actions/runner-images
1
0
Fork 0
mirror of https://github.com/actions/runner-images.git synced 2025-12-15 06:08:07 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
d1f2c9a3bedac344533bd2499133f030adab7d90
runner-images/images/windows/scripts/build/Install-PowershellCore.ps1
Vasilii Polikarpov d1f2c9a3be [Windows] Implement new directories hierarchy (#8616)
2023-11-15 11:24:45 +01:00

71 lines
3.1 KiB
PowerShell
Raw Blame History

################################################################################
## File: Install-PowershellCore.ps1
## Desc: Install PowerShell Core
## Supply chain security: checksum validation
################################################################################
$ErrorActionPreference = "Stop"
#region functions
Function Get-PowerShellCoreHash
{
Param (
[Parameter(Mandatory = $True)]
[string] $Release
)
$hashURL = "https://github.com/PowerShell/PowerShell/releases/download/v${Release}/hashes.sha256"
(Invoke-RestMethod -Uri $hashURL).ToString().Split("`n").Where({ $_ -ilike "*PowerShell-${Release}-win-x64.msi*" }).Split(' ')[0]
}
#endregion
$tempDir = Join-Path ([System.IO.Path]::GetTempPath()) ([System.IO.Path]::GetRandomFileName())
$null = New-Item -ItemType Directory -Path $tempDir -Force -ErrorAction SilentlyContinue
try {
$originalValue = [Net.ServicePointManager]::SecurityProtocol
[Net.ServicePointManager]::SecurityProtocol = [Net.ServicePointManager]::SecurityProtocol -bor [Net.SecurityProtocolType]::Tls12
$metadata = Invoke-RestMethod https://raw.githubusercontent.com/PowerShell/PowerShell/master/tools/metadata.json
$release = $metadata.LTSReleaseTag[0] -replace '^v'
$packageName = "PowerShell-${release}-win-x64.msi"
$downloadURL = "https://github.com/PowerShell/PowerShell/releases/download/v${release}/${packageName}"
Write-Verbose "About to download package from '$downloadURL'" -Verbose
$packagePath = Join-Path -Path $tempDir -ChildPath $packageName
Invoke-WebRequest -Uri $downloadURL -OutFile $packagePath
#region Supply chain security
Write-Verbose "Performing checksum verification"
$distributor_file_hash = Get-PowerShellCoreHash -Release $release
$local_file_hash = (Get-FileHash -Path $packagePath -Algorithm SHA256).Hash
if ($local_file_hash -ne $distributor_file_hash) {
Write-Host "hash must be equal to: ${distributor_file_hash}"
Write-Host "actual hash is: ${local_file_hash}"
throw 'Checksum verification failed, please rerun install'
}
#endregion
Write-Verbose "Performing quiet install"
$ArgumentList=@("/i", $packagePath, "/quiet")
$process = Start-Process msiexec -ArgumentList $ArgumentList -Wait -PassThru
if ($process.exitcode -ne 0) {
throw "Quiet install failed, please rerun install without -Quiet switch or ensure you have administrator rights"
}
} finally {
# Restore original value
[Net.ServicePointManager]::SecurityProtocol = $originalValue
Remove-Item -Path $tempDir -Recurse -Force -ErrorAction SilentlyContinue
}
# about_update_notifications
# While the update check happens during the first session in a given 24-hour period, for performance reasons,
# the notification will only be shown on the start of subsequent sessions.
# Also for performance reasons, the check will not start until at least 3 seconds after the session begins.
[System.Environment]::SetEnvironmentVariable("POWERSHELL_UPDATECHECK", "Off", [System.EnvironmentVariableTarget]::Machine)
Invoke-PesterTests -TestFile "Tools" -TestName "PowerShell Core"
Reference in New Issue View Git Blame Copy Permalink