PowerShell
Add warning on Windows if files aren't authenticode signed
PR Summary
If a configuration file, resources manifest, or the exe used by the resource manifest is not authenticode signed on Windows, you will get a warning message.
Also, when listing extensions and resources, there is a new Trust column/property indicating the trust level. On Linux/macOS, it's currently always unknown
Future work will make it configurable if the warning is an error. Catalog signed files are currently out-of-scope.
The Win32 calls replicate the example from the docs https://learn.microsoft.com/en-us/windows/win32/seccrypto/example-c-program--verifying-the-signature-of-a-pe-file
Because of the new warning message, many existing tests were breaking expecting no messages so added setting DSC_TRACE_LEVEL='error' to many tests and removing it at end. Any explicit setting of trace level will override this.
PR Context
Fix https://github.com/PowerShell/DSC/issues/210 Fix https://github.com/PowerShell/DSC/issues/327
Can we have an issue or rfc on this PR? I have concerns about the current design and how cross platform differences.
Can we have an issue or rfc on this PR? I have concerns about the current design and how cross platform differences.
This is linked to existing issues. Cross platform is not part of this PR as we are targeting Windows first.
Thinking about this, I think it would be better to change this a bit so that whether a manifest or the target exe is signed should be part of the DscResource struct and shows up under dsc resource list in addition to the warning message when used.
Since powershell.exe is used for some resources, will need to add catalog signing to cover Windows inbox files later.
Found a sample here https://github.com/microsoft/Windows-classic-samples/blob/main/Samples/Security/CodeSigning/cpp/codesigning.cpp I can use for catalog signed verification, so will update this PR since it doesn't make sense currently for it to claim powershell.exe is untrusted