We've set up a Nuget style package repository for our locally produced tools at work. This is done via a file share. However, the module that I am attempting to update is throwing an error about the authenticode signature of the old version not matching the publisher of the new version.
The signing certificate is from our AD PKI system and is trusted and it does not change/has not changed in any way.
Obviously using -SkipPublisherCheck
is a viable workaround but that is not a long-term solution.
I receive no errors or warnings on the initial installation of the package. Only when performing the update.
On the signing machine there are only 3 certificates and all three are in the LocalMachine store. They do not have the same subject (this is mentioned as a possible cause on some sites I found via Google)
$cert = get-ChildItem Cert:\LocalMachine\My\5B3B66061B02EBF0986CF7969F36C6FB58060046
Set-AuthenticodeSignature "C:\Jenkins\workspace\Scripts - Master\MyModule_Src\dist\MyModule\MyModule.psm1" -Certificate $cert
#... Pester tests
Publish-Module -Name MyModule -Repository ORGPSGet -Verbose -force
PackageManagement\Install-Package : Authenticode issuer 'System.Object[]' of the new module 'MyModule' with version
'4.0.4' is not matching with the authenticode issuer 'System.Object[]' of the previously-installed module 'MyModule'
with version '4.0.3'. If you still want to install or update, use -SkipPublisherCheck parameter.
At C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1:2089 char:20
+ ... $sid = PackageManagement\Install-Package @PSBoundParameters
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (Microsoft.Power....InstallPackage:InstallPackage) [Install-Package], Exc
eption
+ FullyQualifiedErrorId : AuthenticodeIssuerMismatch,Validate-ModuleAuthenticodeSignature,Microsoft.PowerShell.Packag
eManagement.Cmdlets.InstallPackage
Based on the error message I assumed that there was something about the signature that PowerShell was either expecting multiple certificates and not finding it or that there were multiple certificates in the signature and PowerShell did not like that. I added -IncludeChain signer
to the signing command and then after rerunning the build, I was able to use the Update-Module
command as expected.
Set-AuthenticodeSignature "C:\Jenkins\workspace\Scripts - Master\MyModule_Src\dist\MyModule\MyModule.psm1" -Certificate $cert -IncludeChain signer
See the docs for more details.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.