AzureDevOpsExtension icon indicating copy to clipboard operation
AzureDevOpsExtension copied to clipboard
verified publisher icon pester

Pester Scripts can't be started due Missing Signature

Open bormm opened this issue 5 years ago • 2 comments

Where are you running it?

  • Azure DevOps Service (VSTS) + Self Hosted Agent with Windows 10 + Visual Studio

Version of Extension/Task

Version 10.0.3

Expected behaviour and actual behaviour

The task should at least start. Unfortunately it fails, because the embedded PowerShell script is not signed. Of course I can and will change the security policy in this specific case, because its self hosted that is no issue. But I wondering if nobody else has such a problem and what the correct solution would be. I would think that every script a Task from the marketplace contains, should be signed so it be verified running only trusted and unchanged files.

Sorry, the error message in the build output is in German, but its the common known error:

##[error]"D:\azdevops-build\_tasks\Pester_cca5462b-887d-4617-bf3f-dcf0d3c622e9\10.0.3\Pester.ps1" kann nicht geladen werden. 
Die Datei "D:\azdevops-build\_tasks\Pester_cca5462b-887d-4617-bf3f-dcf0d3c622e9\10.0.3\Pester.ps1" ist nicht digital 
signiert. Sie können dieses Skript im aktuellen System nicht ausführen. Weitere Informationen zum Ausführen von 
Skripts und Festlegen der Ausführungsrichtlinie erhalten Sie unter "about_Execution_Policies" 
(https:/go.microsoft.com/fwlink/?LinkID=135170)..
In Zeile:1 Zeichen:1
+ d:\azdevops-build\_tasks\Pester_cca5462b-887d-4617-bf3f-dcf0d3c622e9\ ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : Sicherheitsfehler: (:) [], PSSecurityException
    + FullyQualifiedErrorId : UnauthorizedAccess

Steps to reproduce the problem

I don't really know, because its not working for me out of the box. Maybe regular MS build agents have a other security policy then the Windows 10 I setup.

bormm avatar May 28 '20 19:05 bormm

I think the agents are probably using RemoteSigned as their execution policy, I'm guessing yours is more restricted than that. Signing the script isn't really an option sadly as those certs are pretty expensive. I could use some switches on the PowerShell command to bypass it but I'd rather not have to.

I'll try to think of another solution or workaround.

ChrisLGardner avatar May 28 '20 19:05 ChrisLGardner

If this also works only with some digicert or whatever "professional" certificate, than of course that's bad and to expensive for a free project. Microsoft should offer something free for their Marketplace content.

bormm avatar May 28 '20 21:05 bormm