PS7 bug + 2 more (#3386)

Fixes #3376
Fixes #3379

Check-BcContainerHelperPermissions didn't work on PS7
Issue #3379 Adding -installCertificateOnHost to New-BcContainer didn't
work when running PS7 (silently failed)
Issue #3376 Regression - Download-Artifacts stopped downloading
pre-requisites

---------

Co-authored-by: freddydk <[email protected]>

Author: freddydk

Artifacts/Download-Artifacts.ps1

@@ -242,7 +242,6 @@ try {
                     Write-Host "Downloading platform artifact $($platformUri.AbsolutePath)"
                     TestSasToken -url $platformUrl
                     $downloadprereqs = DownLoadPackage -ArtifactUrl $platformUrl -DestinationPath $platformArtifactPath -timeout $timeout
-                    $downloadprereqs = $false
                     if ($downloadprereqs) {
                         $prerequisiteComponentsFile = Join-Path $platformArtifactPath "Prerequisite Components.json"
                         if (Test-Path $prerequisiteComponentsFile) {

BcContainerHelper.psm1

@@ -18,10 +18,10 @@ if ($isMacOS) {
     throw "BcContainerHelper isn't supported on MacOS"
 }
 elseif ($isLinux) {
-    Write-Host "Running on Linux"
+    Write-Host "Running on Linux, PowerShell $($PSVersionTable.PSVersion)"
 }
 elseif ($isPsCore) {
-    Write-Host "Running on PowerShell 7"
+    Write-Host "Running on Windows, PowerShell $($PSVersionTable.PSVersion)"
 }
 
 if ($useVolumes -or $isInsideContainer) {

Check-BcContainerHelperPermissions.ps1

@@ -29,6 +29,19 @@ function Check-BcContainerHelperPermissions {
     )
 
     if (!$isAdministrator -or $Fix) {
+
+        $startProcessParams = @{
+            "Verb" = "RunAs"
+            "Wait" = $true
+            "WindowStyle" = "Hidden"
+            "PassThru" = $true
+        }
+        if ($isPsCore) {
+            $startProcessParams += @{ "FilePath" = "pwsh" }
+        }
+        else {
+            $startProcessParams += @{ "FilePath" = "powershell" }
+        }
         if (!$silent) {
             if ($isAdministrator) {
                 Write-Host "Running as administrator"
@@ -58,15 +71,15 @@ function Check-BcContainerHelperPermissions {
                     Param($myUsername, $hostHelperFolder)
                     try {
                         $rule = New-Object System.Security.AccessControl.FileSystemAccessRule($myUsername,'FullControl', 3, 'InheritOnly', 'Allow')
-                        $acl = [System.IO.Directory]::GetAccessControl($hostHelperFolder)
+                        $acl = Get-Acl -Path $hostHelperFolder
                         $acl.AddAccessRule($rule)
-                        [System.IO.Directory]::SetAccessControl($hostHelperFolder,$acl) 
+                        Set-Acl -Path $hostHelperFolder -AclObject $acl
                         EXIT 0
                     } catch {
                         EXIT 1
                     }
                 }
-                $exitCode = (Start-Process powershell -ArgumentList "-command & {$scriptblock} -myUsername '$myUsername' -hostHelperFolder '$($bcContainerHelperConfig.hostHelperFolder)'" -Verb RunAs -wait -WindowStyle Hidden -PassThru).ExitCode
+                $exitCode = (Start-Process @startProcessParams -ArgumentList "-command & {$scriptblock} -myUsername '$myUsername' -hostHelperFolder '$($bcContainerHelperConfig.hostHelperFolder)'").ExitCode
                 if ($exitcode -eq 0) {
                     Write-Host -ForegroundColor Green "Permissions successfully added"
                 } else {
@@ -98,15 +111,15 @@ function Check-BcContainerHelperPermissions {
                         Param($myUsername, $hostsFile)
                         try {
                             $rule = New-Object System.Security.AccessControl.FileSystemAccessRule($myUsername,'Modify', 'Allow')
-                            $acl = [System.IO.Directory]::GetAccessControl($hostsFile)
+                            $acl = Get-Acl -Path $hostsFile
                             $acl.AddAccessRule($rule)
-                            [System.IO.Directory]::SetAccessControl($hostsFile,$acl) 
+                            Set-Acl -Path $hostsFile -AclObject $acl
                             EXIT 0
                         } catch {
                             EXIT 1
                         }
                     }
-                    $exitcode = (Start-Process powershell -ArgumentList "-command & {$scriptblock} -myUsername '$myUsername' -hostsFile '$hostsFile'" -Verb RunAs -wait -PassThru -WindowStyle Hidden).ExitCode
+                    $exitcode = (Start-Process @startProcessParams -ArgumentList "-command & {$scriptblock} -myUsername '$myUsername' -hostsFile '$hostsFile'").ExitCode
                     if ($exitcode -eq 0) {
                         Write-Host -ForegroundColor Green "Permissions successfully added"
                     } else {
@@ -166,16 +179,16 @@ function Check-BcContainerHelperPermissions {
                         Param($myUsername, $npipe)
                         try {
                             $rule = New-Object System.Security.AccessControl.FileSystemAccessRule($myUsername,'FullControl', 'Allow')
-                            $acl = [System.IO.Directory]::GetAccessControl($npipe)
+                            $acl = Get-Acl -Path $npipe
                             $acl.AddAccessRule($rule)
-                            [System.IO.Directory]::SetAccessControl($npipe,$acl) 
+                            Set-Acl -Path $npipe -AclObject $acl
                             exit 0
                         } catch {
                             exit 1
                         }
                     }
 
-                    $exitcode = (Start-Process powershell -ArgumentList "-command & {$scriptblock} -myUsername '$myUsername' -npipe '$npipe'" -Verb RunAs -wait -PassThru).ExitCode
+                    $exitcode = (Start-Process @startProcessParams -ArgumentList "-command & {$scriptblock} -myUsername '$myUsername' -npipe '$npipe'").ExitCode
                     if ($exitcode -eq 0) {
                         Write-Host -ForegroundColor Green "Permissions successfully added"
                     } else {

ContainerHandling/Get-BestGenericImageName.ps1

@@ -45,163 +45,26 @@ try {
         $genericImageNameSetting
     }
     else {
-        $imagetags = Get-BcContainerImageTags -imageName $repo
-        $versions = @()
-        if ($imagetags) {
-            $ver = [Version]"0.0.0.0"
-            $versions = $imagetags.tags | Where-Object { $_ -like $tag -and [System.Version]::TryParse($_.SubString($tag.indexOf('*'), $_.length-$tag.length+1), [ref]$ver) } | % { [System.Version]($_.SubString($tag.indexOf('*'), $_.length-$tag.length+1)) }
-        }
-        if (-not $versions) {
-            # ImageTags not yet updated - use hardcoded list
-            $versions = @(
-                "10.0.14393.2906"
-                "10.0.14393.2972"
-                "10.0.14393.3025"
-                "10.0.14393.3085"
-                "10.0.14393.3144"
-                "10.0.14393.3204"
-                "10.0.14393.3326"
-                "10.0.14393.3384"
-                "10.0.14393.3443"
-                "10.0.14393.3630"
-                "10.0.14393.3750"
-                "10.0.14393.3808"
-                "10.0.14393.3866"
-                "10.0.14393.3930"
-                "10.0.14393.3986"
-                "10.0.14393.4046"
-                "10.0.14393.4104"
-                "10.0.14393.4169"
-                "10.0.14393.4225"
-                "10.0.14393.4283"
-                "10.0.14393.4350"
-                "10.0.14393.4402"
-                "10.0.14393.4467"
-                "10.0.14393.4470"
-                "10.0.14393.4530"
-                "10.0.14393.4583"
-                "10.0.14393.4651"
-                "10.0.14393.4704"
-                "10.0.14393.4770"
-                "10.0.14393.4825"
-                "10.0.14393.4886"
-                "10.0.14393.4946"
-                "10.0.17134.1006"
-                "10.0.17134.1130"
-                "10.0.17134.706"
-                "10.0.17134.766"
-                "10.0.17134.829"
-                "10.0.17134.885"
-                "10.0.17134.950"
-                "10.0.17763.1158"
-                "10.0.17763.1282"
-                "10.0.17763.1339"
-                "10.0.17763.1397"
-                "10.0.17763.1457"
-                "10.0.17763.1518"
-                "10.0.17763.1577"
-                "10.0.17763.1637"
-                "10.0.17763.1697"
-                "10.0.17763.1757"
-                "10.0.17763.1817"
-                "10.0.17763.1879"
-                "10.0.17763.1935"
-                "10.0.17763.1999"
-                "10.0.17763.2029"
-                "10.0.17763.2061"
-                "10.0.17763.2114"
-                "10.0.17763.2183"
-                "10.0.17763.2237"
-                "10.0.17763.2300"
-                "10.0.17763.2366"
-                "10.0.17763.2452"
-                "10.0.17763.2565"
-                "10.0.17763.437"
-                "10.0.17763.504"
-                "10.0.17763.557"
-                "10.0.17763.615"
-                "10.0.17763.678"
-                "10.0.17763.737"
-                "10.0.17763.864"
-                "10.0.17763.914"
-                "10.0.17763.973"
-                "10.0.18362.1016"
-                "10.0.18362.1082"
-                "10.0.18362.1139"
-                "10.0.18362.116"
-                "10.0.18362.1198"
-                "10.0.18362.175"
-                "10.0.18362.239"
-                "10.0.18362.295"
-                "10.0.18362.356"
-                "10.0.18362.476"
-                "10.0.18362.535"
-                "10.0.18362.592"
-                "10.0.18362.658"
-                "10.0.18362.778"
-                "10.0.18362.900"
-                "10.0.18362.959"
-                "10.0.18363.1016"
-                "10.0.18363.1082"
-                "10.0.18363.1139"
-                "10.0.18363.1198"
-                "10.0.18363.1256"
-                "10.0.18363.1377"
-                "10.0.18363.1440"
-                "10.0.18363.1500"
-                "10.0.18363.1556"
-                "10.0.18363.476"
-                "10.0.18363.535"
-                "10.0.18363.592"
-                "10.0.18363.658"
-                "10.0.18363.778"
-                "10.0.18363.900"
-                "10.0.18363.959"
-                "10.0.19041.1052"
-                "10.0.19041.1083"
-                "10.0.19041.1110"
-                "10.0.19041.1165"
-                "10.0.19041.1237"
-                "10.0.19041.1288"
-                "10.0.19041.1348"
-                "10.0.19041.1415"
-                "10.0.19041.329"
-                "10.0.19041.388"
-                "10.0.19041.450"
-                "10.0.19041.508"
-                "10.0.19041.572"
-                "10.0.19041.630"
-                "10.0.19041.685"
-                "10.0.19041.746"
-                "10.0.19041.804"
-                "10.0.19041.867"
-                "10.0.19041.928"
-                "10.0.19041.985"
-                "10.0.19042.1052"
-                "10.0.19042.1083"
-                "10.0.19042.1110"
-                "10.0.19042.1165"
-                "10.0.19042.1237"
-                "10.0.19042.1288"
-                "10.0.19042.1348"
-                "10.0.19042.1415"
-                "10.0.19042.1466"
-                "10.0.19042.1526"
-                "10.0.19042.572"
-                "10.0.19042.630"
-                "10.0.19042.685"
-                "10.0.19042.746"
-                "10.0.19042.804"
-                "10.0.19042.867"
-                "10.0.19042.928"
-                "10.0.19042.985"
-                "10.0.20348.169"
-                "10.0.20348.288"
-                "10.0.20348.350"
-                "10.0.20348.405"
-                "10.0.20348.469"
-                "10.0.20348.524"
-            ) | ForEach-Object { [System.Version]$_ } | Sort-Object
+        $failureDelay = 2
+        while ($true) {
+            $imagetags = Get-BcContainerImageTags -imageName $repo
+            if ($imagetags) {
+                $ver = [Version]"0.0.0.0"
+                # $tag can be *-filesonly, *-filesonly-dev, *-dev or other patterns
+                # * is the Windows version OS version
+                $versions = $imagetags.tags |
+                                Where-Object { $_ -like $tag -and [System.Version]::TryParse($_.SubString($tag.indexOf('*'), $_.length-$tag.length+1), [ref]$ver) } |
+                                ForEach-Object { [System.Version]($_.SubString($tag.indexOf('*'), $_.length-$tag.length+1)) }
+                break
+            }
+            else {
+                if ($failureDelay -gt 32) {
+                    throw "Unable to download image tags for $repo"
+                }
+                Write-Host -ForegroundColor Yellow "Unable to download image tags for $repo, retrying in $failureDelay seconds"
+                Start-Sleep -Seconds $failureDelay
+                $failureDelay = $failureDelay * 2
+            }
         }
 
         $genericImageName = ""

ContainerHandling/New-NavContainer.ps1

@@ -2060,9 +2060,14 @@ if (-not `$restartingInstance) {
             if (Test-Path $certPath) {
                 try {
                     Write-Host "Importing certificate in host's certificate store"
-                    $verb = @{}
+                    if ($isPsCore) {
+                        $params = @{ "FilePath" = "pwsh" }
+                    }
+                    else {
+                        $params = @{ "FilePath"  = "powershell" }
+                    }
                     if (!$isAdministrator) {
-                        $verb = @{ "Verb" = "runAs" }
+                        $params += @{ "Verb" = "runAs" }
                     }
                     $scriptblock = { 
                         Param($certPath, $containerFolder)
@@ -2072,7 +2077,7 @@ if (-not `$restartingInstance) {
                             Set-Content -Path (Join-Path $containerFolder "thumbprint.txt") -Value "$($cert.Thumbprint)"
                         }
                     }
-                    Start-Process Powershell @verb -ArgumentList "-command & {$scriptBlock} -certPath '$certPath' -containerFolder '$containerFolder'" -Wait -PassThru | Out-Null
+                    Start-Process @params -ArgumentList "-command & {$scriptBlock} -certPath '$certPath' -containerFolder '$containerFolder'" -Wait -PassThru | Out-Null
                 }
                 catch {
                     Write-Host -ForegroundColor Yellow "Unable to import certificate $certPath in Trusted Root Certification Authorities, you will need to do this manually"

ContainerHandling/Set-BcContainerKeyVaultAadAppAndCertificate.ps1

@@ -65,7 +65,8 @@ try {
             # Give SYSTEM permission to use the PFX file's private key
             $keyName = $importedPfxCertificate.PrivateKey.CspKeyContainerInfo.UniqueKeyContainerName
             $keyPath = "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\$keyName"
-            $acl = (Get-Item $keyPath).GetAccessControl('Access')
+            Import-Module Microsoft.PowerShell.Security -Force
+            $acl = [System.IO.FileSystemAclExtensions]::GetAccessControl([System.IO.DirectoryInfo]::new($keyPath), 'Access')
             $permission = 'NT AUTHORITY\SYSTEM',"Full","Allow"
             $accessRule = new-object System.Security.AccessControl.FileSystemAccessRule $permission
             $acl.AddAccessRule($accessRule)

ReleaseNotes.txt

@@ -4,6 +4,9 @@ Support dependency version templates on NuGet packages
 Issue 3349 NuGet package files section name is wrong when using azure blob storage direct download url
 Issue 3358 Run-TestsInBcContainer using Windows Authentication doesn't work if exactly one user exists in the tenant
 Fix error in Get-BcContainerAppInfo in NextMajor
+Check-BcContainerHelperPermissions didn't work on PS7
+Issue #3379 Adding -installCertificateOnHost to New-BcContainer didn't work when running PS7 (silently failed)
+Issue #3376 Regression - Download-Artifacts stopped downloading pre-requisites
 
 6.0.6
 Include Microsoft_Business Foundation Test Libraries.app when importing test libraries (and tests)