Enable signing check. Fix logs.

certbot-ci/windows_installer_integration_tests/test_main.py

@@ -142,7 +142,7 @@ def test_base(installer):
     This test checks that the Certbot installer installs correctly Certbot, including a fully
     functional automated renewal mechanism through a Windows scheduled task.
     """
-    _assert_certbot_is_broken()
+    _assert_certbot_is_missing()
 
     # Install certbot
     subprocess.check_output([installer, '/S'])
@@ -183,7 +183,7 @@ def test_upgrade(upgrade_env):
 
     # Break Certbot on purpose
     _ps('Remove-Item "${env:ProgramFiles(x86)}\\Certbot\\bin\\certbot.exe" -Confirm:$false')
-    _assert_certbot_is_broken()
+    _assert_certbot_is_missing()
 
     # Trigger the renew + auto-upgrade task, expecting Certbot to be reinstalled and functional again.
     now = time.time()
@@ -193,7 +193,7 @@ def test_upgrade(upgrade_env):
     subprocess.check_output(['certbot', '--version'])
 
 
-def _assert_certbot_is_broken():
+def _assert_certbot_is_missing():
     try:
         subprocess.check_output(['certbot', '--version'])
     except (subprocess.CalledProcessError, OSError):

windows-installer/auto-update.ps1

@@ -2,15 +2,15 @@
 param()
 begin {}
 process {
-    New-EventLog -Source "auto-update.ps1" -LogName "CertbotAutoUpdate" -ErrorAction SilentlyContinue
+    New-EventLog -Source "certbot/auto-update.ps1" -LogName "CertbotAutoUpdate" -ErrorAction SilentlyContinue
 
     function Write-Message($message, $level = "Information") {
-        Write-EventLog -Source "auto-update.ps1" -LogName "CertbotAutoUpdate" -EventID 1 -EntryType $level -Message $message
+        Write-EventLog -Source "certbot/auto-update.ps1" -LogName "CertbotAutoUpdate" -EventID 1 -EntryType $level -Message $message
         Write-Host $message
     }
 
     function Write-Error($message) {
-        Write-EventLog -Source "auto-update.ps1" -LogName "CertbotAutoUpdate" -EventID 1 -EntryType Error -Message $message
+        Write-EventLog -Source "certbot/auto-update.ps1" -LogName "CertbotAutoUpdate" -EventID 1 -EntryType Error -Message $message
         throw $message
     }
 
@@ -97,17 +97,16 @@ Aborting auto-upgrade process.
             # Check installer has a valid signature from the Certbot release team
             $signature = Get-AuthenticodeSignature $installerPath
 
-#            # Uncomment the following lines of code once the Certbot installer is correctly signed.
-#            if ($signature.Status -ne 'Valid') {
-#                throw "Downloaded installer has no or invalid Authenticode signature."
-#            }
-#            $publicKey = $certbotSigningPubKey -replace '-+.*-+' -replace "`n" -replace "`r"
-#            $refBinaryPublicKey = [System.Convert]::FromBase64String($publicKey)
-#            $curBinaryPublicKey = $signature.SignerCertificate.PublicKey.EncodedKeyValue.RawData
-#            $diff = Compare-Object -ReferenceObject $refBinaryPublicKey -DifferenceObject $curBinaryPublicKey
-#            if ($diff) {
-#                throw "Downloaded installer has not been signed by Certbot development team."
-#            }
+            if ($signature.Status -ne 'Valid') {
+                throw "Downloaded installer has no or invalid Authenticode signature."
+            }
+            $publicKey = $certbotSigningPubKey -replace '-+.*-+' -replace "`n" -replace "`r"
+            $refBinaryPublicKey = [System.Convert]::FromBase64String($publicKey)
+            $curBinaryPublicKey = $signature.SignerCertificate.PublicKey.EncodedKeyValue.RawData
+            $diff = Compare-Object -ReferenceObject $refBinaryPublicKey -DifferenceObject $curBinaryPublicKey
+            if ($diff) {
+                throw "Downloaded installer has not been signed by Certbot development team."
+            }
 
             if (Test-Path $installDir\uninstall.exe) {
                 # Uninstall old Certbot first