Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cannot install chocolatey - chocolateyInstall.ps1 is not digitally signed #141

Open
5 tasks done
opoplawski opened this issue Dec 12, 2023 · 3 comments · May be fixed by #142 or #161
Open
5 tasks done

Cannot install chocolatey - chocolateyInstall.ps1 is not digitally signed #141

opoplawski opened this issue Dec 12, 2023 · 3 comments · May be fixed by #142 or #161
Labels
0 - Waiting on User Insufficient information for issue or PR, issue may be closed if no response from user Bug Issues where something has happened which was not expected or intended Pending Closure This issue has been marked as having no response or is stale and will soon be closed.

Comments

@opoplawski
Copy link

Checklist

  • I have verified this is the correct repository for opening this issue.
  • I have verified no other issues exist related to my problem.
  • I have verified this is not an issue for a specific package.
  • I have verified this issue is not security related.
  • I confirm I am using official, and not unofficial, or modified, Chocolatey products.

What You Are Seeing?

Trying to do an initial chocolatey install on a Windows 11 Enterprise machine I get:

fatal: [HOSTNAME]: FAILED! => {
    "changed": false,
    "command": "",
    "invocation": {
        "module_args": {
            "allow_empty_checksums": false,
            "allow_multiple": false,
            "allow_prerelease": false,
            "architecture": "default",
            "bootstrap_script": null,
            "bootstrap_tls_version": [
                "tls12",
                "tls13"
            ],
            "checksum": null,
            "checksum64": null,
            "checksum_type": null,
            "checksum_type64": null,
            "choco_args": null,
            "force": false,
            "ignore_checksums": false,
            "ignore_dependencies": false,
            "install_args": null,
            "name": [
                "chocolatey"
            ],
            "override_args": false,
            "package_params": null,
            "pinned": null,
            "proxy_password": null,
            "proxy_url": null,
            "proxy_username": null,
            "remove_dependencies": false,
            "skip_scripts": false,
            "source": null,
            "source_password": null,
            "source_username": null,
            "state": "latest",
            "timeout": 2700,
            "validate_certs": true,
            "version": null
        }
    },
    "msg": "Chocolatey bootstrap installation failed.",
    "rc": 1,
    "stderr": "& : File \r\nC:\\Users\\USER\\AppData\\Local\\Temp\\ansible-tmp-1702336268.5886993-69281-230291664240022\\chocolateyInstall.ps1 \r\ncannot be loaded. The file \r\nC:\\Users\\USER\\AppData\\Local\\Temp\\ansible-tmp-1702336268.5886993-69281-230291664240022\\chocolateyInstall.ps1 is \r\nnot digitally signed. You cannot run this script on the current system. For more information about running scripts and \r\nsetting execution policy, see about_Execution_Policies at https:/go.microsoft.com/fwlink/?LinkID=135170.\r\nAt line:1 char:3\r\n+ & \"C:\\Users\\USER\\AppData\\Local\\Temp\\ansible-tmp-1702336268.588 ...\r\n+   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n    + CategoryInfo          : SecurityError: (:) [], PSSecurityException\r\n    + FullyQualifiedErrorId : UnauthorizedAccess\r\n",
    "stderr_lines": [
        "& : File ",
        "C:\\Users\\USER\\AppData\\Local\\Temp\\ansible-tmp-1702336268.5886993-69281-230291664240022\\chocolateyInstall.ps1 ",
        "cannot be loaded. The file ",
        "C:\\Users\\USER\\AppData\\Local\\Temp\\ansible-tmp-1702336268.5886993-69281-230291664240022\\chocolateyInstall.ps1 is ",
        "not digitally signed. You cannot run this script on the current system. For more information about running scripts and ",
        "setting execution policy, see about_Execution_Policies at https:/go.microsoft.com/fwlink/?LinkID=135170.",
        "At line:1 char:3",
        "+ & \"C:\\Users\\USER\\AppData\\Local\\Temp\\ansible-tmp-1702336268.588 ...",
        "+   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~",
        "    + CategoryInfo          : SecurityError: (:) [], PSSecurityException",
        "    + FullyQualifiedErrorId : UnauthorizedAccess"
    ],
    "stdout": "",
    "stdout_lines": []
}

What is Expected?

Chocolatey is installed

How Did You Get This To Happen?

- hosts: windows
  gather_facts: false
  tasks:
    - name: "Install chocolatey"
      win_chocolatey:
        name:
          - chocolatey
        state: latest

System Details

  • Operating System: 10.0.22621.0
  • Windows PowerShell version: 5.1.22621.2506
  • Chocolatey CLI Version: 2.2.2
  • Chocolatey Licensed Extension version:
  • Chocolatey License type:
  • Terminal/Emulator:

Installed Packages

N/A

Output Log

N/A

Additional Context

I can fix the signing issue by adding -NoNewline to the Set-Content call. But then I get:

    "stderr": "& : AuthorizationManager check failed.\r\nAt line:1 char:3\r\n+ & \"C:\\Users\\USER\\AppData\\Local\\Temp\\ansible-moduletmp-13346812 ...\r\n+   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n    + CategoryInfo          : SecurityError: (:) [], PSSecurityException\r\n    + FullyQualifiedErrorId : UnauthorizedAccess\r\n",
    "stderr_lines": [
        "& : AuthorizationManager check failed.",
        "At line:1 char:3",
        "+ & \"C:\\Users\\USER\\AppData\\Local\\Temp\\ansible-moduletmp-13346812 ...",
        "+   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~",
        "    + CategoryInfo          : SecurityError: (:) [], PSSecurityException",
        "    + FullyQualifiedErrorId : UnauthorizedAccess"
    ],
@opoplawski opoplawski added the Bug Issues where something has happened which was not expected or intended label Dec 12, 2023
@opoplawski opoplawski linked a pull request Dec 12, 2023 that will close this issue
Open
9 tasks
@vexx32
Copy link
Member

vexx32 commented Jun 13, 2024

@opoplawski looking into the latter error it sounds like we might also need to run Unblock-File on the script? https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0713009

Although I had thought that this wasn't something that would normally happen for files created in this manner 🤔

@vexx32 vexx32 added the 0 - _Triaging Issue is accepted, but a milestone has yet to be added for the issue label Jun 13, 2024
vexx32 added a commit to vexx32/chocolatey-ansible that referenced this issue Sep 25, 2024
@vexx32
(chocolatey#141) Ensure the bootstrapping script is written as-is
407ab9e 
Set-Content can cause a trailing newline to be added,
which will break the signature if the script is signed.
vexx32 added a commit to vexx32/chocolatey-ansible that referenced this issue Sep 25, 2024
@vexx32
(chocolatey#141) Try running scripts in RemoteSigned mode
6fa4429 
Trying out running tests in RemoteSigned mode,
to see if things work as expected there.
@vexx32 vexx32 linked a pull request Sep 25, 2024 that will close this issue
Draft
10 tasks
vexx32 added a commit to vexx32/chocolatey-ansible that referenced this issue Sep 26, 2024
@vexx32
(chocolatey#141) Try running scripts in RemoteSigned mode
a811584 
Trying out running tests in RemoteSigned mode,
to see if things work as expected there.
@vexx32
Copy link
Member

vexx32 commented Sep 26, 2024

@opoplawski Can you try the branch from #161 to see if that helps any for the issue you're seeing?

More information about the client machine would be useful, too; this isn't a signing issue exactly, Ansible automatically runs scripts with the execution policy set to Unrestricted, this is something else. The error reminds me a bit of perhaps AppLocker or something of that nature, perhaps?

@vexx32 vexx32 added 0 - Waiting on User Insufficient information for issue or PR, issue may be closed if no response from user and removed 0 - _Triaging Issue is accepted, but a milestone has yet to be added for the issue labels Sep 26, 2024
@github-actions GitHub Actions
Copy link

Is this still relevant? If so, what is blocking it? Is there anything you can do to help move it forward?
This issue will be closed in 14 days if it continues to be inactive.

@github-actions github-actions bot added the Pending Closure This issue has been marked as having no response or is stale and will soon be closed. label Oct 27, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
0 - Waiting on User Insufficient information for issue or PR, issue may be closed if no response from user Bug Issues where something has happened which was not expected or intended Pending Closure This issue has been marked as having no response or is stale and will soon be closed.
Projects
None yet
Milestone
No milestone
2 participants
@opoplawski @vexx32