Skip to content

Commit

Permalink
PS7 bug + 2 more (#3386)
Browse files Browse the repository at this point in the history 
Fixes #3376
Fixes #3379

Check-BcContainerHelperPermissions didn't work on PS7
Issue #3379 Adding -installCertificateOnHost to New-BcContainer didn't
work when running PS7 (silently failed)
Issue #3376 Regression - Download-Artifacts stopped downloading
pre-requisites

---------

Co-authored-by: freddydk <[email protected]>
  • Loading branch information
@freddydk
freddydk and freddydk authored Mar 5, 2024
1 parent 662b2f9 commit 563d572
Show file tree
Hide file tree
Showing 7 changed files with 57 additions and 173 deletions.
1 change: 0 additions & 1 deletion Artifacts/Download-Artifacts.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -242,7 +242,6 @@ try {
Write-Host "Downloading platform artifact $($platformUri.AbsolutePath)"
TestSasToken -url $platformUrl
$downloadprereqs = DownLoadPackage -ArtifactUrl $platformUrl -DestinationPath $platformArtifactPath -timeout $timeout
$downloadprereqs = $false
if ($downloadprereqs) {
$prerequisiteComponentsFile = Join-Path $platformArtifactPath "Prerequisite Components.json"
if (Test-Path $prerequisiteComponentsFile) {
Expand Down
4 changes: 2 additions & 2 deletions BcContainerHelper.psm1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,10 +18,10 @@ if ($isMacOS) {
throw "BcContainerHelper isn't supported on MacOS"
}
elseif ($isLinux) {
Write-Host "Running on Linux"
Write-Host "Running on Linux, PowerShell $($PSVersionTable.PSVersion)"
}
elseif ($isPsCore) {
Write-Host "Running on PowerShell 7"
Write-Host "Running on Windows, PowerShell $($PSVersionTable.PSVersion)"
}

if ($useVolumes -or $isInsideContainer) {
Expand Down
31 changes: 22 additions & 9 deletions Check-BcContainerHelperPermissions.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,19 @@ function Check-BcContainerHelperPermissions {
)

if (!$isAdministrator -or $Fix) {

$startProcessParams = @{
"Verb" = "RunAs"
"Wait" = $true
"WindowStyle" = "Hidden"
"PassThru" = $true
}
if ($isPsCore) {
$startProcessParams += @{ "FilePath" = "pwsh" }
}
else {
$startProcessParams += @{ "FilePath" = "powershell" }
}
if (!$silent) {
if ($isAdministrator) {
Write-Host "Running as administrator"
Expand Down Expand Up @@ -58,15 +71,15 @@ function Check-BcContainerHelperPermissions {
Param($myUsername, $hostHelperFolder)
try {
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule($myUsername,'FullControl', 3, 'InheritOnly', 'Allow')
$acl = [System.IO.Directory]::GetAccessControl($hostHelperFolder)
$acl = Get-Acl -Path $hostHelperFolder
$acl.AddAccessRule($rule)
[System.IO.Directory]::SetAccessControl($hostHelperFolder,$acl)
Set-Acl -Path $hostHelperFolder -AclObject $acl
EXIT 0
} catch {
EXIT 1
}
}
$exitCode = (Start-Process powershell -ArgumentList "-command & {$scriptblock} -myUsername '$myUsername' -hostHelperFolder '$($bcContainerHelperConfig.hostHelperFolder)'" -Verb RunAs -wait -WindowStyle Hidden -PassThru).ExitCode
$exitCode = (Start-Process @startProcessParams -ArgumentList "-command & {$scriptblock} -myUsername '$myUsername' -hostHelperFolder '$($bcContainerHelperConfig.hostHelperFolder)'").ExitCode
if ($exitcode -eq 0) {
Write-Host -ForegroundColor Green "Permissions successfully added"
} else {
Expand Down Expand Up @@ -98,15 +111,15 @@ function Check-BcContainerHelperPermissions {
Param($myUsername, $hostsFile)
try {
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule($myUsername,'Modify', 'Allow')
$acl = [System.IO.Directory]::GetAccessControl($hostsFile)
$acl = Get-Acl -Path $hostsFile
$acl.AddAccessRule($rule)
[System.IO.Directory]::SetAccessControl($hostsFile,$acl)
Set-Acl -Path $hostsFile -AclObject $acl
EXIT 0
} catch {
EXIT 1
}
}
$exitcode = (Start-Process powershell -ArgumentList "-command & {$scriptblock} -myUsername '$myUsername' -hostsFile '$hostsFile'" -Verb RunAs -wait -PassThru -WindowStyle Hidden).ExitCode
$exitcode = (Start-Process @startProcessParams -ArgumentList "-command & {$scriptblock} -myUsername '$myUsername' -hostsFile '$hostsFile'").ExitCode
if ($exitcode -eq 0) {
Write-Host -ForegroundColor Green "Permissions successfully added"
} else {
Expand Down Expand Up @@ -166,16 +179,16 @@ function Check-BcContainerHelperPermissions {
Param($myUsername, $npipe)
try {
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule($myUsername,'FullControl', 'Allow')
$acl = [System.IO.Directory]::GetAccessControl($npipe)
$acl = Get-Acl -Path $npipe
$acl.AddAccessRule($rule)
[System.IO.Directory]::SetAccessControl($npipe,$acl)
Set-Acl -Path $npipe -AclObject $acl
exit 0
} catch {
exit 1
}
}

$exitcode = (Start-Process powershell -ArgumentList "-command & {$scriptblock} -myUsername '$myUsername' -npipe '$npipe'" -Verb RunAs -wait -PassThru).ExitCode
$exitcode = (Start-Process @startProcessParams -ArgumentList "-command & {$scriptblock} -myUsername '$myUsername' -npipe '$npipe'").ExitCode
if ($exitcode -eq 0) {
Write-Host -ForegroundColor Green "Permissions successfully added"
} else {
Expand Down
177 changes: 20 additions & 157 deletions ContainerHandling/Get-BestGenericImageName.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,163 +45,26 @@ try {
$genericImageNameSetting
}
else {
$imagetags = Get-BcContainerImageTags -imageName $repo
$versions = @()
if ($imagetags) {
$ver = [Version]"0.0.0.0"
$versions = $imagetags.tags | Where-Object { $_ -like $tag -and [System.Version]::TryParse($_.SubString($tag.indexOf('*'), $_.length-$tag.length+1), [ref]$ver) } | % { [System.Version]($_.SubString($tag.indexOf('*'), $_.length-$tag.length+1)) }
}
if (-not $versions) {
# ImageTags not yet updated - use hardcoded list
$versions = @(
"10.0.14393.2906"
"10.0.14393.2972"
"10.0.14393.3025"
"10.0.14393.3085"
"10.0.14393.3144"
"10.0.14393.3204"
"10.0.14393.3326"
"10.0.14393.3384"
"10.0.14393.3443"
"10.0.14393.3630"
"10.0.14393.3750"
"10.0.14393.3808"
"10.0.14393.3866"
"10.0.14393.3930"
"10.0.14393.3986"
"10.0.14393.4046"
"10.0.14393.4104"
"10.0.14393.4169"
"10.0.14393.4225"
"10.0.14393.4283"
"10.0.14393.4350"
"10.0.14393.4402"
"10.0.14393.4467"
"10.0.14393.4470"
"10.0.14393.4530"
"10.0.14393.4583"
"10.0.14393.4651"
"10.0.14393.4704"
"10.0.14393.4770"
"10.0.14393.4825"
"10.0.14393.4886"
"10.0.14393.4946"
"10.0.17134.1006"
"10.0.17134.1130"
"10.0.17134.706"
"10.0.17134.766"
"10.0.17134.829"
"10.0.17134.885"
"10.0.17134.950"
"10.0.17763.1158"
"10.0.17763.1282"
"10.0.17763.1339"
"10.0.17763.1397"
"10.0.17763.1457"
"10.0.17763.1518"
"10.0.17763.1577"
"10.0.17763.1637"
"10.0.17763.1697"
"10.0.17763.1757"
"10.0.17763.1817"
"10.0.17763.1879"
"10.0.17763.1935"
"10.0.17763.1999"
"10.0.17763.2029"
"10.0.17763.2061"
"10.0.17763.2114"
"10.0.17763.2183"
"10.0.17763.2237"
"10.0.17763.2300"
"10.0.17763.2366"
"10.0.17763.2452"
"10.0.17763.2565"
"10.0.17763.437"
"10.0.17763.504"
"10.0.17763.557"
"10.0.17763.615"
"10.0.17763.678"
"10.0.17763.737"
"10.0.17763.864"
"10.0.17763.914"
"10.0.17763.973"
"10.0.18362.1016"
"10.0.18362.1082"
"10.0.18362.1139"
"10.0.18362.116"
"10.0.18362.1198"
"10.0.18362.175"
"10.0.18362.239"
"10.0.18362.295"
"10.0.18362.356"
"10.0.18362.476"
"10.0.18362.535"
"10.0.18362.592"
"10.0.18362.658"
"10.0.18362.778"
"10.0.18362.900"
"10.0.18362.959"
"10.0.18363.1016"
"10.0.18363.1082"
"10.0.18363.1139"
"10.0.18363.1198"
"10.0.18363.1256"
"10.0.18363.1377"
"10.0.18363.1440"
"10.0.18363.1500"
"10.0.18363.1556"
"10.0.18363.476"
"10.0.18363.535"
"10.0.18363.592"
"10.0.18363.658"
"10.0.18363.778"
"10.0.18363.900"
"10.0.18363.959"
"10.0.19041.1052"
"10.0.19041.1083"
"10.0.19041.1110"
"10.0.19041.1165"
"10.0.19041.1237"
"10.0.19041.1288"
"10.0.19041.1348"
"10.0.19041.1415"
"10.0.19041.329"
"10.0.19041.388"
"10.0.19041.450"
"10.0.19041.508"
"10.0.19041.572"
"10.0.19041.630"
"10.0.19041.685"
"10.0.19041.746"
"10.0.19041.804"
"10.0.19041.867"
"10.0.19041.928"
"10.0.19041.985"
"10.0.19042.1052"
"10.0.19042.1083"
"10.0.19042.1110"
"10.0.19042.1165"
"10.0.19042.1237"
"10.0.19042.1288"
"10.0.19042.1348"
"10.0.19042.1415"
"10.0.19042.1466"
"10.0.19042.1526"
"10.0.19042.572"
"10.0.19042.630"
"10.0.19042.685"
"10.0.19042.746"
"10.0.19042.804"
"10.0.19042.867"
"10.0.19042.928"
"10.0.19042.985"
"10.0.20348.169"
"10.0.20348.288"
"10.0.20348.350"
"10.0.20348.405"
"10.0.20348.469"
"10.0.20348.524"
) | ForEach-Object { [System.Version]$_ } | Sort-Object
$failureDelay = 2
while ($true) {
$imagetags = Get-BcContainerImageTags -imageName $repo
if ($imagetags) {
$ver = [Version]"0.0.0.0"
# $tag can be *-filesonly, *-filesonly-dev, *-dev or other patterns
# * is the Windows version OS version
$versions = $imagetags.tags |
Where-Object { $_ -like $tag -and [System.Version]::TryParse($_.SubString($tag.indexOf('*'), $_.length-$tag.length+1), [ref]$ver) } |
ForEach-Object { [System.Version]($_.SubString($tag.indexOf('*'), $_.length-$tag.length+1)) }
break
}
else {
if ($failureDelay -gt 32) {
throw "Unable to download image tags for $repo"
}
Write-Host -ForegroundColor Yellow "Unable to download image tags for $repo, retrying in $failureDelay seconds"
Start-Sleep -Seconds $failureDelay
$failureDelay = $failureDelay * 2
}
}

$genericImageName = ""
Expand Down
11 changes: 8 additions & 3 deletions ContainerHandling/New-NavContainer.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2060,9 +2060,14 @@ if (-not `$restartingInstance) {
if (Test-Path $certPath) {
try {
Write-Host "Importing certificate in host's certificate store"
$verb = @{}
if ($isPsCore) {
$params = @{ "FilePath" = "pwsh" }
}
else {
$params = @{ "FilePath" = "powershell" }
}
if (!$isAdministrator) {
$verb = @{ "Verb" = "runAs" }
$params += @{ "Verb" = "runAs" }
}
$scriptblock = {
Param($certPath, $containerFolder)
Expand All @@ -2072,7 +2077,7 @@ if (-not `$restartingInstance) {
Set-Content -Path (Join-Path $containerFolder "thumbprint.txt") -Value "$($cert.Thumbprint)"
}
}
Start-Process Powershell @verb -ArgumentList "-command & {$scriptBlock} -certPath '$certPath' -containerFolder '$containerFolder'" -Wait -PassThru | Out-Null
Start-Process @params -ArgumentList "-command & {$scriptBlock} -certPath '$certPath' -containerFolder '$containerFolder'" -Wait -PassThru | Out-Null
}
catch {
Write-Host -ForegroundColor Yellow "Unable to import certificate $certPath in Trusted Root Certification Authorities, you will need to do this manually"
Expand Down
3 changes: 2 additions & 1 deletion ContainerHandling/Set-BcContainerKeyVaultAadAppAndCertificate.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -65,7 +65,8 @@ try {
# Give SYSTEM permission to use the PFX file's private key
$keyName = $importedPfxCertificate.PrivateKey.CspKeyContainerInfo.UniqueKeyContainerName
$keyPath = "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\$keyName"
$acl = (Get-Item $keyPath).GetAccessControl('Access')
Import-Module Microsoft.PowerShell.Security -Force
$acl = [System.IO.FileSystemAclExtensions]::GetAccessControl([System.IO.DirectoryInfo]::new($keyPath), 'Access')
$permission = 'NT AUTHORITY\SYSTEM',"Full","Allow"
$accessRule = new-object System.Security.AccessControl.FileSystemAccessRule $permission
$acl.AddAccessRule($accessRule)
Expand Down
3 changes: 3 additions & 0 deletions ReleaseNotes.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,9 @@ Support dependency version templates on NuGet packages
Issue 3349 NuGet package files section name is wrong when using azure blob storage direct download url
Issue 3358 Run-TestsInBcContainer using Windows Authentication doesn't work if exactly one user exists in the tenant
Fix error in Get-BcContainerAppInfo in NextMajor
Check-BcContainerHelperPermissions didn't work on PS7
Issue #3379 Adding -installCertificateOnHost to New-BcContainer didn't work when running PS7 (silently failed)
Issue #3376 Regression - Download-Artifacts stopped downloading pre-requisites

6.0.6
Include Microsoft_Business Foundation Test Libraries.app when importing test libraries (and tests)
Expand Down

0 comments on commit 563d572

Please sign in to comment.