From b2e7219411341b54e35f55f5a98530f76a6dbdab Mon Sep 17 00:00:00 2001 From: Adrien Ferrand Date: Tue, 12 Nov 2019 15:21:23 +0100 Subject: [PATCH] Being pedantic --- windows-installer/auto-update.ps1 | 144 +++++++++++++++--------------- 1 file changed, 74 insertions(+), 70 deletions(-) diff --git a/windows-installer/auto-update.ps1 b/windows-installer/auto-update.ps1 index e2f1652f4..e1a54b8e1 100644 --- a/windows-installer/auto-update.ps1 +++ b/windows-installer/auto-update.ps1 @@ -1,81 +1,85 @@ #Requires -RunAsAdministrator - -Param( - [Parameter(Mandatory=$true)] - [string]$InstallDir +[CmdletBinding()] +param( + [Parameter(Mandatory=$true, ValueFromPipeline=$true)] + [string] + $InstallDir ) +begin {} +process { + Start-Transcript -Path "C:\Certbot\log\auto-update.log" + trap { + Stop-Transcript + } -Start-Transcript -Path "C:\Certbot\log\auto-update.log" -trap { - Stop-Transcript -} + $ErrorActionPreference = 'Stop' -$ErrorActionPreference = 'Stop' + $installerAuthenticodeCertificateThumbprint = "CHANGEME" -$installerAuthenticodeCertificateThumbprint = "CHANGEME" + # Get current local certbot version + try { + $currentVersion = certbot --version + $currentVersion = $currentVersion -replace '^certbot (\d+\.\d+\.\d+).*$', '$1' + } catch { + "An error occured while fetching the current local certbot version:" + $_.Exception + "Assuming Certbot is not up-to-date." + $currentVersion = "0.0.0" + } -# Get current local certbot version -try { - $currentVersion = certbot --version - $currentVersion = $currentVersion -replace '^certbot (\d+\.\d+\.\d+).*$', '$1' -} catch { - "An error occured while fetching the current local certbot version:" - $_.Exception - "Assuming Certbot is not up-to-date." - $currentVersion = "0.0.0" -} + # Get latest remote certbot version + try { + $result = Invoke-RestMethod -Uri https://api.github.com/repos/certbot/certbot/releases/latest + $latestVersion = $result.tag_name -replace '^v(\d+\.\d+\.\d+).*$', '$1' + } catch { + "Could not get the latest remote certbot version. Error was:" + $_.Exception + throw "Aborting auto-upgrade process." + } -# Get latest remote certbot version -try { - $result = Invoke-RestMethod -Uri https://api.github.com/repos/certbot/certbot/releases/latest - $latestVersion = $result.tag_name -replace '^v(\d+\.\d+\.\d+).*$', '$1' -} catch { - "Could not get the latest remote certbot version. Error was:" - $_.Exception - throw "Aborting auto-upgrade process." -} + if ([System.Version]"$currentVersion" -ge [System.Version]"$latestVersion") { + "No upgrade is needed, Certbot is already at the latest version ($currentVersion)." + } else { + # Search for the Windows installer asset + $installerUrl = $null + foreach ($asset in $result.assets) { + if ($asset.name -match '^certbot-.*installer-win32\.exe$') { + $installerUrl = $asset.browser_download_url + } + } -if ([System.Version]"$currentVersion" -ge [System.Version]"$latestVersion") { - "No upgrade is needed, Certbot is already at the latest version ($currentVersion)." -} else { - # Search for the Windows installer asset - $installerUrl = $null - foreach ($asset in $result.assets) { - if ($asset.name -match '^certbot-.*installer-win32\.exe$') { - $installerUrl = $asset.browser_download_url + if ($null -eq $installerUrl) { + throw "Could not find the URL for the latest Certbot for Windows installer." + } + + "Starting Certbot auto-upgrade from $currentVersion to $latestVersion ..." + + $installerPath = "$env:TMP/certbot-installer-win32.exe" + try { + # Download the installer + "Downloading the installer ..." + $webClient = New-Object System.Net.WebClient + $webClient.DownloadFile($installerUrl, $installerPath) + + # Check installer has a valid signature from the Certbot release team + $signature = Get-AuthenticodeSignature $installerPath + + # Uncomment the following lines of code once the Certbot installer is correctly signed. + # if ($signature.Status -ne 'Valid') { + # throw "Downloaded installer has no or invalid Authenticode signature." + # } + # if ($signature.SignerCertificate.Thumbprint -ne $installerAuthenticodeCertificateThumbprint) { + # throw "Downloaded installer has not been signed by Certbot development team." + # } + + # Install new version of Certbot + "Running the installer ..." + Start-Process -FilePath $installerPath -ArgumentList "/S /D=$InstallDir" + + "Certbot $latestVersion is installed." + } finally { + Remove-Item $installerPath -ErrorAction 'Ignore' } } - - if ($null -eq $installerUrl) { - throw "Could not find the URL for the latest Certbot for Windows installer." - } - - "Starting Certbot auto-upgrade from $currentVersion to $latestVersion ..." - - $installerPath = "$env:TMP/certbot-installer-win32.exe" - try { - # Download the installer - "Downloading the installer ..." - $webClient = New-Object System.Net.WebClient - $webClient.DownloadFile($installerUrl, $installerPath) - - # Check installer has a valid signature from the Certbot release team - $signature = Get-AuthenticodeSignature $installerPath - - # Uncomment the following lines of code once the Certbot installer is correctly signed. -# if ($signature.Status -ne 'Valid') { -# throw "Downloaded installer has no or invalid Authenticode signature." -# } -# if ($signature.SignerCertificate.Thumbprint -ne $installerAuthenticodeCertificateThumbprint) { -# throw "Downloaded installer has not been signed by Certbot development team." -# } - - # Install new version of Certbot - "Running the installer ..." - Start-Process -FilePath $installerPath -ArgumentList "/S /D=$InstallDir" - - "Certbot $latestVersion is installed." - } finally { - Remove-Item $installerPath -ErrorAction 'Ignore' - } } +end {}