Certificate warning when upgrading to 5.6.0-beta1
fflaten opened this issue · comments
Checklist
- Issue has a meaningful title
- I have searched the existing issues. See all issues
- I have tested using the latest version of Pester. See Installation and update guide.
What is the issue?
The new code signing certificate unfortunately triggers a new publisher warning when calling Update-Module
Install-Package: Authenticode issuer 'CN=Jakub Jareš, O=Jakub Jareš, L=Praha, C=CZ' of the new module 'Pester' with version '5.6.0' from
root certificate authority 'CN=DigiCert Trusted Root G4, OU=www.digicert.com, O=DigiCert Inc, C=US' is not matching
with the authenticode issuer 'CN=Jakub Jareš, O=Jakub Jareš, L=Praha, C=CZ' of the previously-installed module 'Pester'
with version '5.5.0' from root certificate authority 'CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert
Inc, C=US'. If you still want to install or update, use -SkipPublisherCheck parameter.
Expected Behavior
No warning.
Steps To Reproduce
Install-Module -Name Pester -RequiredVersion 5.5.0 -Force -SkipPublisherCheck
Update-Module -Name Pester -AllowPrerelease
Describe your environment
Pester version : 5.5.0 C:\Users\Frode\Documents\PowerShell\Modules\Pester\5.5.0\Pester.psm1
PowerShell version : 7.4.2
OS version : Microsoft Windows NT 10.0.22631.0
PowerShellGet version: 2.2.5
Possible Solution?
No response
There is no solution unfortunately. If I stop signing the certificate there will be warning. If I rename the certificate people won't be able to find it. This will just continue happening if the root will change again in 3 years for new certificate. Unless the logic in powershell changes, and everyone will update.
This issue does not occur with PSResourceGet.
PS C:\> Get-PSResource Pester
Name Version Prerelease Repository Description
---- ------- ---------- ---------- -----------
Pester 5.5.0 PSGallery Pester provides a framework for running…
PS C:\> Update-PSResource Pester -PassThru
Name Version Prerelease Repository Description
---- ------- ---------- ---------- -----------
Pester 5.6.0 PSGallery Pester provides a framework for running…
IIRC they removed the whole publisher check in v3. Most users still use older out-of-box modules unfortunately.
It's still there but is now opt in rather than opt out.
Could there be a notice of this on the readme? i mean it wont really help with the module system being stupid, but it does feel better if the first thing you saw when searching for "pester powershell" be a "please note: certificate from previous versions have changed.."
Sure, do you want to PR it?
Pinned issue was a good call.
We have pinned version for long time, and I get this same cert error. Only way to workaround is by adding -SkipPublisherCheck fixes
Install-Module -Name 'Pester' -RequiredVersion 5.3.1 -Force | Out-Null
Import-Module -Name Pester -RequiredVersion 5.3.1 -Force
"C:\Program Files\PowerShell\7\pwsh.exe" -NoLogo -NoProfile -NonInteractive -Command D:\a_temp\434bdabc-db7b-4fdc-9743-7ddeeb878098.ps1
92Install-Package: Authenticode issuer 'CN=Jakub Jareš, O=Jakub Jareš, L=Praha, C=CZ' of the new module 'Pester' with version '5.3.1' from
93root certificate authority 'CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US' is not matching
94with the authenticode issuer 'CN=Jakub Jareš, O=Jakub Jareš, L=Praha, C=CZ' of the previously-installed module 'Pester'
95with version '5.6.0' from root certificate authority 'CN=DigiCert Trusted Root G4, OU=www.digicert.com, O=DigiCert Inc,
96C=US'. If you still want to install or update, use -SkipPublisherCheck parameter.
97Import-Module: D:\a_temp\434bdabc-db7b-4fdc-9743-7ddeeb878098.ps1:4
98Line |
99 4 | Import-Module -Name Pester -RequiredVersion 5.3.1 -Force
100 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
101 | The specified module 'Pester' with version '5.3.1' was not loaded because no valid module file was found in any
102 | module directory.
103Error: Error: The process 'C:\Program Files\PowerShell\7\pwsh.exe' failed with exit code 1
@RKSelvi Looks like it's because you've already installed 5.6.0 locally. Same issue just different direction, downgrade vs upgrade with mismatching certs.