Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Certificate warning when upgrading to 5.6.0-beta1 #2438

Closed
3 tasks done
fflaten opened this issue Apr 25, 2024 · 9 comments · Fixed by #2504
Closed
3 tasks done

Certificate warning when upgrading to 5.6.0-beta1 #2438

fflaten opened this issue Apr 25, 2024 · 9 comments · Fixed by #2504

Comments

@fflaten
Copy link
Collaborator

fflaten commented Apr 25, 2024
edited
Loading

Checklist

What is the issue?

The new code signing certificate unfortunately triggers a new publisher warning when calling Update-Module

Install-Package: Authenticode issuer 'CN=Jakub Jareš, O=Jakub Jareš, L=Praha, C=CZ' of the new module 'Pester' with version '5.6.0' from
root certificate authority 'CN=DigiCert Trusted Root G4, OU=www.digicert.com, O=DigiCert Inc, C=US' is not matching
with the authenticode issuer 'CN=Jakub Jareš, O=Jakub Jareš, L=Praha, C=CZ' of the previously-installed module 'Pester'
with version '5.5.0' from root certificate authority 'CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert
Inc, C=US'. If you still want to install or update, use -SkipPublisherCheck parameter.

Expected Behavior

No warning.

Steps To Reproduce

Install-Module -Name Pester -RequiredVersion 5.5.0 -Force -SkipPublisherCheck
Update-Module -Name Pester -AllowPrerelease

Describe your environment

Pester version : 5.5.0 C:\Users\Frode\Documents\PowerShell\Modules\Pester\5.5.0\Pester.psm1
PowerShell version : 7.4.2
OS version : Microsoft Windows NT 10.0.22631.0
PowerShellGet version: 2.2.5

Possible Solution?

No response
@nohwnd
Copy link
Member

nohwnd commented Apr 25, 2024

There is no solution unfortunately. If I stop signing the certificate there will be warning. If I rename the certificate people won't be able to find it. This will just continue happening if the root will change again in 3 years for new certificate. Unless the logic in powershell changes, and everyone will update.

@nohwnd nohwnd pinned this issue Apr 29, 2024
@ThomasNieto
Copy link

This issue does not occur with PSResourceGet.

PS C:\> Get-PSResource Pester

Name   Version Prerelease Repository Description
----   ------- ---------- ---------- -----------
Pester 5.5.0              PSGallery  Pester provides a framework for running…

PS C:\> Update-PSResource Pester -PassThru

Name   Version Prerelease Repository Description
----   ------- ---------- ---------- -----------
Pester 5.6.0              PSGallery  Pester provides a framework for running…

@fflaten
Copy link
Collaborator Author

fflaten commented Jun 5, 2024

IIRC they removed the whole publisher check in v3. Most users still use older out-of-box modules unfortunately.

@ThomasNieto
Copy link

ThomasNieto commented Jun 5, 2024
edited
Loading

It's still there but is now opt in rather than opt out.

@WithHolm
Copy link
Contributor

Could there be a notice of this on the readme? i mean it wont really help with the module system being stupid, but it does feel better if the first thing you saw when searching for "pester powershell" be a "please note: certificate from previous versions have changed.."

@nohwnd
Copy link
Member

nohwnd commented Jun 13, 2024

Sure, do you want to PR it?

@BernieWhite
Copy link

Pinned issue was a good call.

@RKSelvi
Copy link

RKSelvi commented Jun 14, 2024

We have pinned version for long time, and I get this same cert error. Only way to workaround is by adding -SkipPublisherCheck fixes

Install-Module -Name 'Pester' -RequiredVersion 5.3.1 -Force | Out-Null
Import-Module -Name Pester -RequiredVersion 5.3.1 -Force

"C:\Program Files\PowerShell\7\pwsh.exe" -NoLogo -NoProfile -NonInteractive -Command D:\a_temp\434bdabc-db7b-4fdc-9743-7ddeeb878098.ps1
92Install-Package: Authenticode issuer 'CN=Jakub Jareš, O=Jakub Jareš, L=Praha, C=CZ' of the new module 'Pester' with version '5.3.1' from
93root certificate authority 'CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US' is not matching
94with the authenticode issuer 'CN=Jakub Jareš, O=Jakub Jareš, L=Praha, C=CZ' of the previously-installed module 'Pester'
95with version '5.6.0' from root certificate authority 'CN=DigiCert Trusted Root G4, OU=www.digicert.com, O=DigiCert Inc,
96C=US'. If you still want to install or update, use -SkipPublisherCheck parameter.
97Import-Module: D:\a_temp\434bdabc-db7b-4fdc-9743-7ddeeb878098.ps1:4
98Line |
99 4 | Import-Module -Name Pester -RequiredVersion 5.3.1 -Force
100 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
101 | The specified module 'Pester' with version '5.3.1' was not loaded because no valid module file was found in any
102 | module directory.
103Error: Error: The process 'C:\Program Files\PowerShell\7\pwsh.exe' failed with exit code 1

@fflaten
Copy link
Collaborator Author

fflaten commented Jun 15, 2024
edited
Loading

@RKSelvi Looks like it's because you've already installed 5.6.0 locally. Same issue just different direction, downgrade vs upgrade with mismatching certs.

@WithHolm WithHolm mentioned this issue Jun 15, 2024
Merged
@techthoughts2 techthoughts2 mentioned this issue Aug 6, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Update cert-notice readme WithHolm/Pester
6 participants
@fflaten @nohwnd @WithHolm @BernieWhite @ThomasNieto @RKSelvi