Skip to content

feat: add suggested solutions to untrusted site message #2060

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Seb-MCaw wants to merge 4 commits into
base: master
Choose a base branch
from
Open

feat: add suggested solutions to untrusted site message #2060

Seb-MCaw wants to merge 4 commits into from
+39 −11

Conversation

@Seb-MCaw
Copy link
Contributor

@Seb-MCaw Seb-MCaw commented Jan 8, 2026

Closes #1985

When alr publish fails due to an untrusted origin, the message now has the form

error: Could not complete the publishing assistant:
error:    Origin host 'untrusted.site' is not a trusted site:
error:    Please open an issue at https://github.com/alire-project/alire/issues/new if you think it should be added to the list.

or, if --for-private-index is specified,

error: Could not complete the publishing assistant:
error:    Origin host 'untrusted.site' is not a trusted site:
error:    This can be configured using the 'origins.git.trusted_sites' setting.
PR creation checklist
  • A test is included, if required by the changes.
  • doc/user-changes.md has been updated, if there are user-visible changes.
  • doc/catalog-format-spec.md has been updated, if applicable.
  • BREAKING.md has been updated for major changes in alr, minor/major in catalog format.

@Seb-MCaw Seb-MCaw marked this pull request as ready for review January 9, 2026 09:32
Copilot AI review requested due to automatic review settings January 9, 2026 09:32
Copilot AI reviewed Jan 9, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR enhances the error message shown when alr publish fails due to an untrusted origin site. The message now provides context-specific guidance: for private index publishing, it directs users to configure the origins.git.trusted_sites setting, while for community index submissions, it prompts users to open a GitHub issue if they believe the site should be trusted.

  • Updated error message format to be more specific and user-friendly
  • Added conditional suggested solutions based on whether --for-private-index is used
  • Updated documentation to clarify why community index has restricted trusted sites

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated no comments.

Show a summary per file
File Description
src/alire/alire-publish.adb Implements the new error message with context-aware suggestions for untrusted sites
src/alire/alire-settings-builtins.ads Adds clarification about SHA1 vulnerability rationale for community index restrictions
testsuite/tests/publish/check-trusted/test.py Updates test assertions to match new error message format
testsuite/tests/publish/private-indexes/test.py Updates test assertions and adds validation for context-specific suggestions
testsuite/tests/publish/ssh-remote-origin/test.py Updates test assertion to match new error message format

@Seb-MCaw
Copy link
Contributor Author

Seb-MCaw commented Jan 9, 2026

The failure looks transient, so ready for review @mosteo.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@AldanTanneo AldanTanneo AldanTanneo approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Suggest changing origins.git.trusted_sites when alr publish --for-private-index fails due to an untrusted origin

2 participants

@Seb-MCaw @AldanTanneo