Do not fail on partial trust warning. #9384
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
github-actions
bot
added
the
needs-area-label
mitchdenny
added
area-cli
and removed
needs-area-label
There was a problem hiding this comment.
Pull Request Overview
This PR addresses an issue where the HTTPS developer certificate might be partially trusted, preventing a hard failure on a non-zero exit code from the dotnet dev-certs command. The changes include new tests to verify both the success and failure paths and an update to CertificateService to detect and warn when a partial trust condition is encountered.
Reviewed Changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| tests/Aspire.Cli.Tests/Certificates/CertificateServiceTests.cs | Added tests to cover the partial trust scenario |
| src/Aspire.Cli/Certificates/CertificateService.cs | Modified the certificate service to detect a partial trust message and continue startup with a warning |
Comments suppressed due to low confidence (1)
src/Aspire.Cli/Certificates/CertificateService.cs:67
- Consider reusing the outputLines variable instead of calling ensureCertificateCollector.GetLines() again to avoid potential discrepancies if the collector's state changes.
interactionService.DisplayLines(ensureCertificateCollector.GetLines());
davidfowl
reviewed
May 19, 2025
davidfowl
reviewed
May 19, 2025
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR fixes an issue that was reported where the underlying shell out to
dotnet dev-certsto trust a certificate might result in a non-zero exit code where the cert is partially trusted.In these circumstances we probably want to "let it slide" and continue starting up the apphost because there are lots of corner cases around certificate trust particularly on Linux distros which might result in this issue.
Rather than hard blocking we detect we are in this partial trust situation and just display a warning (mostly to help our own diagnostics if it later doesn't actually work).
We should consider modifying dev-certs to return a different exit code for this partial trust situation.