Windows 10 10.0.14393 gives an error when trying to update Pester #585

Closed
mrboring opened this Issue Jul 24, 2016 · 10 comments

Projects

None yet

7 participants

@mrboring

Hi

I'm running Windows 10 10.0.14393. When I try to update Pester (update-module Pester -Force) I get the following error:

PackageManagement\Install-Package : The version '3.4.1' of the module 'Pester' being installed is not catalog signed.
Ensure that the version '3.4.1' of the module 'Pester' has the catalog file 'Pester.cat' and signed with the same
publisher 'CN=Microsoft Root Certificate Authority 2010, O=Microsoft Corporation, L=Redmond, S=Washington, C=US' as
the previously-installed module '3.4.1' with version '3.4.0' under the directory 'C:\Program
Files\WindowsPowerShell\Modules\Pester\3.4.0'. If you still want to install or update, use -SkipPublisherCheck
parameter.
At C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1:1941 char:20
+ ...           $sid = PackageManagement\Install-Package @PSBoundParameters
+                      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (Microsoft.Power....InstallPackage:InstallPackage) [Install-Package],
   Exception
    + FullyQualifiedErrorId : ModuleIsNotCatalogSigned,Validate-ModuleAuthenticodeSignature,Microsoft.PowerShell.Packa
   geManagement.Cmdlets.InstallPackage

Am I doing something wrong?

Thanks.

@mrboring mrboring changed the title from Windows 10 10.0.14393 gives an error when trying to update module to Windows 10 10.0.14393 gives an error when trying to update Pester Jul 24, 2016
@dlwyatt
Member
dlwyatt commented Jul 24, 2016

That is odd... I can only assume that this has something to do with a version of Pester being shipped with Windows 10, even though it's not a Microsoft module. They've certainly never signed our releases before (nor would I expect them to). @JamesWTruher , @vors , any ideas?

@dlwyatt
Member
dlwyatt commented Jul 24, 2016

If I had to guess, I'd say that somewhere within Microsoft, there was a lawyer who decided everything released with Windows 10 had to be signed. And didn't realize the consequences when it comes to updating the OSS module to a new version with PowerShellGet. ;)

IMO, Pester shouldn't be signed by Microsoft, unless we have some way of getting signed cabs as part of our release pipeline for new versions as well.

@kilasuit

@mrboring - You should be able to get round this easily enough by running

Install-Module Pester -Force -SkipPublisherCheck

Though I agree with @dlwyatt that this really shouldn't have occurred and seems yet another weird thing with the PowerShellGet module in the latest builds.

@mrboring

@kilasuit Thanks, that worked.

@dlwyatt I'm suprised that others have not reported this issue. Could it be somehting odd in my installation of Windows 10?

@johlju
johlju commented Jul 24, 2016

I had it to in the latest Windows 10 insider version too, so not just your installation. I ignored the error since I normally don't use (code) pester on the client OS this was not an issue for me. But will be an issue if the same happens on Windows Server 2016.

@mrboring mrboring closed this Jul 24, 2016
@JamesWTruher
Contributor

When we decided to ship Pester with Windows it introduced a set of side-effects. One of those side effects was that the files would be catalog signed. This happens with every file that is shipped with Windows, and exempting the Pester files was simply not possible. We knew that there might be a problem when updating some modules, specifically Pester and PSReadLine. -SkipPublisherCheck is exactly what is needed here, it allows you to update the module and ignore the fact that the files are signed. We know that this might be difficult to discover, so and we continue to investigate other possible ways to improve the experience.

We thought that the value that we get from shipping Pester with Windows far out-weighed the using this parameter if someone wanted to update their module with a later version.

@mrboring

@JamesWTruher Thanks for the information.

@KirkMunro
Contributor

It's unfortunate that -SkipPublisherCheck doesn't exist on Update-Module, and only on Install-Module. PowerShellGet/PackageManagement should probably be updated to handle this use case better.

@kilasuit

Re to @KirkMunro Update-Module still doesn't have this in Win10 insider build 14931 so Install-Module is the only way to update inbox modules for now

@Jaykul
Contributor
Jaykul commented Sep 26, 2016 edited

@JamesWTruher this is a TERRIBLE user experience.

  1. What the heck does -SkipPublishCheck do, other than let me install Pester?
  2. How can I determine that the new version of Pester is trustworthy?
  3. Why does PowerShellGet implement a check for this when installing the new module, EVEN THOUGH it's not upgrading the old one, but just doing a SIDE-BY-SIDE install?

@dlwyatt have you documented this somewhere? You're going to need a "Upgrading Pester" page that explains how on earth people can determine if a particular version of Pester is an official build or not, and lists the double-bypass method of installing the upgrade.

@KirkMunro Unless they document and explain how third parties can produce these, it's irrelevant to have a -Skip on Update-Module because the -SkipPublisherCheck is A COMPLETELY SUPERFLUOUS TEST that only affects modules pre-installed and catalog-signed, which cannot be upgraded anyway.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment