forked from pester/Pester
-
Notifications
You must be signed in to change notification settings - Fork 0
/
signModule.ps1
42 lines (32 loc) · 1.35 KB
/
signModule.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
param($Thumbprint)
$ErrorActionPreference = 'Stop'
$cert = Get-ChildItem Cert:\CurrentUser\My |
Where-Object Thumbprint -eq $Thumbprint
if ($null -eq $cert) {
throw "No certificate was found."
}
if (@($cert).Length -gt 1) {
throw "More than one cerfificate with the given thumbprint was found."
}
"Signing Files"
$files = Get-ChildItem -Recurse -ErrorAction SilentlyContinue |
Where-Object { $_.Extension -in ".ps1", ".psm1", ".psd1", ".ps1xml", ".dll" } |
Select-Object -ExpandProperty FullName
$incorrectSignatures = Get-AuthenticodeSignature -FilePath $files | Where-Object { "Valid", "NotSigned" -notcontains $_.Status }
if ($incorrectSignatures) {
throw "There are items in the repository that are signed but their signature is invalid, review:`n$($incorrectSignatures | Out-String)`n"
}
$filesToSign = $files | Where-Object { "NotSigned" -eq (Get-AuthenticodeSignature -FilePath $_ ).Status }
if (-not @($filesToSign)) {
return "There are no files to sign, all the files in the repository are already signed."
}
$results = $filesToSign |
ForEach-Object {
$r = Set-AuthenticodeSignature $_ -Certificate $cert -TimestampServer 'http://timestamp.digicert.com' -ErrorAction Stop
$r | Out-String | Write-Host
$r
}
$failed = $results | Where-Object { $_.Status -ne "Valid" }
if ($failed) {
throw "Failed signing $($failed.Path -join "`n")"
}