Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Signing: more SDK initialization and enable opt-in on Linux #4720

Merged
merged 1 commit into from
Jul 12, 2022
Merged

Signing: more SDK initialization and enable opt-in on Linux #4720

merged 1 commit into from
Jul 12, 2022

Conversation

dtivel
Copy link
Contributor

@dtivel dtivel commented Jul 12, 2022

Bug

Fixes: NuGet/Home#11956

Regression? Last working version: Yes, this change introduced a regression on Linux in two scenarios.

Description

To localize X.509 trust store initialization to .NET SDK scenarios that require it, initialization must be performed in any .NET SDK code path where package extraction (and thus signature verification) may occur. This PR adds missed initialization for dotnet add package and NuGet SDK resolver code paths.

In addition, signature verification is being disabled by default on Linux for .NET 6 SDK but will be enabled by default for .NET 7 SDK. Also, the verbosity level of log messages indicating which X.509 trust store will be used has been changed from verbose to informational, because in the dotnet add package scenario, verbose messages aren't displayed, informational messages are, and there's no obvious way for a user to increase verbosity level.

PR Checklist

  • PR has a meaningful title

  • PR has a linked issue.

  • Described changes

  • Tests

    • Automated tests added
    • OR
    • Test exception
    • OR
    • N/A

  • Documentation

    • Documentation PR or issue filled
    • OR
    • N/A

@dtivel dtivel requested a review from a team as a code owner July 12, 2022 16:11
@erdembayar
Copy link
Contributor

I can see test/NuGet.Core.FuncTests/Dotnet.Integration.Test/compiler/resources/nuget.versioning.5.0.0.nupkg is added here.
Was it expected or not?

@dtivel
Copy link
Contributor Author

dtivel commented Jul 12, 2022

@erdembayar, it was expected. An explanation is at its use site.

heng-liu
heng-liu reviewed Jul 12, 2022
View reviewed changes
Copy link
Contributor

@heng-liu heng-liu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just have a few questions. Others looks good to me :)

@dtivel dtivel merged commit 3cc1553 into dev Jul 12, 2022
@dtivel dtivel deleted the dev-dtivel-fix-sdk-init branch July 12, 2022 23:55
dtivel added a commit that referenced this pull request Jul 13, 2022
@dtivel
Signing: more SDK initialization and enable opt-in on Linux (#4720)
42fb9be 
Resolve NuGet/Home#11956
@dtivel dtivel mentioned this pull request Jul 13, 2022
Merged
8 tasks
dtivel added a commit that referenced this pull request Jul 13, 2022
@dtivel
[cherrypick] [release-6.3.x] Signing: enable X.509 trust store on Lin…
222ff7a 
…ux/macOS (#4722)

See #4706 and #4720.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@heng-liu heng-liu heng-liu approved these changes

@jeffkl jeffkl jeffkl approved these changes

@erdembayar erdembayar erdembayar approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Bug]: X.509 trust store isn't initialized in dotnet add package and SDK resolver code paths
4 participants
@dtivel @erdembayar @jeffkl @heng-liu