Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Hash mismatch in Pester 5.6.* and 6.0.0-alpha1 #2596

Closed
fflaten opened this issue Dec 31, 2024 Discussed in #2595 · 9 comments
Closed

Hash mismatch in Pester 5.6.* and 6.0.0-alpha1 #2596

fflaten opened this issue Dec 31, 2024 Discussed in #2595 · 9 comments

Comments

@fflaten
Copy link
Collaborator

fflaten commented Dec 31, 2024
edited
Loading

Discussed in #2595

Originally posted by santhoshmprabhu December 26, 2024
Hi, I am new to Pester, and also dev on Windows in general. I am trying to use Pester to run tests on a different repo that I am working on, I seem to get the following error each time:

Import-Module : File C:\Program Files\WindowsPowerShell\Modules\Pester\5.6.1\Pester.psm1 cannot be loaded. The contents of
file C:\Program Files\WindowsPowerShell\Modules\Pester\5.6.1\Pester.psm1 might have been changed by an unauthorized user or
process, because the hash of the file does not match the hash stored in the digital signature. The script cannot run on the
specified system. For more information, run Get-Help about_Signing..
At line:1 char:1
+ Import-Module Pester
+ ~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : SecurityError: (:) [Import-Module], PSSecurityException
    + FullyQualifiedErrorId : UnauthorizedAccess,Microsoft.PowerShell.Commands.ImportModuleCommand

I am using Windows Powershell. I have tried installing Pester from the PSGallery as well as from chocolatey, I get the same error. I also tried 5.6.0 from chocolatey to no avail. Could someone kindly provide any pointers? More info about my Shell:

Name                           Value
----                           -----
PSVersion                      5.1.26100.2161
PSEdition                      Desktop
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
BuildVersion                   10.0.26100.2161
CLRVersion                     4.0.30319.42000
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1

EDIT: I subsequently tried Powershell, and can now invoke Pester. That does unblock me, but still can't get Pester to work on Windows Powershell.

Looks like we have a hash mismatch in both 5.6.0 and 5.6.1. It breaks on Windows PowerShell using AllSigned execution policy, but PowerShell 7 also confirms the hash mismatch (see below).

Get-AuthenticodeSignature C:\Users\Frode\Documents\PowerShell\Modules\Pester\6.0.0\Pester.psm1

    Directory: C:\Users\Frode\Documents\PowerShell\Modules\Pester\6.0.0

SignerCertificate                         Status                    StatusMessage             Path
-----------------                         ------                    -------------             ----
147C2FD397677DC76DD198E83E7D9D234AA59D1A  Valid                     Signature verified.       Pester.psm1

❯ Get-AuthenticodeSignature C:\Users\Frode\Documents\PowerShell\Modules\Pester\5.6.1\Pester.psm1

    Directory: C:\Users\Frode\Documents\PowerShell\Modules\Pester\5.6.1

SignerCertificate                         Status                    StatusMessage             Path
-----------------                         ------                    -------------             ----
2FCC9148EC2C9AB951C6F9654C0D2ED16AF27738  HashMismatch              The contents of file C:\… Pester.psm1

❯ Get-AuthenticodeSignature C:\Users\Frode\Documents\PowerShell\Modules\Pester\5.6.0\Pester.psm1

    Directory: C:\Users\Frode\Documents\PowerShell\Modules\Pester\5.6.0

SignerCertificate                         Status                    StatusMessage             Path
-----------------                         ------                    -------------             ----
2FCC9148EC2C9AB951C6F9654C0D2ED16AF27738  HashMismatch              The contents of file C:\… Pester.psm1

❯ Get-AuthenticodeSignature C:\Users\Frode\Documents\PowerShell\Modules\Pester\5.5.0\Pester.psm1

    Directory: C:\Users\Frode\Documents\PowerShell\Modules\Pester\5.5.0

SignerCertificate                         Status                    StatusMessage             Path
-----------------                         ------                    -------------             ----
C7B0582906E5205B8399D92991694A614D0C0B22  Valid                     Signature verified.       Pester.psm1
@fflaten
Copy link
Collaborator Author

fflaten commented Dec 31, 2024
edited
Loading

@nohwnd Thoughts on what might have changed? 5.6.*, 6.0.0-alpha1 - 6.0.0-alpha3 used the same certificate, but 6.0.0-alpha2 and 3 are valid. Was a different system used to sign so we maybe hit something like https://learn.microsoft.com/en-us/troubleshoot/windows-client/system-management-components/signed-powershell-script-fails-hash-mismatch ?

@fflaten fflaten changed the title Hash mismatch in Pester 5.6.* Hash mismatch in Pester 5.6.* and 6.0.0-alpha1 Dec 31, 2024
@nohwnd
Copy link
Member

nohwnd commented Jan 8, 2025

I heard about this from David Sass as well, but yeah, I don't see it :/

S:\p\vstest [update-redist ≡]> install-module pester -requiredVersion 5.6.1 -force
S:\p\vstest [update-redist ≡]> Get-AuthenticodeSignature C:\Users\jajares\Documents\PowerShell\Modules\Pester\5.6.1\Pester.psm1

    Directory: C:\Users\jajares\Documents\PowerShell\Modules\Pester\5.6.1

SignerCertificate                         Status                       StatusMessage                Path
-----------------                         ------                       -------------                ----
2FCC9148EC2C9AB951C6F9654C0D2ED16AF27738  Valid                        Signature verified.          Pester.psm1

S:\p\vstest [update-redist ≡]>

@nohwnd
Copy link
Member

nohwnd commented Jan 8, 2025

Releasing 5.7.0 hopefully that will report valid signature

@fflaten
Copy link
Collaborator Author

fflaten commented Jan 8, 2025
edited
Loading

Sounds good. Should be as it worked in never alphas. 🙂

I wonder which character is causing this though, so we can test and avoid it. Could also be inconsistent line breaks, especially if we don't have BOM. It's a PITA to troubleshoot.

@fflaten
Copy link
Collaborator Author

fflaten commented Jan 8, 2025
edited
Loading

5.7.0 looks good. Valid on your system?

Get-AuthenticodeSignature C:\Users\Frode\Documents\PowerShell\Modules\Pester\5.7.0\Pester.psm1

    Directory: C:\Users\Frode\Documents\PowerShell\Modules\Pester\5.7.0

SignerCertificate                         Status                    StatusMessage             Path
-----------------                         ------                    -------------             ----
147C2FD397677DC76DD198E83E7D9D234AA59D1A  Valid                     Signature verified.       Pester.psm1

@nohwnd
Copy link
Member

nohwnd commented Jan 8, 2025

Interestingly I see this in nuget explorer, on the psm1 file.

image

@nohwnd
Copy link
Member

nohwnd commented Jan 8, 2025

I heard about emojis causing this, but it was consistently breaking stuff. It is also weird that I don't see it on the signing system, the sign script validates that we signed all the files and that they are valid.

closing for now, I cannot do anything about the previous versions.

@fflaten
Copy link
Collaborator Author

fflaten commented Jan 8, 2025

Yeah, it's likely a locale thing similar to the link I mentioned (though I couldn't find any äöü chars on first look). Valid now, so hopefully good.

@nohwnd
Copy link
Member

nohwnd commented Jan 8, 2025

let's hope. Thanks for your help :)

@nohwnd nohwnd closed this as not planned Won't fix, can't repro, duplicate, stale Jan 8, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@fflaten @nohwnd