestoreArguments);
+             IToolPackageUninstaller toolPackageUninstaller) = _createToolPackageStoreDownloaderUninstaller(toolPath, _forwardRestoreArguments, _currentWorkingDirectory);
 
             var appHostSourceDirectory = ShellShimTemplateFinder.GetDefaultAppHostSourceDirectory();
             IShellShimRepository shellShimRepository = _createShellShimRepository(appHostSourceDirectory, toolPath);
@@ -191,7 +196,8 @@ private int ExecuteInstallCommand(PackageId packageId)
                         targetFramework: _framework,
                         verbosity: _verbosity,
                         isGlobalTool: true,
-                        isGlobalToolRollForward: _allowRollForward
+                        isGlobalToolRollForward: _allowRollForward,
+                        verifySignatures: _verifySignatures ?? true
                     );
 
                     EnsureVersionIsHigher(oldPackageNullable, newInstalledPackage, _allowPackageDowngrade);
diff --git a/src/Cli/dotnet/commands/dotnet-tool/update/ToolUpdateGlobalOrToolPathCommand.cs b/src/Cli/dotnet/commands/dotnet-tool/update/ToolUpdateGlobalOrToolPathCommand.cs
index d9ff2bd02ddc..307d35d5c155 100644
--- a/src/Cli/dotnet/commands/dotnet-tool/update/ToolUpdateGlobalOrToolPathCommand.cs
+++ b/src/Cli/dotnet/commands/dotnet-tool/update/ToolUpdateGlobalOrToolPathCommand.cs
@@ -16,7 +16,8 @@ namespace Microsoft.DotNet.Tools.Tool.Update
 {
     internal delegate (IToolPackageStore, IToolPackageStoreQuery, IToolPackageDownloader, IToolPackageUninstaller) CreateToolPackageStoresAndDownloaderAndUninstaller(
         DirectoryPath? nonGlobalLocation = null,
-        IEnumerable<string> additionalRestoreArguments = null);
+        IEnumerable<string> additionalRestoreArguments = null,
+        string currentWorkingDirectory = null);
 
     internal class ToolUpdateGlobalOrToolPathCommand : CommandBase
     {
diff --git a/test/Microsoft.DotNet.PackageInstall.Tests/NuGetPackageInstallerTests.cs b/test/Microsoft.DotNet.PackageInstall.Tests/NuGetPackageInstallerTests.cs
index 892a32ff7097..c26e025ca487 100644
--- a/test/Microsoft.DotNet.PackageInstall.Tests/NuGetPackageInstallerTests.cs
+++ b/test/Microsoft.DotNet.PackageInstall.Tests/NuGetPackageInstallerTests.cs
@@ -269,23 +269,6 @@ await nuGetPackageDownloader.DownloadPackageAsync(
             File.Exists(packagePath).Should().BeTrue();
         }
 
-        [WindowsOnlyFact]
-        public async Task WhenCalledWithNotSignedPackageItShouldThrowWithCommandOutput()
-        {
-            string commandOutput = "COMMAND OUTPUT";
-            NuGetPackageDownloader nuGetPackageDownloader = new(_tempDirectory, null,
-                new MockFirstPartyNuGetPackageSigningVerifier(verifyResult: false, commandOutput: commandOutput),
-                _logger, restoreActionConfig: new RestoreActionConfig(NoCache: true), verifySignatures: true);
-
-            NuGetPackageInstallerException ex = await Assert.ThrowsAsync<NuGetPackageInstallerException>(() =>
-                nuGetPackageDownloader.DownloadPackageAsync(
-                    TestPackageId,
-                    new NuGetVersion(TestPackageVersion),
-                    new PackageSourceLocation(sourceFeedOverrides: new[] { GetTestLocalFeedPath() })));
-
-            ex.Message.Should().Contain(commandOutput);
-        }
-
         [UnixOnlyFact]
         public async Task GivenANonWindowsMachineItShouldPrintMessageOnce()
         {
diff --git a/test/Microsoft.DotNet.PackageInstall.Tests/ToolPackageDownloaderTests.cs b/test/Microsoft.DotNet.PackageInstall.Tests/ToolPackageDownloaderTests.cs
index 7088c2c4cea7..cb0bcca80d17 100644
--- a/test/Microsoft.DotNet.PackageInstall.Tests/ToolPackageDownloaderTests.cs
+++ b/test/Microsoft.DotNet.PackageInstall.Tests/ToolPackageDownloaderTests.cs
@@ -54,7 +54,8 @@ public void GivenNugetConfigInstallSucceeds(bool testMockBehaviorIsInSync)
                 verbosity: TestVerbosity,
                 versionRange: VersionRange.Parse(TestPackageVersion),
                 targetFramework: _testTargetframework,
-                isGlobalTool: true);
+                isGlobalTool: true,
+                verifySignatures: false);
 
             AssertPackageInstall(reporter, fileSystem, package, store, storeQuery);
 
@@ -82,7 +83,8 @@ public void GivenNugetConfigInstallSucceedsInTransaction(bool testMockBehaviorIs
                     verbosity: TestVerbosity,
                     versionRange: VersionRange.Parse(TestPackageVersion),
                     targetFramework: _testTargetframework,
-                    isGlobalTool: true);
+                    isGlobalTool: true,
+                    verifySignatures: false);
 
                 transactionScope.Complete();
             }
@@ -108,7 +110,8 @@ public void GivenNugetConfigInstallCreatesAnAssetFile(bool testMockBehaviorIsInS
                 verbosity: TestVerbosity,
                 versionRange: VersionRange.Parse(TestPackageVersion),
                 targetFramework: _testTargetframework,
-                isGlobalTool: true);
+                isGlobalTool: true,
+                verifySignatures: false);
 
             AssertPackageInstall(reporter, fileSystem, package, store, storeQuery);
 
@@ -171,7 +174,8 @@ public void GivenAConfigFileRootDirectoryPackageInstallSucceedsViaFindingNugetCo
                 verbosity: TestVerbosity,
                 versionRange: VersionRange.Parse(TestPackageVersion),
                 targetFramework: _testTargetframework,
-                isGlobalTool: true);
+                isGlobalTool: true,
+                verifySignatures: false);
 
             AssertPackageInstall(reporter, fileSystem, package, store, storeQuery);
 
@@ -241,7 +245,8 @@ public void GivenAllButNoPackageVersionItCanInstallThePackage(bool testMockBehav
                 packageId: TestPackageId,
                 verbosity: TestVerbosity,
                 targetFramework: _testTargetframework,
-                isGlobalTool: true);
+                isGlobalTool: true,
+                verifySignatures: false);
 
             AssertPackageInstall(reporter, fileSystem, package, store, storeQuery);
 
@@ -263,7 +268,8 @@ public void GivenAllButNoTargetFrameworkItCanDownloadThePackage(bool testMockBeh
                 packageId: TestPackageId,
                 verbosity: TestVerbosity,
                 versionRange: VersionRange.Parse(TestPackageVersion),
-                isGlobalTool: true);
+                isGlobalTool: true,
+                verifySignatures: false);
 
             AssertPackageInstall(reporter, fileSystem, package, store, storeQuery);
 
@@ -286,7 +292,8 @@ public void GivenASourceInstallSucceeds(bool testMockBehaviorIsInSync)
                 verbosity: TestVerbosity,
                 versionRange: VersionRange.Parse(TestPackageVersion),
                 targetFramework: _testTargetframework,
-                isGlobalTool: true);
+                isGlobalTool: true,
+                verifySignatures: false);
 
             AssertPackageInstall(reporter, fileSystem, package, store, storeQuery);
 
@@ -310,7 +317,8 @@ public void GivenARelativeSourcePathInstallSucceeds(bool testMockBehaviorIsInSyn
                 verbosity: TestVerbosity,
                 versionRange: VersionRange.Parse(TestPackageVersion),
                 targetFramework: _testTargetframework,
-                isGlobalTool: true);
+                isGlobalTool: true,
+                verifySignatures: false);
 
             AssertPackageInstall(reporter, fileSystem, package, store, storeQuery);
 
@@ -333,7 +341,8 @@ public void GivenAUriSourceInstallSucceeds(bool testMockBehaviorIsInSync)
                 verbosity: TestVerbosity,
                 versionRange: VersionRange.Parse(TestPackageVersion),
                 targetFramework: _testTargetframework,
-                isGlobalTool: true);
+                isGlobalTool: true,
+                verifySignatures: false);
 
             AssertPackageInstall(reporter, fileSystem, package, store, storeQuery);
 
@@ -359,7 +368,8 @@ public void GivenAEmptySourceAndNugetConfigInstallSucceeds(bool testMockBehavior
                 verbosity: TestVerbosity,
                 versionRange: VersionRange.Parse(TestPackageVersion),
                 targetFramework: _testTargetframework,
-                isGlobalTool: true);
+                isGlobalTool: true,
+                verifySignatures: false);
 
             AssertPackageInstall(reporter, fileSystem, package, store, storeQuery);
 
@@ -390,7 +400,8 @@ public void GivenFailureAfterRestoreInstallWillRollback(bool testMockBehaviorIsI
                         verbosity: TestVerbosity,
                         versionRange: VersionRange.Parse(TestPackageVersion),
                         targetFramework: _testTargetframework,
-                        isGlobalTool: true);
+                        isGlobalTool: true,
+                        verifySignatures: false);
 
                     FailedStepAfterSuccessRestore();
                     t.Complete();
@@ -424,7 +435,8 @@ public void GivenSecondInstallInATransactionTheFirstInstallShouldRollback(bool t
                         verbosity: TestVerbosity,
                         versionRange: VersionRange.Parse(TestPackageVersion),
                         targetFramework: _testTargetframework,
-                        isGlobalTool: true);
+                        isGlobalTool: true,
+                        verifySignatures: false);
 
                     first.Should().NotThrow();
 
@@ -433,7 +445,8 @@ public void GivenSecondInstallInATransactionTheFirstInstallShouldRollback(bool t
                         verbosity: TestVerbosity,
                         versionRange: VersionRange.Parse(TestPackageVersion),
                         targetFramework: _testTargetframework,
-                        isGlobalTool: true);
+                        isGlobalTool: true,
+                        verifySignatures: false);
 
                     t.Complete();
                 }
@@ -474,7 +487,8 @@ public void GivenFailureWhenInstallLocalToolsItWillRollbackPackageVersion(bool t
                         packageId: TestPackageId,
                         verbosity: TestVerbosity,
                         versionRange: VersionRange.Parse(TestPackageVersion),
-                        targetFramework: _testTargetframework);
+                        targetFramework: _testTargetframework,
+                        verifySignatures: false);
 
                     fileSystem
                     .Directory
@@ -524,14 +538,16 @@ public void GivenSecondInstallOfLocalToolItShouldNotThrowException(bool testMock
                         packageId: TestPackageId,
                         verbosity: TestVerbosity,
                         versionRange: VersionRange.Parse(TestPackageVersion),
-                        targetFramework: _testTargetframework);
+                        targetFramework: _testTargetframework,
+                        verifySignatures: false);
 
 
                     downloader.InstallPackage(new PackageLocation(additionalFeeds: new[] { source }),
                         packageId: TestPackageId,
                         verbosity: TestVerbosity,
                         versionRange: VersionRange.Parse(TestPackageVersion),
-                        targetFramework: _testTargetframework);
+                        targetFramework: _testTargetframework,
+                        verifySignatures: false);
 
                     t.Complete();
                 }
@@ -554,7 +570,8 @@ public void GivenSecondInstallWithoutATransactionTheFirstShouldNotRollback(bool
                 verbosity: TestVerbosity,
                 versionRange: VersionRange.Parse(TestPackageVersion),
                 targetFramework: _testTargetframework,
-                isGlobalTool: true);
+                isGlobalTool: true,
+                verifySignatures: false);
 
             AssertPackageInstall(reporter, fileSystem, package, store, storeQuery);
 
@@ -563,7 +580,8 @@ public void GivenSecondInstallWithoutATransactionTheFirstShouldNotRollback(bool
                 verbosity: TestVerbosity,
                 versionRange: VersionRange.Parse(TestPackageVersion),
                 targetFramework: _testTargetframework,
-                isGlobalTool: true);
+                isGlobalTool: true,
+                verifySignatures: false);
 
             reporter.Lines.Should().BeEmpty();
 
@@ -606,7 +624,8 @@ public void GivenAnInstalledPackageUninstallRemovesThePackage(bool testMockBehav
                 verbosity: TestVerbosity,
                 versionRange: VersionRange.Parse(TestPackageVersion),
                 targetFramework: _testTargetframework,
-                isGlobalTool: true);
+                isGlobalTool: true,
+                verifySignatures: false);
 
             AssertPackageInstall(reporter, fileSystem, package, store, storeQuery);
 
@@ -632,7 +651,8 @@ public void GivenAnInstalledPackageUninstallRollsbackWhenTransactionFails(bool t
                 verbosity: TestVerbosity,
                 versionRange: VersionRange.Parse(TestPackageVersion),
                 targetFramework: _testTargetframework,
-                isGlobalTool: true);
+                isGlobalTool: true,
+                verifySignatures: false);
 
             AssertPackageInstall(reporter, fileSystem, package, store, storeQuery);
 
@@ -667,7 +687,8 @@ public void GivenAnInstalledPackageUninstallRemovesThePackageWhenTransactionComm
                 verbosity: TestVerbosity,
                 versionRange: VersionRange.Parse(TestPackageVersion),
                 targetFramework: _testTargetframework,
-                isGlobalTool: true);
+                isGlobalTool: true,
+                verifySignatures: false);
 
             AssertPackageInstall(reporter, fileSystem, package, store, storeQuery);
 
@@ -697,7 +718,8 @@ public void GivenAPackageNameWithDifferentCaseItCanInstallThePackage(bool testMo
                 packageId: new PackageId("GlObAl.TooL.coNsoLe.DemO"),
                 verbosity: TestVerbosity,
                 targetFramework: _testTargetframework,
-                isGlobalTool: true);
+                isGlobalTool: true,
+                verifySignatures: false);
 
             AssertPackageInstall(reporter, fileSystem, package, store, storeQuery);
 
@@ -729,7 +751,8 @@ public void GivenARootWithNonAsciiCharacterInstallSucceeds()
                 verbosity: TestVerbosity,
                 versionRange: VersionRange.Parse(TestPackageVersion),
                 targetFramework: _testTargetframework,
-                isGlobalTool: true);
+                isGlobalTool: true,
+                verifySignatures: false);
 
             AssertPackageInstall(reporter, fileSystem, package, store, store);
 
@@ -757,7 +780,8 @@ public void GivenAComplexVersionRangeInstallSucceeds(bool testMockBehaviorIsInSy
                 verbosity: TestVerbosity,
                 versionRange: VersionRange.Parse("1.0.0-rc*"),
                 targetFramework: _testTargetframework,
-                isGlobalTool: true);
+                isGlobalTool: true,
+                verifySignatures: false);
 
             AssertPackageInstall(reporter, fileSystem, package, store, storeQuery);
 
diff --git a/test/Microsoft.DotNet.PackageInstall.Tests/ToolPackageInstallerNugetCacheTests.cs b/test/Microsoft.DotNet.PackageInstall.Tests/ToolPackageInstallerNugetCacheTests.cs
index 6adbfead1532..f13b5d08fb25 100644
--- a/test/Microsoft.DotNet.PackageInstall.Tests/ToolPackageInstallerNugetCacheTests.cs
+++ b/test/Microsoft.DotNet.PackageInstall.Tests/ToolPackageInstallerNugetCacheTests.cs
@@ -43,7 +43,8 @@ public void GivenNugetConfigInstallSucceeds(bool testMockBehaviorIsInSync)
                     verbosity: TestVerbosity,
                     versionRange: VersionRange.Parse(TestPackageVersion),
                     packageLocation: new PackageLocation(nugetConfig: nugetConfigPath),
-                    targetFramework: _testTargetframework);
+                    targetFramework: _testTargetframework,
+                    verifySignatures: false);
 
                 var command = toolPackage.Command;
                 var expectedPackagesFolder = NuGetGlobalPackagesFolder.GetLocation();
@@ -81,7 +82,8 @@ public void GivenNugetConfigVersionRangeInstallSucceeds(bool testMockBehaviorIsI
                 verbosity: TestVerbosity,
                 versionRange: VersionRange.Parse("1.0.0-*"),
                 packageLocation: new PackageLocation(nugetConfig: nugetConfigPath),
-                targetFramework: _testTargetframework);
+                targetFramework: _testTargetframework,
+                verifySignatures: false);
 
             var expectedPackagesFolder = NuGetGlobalPackagesFolder.GetLocation();
 
diff --git a/test/Microsoft.DotNet.PackageInstall.Tests/ToolPackageUninstallerTests.cs b/test/Microsoft.DotNet.PackageInstall.Tests/ToolPackageUninstallerTests.cs
index e95f28b38cb3..ac27271bcffa 100644
--- a/test/Microsoft.DotNet.PackageInstall.Tests/ToolPackageUninstallerTests.cs
+++ b/test/Microsoft.DotNet.PackageInstall.Tests/ToolPackageUninstallerTests.cs
@@ -33,7 +33,8 @@ public void GivenAnInstalledPackageUninstallRemovesThePackage(bool testMockBehav
                 verbosity: TestVerbosity,
                 versionRange: VersionRange.Parse(TestPackageVersion),
                 targetFramework: _testTargetframework,
-                isGlobalTool: true);
+                isGlobalTool: true,
+                verifySignatures: false);
 
             package.PackagedShims.Should().ContainSingle(f => f.Value.Contains("demo.exe") || f.Value.Contains("demo"));
 
diff --git a/test/Microsoft.DotNet.Tools.Tests.ComponentMocks/ToolPackageDownloaderMock.cs b/test/Microsoft.DotNet.Tools.Tests.ComponentMocks/ToolPackageDownloaderMock.cs
index cc9d5e465b3a..c4342b94c23f 100644
--- a/test/Microsoft.DotNet.Tools.Tests.ComponentMocks/ToolPackageDownloaderMock.cs
+++ b/test/Microsoft.DotNet.Tools.Tests.ComponentMocks/ToolPackageDownloaderMock.cs
@@ -97,7 +97,8 @@ public IToolPackage InstallPackage(PackageLocation packageLocation, PackageId pa
             VersionRange versionRange = null,
             string targetFramework = null,
             bool isGlobalTool = false,
-            bool isGlobalToolRollForward = false
+            bool isGlobalToolRollForward = false,
+            bool verifySignatures = false
             )
         {
             string rollbackDirectory = null;
diff --git a/test/dotnet.Tests/CommandObjectTests.cs b/test/dotnet.Tests/CommandObjectTests.cs
index e312903459ea..a82e79f95b59 100644
--- a/test/dotnet.Tests/CommandObjectTests.cs
+++ b/test/dotnet.Tests/CommandObjectTests.cs
@@ -28,7 +28,7 @@ public void WhenItCannotResolveCommandButCommandIsInListOfKnownToolsItThrows()
 
         private class ResolveNothingCommandResolverPolicy : ICommandResolverPolicy
         {
-            public CompositeCommandResolver CreateCommandResolver()
+            public CompositeCommandResolver CreateCommandResolver(string currentWorkingDirectory = null)
             {
                 var compositeCommandResolver = new CompositeCommandResolver();
                 compositeCommandResolver.AddCommandResolver(new ResolveNothingCommandResolver());
diff --git a/test/dotnet.Tests/CommandTests/ToolInstallGlobalOrToolPathCommandTests.cs b/test/dotnet.Tests/CommandTests/ToolInstallGlobalOrToolPathCommandTests.cs
index 57b08815600c..228d280a62a0 100644
--- a/test/dotnet.Tests/CommandTests/ToolInstallGlobalOrToolPathCommandTests.cs
+++ b/test/dotnet.Tests/CommandTests/ToolInstallGlobalOrToolPathCommandTests.cs
@@ -11,11 +11,13 @@
 using Microsoft.DotNet.Tools;
 using Microsoft.DotNet.Tools.Tests.ComponentMocks;
 using Microsoft.DotNet.Tools.Tool.Install;
+using Microsoft.DotNet.Tools.Tool.Uninstall;
 using Microsoft.DotNet.Tools.Tool.Update;
 using Microsoft.Extensions.DependencyModel.Tests;
 using Microsoft.Extensions.EnvironmentAbstractions;
 using CreateShellShimRepository = Microsoft.DotNet.Tools.Tool.Install.CreateShellShimRepository;
 using LocalizableStrings = Microsoft.DotNet.Tools.Tool.Install.LocalizableStrings;
+using NuGetPackageDownloaderLocalizableStrings = Microsoft.DotNet.Cli.NuGetPackageDownloader.LocalizableStrings;
 using Parser = Microsoft.DotNet.Cli.Parser;
 
 namespace Microsoft.DotNet.Tests.Commands.Tool
@@ -69,7 +71,7 @@ public ToolInstallGlobalOrToolPathCommandTests(ITestOutputHelper log): base(log)
                     new DirectoryPath(_toolsDirectory),
                     _fileSystem);
             _toolPackageUninstallerMock = new ToolPackageUninstallerMock(_fileSystem, store);
-            _createToolPackageStoreDownloaderUninstaller = (location, forwardArguments) => (_toolPackageStore, _toolPackageStoreQuery, CreateToolPackageDownloader(), _toolPackageUninstallerMock);
+            _createToolPackageStoreDownloaderUninstaller = (location, forwardArguments, workingDirectory) => (_toolPackageStore, _toolPackageStoreQuery, CreateToolPackageDownloader(), _toolPackageUninstallerMock);
 
 
             _parseResult = Parser.Instance.Parse($"dotnet tool install -g {PackageId}");
@@ -143,7 +145,7 @@ public void WhenRunWithPackageIdWithSourceItShouldCreateValidShim()
             var toolInstallGlobalOrToolPathCommand = new ToolInstallGlobalOrToolPathCommand(
                 result,
                 _packageId,
-                (location, forwardArguments) => (_toolPackageStore, _toolPackageStoreQuery, toolToolPackageDownloader, _toolPackageUninstallerMock),
+                (location, forwardArguments, currentWorkingDirectory) => (_toolPackageStore, _toolPackageStoreQuery, toolToolPackageDownloader, _toolPackageUninstallerMock),
                 _createShellShimRepository,
                 _environmentPathInstructionMock,
                 _reporter);
@@ -192,7 +194,7 @@ public void WhenRunWithPackageIdPackageFormatIsNotFullySupportedItShouldShowPath
             var toolInstallGlobalOrToolPathCommand = new ToolInstallGlobalOrToolPathCommand(
                 _parseResult,
                 _packageId,
-                (location, forwardArguments) => (_toolPackageStore, _toolPackageStoreQuery, toolPackageDownloader, _toolPackageUninstallerMock),
+                (location, forwardArguments, currentWorkingDirectory) => (_toolPackageStore, _toolPackageStoreQuery, toolPackageDownloader, _toolPackageUninstallerMock),
                 _createShellShimRepository,
                 _environmentPathInstructionMock,
                 _reporter);
@@ -215,7 +217,7 @@ public void GivenFailedPackageInstallWhenRunWithPackageIdItShouldFail()
             var toolInstallGlobalOrToolPathCommand = new ToolInstallGlobalOrToolPathCommand(
                 _parseResult,
                 _packageId,
-                (location, forwardArguments) => (_toolPackageStore, _toolPackageStoreQuery, toolPackageDownloader, _toolPackageUninstallerMock),
+                (location, forwardArguments, currentWorkingDirectory) => (_toolPackageStore, _toolPackageStoreQuery, toolPackageDownloader, _toolPackageUninstallerMock),
                 _createShellShimRepository,
                 _environmentPathInstructionMock,
                 _reporter);
@@ -264,7 +266,7 @@ public void GivenInCorrectToolConfigurationWhenRunWithPackageIdItShouldFail()
             var toolInstallGlobalOrToolPathCommand = new ToolInstallGlobalOrToolPathCommand(
                 _parseResult,
                 _packageId,
-                (location, forwardArguments) => (_toolPackageStore, _toolPackageStoreQuery, toolPackageDownloader, _toolPackageUninstallerMock),
+                (location, forwardArguments, currentWorkingDirectory) => (_toolPackageStore, _toolPackageStoreQuery, toolPackageDownloader, _toolPackageUninstallerMock),
                 _createShellShimRepository,
                 _environmentPathInstructionMock,
                 _reporter);
@@ -414,7 +416,7 @@ public void WhenInstallWithHigherVersionItShouldUpdate()
             var toolInstallGlobalOrToolPathCommand = new ToolInstallGlobalOrToolPathCommand(
                 result,
                 _packageId,
-                (location, forwardArguments) => (_toolPackageStore, _toolPackageStoreQuery, toolToolPackageDownloader, _toolPackageUninstallerMock),
+                (location, forwardArguments, currentWorkingDirectory) => (_toolPackageStore, _toolPackageStoreQuery, toolToolPackageDownloader, _toolPackageUninstallerMock),
                 _createShellShimRepository,
                 new EnvironmentPathInstructionMock(_reporter, _pathToPlaceShim, true),
                 _reporter);
@@ -436,7 +438,7 @@ public void WhenInstallWithHigherVersionItShouldUpdate()
             var toolInstallGlobalOrToolPathCommand2 = new ToolInstallGlobalOrToolPathCommand(
                 result2,
                 _packageId,
-                (location, forwardArguments) => (_toolPackageStore, _toolPackageStoreQuery, toolToolPackageDownloader, _toolPackageUninstallerMock),
+                (location, forwardArguments, currentWorkingDirectory) => (_toolPackageStore, _toolPackageStoreQuery, toolToolPackageDownloader, _toolPackageUninstallerMock),
                 _createShellShimRepository,
                 new EnvironmentPathInstructionMock(_reporter, _pathToPlaceShim, true),
                 _reporter);
@@ -462,7 +464,7 @@ public void WhenInstallWithLowerVersionWithAllowDowngradeOptionItShouldDowngrade
             var toolInstallGlobalOrToolPathCommand = new ToolInstallGlobalOrToolPathCommand(
                 result,
                 _packageId,
-                (location, forwardArguments) => (_toolPackageStore, _toolPackageStoreQuery, toolToolPackageDownloader, _toolPackageUninstallerMock),
+                (location, forwardArguments, currentWorkingDirectory) => (_toolPackageStore, _toolPackageStoreQuery, toolToolPackageDownloader, _toolPackageUninstallerMock),
                 _createShellShimRepository,
                 new EnvironmentPathInstructionMock(_reporter, _pathToPlaceShim, true),
                 _reporter);
@@ -484,7 +486,7 @@ public void WhenInstallWithLowerVersionWithAllowDowngradeOptionItShouldDowngrade
             var toolInstallGlobalOrToolPathCommand2 = new ToolInstallGlobalOrToolPathCommand(
                 result2,
                 _packageId,
-                (location, forwardArguments) => (_toolPackageStore, _toolPackageStoreQuery, toolToolPackageDownloader, _toolPackageUninstallerMock),
+                (location, forwardArguments, currentWorkingDirectory) => (_toolPackageStore, _toolPackageStoreQuery, toolToolPackageDownloader, _toolPackageUninstallerMock),
                 _createShellShimRepository,
                 new EnvironmentPathInstructionMock(_reporter, _pathToPlaceShim, true),
                 _reporter);
@@ -510,7 +512,7 @@ public void WhenInstallWithLowerVersionItShouldFail()
             var toolInstallGlobalOrToolPathCommand = new ToolInstallGlobalOrToolPathCommand(
                 result,
                 _packageId,
-                (location, forwardArguments) => (_toolPackageStore, _toolPackageStoreQuery, toolToolPackageDownloader, _toolPackageUninstallerMock),
+                (location, forwardArguments, currentWorkingDirectory) => (_toolPackageStore, _toolPackageStoreQuery, toolToolPackageDownloader, _toolPackageUninstallerMock),
                 _createShellShimRepository,
                 new EnvironmentPathInstructionMock(_reporter, _pathToPlaceShim, true),
                 _reporter);
@@ -532,7 +534,7 @@ public void WhenInstallWithLowerVersionItShouldFail()
             var toolInstallGlobalOrToolPathCommand2 = new ToolInstallGlobalOrToolPathCommand(
                 result2,
                 _packageId,
-                (location, forwardArguments) => (_toolPackageStore, _toolPackageStoreQuery, toolToolPackageDownloader, _toolPackageUninstallerMock),
+                (location, forwardArguments, currentWorkingDirectory) => (_toolPackageStore, _toolPackageStoreQuery, toolToolPackageDownloader, _toolPackageUninstallerMock),
                 _createShellShimRepository,
                 new EnvironmentPathInstructionMock(_reporter, _pathToPlaceShim, true),
                 _reporter);
@@ -566,38 +568,43 @@ public void WhenRunWithValidVersionRangeItShouldSucceed()
                     PackageVersion).Green());
         }
 
-        [Fact]
-        public void WhenRunWithValidUnlistedVersionRangeItShouldSucceed()
-        {
-            const string nugetSourcePath = "https://api.nuget.org/v3/index.json";
-            var testDir = _testAssetsManager.CreateTestDirectory().Path;
-
-            var toolInstallGlobalOrToolPathCommand = new DotnetCommand(Log, "tool", "install", "-g", UnlistedPackageId, "--version", "[0.5.0]", "--add-source", nugetSourcePath)
-                .WithEnvironmentVariable("DOTNET_SKIP_WORKLOAD_INTEGRITY_CHECK", "true")
-                .WithWorkingDirectory(testDir);
-
-            toolInstallGlobalOrToolPathCommand.Execute().Should().Pass();
-
-            // Uninstall the unlisted package
-            var toolUninstallCommand = new DotnetCommand(Log, "tool", "uninstall", "-g", UnlistedPackageId);
-            toolUninstallCommand.Execute().Should().Pass();
-        }
-
-        [Fact]
-        public void WhenRunWithValidBareVersionItShouldInterpretAsNuGetExactVersion()
+        [Theory]
+        [InlineData("0.5.0")]
+        [InlineData("[0.5.0]")]
+        public void WhenRunWithValidVersionItShouldInterpretAsNuGetExactVersion(string version)
         {
             const string nugetSourcePath = "https://api.nuget.org/v3/index.json";
             var testDir = _testAssetsManager.CreateTestDirectory().Path;
+            var ridGraphPath = TestContext.GetRuntimeGraphFilePath();
 
-            var toolInstallGlobalOrToolPathCommand = new DotnetCommand(Log, "tool", "install", "-g", UnlistedPackageId, "--version", "0.5.0", "--add-source", nugetSourcePath)
-                .WithEnvironmentVariable("DOTNET_SKIP_WORKLOAD_INTEGRITY_CHECK", "true")
-                .WithWorkingDirectory(testDir);
+            var toolInstallCommand = new ToolInstallGlobalOrToolPathCommand(Parser.Instance.Parse($"dotnet tool install -g {UnlistedPackageId} --version {version} --add-source {nugetSourcePath}"),
+                createToolPackageStoreDownloaderUninstaller: (nonGlobalLocation, _, _) =>
+                {
+                    ToolPackageStoreAndQuery toolPackageStore = ToolPackageFactory.CreateToolPackageStoreQuery(nonGlobalLocation);
+                    var toolPackageDownloader = new ToolPackageDownloader(toolPackageStore, ridGraphPath, currentWorkingDirectory: testDir);
+                    var toolPackageUninstaller = new ToolPackageUninstaller(
+                        toolPackageStore);
+
+                    return (toolPackageStore, toolPackageStore, toolPackageDownloader, toolPackageUninstaller);
+                },
+                createShellShimRepository: _createShellShimRepository,
+                nugetPackageDownloader: new NuGetPackageDownloader(new DirectoryPath(PathUtilities.CreateTempSubdirectory()), verifySignatures: false, currentWorkingDirectory: testDir),
+                currentWorkingDirectory: testDir,
+                verifySignatures: false);
 
-            toolInstallGlobalOrToolPathCommand.Execute().Should().Pass();
+            toolInstallCommand.Execute().Should().Be(0);
 
             // Uninstall the unlisted package
-            var toolUninstallCommand = new DotnetCommand(Log, "tool", "uninstall", "-g", UnlistedPackageId);
-            toolUninstallCommand.Execute().Should().Pass();
+            var toolUninstallCommand = new ToolUninstallGlobalOrToolPathCommand(Parser.Instance.Parse("dotnet tool uninstall -g " + UnlistedPackageId),
+                // This is technically not _createShellShimRepository because that is a Microsoft.DotNet.Tools.Tool.Install.CreateShellShimRepository.
+                // This is a Microsoft.DotNet.Tools.Tool.Uninstall.CreateShellShimRepository.
+                createShellShimRepository: (_, nonGlobalLocation) => new ShellShimRepository(
+                    new DirectoryPath(_pathToPlaceShim),
+                    string.Empty,
+                    fileSystem: _fileSystem,
+                    appHostShellShimMaker: new AppHostShellShimMakerMock(_fileSystem),
+                    filePermissionSetter: new NoOpFilePermissionSetter()));
+            toolUninstallCommand.Execute().Should().Be(0);
         }
 
         [Fact]
@@ -623,7 +630,7 @@ public void WhenRunWithPrereleaseItShouldSucceed()
             var toolInstallGlobalOrToolPathCommand = new ToolInstallGlobalOrToolPathCommand(
                 result,
                 _packageId,
-                (location, forwardArguments) => (_toolPackageStore, _toolPackageStoreQuery, toolToolPackageDownloader, _toolPackageUninstallerMock),
+                (location, forwardArguments, currentWorkingDirectory) => (_toolPackageStore, _toolPackageStoreQuery, toolToolPackageDownloader, _toolPackageUninstallerMock),
                 _createShellShimRepository,
                 _environmentPathInstructionMock,
                 _reporter);
@@ -650,7 +657,7 @@ public void WhenRunWithPrereleaseAndPackageVersionItShouldThrow()
             var toolInstallGlobalOrToolPathCommand = new ToolInstallGlobalOrToolPathCommand(
                 result,
                 _packageId,
-                (location, forwardArguments) => (_toolPackageStore, _toolPackageStoreQuery, toolToolPackageDownloader, _toolPackageUninstallerMock),
+                (location, forwardArguments, currentWorkingDirectory) => (_toolPackageStore, _toolPackageStoreQuery, toolToolPackageDownloader, _toolPackageUninstallerMock),
                 _createShellShimRepository,
                 _environmentPathInstructionMock,
                 _reporter);
@@ -809,6 +816,20 @@ public void WhenRunWithPackageIdAndBinPathItShouldNoteHaveEnvironmentPathInstruc
             _reporter.Lines.Should().NotContain(l => l.Contains(EnvironmentPathInstructionMock.MockInstructionText));
         }
 
+        [Fact]
+        public void WhenInstallItDoesNotSkipNuGetPackageVerfication()
+        {
+            var toolInstallGlobalOrToolPathCommand = new ToolInstallGlobalOrToolPathCommand(
+                 _parseResult,
+                 createToolPackageStoreDownloaderUninstaller: _createToolPackageStoreDownloaderUninstaller,
+                 createShellShimRepository: _createShellShimRepository,
+                 environmentPathInstruction: new EnvironmentPathInstructionMock(_reporter, _pathToPlaceShim, true),
+                 reporter: _reporter);
+
+            toolInstallGlobalOrToolPathCommand.Execute().Should().Be(0);
+            _reporter.Lines.Should().NotContain(l => l.Contains(NuGetPackageDownloaderLocalizableStrings.NuGetPackageSignatureVerificationSkipped));
+        }
+
         [Fact]
         public void AndPackagedShimIsProvidedWhenRunWithPackageIdItCreateShimUsingPackagedShim()
         {
@@ -827,7 +848,7 @@ public void AndPackagedShimIsProvidedWhenRunWithPackageIdItCreateShimUsingPackag
             var installCommand = new ToolInstallGlobalOrToolPathCommand(
                 result,
                 _packageId,
-                (location, forwardArguments) => (_toolPackageStore, _toolPackageStoreQuery, new ToolPackageDownloaderMock(
+                (location, forwardArguments, currentWorkingDirectory) => (_toolPackageStore, _toolPackageStoreQuery, new ToolPackageDownloaderMock(
                     fileSystem: _fileSystem,
                     store: _toolPackageStore,
                     packagedShimsMap: packagedShimsMap,
diff --git a/test/dotnet.Tests/CommandTests/ToolUninstallGlobalOrToolPathCommandTests.cs b/test/dotnet.Tests/CommandTests/ToolUninstallGlobalOrToolPathCommandTests.cs
index 644464ffbc83..d974d4bed9d4 100644
--- a/test/dotnet.Tests/CommandTests/ToolUninstallGlobalOrToolPathCommandTests.cs
+++ b/test/dotnet.Tests/CommandTests/ToolUninstallGlobalOrToolPathCommandTests.cs
@@ -240,7 +240,7 @@ private ToolInstallGlobalOrToolPathCommand CreateInstallCommand(string options)
             return new ToolInstallGlobalOrToolPathCommand(
                 result,
                 new PackageId(PackageId),
-                (location, forwardArguments) => (store, store, packageDownloaderMock, toolPackageDownloaderMock),
+                (location, forwardArguments, currentWorkingDirectory) => (store, store, packageDownloaderMock, toolPackageDownloaderMock),
                 (_, _) => new ShellShimRepository(
                     new DirectoryPath(_shimsDirectory),
                     string.Empty,
diff --git a/test/dotnet.Tests/CommandTests/ToolUpdateGlobalOrToolPathCommandTests.cs b/test/dotnet.Tests/CommandTests/ToolUpdateGlobalOrToolPathCommandTests.cs
index cef787bdc94d..aa5750195c41 100644
--- a/test/dotnet.Tests/CommandTests/ToolUpdateGlobalOrToolPathCommandTests.cs
+++ b/test/dotnet.Tests/CommandTests/ToolUpdateGlobalOrToolPathCommandTests.cs
@@ -148,7 +148,7 @@ public void GivenAnExistedLowerversionInstallationWhenCallFromRedirectorItCanUpd
 
             var toolUpdateGlobalOrToolPathCommand = new ToolUpdateGlobalOrToolPathCommand(
                 result,
-                (location, forwardArguments) => (_store, _store, new ToolPackageDownloaderMock(
+                (location, forwardArguments, currentWorkingDirectory) => (_store, _store, new ToolPackageDownloaderMock(
                     store: _store,
                         fileSystem: _fileSystem,
                         reporter: _reporter,
@@ -320,7 +320,7 @@ public void GivenAnExistedLowerversionWhenReinstallThrowsIthasTheFirstLineIndica
 
             var command = new ToolUpdateGlobalOrToolPathCommand(
                 result,
-                (location, forwardArguments) => (_store, _store,
+                (location, forwardArguments, currentWorkingDirectory) => (_store, _store,
                     new ToolPackageDownloaderMock(
                         store: _store,
                         fileSystem: _fileSystem,
@@ -347,7 +347,7 @@ public void GivenAnExistedLowerversionWhenReinstallThrowsItRollsBack()
             
             var command = new ToolUpdateGlobalOrToolPathCommand(
                 result,
-                (location, forwardArguments) => (_store, _store,
+                (location, forwardArguments, currentWorkingDirectory) => (_store, _store,
                     new ToolPackageDownloaderMock(
                         store: _store,
                         fileSystem: _fileSystem,
@@ -385,7 +385,7 @@ public void GivenPackagedShimIsProvidedWhenRunWithPackageIdItCreatesShimUsingPac
             
             var command = new ToolUpdateGlobalOrToolPathCommand(
                 result,
-                (_, _) => (_store, _store, new ToolPackageDownloaderMock(
+                (_, _, _) => (_store, _store, new ToolPackageDownloaderMock(
                         store:_store,
                         fileSystem: _fileSystem,
                         reporter: _reporter,
@@ -418,7 +418,7 @@ private ToolInstallGlobalOrToolPathCommand CreateInstallCommand(string options,
             return new ToolInstallGlobalOrToolPathCommand(
                 result,
                 packageId is null ? _packageId : new PackageId(packageId) ,
-                (location, forwardArguments) => (_store, _store, new ToolPackageDownloaderMock(
+                (location, forwardArguments, currentWorkingDirectory) => (_store, _store, new ToolPackageDownloaderMock(
                     store: _store,
                     fileSystem: _fileSystem,
                     _reporter,
@@ -435,7 +435,7 @@ private ToolUpdateGlobalOrToolPathCommand CreateUpdateCommand(string options)
 
             return new ToolUpdateGlobalOrToolPathCommand(
                 result,
-                (location, forwardArguments) => (_store, _store, new ToolPackageDownloaderMock(
+                (location, forwardArguments, currentWorkingDirectory) => (_store, _store, new ToolPackageDownloaderMock(
                     store: _store,
                     fileSystem: _fileSystem,
                     _reporter,