I'm running Windows 10 10.0.14393. When I try to update Pester (update-module Pester -Force) I get the following error:
update-module Pester -Force)
PackageManagement\Install-Package : The version '3.4.1' of the module 'Pester' being installed is not catalog signed.
Ensure that the version '3.4.1' of the module 'Pester' has the catalog file 'Pester.cat' and signed with the same
publisher 'CN=Microsoft Root Certificate Authority 2010, O=Microsoft Corporation, L=Redmond, S=Washington, C=US' as
the previously-installed module '3.4.1' with version '3.4.0' under the directory 'C:\Program
Files\WindowsPowerShell\Modules\Pester\3.4.0'. If you still want to install or update, use -SkipPublisherCheck
At C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\18.104.22.168\PSModule.psm1:1941 char:20
+ ... $sid = PackageManagement\Install-Package @PSBoundParameters
+ CategoryInfo : InvalidOperation: (Microsoft.Power....InstallPackage:InstallPackage) [Install-Package],
+ FullyQualifiedErrorId : ModuleIsNotCatalogSigned,Validate-ModuleAuthenticodeSignature,Microsoft.PowerShell.Packa
Am I doing something wrong?
That is odd... I can only assume that this has something to do with a version of Pester being shipped with Windows 10, even though it's not a Microsoft module. They've certainly never signed our releases before (nor would I expect them to). @JamesWTruher , @vors , any ideas?
If I had to guess, I'd say that somewhere within Microsoft, there was a lawyer who decided everything released with Windows 10 had to be signed. And didn't realize the consequences when it comes to updating the OSS module to a new version with PowerShellGet. ;)
IMO, Pester shouldn't be signed by Microsoft, unless we have some way of getting signed cabs as part of our release pipeline for new versions as well.
@mrboring - You should be able to get round this easily enough by running
Install-Module Pester -Force -SkipPublisherCheck
Though I agree with @dlwyatt that this really shouldn't have occurred and seems yet another weird thing with the PowerShellGet module in the latest builds.
@kilasuit Thanks, that worked.
@dlwyatt I'm suprised that others have not reported this issue. Could it be somehting odd in my installation of Windows 10?
I had it to in the latest Windows 10 insider version too, so not just your installation. I ignored the error since I normally don't use (code) pester on the client OS this was not an issue for me. But will be an issue if the same happens on Windows Server 2016.
When we decided to ship Pester with Windows it introduced a set of side-effects. One of those side effects was that the files would be catalog signed. This happens with every file that is shipped with Windows, and exempting the Pester files was simply not possible. We knew that there might be a problem when updating some modules, specifically Pester and PSReadLine. -SkipPublisherCheck is exactly what is needed here, it allows you to update the module and ignore the fact that the files are signed. We know that this might be difficult to discover, so and we continue to investigate other possible ways to improve the experience.
We thought that the value that we get from shipping Pester with Windows far out-weighed the using this parameter if someone wanted to update their module with a later version.
@JamesWTruher Thanks for the information.
It's unfortunate that -SkipPublisherCheck doesn't exist on Update-Module, and only on Install-Module. PowerShellGet/PackageManagement should probably be updated to handle this use case better.
Re to @KirkMunro Update-Module still doesn't have this in Win10 insider build 14931 so Install-Module is the only way to update inbox modules for now
@JamesWTruher this is a TERRIBLE user experience.
@dlwyatt have you documented this somewhere? You're going to need a "Upgrading Pester" page that explains how on earth people can determine if a particular version of Pester is an official build or not, and lists the double-bypass method of installing the upgrade.
@KirkMunro Unless they document and explain how third parties can produce these, it's irrelevant to have a -Skip on Update-Module because the -SkipPublisherCheck is A COMPLETELY SUPERFLUOUS TEST that only affects modules pre-installed and catalog-signed, which cannot be upgraded anyway.