Skip to content

[release/9.0] Improve dev-certs export error message #58471

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Oct 16, 2024
Merged

[release/9.0] Improve dev-certs export error message #58471

merged 2 commits into from
Oct 16, 2024

Conversation

github-actions[bot]
Copy link
Contributor

@github-actions github-actions bot commented Oct 16, 2024
edited by amcasey
Loading

Backport of #58470 to release/9.0

Improve dev-certs export error message

Mention non-existent target directory

Description

During a recent security review of the dev-certs tool, we observed that on export it would create a directory that was potentially world-readable (e.g. based on permissions inherited from the parent directory). We decided it would be more appropriate to let users make the decision of who should have access to the directory. Unfortunately, this removal of functionality broke some app authors' workflows. When dev-certs is run directly, the --verbose output makes it clear what went wrong and what needs to happen, but the non-verbose output that appears when another tool does the export is less helpful. This change introduces a new top-level error state for an export failure caused by a non-existent target directory to make it clearer how to fix broken workflows.

The behavior changed in #56985.

For #58330

Customer Impact

Development certificate export fails. This is most likely to break scenarios where the app is being developed (or validated in CI) in a container.

Regression?

  • Yes
  • No

I believe this made it into RC1, so it's only a regression from preview releases (and 8.0).

Risk

  • High
  • Medium
  • Low

A slightly different string is printed - everything else stays the same.

Verification

  • Manual (required)
  • Automated

Packaging changes reviewed?

  • Yes
  • No
  • N/A

@amcasey
Improve dev-certs export error message
4d6a9b2 
During a recent security review of the dev-certs tool, we observed that on export it would create a directory that was potentially world-readable (e.g. based on permissions inherited from the parent directory).  We decided it would be more appropriate to let users make the decision of who should have access to the directory.  Unfortunately, this removal of functionality broke some app authors' workflows.  When dev-certs is run directly, the `--verbose` output makes it clear what went wrong and what needs to happen, but the non-verbose output that appears when another tool does the export is less helpful.  This change introduces a new top-level error state for an export failure caused by a non-existent target directory to make it clearer how to fix broken workflows.

The behavior changed in #57108, which included a backport of #56985, and shipped in 8.0.10.

For #58330
@ghost ghost added the area-commandlinetools Includes: Command line tools, dotnet-dev-certs, dotnet-user-jwts, and OpenAPI label Oct 16, 2024
@dotnet-policy-service dotnet-policy-service bot added this to the 9.0.x milestone Oct 16, 2024
@amcasey amcasey requested a review from BrennanConroy October 16, 2024 19:48
@amcasey amcasey added the Servicing-consider Shiproom approval is required for the issue label Oct 16, 2024
@amcasey
Copy link
Member

amcasey commented Oct 16, 2024

/backport to main

@github-actions GitHub Actions
Copy link
Contributor Author

Started backporting to main: https://github.com/dotnet/aspnetcore/actions/runs/11372969393

@github-actions github-actions bot mentioned this pull request Oct 16, 2024
Merged
amcasey
amcasey reviewed Oct 16, 2024
View reviewed changes
@amcasey
Copy link
Member

amcasey commented Oct 16, 2024

Approved over email

@amcasey amcasey added Servicing-approved Shiproom has approved the issue and removed Servicing-consider Shiproom approval is required for the issue labels Oct 16, 2024
@wtgodbe wtgodbe merged commit b72b68d into release/9.0 Oct 16, 2024
25 checks passed
@wtgodbe wtgodbe deleted the backport/pr-58470-to-release/9.0 branch October 16, 2024 23:50
@dotnet-policy-service dotnet-policy-service bot modified the milestones: 9.0.x, 9.0.0 Oct 16, 2024
This was referenced Jul 22, 2025
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Merged
Closed
Closed
Open
Closed
This was referenced Aug 11, 2025
Closed
Closed
Open
Open
Open
Open
This was referenced Aug 18, 2025
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Closed
Merged
Closed
Closed
Open
Open
Closed
This was referenced Aug 25, 2025
Open
Open
Closed
Open
Closed
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@amcasey amcasey amcasey left review comments

@BrennanConroy BrennanConroy BrennanConroy approved these changes

Assignees
No one assigned
Labels
area-commandlinetools Includes: Command line tools, dotnet-dev-certs, dotnet-user-jwts, and OpenAPI Servicing-approved Shiproom has approved the issue
Projects
None yet
Milestone
9.0.0
Development

Successfully merging this pull request may close these issues.
3 participants
@amcasey @BrennanConroy @wtgodbe