diff --git a/CHANGELOG.md b/CHANGELOG.md index b04df28a..d521caf1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,7 @@ # Changelog +### 2.2.4 +- Enforce a security protocol of TLS 1.2 when interacting with online repositories (#598) + ### 2.2.3 - Update `HelpInfoUri` to point to the latest content (#560) diff --git a/src/PowerShellGet/PowerShellGet.psd1 b/src/PowerShellGet/PowerShellGet.psd1 index 6ba9e14a..9dd5a015 100644 --- a/src/PowerShellGet/PowerShellGet.psd1 +++ b/src/PowerShellGet/PowerShellGet.psd1 @@ -1,6 +1,6 @@ @{ RootModule = 'PSModule.psm1' - ModuleVersion = '2.2.3' + ModuleVersion = '2.2.4' GUID = '1d73a601-4a6c-43c5-ba3f-619b18bbb404' Author = 'Microsoft Corporation' CompanyName = 'Microsoft Corporation' diff --git a/src/PowerShellGet/public/psgetfunctions/Find-Module.ps1 b/src/PowerShellGet/public/psgetfunctions/Find-Module.ps1 index f2e18750..4d2e5565 100644 --- a/src/PowerShellGet/public/psgetfunctions/Find-Module.ps1 +++ b/src/PowerShellGet/public/psgetfunctions/Find-Module.ps1 @@ -90,6 +90,10 @@ function Find-Module { ) Begin { + # Change security protocol to TLS 1.2 + $script:securityProtocol = [Net.ServicePointManager]::SecurityProtocol + [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 + Install-NuGetClientBinaries -CallerPSCmdlet $PSCmdlet -Proxy $Proxy -ProxyCredential $ProxyCredential } @@ -158,12 +162,13 @@ function Find-Module { else { $psgetItemInfo } - } elseif ($PSBoundParameters['Name'] -and -not (Test-WildcardPattern -Name ($Name | Microsoft.PowerShell.Core\Where-Object { $psgetItemInfo.Name -like $_ }))) { + } + elseif ($PSBoundParameters['Name'] -and -not (Test-WildcardPattern -Name ($Name | Microsoft.PowerShell.Core\Where-Object { $psgetItemInfo.Name -like $_ }))) { $message = $LocalizedData.MatchInvalidType -f ($psgetItemInfo.Name, $psgetItemInfo.Type, $script:PSArtifactTypeModule) Write-Error -Message $message ` - -ErrorId 'MatchInvalidType' ` - -Category InvalidArgument ` - -TargetObject $Name + -ErrorId 'MatchInvalidType' ` + -Category InvalidArgument ` + -TargetObject $Name } if ($psgetItemInfo -and @@ -181,4 +186,9 @@ function Find-Module { Log-ArtifactNotFoundInPSGallery -SearchedName $Name -FoundName $modulesFoundInPSGallery -operationName 'PSGET_FIND_MODULE' } } + + End { + # Change back to user specified security protocol + [Net.ServicePointManager]::SecurityProtocol = $script:securityProtocol + } } diff --git a/src/PowerShellGet/public/psgetfunctions/Find-Script.ps1 b/src/PowerShellGet/public/psgetfunctions/Find-Script.ps1 index c169a946..6f6701d8 100644 --- a/src/PowerShellGet/public/psgetfunctions/Find-Script.ps1 +++ b/src/PowerShellGet/public/psgetfunctions/Find-Script.ps1 @@ -80,6 +80,10 @@ function Find-Script { ) Begin { + # Change security protocol to TLS 1.2 + $script:securityProtocol = [Net.ServicePointManager]::SecurityProtocol + [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 + Install-NuGetClientBinaries -CallerPSCmdlet $PSCmdlet -Proxy $Proxy -ProxyCredential $ProxyCredential } @@ -166,12 +170,13 @@ function Find-Script { else { $psgetItemInfo } - } elseif ($PSBoundParameters['Name'] -and -not (Test-WildcardPattern -Name ($Name | Microsoft.PowerShell.Core\Where-Object { $psgetItemInfo.Name -like $_ }))) { + } + elseif ($PSBoundParameters['Name'] -and -not (Test-WildcardPattern -Name ($Name | Microsoft.PowerShell.Core\Where-Object { $psgetItemInfo.Name -like $_ }))) { $message = $LocalizedData.MatchInvalidType -f ($psgetItemInfo.Name, $psgetItemInfo.Type, $script:PSArtifactTypeScript) Write-Error -Message $message ` - -ErrorId 'MatchInvalidType' ` - -Category InvalidArgument ` - -TargetObject $Name + -ErrorId 'MatchInvalidType' ` + -Category InvalidArgument ` + -TargetObject $Name } if ($psgetItemInfo -and @@ -188,4 +193,9 @@ function Find-Script { Log-ArtifactNotFoundInPSGallery -SearchedName $Name -FoundName $scriptsFoundInPSGallery -operationName PSGET_FIND_SCRIPT } } + + End { + # Change back to user specified security protocol + [Net.ServicePointManager]::SecurityProtocol = $script:securityProtocol + } } diff --git a/src/PowerShellGet/public/psgetfunctions/Install-Module.ps1 b/src/PowerShellGet/public/psgetfunctions/Install-Module.ps1 index a3a10eb6..03d58d36 100644 --- a/src/PowerShellGet/public/psgetfunctions/Install-Module.ps1 +++ b/src/PowerShellGet/public/psgetfunctions/Install-Module.ps1 @@ -91,6 +91,10 @@ function Install-Module { ) Begin { + # Change security protocol to TLS 1.2 + $script:securityProtocol = [Net.ServicePointManager]::SecurityProtocol + [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 + if ($Scope -eq "AllUsers" -and -not (Test-RunningAsElevated)) { # Throw an error when Install-Module is used as a non-admin user and '-Scope AllUsers' $message = $LocalizedData.InstallModuleAdminPrivilegeRequiredForAllUsersScope -f @($script:programFilesModulesPath, $script:MyDocumentsModulesPath) @@ -269,4 +273,9 @@ function Install-Module { } } } + + End { + # Change back to user specified security protocol + [Net.ServicePointManager]::SecurityProtocol = $script:securityProtocol + } } diff --git a/src/PowerShellGet/public/psgetfunctions/Install-Script.ps1 b/src/PowerShellGet/public/psgetfunctions/Install-Script.ps1 index 8a17e163..a66734f8 100644 --- a/src/PowerShellGet/public/psgetfunctions/Install-Script.ps1 +++ b/src/PowerShellGet/public/psgetfunctions/Install-Script.ps1 @@ -87,6 +87,10 @@ function Install-Script { ) Begin { + # Change security protocol to TLS 1.2 + $script:securityProtocol = [Net.ServicePointManager]::SecurityProtocol + [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 + if ($Scope -eq "AllUsers" -and -not (Test-RunningAsElevated)) { # Throw an error when Install-Script is used as a non-admin user and '-Scope AllUsers' $message = $LocalizedData.InstallScriptAdminPrivilegeRequiredForAllUsersScope -f @($script:ProgramFilesScriptsPath, $script:MyDocumentsScriptsPath) @@ -318,4 +322,9 @@ function Install-Script { } } } + + End { + # Change back to user specified security protocol + [Net.ServicePointManager]::SecurityProtocol = $script:securityProtocol + } } diff --git a/src/PowerShellGet/public/psgetfunctions/Publish-Module.ps1 b/src/PowerShellGet/public/psgetfunctions/Publish-Module.ps1 index f0fd6776..1292fd1e 100644 --- a/src/PowerShellGet/public/psgetfunctions/Publish-Module.ps1 +++ b/src/PowerShellGet/public/psgetfunctions/Publish-Module.ps1 @@ -89,6 +89,10 @@ function Publish-Module { ) Begin { + # Change security protocol to TLS 1.2 + $script:securityProtocol = [Net.ServicePointManager]::SecurityProtocol + [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 + if ($LicenseUri -and -not (Test-WebUri -uri $LicenseUri)) { $message = $LocalizedData.InvalidWebUri -f ($LicenseUri, "LicenseUri") ThrowError -ExceptionName "System.ArgumentException" ` @@ -214,7 +218,7 @@ function Publish-Module { # Find the module to be published locally, search by name and RequiredVersion $module = Microsoft.PowerShell.Core\Get-Module -ListAvailable -Name $Name -Verbose:$false | - Microsoft.PowerShell.Core\Where-Object { + Microsoft.PowerShell.Core\Where-Object { $modInfoPrerelease = $null if ($_.PrivateData -and $_.PrivateData.GetType().ToString() -eq "System.Collections.Hashtable" -and @@ -377,7 +381,7 @@ function Publish-Module { # Copy-Item -Recurse -Force includes hidden items like .git directories, which we don't want # This finds all the items without force (leaving out hidden files and dirs) then copies them Microsoft.PowerShell.Management\Get-ChildItem $Path -recurse | - Microsoft.PowerShell.Management\Copy-Item -Force -Confirm:$false -WhatIf:$false -Destination { + Microsoft.PowerShell.Management\Copy-Item -Force -Confirm:$false -WhatIf:$false -Destination { if ($_.PSIsContainer) { Join-Path $tempModulePathForFormatVersion $_.Parent.FullName.substring($path.length) } @@ -458,8 +462,8 @@ function Publish-Module { # Check if the specified module name is already used for a script on the specified repository # Use Find-Script to check if that name is already used as scriptname $scriptPSGetItemInfo = Find-Script @FindParameters | - Microsoft.PowerShell.Core\Where-Object {$_.Name -eq $moduleName} | - Microsoft.PowerShell.Utility\Select-Object -Last 1 -ErrorAction Ignore + Microsoft.PowerShell.Core\Where-Object { $_.Name -eq $moduleName } | + Microsoft.PowerShell.Utility\Select-Object -Last 1 -ErrorAction Ignore if ($scriptPSGetItemInfo) { $message = $LocalizedData.SpecifiedNameIsAlearyUsed -f ($moduleName, $Repository, 'Find-Script') ThrowError -ExceptionName "System.InvalidOperationException" ` @@ -472,8 +476,8 @@ function Publish-Module { $null = $FindParameters.Remove('Tag') $currentPSGetItemInfo = Find-Module @FindParameters | - Microsoft.PowerShell.Core\Where-Object {$_.Name -eq $moduleInfo.Name} | - Microsoft.PowerShell.Utility\Select-Object -Last 1 -ErrorAction Ignore + Microsoft.PowerShell.Core\Where-Object { $_.Name -eq $moduleInfo.Name } | + Microsoft.PowerShell.Utility\Select-Object -Last 1 -ErrorAction Ignore if ($currentPSGetItemInfo) { $result = ValidateAndGet-VersionPrereleaseStrings -Version $currentPSGetItemInfo.Version -CallerPSCmdlet $PSCmdlet @@ -580,4 +584,9 @@ function Publish-Module { Microsoft.PowerShell.Management\Remove-Item $tempModulePath -Force -Recurse -ErrorAction Ignore -WarningAction SilentlyContinue -Confirm:$false -WhatIf:$false } } + + End { + # Change back to user specified security protocol + [Net.ServicePointManager]::SecurityProtocol = $script:securityProtocol + } } diff --git a/src/PowerShellGet/public/psgetfunctions/Publish-Script.ps1 b/src/PowerShellGet/public/psgetfunctions/Publish-Script.ps1 index ccd4f998..44e8f773 100644 --- a/src/PowerShellGet/public/psgetfunctions/Publish-Script.ps1 +++ b/src/PowerShellGet/public/psgetfunctions/Publish-Script.ps1 @@ -43,6 +43,10 @@ function Publish-Script { ) Begin { + # Change security protocol to TLS 1.2 + $script:securityProtocol = [Net.ServicePointManager]::SecurityProtocol + [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 + Install-NuGetClientBinaries -CallerPSCmdlet $PSCmdlet -BootstrapNuGetExe -Force:$Force } @@ -336,4 +340,9 @@ function Publish-Script { Microsoft.PowerShell.Management\Remove-Item $tempScriptPath -Force -Recurse -ErrorAction Ignore -WarningAction SilentlyContinue -Confirm:$false -WhatIf:$false } } + + End { + # Change back to user specified security protocol + [Net.ServicePointManager]::SecurityProtocol = $script:securityProtocol + } } diff --git a/src/PowerShellGet/public/psgetfunctions/Save-Module.ps1 b/src/PowerShellGet/public/psgetfunctions/Save-Module.ps1 index 3225f153..7fac4c75 100644 --- a/src/PowerShellGet/public/psgetfunctions/Save-Module.ps1 +++ b/src/PowerShellGet/public/psgetfunctions/Save-Module.ps1 @@ -114,6 +114,10 @@ function Save-Module { ) Begin { + # Change security protocol to TLS 1.2 + $script:securityProtocol = [Net.ServicePointManager]::SecurityProtocol + [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 + Install-NuGetClientBinaries -CallerPSCmdlet $PSCmdlet -Proxy $Proxy -ProxyCredential $ProxyCredential # Module names already tried in the current pipeline for InputObject parameterset @@ -252,4 +256,9 @@ function Save-Module { } } } + + End { + # Change back to user specified security protocol + [Net.ServicePointManager]::SecurityProtocol = $script:securityProtocol + } } diff --git a/src/PowerShellGet/public/psgetfunctions/Save-Script.ps1 b/src/PowerShellGet/public/psgetfunctions/Save-Script.ps1 index 1a6c6328..b7f11a78 100644 --- a/src/PowerShellGet/public/psgetfunctions/Save-Script.ps1 +++ b/src/PowerShellGet/public/psgetfunctions/Save-Script.ps1 @@ -116,6 +116,10 @@ function Save-Script { ) Begin { + # Change security protocol to TLS 1.2 + $script:securityProtocol = [Net.ServicePointManager]::SecurityProtocol + [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 + Install-NuGetClientBinaries -CallerPSCmdlet $PSCmdlet -Proxy $Proxy -ProxyCredential $ProxyCredential # Script names already tried in the current pipeline for InputObject parameterset @@ -258,4 +262,9 @@ function Save-Script { } } } + + End { + # Change back to user specified security protocol + [Net.ServicePointManager]::SecurityProtocol = $script:securityProtocol + } } diff --git a/src/PowerShellGet/public/psgetfunctions/Update-Module.ps1 b/src/PowerShellGet/public/psgetfunctions/Update-Module.ps1 index f5c68d58..743633da 100644 --- a/src/PowerShellGet/public/psgetfunctions/Update-Module.ps1 +++ b/src/PowerShellGet/public/psgetfunctions/Update-Module.ps1 @@ -58,6 +58,10 @@ function Update-Module { ) Begin { + # Change security protocol to TLS 1.2 + $script:securityProtocol = [Net.ServicePointManager]::SecurityProtocol + [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 + Install-NuGetClientBinaries -CallerPSCmdlet $PSCmdlet -Proxy $Proxy -ProxyCredential $ProxyCredential if ($Scope -eq "AllUsers" -and -not (Test-RunningAsElevated)) { @@ -169,4 +173,9 @@ function Update-Module { } } } + + End { + # Change back to user specified security protocol + [Net.ServicePointManager]::SecurityProtocol = $script:securityProtocol + } } diff --git a/src/PowerShellGet/public/psgetfunctions/Update-Script.ps1 b/src/PowerShellGet/public/psgetfunctions/Update-Script.ps1 index 0e285bff..3a4c9833 100644 --- a/src/PowerShellGet/public/psgetfunctions/Update-Script.ps1 +++ b/src/PowerShellGet/public/psgetfunctions/Update-Script.ps1 @@ -53,6 +53,10 @@ function Update-Script { ) Begin { + # Change security protocol to TLS 1.2 + $script:securityProtocol = [Net.ServicePointManager]::SecurityProtocol + [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 + Install-NuGetClientBinaries -CallerPSCmdlet $PSCmdlet -Proxy $Proxy -ProxyCredential $ProxyCredential # Script names already tried in the current pipeline @@ -176,4 +180,9 @@ function Update-Script { } } } + + End { + # Change back to user specified security protocol + [Net.ServicePointManager]::SecurityProtocol = $script:securityProtocol + } }