Merge pull request #233 from chocolatey/RemoveChocolateyInstallScript

(#223) Removes Chocolatey Install Script from Repository
chocolatey · Mar 7, 2024 · 4cf5046 · 4cf5046
2 parents e91de35 + 5c7344f
commit 4cf5046
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 774 deletions.
diff --git a/Set-SslSecurity.ps1 b/Set-SslSecurity.ps1
@@ -77,8 +77,9 @@ process {
     Start-Transcript -Path "$env:SystemDrive\choco-setup\logs\Set-SslCertificate-$(Get-Date -Format 'yyyyMMdd-HHmmss').txt"
 
     # Dot-source helper functions
-    . .\scripts\Get-Helpers.ps1
-    #Collect current certificate configuration
+    $ScriptDir = Join-Path $PSScriptRoot "scripts"
+    . $ScriptDir\Get-Helpers.ps1
+    # Collect current certificate configuration
     $Certificate = if ($Subject) {
         Get-Certificate -Subject $Subject
     }
@@ -138,14 +139,6 @@ process {
     # Connect to Nexus
     Connect-NexusServer -Hostname $SubjectWithoutCn -Credential $Credential -UseSSL
 
-    # Add updated scripts to raw repo in Nexus
-
-    # Push ChocolateyInstall.ps1 to raw repo
-    $ScriptDir = "$env:SystemDrive\choco-setup\files\scripts"
-    $ChocoInstallScript = "$ScriptDir\ChocolateyInstall.ps1"
-    (Get-Content -Path $ChocoInstallScript) -replace "{{hostname}}", $SubjectWithoutCn | Set-Content -Path $ChocoInstallScript
-    New-NexusRawComponent -RepositoryName 'choco-install' -File "$ChocoInstallScript"
-
     # Push ClientSetup.ps1 to raw repo
     $ClientScript = "$ScriptDir\ClientSetup.ps1"
     (Get-Content -Path $ClientScript) -replace "{{hostname}}", $SubjectWithoutCn | Set-Content -Path $ClientScript
@@ -288,7 +281,7 @@ process {
 
         $ScriptBlock | Set-Content -Path $EndpointScript
 
-        #Agent Setup
+        # Agent Setup
         $agentArgs = @{
             CentralManagementServiceUrl = "https://$($SubjectWithoutCn):24020/ChocolateyManagementService"
             ServiceSalt = $ServiceSaltValue
@@ -300,14 +293,14 @@ process {
 
     else {
 
-         #Agent Setup
+         # Agent Setup
          $agentArgs = @{
             CentralManagementServiceUrl = "https://$($SubjectWithoutCn):24020/ChocolateyManagementService"
         }
 
         Install-ChocolateyAgent @agentArgs
 
-        #Register endpoint script
+        # Register endpoint script
         (Get-Content -Path $EndpointScript) -replace "{{hostname}}", "'$SubjectWithoutCn'" | Set-Content -Path $EndpointScript
         if ($IsSelfSigned) {
             $ScriptBlock = @"

diff --git a/Start-C4bNexusSetup.ps1 b/Start-C4bNexusSetup.ps1
@@ -71,6 +71,22 @@ process {
     # Temporary workaround to reset the NuGet v3 cache, such that it doesn't capture localhost as the FQDN
     Remove-NexusRepositoryFolder -RepositoryName ChocolateyInternal -Name v3
 
+    # Push latest ChocolateyInstall.ps1 to raw repo
+    $ScriptDir = "$env:SystemDrive\choco-setup\files\scripts"
+    $ChocoInstallScript = "$ScriptDir\ChocolateyInstall.ps1"
+
+    if (-not (Test-Path $ChocoInstallScript)) {
+        Invoke-WebRequest -Uri 'https://chocolatey.org/install.ps1' -OutFile $ChocoInstallScript
+    }
+
+    $Signature = Get-AuthenticodeSignature -FilePath $ChocoInstallScript
+
+    if ($Signature.Status -eq 'Valid' -and $Signature.SignerCertificate.Subject -eq 'CN="Chocolatey Software, Inc.", O="Chocolatey Software, Inc.", L=Topeka, S=Kansas, C=US') {
+        New-NexusRawComponent -RepositoryName 'choco-install' -File $ChocoInstallScript
+    } else {
+        Write-Error "ChocolateyInstall.ps1 script signature is not valid. Please investigate."
+    }
+
     # Add ChocolateyInternal as a source repository
     choco source add -n 'ChocolateyInternal' -s "$((Get-NexusRepository -Name 'ChocolateyInternal').url)/index.json" --priority 1