diff --git a/Artifacts/Download-Artifacts.ps1 b/Artifacts/Download-Artifacts.ps1 index 21753d8f6..f4092bb91 100644 --- a/Artifacts/Download-Artifacts.ps1 +++ b/Artifacts/Download-Artifacts.ps1 @@ -242,7 +242,6 @@ try { Write-Host "Downloading platform artifact $($platformUri.AbsolutePath)" TestSasToken -url $platformUrl $downloadprereqs = DownLoadPackage -ArtifactUrl $platformUrl -DestinationPath $platformArtifactPath -timeout $timeout - $downloadprereqs = $false if ($downloadprereqs) { $prerequisiteComponentsFile = Join-Path $platformArtifactPath "Prerequisite Components.json" if (Test-Path $prerequisiteComponentsFile) { diff --git a/BcContainerHelper.psm1 b/BcContainerHelper.psm1 index ff925ccf8..f89546184 100644 --- a/BcContainerHelper.psm1 +++ b/BcContainerHelper.psm1 @@ -18,10 +18,10 @@ if ($isMacOS) { throw "BcContainerHelper isn't supported on MacOS" } elseif ($isLinux) { - Write-Host "Running on Linux" + Write-Host "Running on Linux, PowerShell $($PSVersionTable.PSVersion)" } elseif ($isPsCore) { - Write-Host "Running on PowerShell 7" + Write-Host "Running on Windows, PowerShell $($PSVersionTable.PSVersion)" } if ($useVolumes -or $isInsideContainer) { diff --git a/Check-BcContainerHelperPermissions.ps1 b/Check-BcContainerHelperPermissions.ps1 index fec863e91..c1e9bebe7 100644 --- a/Check-BcContainerHelperPermissions.ps1 +++ b/Check-BcContainerHelperPermissions.ps1 @@ -29,6 +29,19 @@ function Check-BcContainerHelperPermissions { ) if (!$isAdministrator -or $Fix) { + + $startProcessParams = @{ + "Verb" = "RunAs" + "Wait" = $true + "WindowStyle" = "Hidden" + "PassThru" = $true + } + if ($isPsCore) { + $startProcessParams += @{ "FilePath" = "pwsh" } + } + else { + $startProcessParams += @{ "FilePath" = "powershell" } + } if (!$silent) { if ($isAdministrator) { Write-Host "Running as administrator" @@ -58,15 +71,15 @@ function Check-BcContainerHelperPermissions { Param($myUsername, $hostHelperFolder) try { $rule = New-Object System.Security.AccessControl.FileSystemAccessRule($myUsername,'FullControl', 3, 'InheritOnly', 'Allow') - $acl = [System.IO.Directory]::GetAccessControl($hostHelperFolder) + $acl = Get-Acl -Path $hostHelperFolder $acl.AddAccessRule($rule) - [System.IO.Directory]::SetAccessControl($hostHelperFolder,$acl) + Set-Acl -Path $hostHelperFolder -AclObject $acl EXIT 0 } catch { EXIT 1 } } - $exitCode = (Start-Process powershell -ArgumentList "-command & {$scriptblock} -myUsername '$myUsername' -hostHelperFolder '$($bcContainerHelperConfig.hostHelperFolder)'" -Verb RunAs -wait -WindowStyle Hidden -PassThru).ExitCode + $exitCode = (Start-Process @startProcessParams -ArgumentList "-command & {$scriptblock} -myUsername '$myUsername' -hostHelperFolder '$($bcContainerHelperConfig.hostHelperFolder)'").ExitCode if ($exitcode -eq 0) { Write-Host -ForegroundColor Green "Permissions successfully added" } else { @@ -98,15 +111,15 @@ function Check-BcContainerHelperPermissions { Param($myUsername, $hostsFile) try { $rule = New-Object System.Security.AccessControl.FileSystemAccessRule($myUsername,'Modify', 'Allow') - $acl = [System.IO.Directory]::GetAccessControl($hostsFile) + $acl = Get-Acl -Path $hostsFile $acl.AddAccessRule($rule) - [System.IO.Directory]::SetAccessControl($hostsFile,$acl) + Set-Acl -Path $hostsFile -AclObject $acl EXIT 0 } catch { EXIT 1 } } - $exitcode = (Start-Process powershell -ArgumentList "-command & {$scriptblock} -myUsername '$myUsername' -hostsFile '$hostsFile'" -Verb RunAs -wait -PassThru -WindowStyle Hidden).ExitCode + $exitcode = (Start-Process @startProcessParams -ArgumentList "-command & {$scriptblock} -myUsername '$myUsername' -hostsFile '$hostsFile'").ExitCode if ($exitcode -eq 0) { Write-Host -ForegroundColor Green "Permissions successfully added" } else { @@ -166,16 +179,16 @@ function Check-BcContainerHelperPermissions { Param($myUsername, $npipe) try { $rule = New-Object System.Security.AccessControl.FileSystemAccessRule($myUsername,'FullControl', 'Allow') - $acl = [System.IO.Directory]::GetAccessControl($npipe) + $acl = Get-Acl -Path $npipe $acl.AddAccessRule($rule) - [System.IO.Directory]::SetAccessControl($npipe,$acl) + Set-Acl -Path $npipe -AclObject $acl exit 0 } catch { exit 1 } } - $exitcode = (Start-Process powershell -ArgumentList "-command & {$scriptblock} -myUsername '$myUsername' -npipe '$npipe'" -Verb RunAs -wait -PassThru).ExitCode + $exitcode = (Start-Process @startProcessParams -ArgumentList "-command & {$scriptblock} -myUsername '$myUsername' -npipe '$npipe'").ExitCode if ($exitcode -eq 0) { Write-Host -ForegroundColor Green "Permissions successfully added" } else { diff --git a/ContainerHandling/Get-BestGenericImageName.ps1 b/ContainerHandling/Get-BestGenericImageName.ps1 index c7a9df720..89a4ac074 100644 --- a/ContainerHandling/Get-BestGenericImageName.ps1 +++ b/ContainerHandling/Get-BestGenericImageName.ps1 @@ -45,163 +45,26 @@ try { $genericImageNameSetting } else { - $imagetags = Get-BcContainerImageTags -imageName $repo - $versions = @() - if ($imagetags) { - $ver = [Version]"0.0.0.0" - $versions = $imagetags.tags | Where-Object { $_ -like $tag -and [System.Version]::TryParse($_.SubString($tag.indexOf('*'), $_.length-$tag.length+1), [ref]$ver) } | % { [System.Version]($_.SubString($tag.indexOf('*'), $_.length-$tag.length+1)) } - } - if (-not $versions) { - # ImageTags not yet updated - use hardcoded list - $versions = @( - "10.0.14393.2906" - "10.0.14393.2972" - "10.0.14393.3025" - "10.0.14393.3085" - "10.0.14393.3144" - "10.0.14393.3204" - "10.0.14393.3326" - "10.0.14393.3384" - "10.0.14393.3443" - "10.0.14393.3630" - "10.0.14393.3750" - "10.0.14393.3808" - "10.0.14393.3866" - "10.0.14393.3930" - "10.0.14393.3986" - "10.0.14393.4046" - "10.0.14393.4104" - "10.0.14393.4169" - "10.0.14393.4225" - "10.0.14393.4283" - "10.0.14393.4350" - "10.0.14393.4402" - "10.0.14393.4467" - "10.0.14393.4470" - "10.0.14393.4530" - "10.0.14393.4583" - "10.0.14393.4651" - "10.0.14393.4704" - "10.0.14393.4770" - "10.0.14393.4825" - "10.0.14393.4886" - "10.0.14393.4946" - "10.0.17134.1006" - "10.0.17134.1130" - "10.0.17134.706" - "10.0.17134.766" - "10.0.17134.829" - "10.0.17134.885" - "10.0.17134.950" - "10.0.17763.1158" - "10.0.17763.1282" - "10.0.17763.1339" - "10.0.17763.1397" - "10.0.17763.1457" - "10.0.17763.1518" - "10.0.17763.1577" - "10.0.17763.1637" - "10.0.17763.1697" - "10.0.17763.1757" - "10.0.17763.1817" - "10.0.17763.1879" - "10.0.17763.1935" - "10.0.17763.1999" - "10.0.17763.2029" - "10.0.17763.2061" - "10.0.17763.2114" - "10.0.17763.2183" - "10.0.17763.2237" - "10.0.17763.2300" - "10.0.17763.2366" - "10.0.17763.2452" - "10.0.17763.2565" - "10.0.17763.437" - "10.0.17763.504" - "10.0.17763.557" - "10.0.17763.615" - "10.0.17763.678" - "10.0.17763.737" - "10.0.17763.864" - "10.0.17763.914" - "10.0.17763.973" - "10.0.18362.1016" - "10.0.18362.1082" - "10.0.18362.1139" - "10.0.18362.116" - "10.0.18362.1198" - "10.0.18362.175" - "10.0.18362.239" - "10.0.18362.295" - "10.0.18362.356" - "10.0.18362.476" - "10.0.18362.535" - "10.0.18362.592" - "10.0.18362.658" - "10.0.18362.778" - "10.0.18362.900" - "10.0.18362.959" - "10.0.18363.1016" - "10.0.18363.1082" - "10.0.18363.1139" - "10.0.18363.1198" - "10.0.18363.1256" - "10.0.18363.1377" - "10.0.18363.1440" - "10.0.18363.1500" - "10.0.18363.1556" - "10.0.18363.476" - "10.0.18363.535" - "10.0.18363.592" - "10.0.18363.658" - "10.0.18363.778" - "10.0.18363.900" - "10.0.18363.959" - "10.0.19041.1052" - "10.0.19041.1083" - "10.0.19041.1110" - "10.0.19041.1165" - "10.0.19041.1237" - "10.0.19041.1288" - "10.0.19041.1348" - "10.0.19041.1415" - "10.0.19041.329" - "10.0.19041.388" - "10.0.19041.450" - "10.0.19041.508" - "10.0.19041.572" - "10.0.19041.630" - "10.0.19041.685" - "10.0.19041.746" - "10.0.19041.804" - "10.0.19041.867" - "10.0.19041.928" - "10.0.19041.985" - "10.0.19042.1052" - "10.0.19042.1083" - "10.0.19042.1110" - "10.0.19042.1165" - "10.0.19042.1237" - "10.0.19042.1288" - "10.0.19042.1348" - "10.0.19042.1415" - "10.0.19042.1466" - "10.0.19042.1526" - "10.0.19042.572" - "10.0.19042.630" - "10.0.19042.685" - "10.0.19042.746" - "10.0.19042.804" - "10.0.19042.867" - "10.0.19042.928" - "10.0.19042.985" - "10.0.20348.169" - "10.0.20348.288" - "10.0.20348.350" - "10.0.20348.405" - "10.0.20348.469" - "10.0.20348.524" - ) | ForEach-Object { [System.Version]$_ } | Sort-Object + $failureDelay = 2 + while ($true) { + $imagetags = Get-BcContainerImageTags -imageName $repo + if ($imagetags) { + $ver = [Version]"0.0.0.0" + # $tag can be *-filesonly, *-filesonly-dev, *-dev or other patterns + # * is the Windows version OS version + $versions = $imagetags.tags | + Where-Object { $_ -like $tag -and [System.Version]::TryParse($_.SubString($tag.indexOf('*'), $_.length-$tag.length+1), [ref]$ver) } | + ForEach-Object { [System.Version]($_.SubString($tag.indexOf('*'), $_.length-$tag.length+1)) } + break + } + else { + if ($failureDelay -gt 32) { + throw "Unable to download image tags for $repo" + } + Write-Host -ForegroundColor Yellow "Unable to download image tags for $repo, retrying in $failureDelay seconds" + Start-Sleep -Seconds $failureDelay + $failureDelay = $failureDelay * 2 + } } $genericImageName = "" diff --git a/ContainerHandling/New-NavContainer.ps1 b/ContainerHandling/New-NavContainer.ps1 index cb5641f0a..232b72273 100644 --- a/ContainerHandling/New-NavContainer.ps1 +++ b/ContainerHandling/New-NavContainer.ps1 @@ -2060,9 +2060,14 @@ if (-not `$restartingInstance) { if (Test-Path $certPath) { try { Write-Host "Importing certificate in host's certificate store" - $verb = @{} + if ($isPsCore) { + $params = @{ "FilePath" = "pwsh" } + } + else { + $params = @{ "FilePath" = "powershell" } + } if (!$isAdministrator) { - $verb = @{ "Verb" = "runAs" } + $params += @{ "Verb" = "runAs" } } $scriptblock = { Param($certPath, $containerFolder) @@ -2072,7 +2077,7 @@ if (-not `$restartingInstance) { Set-Content -Path (Join-Path $containerFolder "thumbprint.txt") -Value "$($cert.Thumbprint)" } } - Start-Process Powershell @verb -ArgumentList "-command & {$scriptBlock} -certPath '$certPath' -containerFolder '$containerFolder'" -Wait -PassThru | Out-Null + Start-Process @params -ArgumentList "-command & {$scriptBlock} -certPath '$certPath' -containerFolder '$containerFolder'" -Wait -PassThru | Out-Null } catch { Write-Host -ForegroundColor Yellow "Unable to import certificate $certPath in Trusted Root Certification Authorities, you will need to do this manually" diff --git a/ContainerHandling/Set-BcContainerKeyVaultAadAppAndCertificate.ps1 b/ContainerHandling/Set-BcContainerKeyVaultAadAppAndCertificate.ps1 index 73389a22f..790439755 100644 --- a/ContainerHandling/Set-BcContainerKeyVaultAadAppAndCertificate.ps1 +++ b/ContainerHandling/Set-BcContainerKeyVaultAadAppAndCertificate.ps1 @@ -65,7 +65,8 @@ try { # Give SYSTEM permission to use the PFX file's private key $keyName = $importedPfxCertificate.PrivateKey.CspKeyContainerInfo.UniqueKeyContainerName $keyPath = "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\$keyName" - $acl = (Get-Item $keyPath).GetAccessControl('Access') + Import-Module Microsoft.PowerShell.Security -Force + $acl = [System.IO.FileSystemAclExtensions]::GetAccessControl([System.IO.DirectoryInfo]::new($keyPath), 'Access') $permission = 'NT AUTHORITY\SYSTEM',"Full","Allow" $accessRule = new-object System.Security.AccessControl.FileSystemAccessRule $permission $acl.AddAccessRule($accessRule) diff --git a/ReleaseNotes.txt b/ReleaseNotes.txt index 3d5c2b721..b844adc5a 100644 --- a/ReleaseNotes.txt +++ b/ReleaseNotes.txt @@ -4,6 +4,9 @@ Support dependency version templates on NuGet packages Issue 3349 NuGet package files section name is wrong when using azure blob storage direct download url Issue 3358 Run-TestsInBcContainer using Windows Authentication doesn't work if exactly one user exists in the tenant Fix error in Get-BcContainerAppInfo in NextMajor +Check-BcContainerHelperPermissions didn't work on PS7 +Issue #3379 Adding -installCertificateOnHost to New-BcContainer didn't work when running PS7 (silently failed) +Issue #3376 Regression - Download-Artifacts stopped downloading pre-requisites 6.0.6 Include Microsoft_Business Foundation Test Libraries.app when importing test libraries (and tests)