Skip to content

feat: add suggested solutions to untrusted site message#2060

Merged
Fabien-Chouteau merged 4 commits into
alire-project:masterfrom
Seb-MCaw:feat/recommend-trusted-sites-setting
Jan 13, 2026
Merged

feat: add suggested solutions to untrusted site message#2060
Fabien-Chouteau merged 4 commits into
alire-project:masterfrom
Seb-MCaw:feat/recommend-trusted-sites-setting

Conversation

@Seb-MCaw

@Seb-MCaw Seb-MCaw commented Jan 8, 2026

Copy link
Copy Markdown
Contributor

Closes #1985

When alr publish fails due to an untrusted origin, the message now has the form

error: Could not complete the publishing assistant:
error:    Origin host 'untrusted.site' is not a trusted site:
error:    Please open an issue at https://github.com/alire-project/alire/issues/new if you think it should be added to the list.

or, if --for-private-index is specified,

error: Could not complete the publishing assistant:
error:    Origin host 'untrusted.site' is not a trusted site:
error:    This can be configured using the 'origins.git.trusted_sites' setting.
PR creation checklist
  • A test is included, if required by the changes.
  • doc/user-changes.md has been updated, if there are user-visible changes.
  • doc/catalog-format-spec.md has been updated, if applicable.
  • BREAKING.md has been updated for major changes in alr, minor/major in catalog format.

@Seb-MCaw Seb-MCaw marked this pull request as ready for review January 9, 2026 09:32
Copilot AI review requested due to automatic review settings January 9, 2026 09:32
Copilot AI reviewed Jan 9, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR enhances the error message shown when alr publish fails due to an untrusted origin site. The message now provides context-specific guidance: for private index publishing, it directs users to configure the origins.git.trusted_sites setting, while for community index submissions, it prompts users to open a GitHub issue if they believe the site should be trusted.

  • Updated error message format to be more specific and user-friendly
  • Added conditional suggested solutions based on whether --for-private-index is used
  • Updated documentation to clarify why community index has restricted trusted sites

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated no comments.

Show a summary per file
File Description
src/alire/alire-publish.adb Implements the new error message with context-aware suggestions for untrusted sites
src/alire/alire-settings-builtins.ads Adds clarification about SHA1 vulnerability rationale for community index restrictions
testsuite/tests/publish/check-trusted/test.py Updates test assertions to match new error message format
testsuite/tests/publish/private-indexes/test.py Updates test assertions and adds validation for context-specific suggestions
testsuite/tests/publish/ssh-remote-origin/test.py Updates test assertion to match new error message format

@Seb-MCaw

Seb-MCaw commented Jan 9, 2026

Copy link
Copy Markdown
Contributor Author

The failure looks transient, so ready for review @mosteo.

@Fabien-Chouteau Fabien-Chouteau merged commit fff1077 into alire-project:master Jan 13, 2026
52 of 53 checks passed
@Seb-MCaw Seb-MCaw deleted the feat/recommend-trusted-sites-setting branch January 14, 2026 10:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@AldanTanneo AldanTanneo AldanTanneo approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Suggest changing origins.git.trusted_sites when alr publish --for-private-index fails due to an untrusted origin

4 participants

@Seb-MCaw @AldanTanneo @Fabien-Chouteau