Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Pester Scripts can't be started due Missing Signature #24

Open
bormm opened this issue May 28, 2020 · 2 comments
Open

Pester Scripts can't be started due Missing Signature #24

bormm opened this issue May 28, 2020 · 2 comments

Comments

@bormm
Copy link

bormm commented May 28, 2020

Where are you running it?

  • Azure DevOps Service (VSTS) + Self Hosted Agent with Windows 10 + Visual Studio

Version of Extension/Task

Version 10.0.3

Expected behaviour and actual behaviour

The task should at least start. Unfortunately it fails, because the embedded PowerShell script is not signed.
Of course I can and will change the security policy in this specific case, because its self hosted that is no issue. But I wondering if nobody else has such a problem and what the correct solution would be. I would think that every script a Task from the marketplace contains, should be signed so it be verified running only trusted and unchanged files.

Sorry, the error message in the build output is in German, but its the common known error:

##[error]"D:\azdevops-build\_tasks\Pester_cca5462b-887d-4617-bf3f-dcf0d3c622e9\10.0.3\Pester.ps1" kann nicht geladen werden. 
Die Datei "D:\azdevops-build\_tasks\Pester_cca5462b-887d-4617-bf3f-dcf0d3c622e9\10.0.3\Pester.ps1" ist nicht digital 
signiert. Sie können dieses Skript im aktuellen System nicht ausführen. Weitere Informationen zum Ausführen von 
Skripts und Festlegen der Ausführungsrichtlinie erhalten Sie unter "about_Execution_Policies" 
(https:/go.microsoft.com/fwlink/?LinkID=135170)..
In Zeile:1 Zeichen:1
+ d:\azdevops-build\_tasks\Pester_cca5462b-887d-4617-bf3f-dcf0d3c622e9\ ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : Sicherheitsfehler: (:) [], PSSecurityException
    + FullyQualifiedErrorId : UnauthorizedAccess

Steps to reproduce the problem

I don't really know, because its not working for me out of the box. Maybe regular MS build agents have a other security policy then the Windows 10 I setup.
@ChrisLGardner
Copy link
Collaborator

I think the agents are probably using RemoteSigned as their execution policy, I'm guessing yours is more restricted than that. Signing the script isn't really an option sadly as those certs are pretty expensive. I could use some switches on the PowerShell command to bypass it but I'd rather not have to.

I'll try to think of another solution or workaround.

@bormm
Copy link
Author

bormm commented May 28, 2020

If this also works only with some digicert or whatever "professional" certificate, than of course that's bad and to expensive for a free project. Microsoft should offer something free for their Marketplace content.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ChrisLGardner @bormm