From 18168791f755dd7e26f458c079ac79ef1b666b97 Mon Sep 17 00:00:00 2001 From: AdmiringWorm Date: Fri, 11 Mar 2022 11:57:34 +0100 Subject: [PATCH] (#89) Remove cpack shims on package upgrades This commit updates the installation/upgrading of the package to remove the cpack shim if they are signed with the an authenticode signature with the subject set to one of our previously used authenticode signatures. The code added makes it easy to extend it when needed for removal of other shims as well. --- nuget/chocolatey/tools/chocolateysetup.psm1 | 67 ++++++++++++++++++++- 1 file changed, 66 insertions(+), 1 deletion(-) diff --git a/nuget/chocolatey/tools/chocolateysetup.psm1 b/nuget/chocolatey/tools/chocolateysetup.psm1 index 581671bb59..cc68f23f82 100644 --- a/nuget/chocolatey/tools/chocolateysetup.psm1 +++ b/nuget/chocolatey/tools/chocolateysetup.psm1 @@ -30,13 +30,56 @@ param ( } } +function Remove-ShimWithAuthenticodeSignature { + param ( + [string] $filePath + ) + if (!(Test-Path $filePath)) { + return + } + + $signature = Get-AuthenticodeSignature $filePath -ErrorAction SilentlyContinue + + if (!$signature -or !$signature.SignerCertificate) { + Write-ChocolateyWarning "Shim found in $filePath, but was not signed. Ignoring removal..." + return + } + + $possibleSignatures = @( + 'RealDimensions Software, LLC' + 'Chocolatey Software, Inc\.' + ) + + $possibleSignatures | ForEach-Object { + if ($signature.SignerCertificate.Subject -match "$_") { + Write-Output "Removing shim $filePath" + $null = Remove-Item "$filePath" + + if (Test-Path "$filePath.ignore") { + $null = Remove-Item "$filePath.ignore" + } + + if (Test-Path "$filePath.old") { + $null = Remove-Item "$filePath.old" + } + } + } + + # This means the file was found, however did not get removed as it contained a authenticode signature that + # is not ours. + if (Test-Path $filePath) { + Write-ChocolateyWarning "Shim found in $filePath, but did not match our signature. Ignoring removal..." + return + } +} + function Initialize-Chocolatey { <# .DESCRIPTION This will initialize the Chocolatey tool by a) setting up the "chocolateyPath" (the location where all chocolatey nuget packages will be installed) b) Installs chocolatey into the "chocolateyPath" - c) Instals .net 4.0 if needed + c) Installs .net 4.0 if needed d) Adds Chocolatey to the PATH environment variable so you have access to the choco commands. .PARAMETER ChocolateyPath Allows you to override the default path of (C:\ProgramData\chocolatey\) by specifying a directory chocolatey will install nuget packages. @@ -142,6 +185,28 @@ You may need to shut down and restart powershell and/or consoles if (-not $allowInsecureRootInstall) { Remove-OldChocolateyInstall $defaultChocolateyPathOld } + + $possiblePaths = @( + $chocolateyExePath + Join-Path "$chocolateyPath" "redirects" + Join-Path "$thisScriptFolder" "chocolateyInstall\redirects" + ) + + $shimsToRemove = @("cpack.exe") + $possiblePaths | ForEach-Object { + $path = $_ + $shimsToRemove | ForEach-Object { Join-Path $path $_ } | Where-Object { Test-Path $_ } | ForEach-Object { + $path = $_ + Write-Debug "Removing shim from '$path'." + + try { + Remove-ShimWithAuthenticodeSignature -filePath $path + } + catch { + Write-ChocolateyWarning "Unable to remove '$path'. Please remove the file manually." + } + } + } } function Set-ChocolateyInstallFolder {