Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

EXPECTED ERROR: Update-Module dbatools Authenticode Issue for 2.1.0 #9090

Open
potatoqualitee opened this issue Sep 21, 2023 · 2 comments
Open

Comments

@potatoqualitee
Copy link
Member

potatoqualitee commented Sep 21, 2023

TLDR: This error is expected and the change is legitimate. To update, switch to Install-Module, then slap on the -SkipPublisherCheck and -Force parameters and continue your update.

Install-Module dbatools -Force -SkipPublisherCheck

I've always been very proud that dbatools is Code Signed like a "real" application. These certs prove the identity of the creator and help prevent tampering. The certificates cost a bunch of money and are hard to obtain. You gotta send in tons of paperwork, including your passport and business papers. But again, the payoff is fantastic -- basically, it makes dbatools ready for the Enterprise and ready to deploy at organizations with strict security.

The new private key storage requirement for Code Signing certificates were implemented this year, making the signing process a whole lot harder. This change lead to us not publishing a new module for a little over three months.

Validating the dbatools organization identity for a code signing certificate is always a pain, and it's required to recur every 3 years. This year, though, I had to do that PLUS I also had to figure out this whole new signing process.

After months of working with Jess Pomfret and weeks of working with Jordan Borean, WE FINALLY FIGURED IT OUT!! But unfortunately, the new requirements breaks the catalog check for Update-Module because all of the Certificate Authorities had to update their CA Servers.

This causes the following error (or something similar):

PS> Update-Module dbatools
PackageManagement\Install-Package : Authenticode issuer 'CN=dbatools, O=dbatools, L=Vienna, S=Virginia, C=US' of the new module 'dbatools' with version '2.0.4' from root certificate authority 'CN=DigiCert Global G3 Code Signing ECC SHA384 2021 CA1, O="DigiCert, Inc.", C=US' is not matching with the authenticode issuer 'CN=dbatools, O=dbatools, L=Vienna, S=Virginia, C=US' of the previously-installed module 'dbatools' with version '1.1.99' from root certificate authority 'CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US'. If you still want to install or update, use -SkipPublisherCheck parameter.

This is expected and the change is legitimate. To update, switch to Install-Module, then slap on the -SkipPublisherCheck and -Force parameters and continue your update. As people update over time, this should become less and less of a support issue for us, I presume in 2-3 years 😅

Likely in part due to these new requirements, Microsoft is coming up with a new version (sorta) of Update-Module that does not perform this check so stay tuned.

And again, this change and the subsequent errors are expected.

@potatoqualitee potatoqualitee added feature triage required New issue that has not been reviewed by maintainers labels Sep 21, 2023
@potatoqualitee potatoqualitee changed the title Update-Module dbatools Authenticode Issuer Error for version 2.1.0 ERROR: Update-Module dbatools Authenticode Issue for 2.1.0 Sep 21, 2023
@potatoqualitee potatoqualitee added known issue and removed feature triage required New issue that has not been reviewed by maintainers labels Sep 21, 2023
@potatoqualitee potatoqualitee pinned this issue Sep 21, 2023
@potatoqualitee potatoqualitee changed the title ERROR: Update-Module dbatools Authenticode Issue for 2.1.0 EXPECTED ERROR: Update-Module dbatools Authenticode Issue for 2.1.0 Sep 21, 2023
@andreasjordan
Copy link
Contributor

image

So only Install-Module -Name dbatools -Force -SkipPublisherCheck can be used to do the update.

@potatoqualitee
Copy link
Member Author

thank you! updating all the places

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants