diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 0000000..839da39 --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,30 @@ +# Changelog + +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic +Versioning](https://semver.org/spec/v2.0.0.html). + +Unreleased changes should be tracked under the anticipated version header, with +a date of UNRELEASED (e.g. `[1.2.0] - UNRELEASED`). This will allow the release +action to catch the correct changelog section even if the release date hasn't +been set yet. + +## [1.1.0] - 2025-08-11 + +### Fixed +- run-elevated-first.bat more reliable by adding '-ExecutionPolicy Bypass' + +### Changed +- Removed ability to use tls_bundle, instead conda is setup to use the system +truststore. This is generally prefferd. + +- Latest versions of National Instruments pkgs in Setup-NationalInstruments.ps1 + +- versioning scheme: 1 version for project instead of individual versions for +each script + +## [1.0.0] - 2025-01-06 +### initial release + diff --git a/README.md b/README.md index 64e9c4c..152b1e8 100644 --- a/README.md +++ b/README.md @@ -74,8 +74,6 @@ applications: ********************************************** ********************************************** -----END OPENSSH PRIVATE KEY----- -# optional, needed for HTTPS inspection compatability (usually corporate environments) -tls_bundle: "https://raw.githubusercontent.com///main/tls-ca-bundle.txt" ``` 4. upload 3 files somewhere your users can access diff --git a/gitpyup/Deploy-gitpyup.ps1 b/gitpyup/Deploy-gitpyup.ps1 index 425c745..b18895e 100644 --- a/gitpyup/Deploy-gitpyup.ps1 +++ b/gitpyup/Deploy-gitpyup.ps1 @@ -14,7 +14,8 @@ param( ) # variables -$scriptVersion = "v1" + +$version = "1.1.0" $gpun = "gitpyup" $installConfigFile = "installConfig.yaml" @@ -194,7 +195,7 @@ function Write-LogOrHost { } } -Write-LogOrHost "Hi you are running Deploy-gitpyup version: $scriptVersion" +Write-LogOrHost "Hi you are running Deploy-gitpyup version: $version" if ($DebugMode) { Write-LogOrHost "Debug mode is enabled" $Env:GITPYUP_DEPLOY_DEBUG = $true @@ -625,7 +626,6 @@ if ($installConfigPathObject.Exists) { $toAdd = @() # initialize shortcuts to add array $appNames = @() # used to check for duplicate $appConfigs = @() # used to accumulate all the configs -$tlsBundleURL = $null # used to store the tls bundle path # load the yml files foreach ($file in $yamlFiles) { @@ -634,11 +634,6 @@ foreach ($file in $yamlFiles) { $configRoot = ConvertFrom-Yaml $fileContent $apps = $configRoot.applications - # update tls-bundle URL if it exists and is not already set - if (($null -eq $tlsBundleURL) -and $configRoot.ContainsKey("tls_bundle")) { - $tlsBundleURL = $configRoot.tls_bundle - } - # loop through each application foreach ($application in $apps) { $name = $application.name @@ -730,7 +725,6 @@ $installConfig = @{ "applications" = $appConfigs "created_shortcuts" = $toAdd "install" = $install - "tls_bundle" = $tlsBundleURL } # save the config to a file @@ -759,7 +753,6 @@ if ($Install.type -eq "AllUsers") { ) } -$Env:GITPYUP_BUNDLE_URL = $tlsBundleURL $Env:GITPYUP_INSTALL_PARENT = Split-Path -Path $install.path -Parent $confirm = "" diff --git a/gitpyup/Setup-Application.ps1 b/gitpyup/Setup-Application.ps1 index 790b31d..954695c 100644 --- a/gitpyup/Setup-Application.ps1 +++ b/gitpyup/Setup-Application.ps1 @@ -15,8 +15,6 @@ param( . "./Utility-Functions.ps1" Start-Logging -Write-Log "Setup-Application v1" - if ($Name) { $appName = $Name } else { diff --git a/gitpyup/Setup-NationalInstruments.ps1 b/gitpyup/Setup-NationalInstruments.ps1 index 96c01b7..6872ed1 100644 --- a/gitpyup/Setup-NationalInstruments.ps1 +++ b/gitpyup/Setup-NationalInstruments.ps1 @@ -22,17 +22,15 @@ function Write-LogOrHost { } } -Write-LogOrHost "Setup-NationalInstruments v1" - $ProgressPreference = 'SilentlyContinue' # speeds up Invoke-WebRequest $nipm = "$Env:Programfiles\National Instruments\NI Package Manager\nipkg.exe" +$ni4882Version = "25.0.0" +$visaVersion = "25.3.0" $pkg_root = "https://download.ni.com/support/nipkg/products" -$ni4882Version = "23.5" -$visaVersion = "24.0" -# array to configure packages +# array to loop packages $packages = @( [pscustomobject]@{ installID = "ni-488.2"; @@ -48,7 +46,7 @@ $packages = @( if (!(Test-Path $nipm)) { Write-LogOrHost "NI package manager not installed, downloading..." # Download NIPM. The URL can be passed as an argument. - $nipmUrl ="https://download.ni.com/support/nipkg/products/ni-package-manager/installers/NIPackageManager24.3.0.exe" + $nipmUrl = "https://download.ni.com/support/nipkg/products/ni-package-manager/installers/NIPackageManager25.5.0.exe" powershell.exe -Command ` $ErrorActionPreference = 'Stop'; ` Invoke-WebRequest -Uri $nipmUrl -OutFile NIPM_installer.exe ; ` diff --git a/gitpyup/Setup-Python.ps1 b/gitpyup/Setup-Python.ps1 index 887ab91..2300b09 100644 --- a/gitpyup/Setup-Python.ps1 +++ b/gitpyup/Setup-Python.ps1 @@ -1,6 +1,6 @@ <# Copyright (c) 2024 3M Company -This script installs Miniforge3 for the 3M corporate environment. +This script installs Miniforge3. It can be run as part of gitpyup for now. #> @@ -8,9 +8,7 @@ It can be run as part of gitpyup for now. . "./Utility-Functions.ps1" Start-Logging -Write-Log "Setup-Python v1" - -# check if admin and warn +# check if admin and exit if true $currentPrincipal = New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent()) $RunningAsAdmin = $currentPrincipal.IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator) if ($RunningAsAdmin) { @@ -18,6 +16,7 @@ if ($RunningAsAdmin) { Remove-Item -Force "$Env:TEMP\gitpyup-as-admin" } else { Write-Log "Please run this script as a regular user" + Wait-Logging Read-Host -Prompt "Press enter key to exit" | Out-Null exit } @@ -78,12 +77,29 @@ $MiniforgeInstall = { Write-Log "...Miniforge folder removed" } - Write-Log "Miniforge not installed, downloading..." - $Link = "https://github.com/conda-forge/miniforge/releases/latest/download/Miniforge3-Windows-x86_64.exe" - Invoke-WebRequest $Link -OutFile "$env:UserProfile\Downloads\Miniforge3-Windows-x86_64.exe" + # check current folder for Miniforge exe + $InstallerName = "Miniforge3-Windows-x86_64.exe" + $DownloadLocation = "$env:UserProfile\Downloads\$InstallerName" + + if (Test-Path $InstallerName) { + Write-Log "Miniforge already downloaded" + $Installer = "$PWD\$InstallerName" + } else { + if (Test-Path $DownloadLocation) { + Write-Log "Miniforge already downloaded" + } else { + Write-Log "Miniforge downloading..." + $Link = "https://github.com/conda-forge/miniforge/releases/latest/download/$InstallerName" + Invoke-WebRequest $Link -OutFile $DownloadLocation Write-Log "...Miniforge downloaded" + } + $Installer = $DownloadLocation + } + + # unblock the installer + Unblock-File $Installer + Write-Log "Installing Miniforge..." - $Installer = "$env:UserProfile\Downloads\Miniforge3-Windows-x86_64.exe" $ArgumentList = "/InstallationType=JustMe /RegisterPython=1 /AddToPath=0 /S /D=$MiniforgeInstallPath" $Proc = Start-Process $Installer -Wait -ArgumentList $ArgumentList -PassThru if ($Proc.ExitCode -ne 0) { @@ -100,16 +116,30 @@ $MiniforgeInstall = { $Proc = Start-Process @Conda -ArgumentList init Write-Log "...Miniforge initialized" } +$MiniforgeInstallArgs = $MiniforgeInstallPath, $InstallType, $Conda +$MiniforgeInstallEncoded, $MiniforgeInstallArgsEncoded = ConvertTo-Base64String $MiniforgeInstall $MiniforgeInstallArgs # Check if miniforge's conda.bat runs -$CondaVersion = conda --version -if (!($CondaVersion)) { +$CondaVersion = Get-StandardOutput -Command "conda --version" +if ($CondaVersion | Select-String -Pattern "CommandNotFoundException") { + if ($InstallType -eq "AllUsers") { + # Start-Process -FilePath "powershell" -Verb RunAs -Wait -ArgumentList ( + Start-Process -FilePath "powershell" -Wait -NoNewWindow -ArgumentList ( + "-EncodedCommand $MiniforgeInstallEncoded", + "-EncodedArguments $MiniforgeInstallArgsEncoded" + ) + } else { & $MiniforgeInstall $MiniforgeInstallPath $InstallType $Conda + } } else { Write-Log "Miniforge3 already available" Write-Log "version: $CondaVersion" } +# need to update to recent conda version for truststore support +Write-Log "updating conda base env..." +$Proc = Start-Process @Conda -ArgumentList "update -n base -c conda-forge conda -y" + $EnvSetupScript = { param( [string]$EnvName, @@ -124,90 +154,29 @@ $EnvSetupScript = { # this prevents a halts due to an interactive conda message about reporting errors conda config --set report_errors false - # this sections is needed if the device is subject to SSL inspection - # currently Minforge/conda does not have a way to use the system certs - # The bundle URL is set by an environment variable - if ($Env:GITPYUP_BUNDLE_URL) { - - # remove existing gitpyup-tls-ca-bundle.pem if it exists - $BundlePath = "$env:ProgramData\gitpyup-tls-ca-bundle.pem" - if (Test-Path $BundlePath) { - Remove-Item -Force $BundlePath - } - - # download the tls bundle - $URL = $Env:GITPYUP_BUNDLE_URL - Write-Log "downloading tls bundle from $URL" - Invoke-WebRequest $URL -OutFile $BundlePath - # are these redundant because setting the .condarc file? - conda config --set ssl_verify True - conda config --set ssl_verify $BundlePath - - # Check for existing conda environment - # TODO get any existing conda environment directories + # set conda to use the system truststore + conda config --set ssl_verify truststore - # configure path to save environments depending on installation type - if ($InstallType -eq "AllUsers") { - $EnvDir = "$env:ProgramData\.conda\envs" - } else { - $EnvDir = "$env:UserProfile\.conda\envs" - } - - # Create a .condarc file in the root dir of the MiniForge installation - $CondarcPath = "$MiniforgeInstallPath\.condarc" - $CondarcContent = + # Check for existing conda environment + # configure path to save environments depending on installation type + if ($InstallType -eq "AllUsers") { + $EnvDir = "$env:ProgramData\.conda\envs" + } else { + $EnvDir = "$env:UserProfile\.conda\envs" +} + # make sure the envs directory exists + New-Item -Path $EnvDir -ItemType Directory -Force + # Create a .condarc file in the root dir of the MiniForge installation + $CondarcPath = "$MiniforgeInstallPath\.condarc" + $CondarcContent = "channels: - conda-forge -ssl_verify: $BundlePath +ssl_verify: truststore envs_dirs: - $EnvDir " - Set-Content -Force -Path $CondarcPath -Value $CondarcContent + Set-Content -Force -Path $CondarcPath -Value $CondarcContent - } else { - Write-Log "No bundle URL provided" - } - - # function to check if pip has SSL errors, return true if error detected - function Test-PipTlsError { - # Define the command - $Command = "conda run -n $EnvName python -m pip install --dry-run tiny" - Write-Log "Running SSL test command: $Command" - # Create a temporary file for output - $TempFile = [System.IO.Path]::GetTempFileName() - # Execute the command and redirect output to the temporary file - Start-Process -FilePath "powershell.exe" -ArgumentList "-Command", $Command -RedirectStandardOutput $TempFile -NoNewWindow -Wait - # Read the output from the temporary file - $TlsTest = Get-Content -Path $TempFile - # Clean up the temporary file - Remove-Item -Path $TempFile - - # $TlsTest = conda run -n $EnvName python -m pip install --dry-run tiny - if ($TlsTest | Select-String -Pattern "SSL: CERTIFICATE_VERIFY_FAILED") { - Write-Log "pip SSL error detected" - return $true - } else { - Write-Log "pip SSL error not detected" - return $false - } - } - - # check if pip has SSL errors, install or uninstall pip-system-certs - if (Test-PipTlsError) { - # check if pip-system-certs is installed - if (!(conda run -n $EnvName python -m pip list | Select-String -Pattern pip-system-certs)) { - # patch pip and requests to use system certs - Write-Log "installing pip-system-certs..." - conda install -n $EnvName pip-system-certs -y - # conda run -n $EnvName python -m pip install --trusted-host pypi.org --trusted-host pypi.python.org --trusted-host files.pythonhosted.org pip-system-certs - } - - # check if pip still has SSL errors, set pip to use the tls-ca-bundle.pem - if (Test-PipTlsError) { - Write-Log "pip still has SSL errors, setting pip to use tls-ca-bundle.pem" - conda run -n $EnvName python -m pip config set global.cert $BundlePath - } - } # attempt to update conda base environment Write-Log "updating conda base env..." @@ -216,6 +185,7 @@ envs_dirs: # only wait if in debug mode if ($Env:GITPYUP_DEPLOY_DEBUG) { + Wait-Logging Read-Host -Prompt "Press enter key to exit" | Out-Null } } diff --git a/gitpyup/run-elevated-first.bat b/gitpyup/run-elevated-first.bat index a594359..8c09349 100644 --- a/gitpyup/run-elevated-first.bat +++ b/gitpyup/run-elevated-first.bat @@ -1,6 +1,6 @@ @echo off -echo run-elevated-v1 +echo run-elevated-v3 pushd %~dp0 @@ -23,9 +23,11 @@ if exist Deploy-gitpyup.ps1 goto check_Permissions ) :set_Policies_Unblock - echo Attempting to set execution policies and unblock Deploy-gitpyup.ps1... - powershell -Command "Set-ExecutionPolicy RemoteSigned -Scope CurrentUser -Force" - powershell -Command "Set-ExecutionPolicy RemoteSigned -Scope LocalMachine -Force" + echo Attempting to set execution policies and unblock deploy script... + powershell -ExecutionPolicy Bypass -Command "Set-ExecutionPolicy RemoteSigned -Scope CurrentUser -Force" + powershell -ExecutionPolicy Bypass -Command "Set-ExecutionPolicy RemoteSigned -Scope LocalMachine -Force" + echo There may be errors above. They can be ignored if 'CurrentUser' and 'LocalMachine' ExecutionPolicies are set to 'RemoteSigned' in the table below. + powershell -Command "Get-ExecutionPolicy -list" powershell -Command "Unblock-File Deploy-gitpyup.ps1" echo Next step: right click Deploy-gitpyup.ps1 and select 'Run with PowerShell'