Open heng-liu opened 3 years ago
@kartheekp-ms has implemented in the sign command for respecting -NonInteractive option. So just check if such test is added. If not, add one.
Progress:
Investigated the places we use interactive option in .NET Framework code path:
1.When there are multiple certificates resolved, launch UI to select .
2.When certificate has a password to access it's private key, but the password is not passed to the sign command, show a PIN prompt .
Thanks for @bartonjs's help! Here is the updates of the two places.
For 1, If you’re on Windows you can invoke the cert picker UI still, via System.Security.Cryptography.X509Certificates.X509Certificate2UI in the System.Windows.Extensions package. There’s no notion of a cert picker in .NET for macOS or Linux.
So my understanding is for .NET5, we could show the cert picker UI for Windows, but not Linux and MacOS.
For 2, we might be able to show PIN prompt on Windows, Linux and MacOS.
Raised a related question: best practice of accepting password for X509Certificate2 constructors in .NET5
Deprioritize it for now. There will be no gain for the 1st scenario on Linux and Mac. There might be no gain for the 2nd scenario on Linux and Mac.
Thanks for @JonDouglas 's suggestion offline. We'd better implement interactivity at least for the -CertificatePassword field.
Thanks for the confirmation offline! This one will be implemented later.
@heng-liu - Moving back to Backlog. LMK if that doesn't make sense.
Note that the option has flipped from NuGet.exe's -NonInteractive option.
See all comments in NuGet/NuGet.Client#3069. Propagating the NonInteractive option from SignArgs in SignCommandRunner seems like the best option. If the default behavior must change as a result of this work, please sync with Claire Novotny. It may be worth adding a test for the non-interactive case. The test may actually be provided by a later task below.