-
Notifications
You must be signed in to change notification settings - Fork 78
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unable to install an unverifiable plugin without interactive confirmation #2584
Comments
Thank you for filing this issue. We appreciate your feedback and will review the issue as soon as possible. Remember, however, that GitHub isn't a mechanism for receiving support under any agreement or SLA. If you require immediate assistance, contact Salesforce Customer Support. |
Hello @kyle-blair 👋 None of the versions of Shared: Update to the latest version of Salesforce CLI (docs) and confirm that you're still seeing your issue. After updating, share the full output of |
@kyle-blair here's the code that's handling the connection errors when we go to verify the signature. It's looking for a http 403. What error is your proxy/firewall throwing? Edit (source link): https://github.com/salesforcecli/plugin-trust/blob/4631c122adeaaf1c98c5eb833ed650082b3677fd/src/shared/installationVerification.ts#L472 |
@mshanemc thanks for that! I'll have to get better at looking through the source myself first. Unfortunately, it looks like the response I'm seeing is slightly different.
|
What do you think about loosening up the 403 comparison like so? if (err.name === 'NotSigned' || err.message && err.message.includes('Response code 403')) I could open that pull request if that seems acceptable. |
yeah, we could handle all 403. |
Pull request incoming. |
it's a pretty small change I can do if doing the PR isn't convenient. |
This issue has been linked to a new work item: W-14581522 |
The only delay was waiting for internal approval late yesterday afternoon, which is complete now. I'd love to get an open source contribution under my belt if you can wait an hour until I get online. |
I made one change and merged it. It'll go into tonight's nightly |
This issue is addressed in 2.21.7 (Dec 13, 2023). Thank you! |
Summary
This is somewhat an extension of #2540. The workaround stated in that issue works on local machines but not from our build servers. The plugin install fails trying to verify signature because the requests to developer.salesforce.com are blocked. I see two approaches to work around this:
The problem with both is that signature verification is not bypassed. Per the documentation, I placed the following file in both
"$HOME/.config/sf
and$HOME/.config/sfdx
:With option 1, using
sfdmu
as the plugin, it still tries to verify the signature which fails due to the firewall restriction. With option 2, I'm not sure what value to use to identify the plugin when installing via git url. As you can see, I tried several options and none of them work.Steps To Reproduce
Steps 1-3 are the same for both options.
Option 1
"$HOME/.config/sf
following the documentation.sf plugins install sfdmu
.Option 2
"$HOME/.config/sf
following the documentation.sf plugins install https://github.com/forcedotcom/SFDX-Data-Move-Utility
.Expected result
With either option, the verification override mechanism should result in the verification being skipped, or at least a failed verification being ignored.
Actual result
With both options, the verification is still performed, and still results in a failure of the plugin installation. For option 1, it tries to hit developer.salesforce.com for verification of a known plugin and that fails due to the firewall. This causes the whole command to fail, even though I've configured it to skip verification. For option 2, it interactively prompts to accept installation of an unverified plugin which fails when run non-interactively (i.e. from a build server that's running that command while building a docker image). Further, it is unclear what value to use to skip verification when you're installing a plugin via a git url. As you can see, I have tried several options.
System Information
The text was updated successfully, but these errors were encountered: