Closed rmunn closed 8 years ago
Note that as mentioned in #213, Mono 3.12 and later will come with Mozilla's root certificates pre-installed, so this will only be an issue on older Linux releases that came with Mono versions prior to 3.12. Still, that's no reason not to do the right thing for those releases. And the right thing is to let the user know about security changes to their system, and not to make such changes without their explicit permission.
Yes we should ask.
Here's a PR with my proposed change. I'm of two minds about whether the exit 1
is a good idea or not. On the one hand, exiting immediately after informing the user of a suggested step seems like a good idea, and if we continue the script, the suggestion might be buried under further error messages. On the other hand, if they have deliberately chosen not to trust any Mozilla certificates and have already downloaded Paket manually, then exiting after printing the message is the wrong thing to do.
Thoughts?
I haven't looked at the PR but it would be great if there could be a y/n install prompt to the user allowing the script to continue and do the install if the user approved.
Note that as mentioned in #213, Mono 3.12 and later will come with Mozilla's root certificates pre-installed
AFAIU, this change is in Mono, but it's up to distros to pick it up in their Mono packaging. Debian/Ubuntu did, and e.g. with Ubuntu16.04 you can use MonoDevelop+Nuget out of the box.
In
build.sh
as it currently stands, we runmozroots --import --sync --quiet
without asking the user for permission. This imports over 100 root SSL certificates (a total of 140 at the moment). Saying that this has security implications would be putting it mildly. Not every user will want to trust the same root certificates as Mozilla. Many will, which is why Mono has made it easy to run a single command and import them all. But for other users, who don't necessarily want to trust Mozilla's list of certificates, we're doing absolutely the wrong thing: we're making a change, potentially a major change, to their system's security, and we're not telling them about it.I recommend that instead of running
mozroots --import --sync --quiet
if there are no root SSL certificates installed on the user's system, we should print a message informing them that the Paket bootstrapper will fail because there are no trusted root certificates, and suggest runningmozroots --import --sync
to fix the problem. But we absolutely should not change their trusted root certificates without their permission or knowledge.