search

JanDeDobbeleer / oh-my-posh

The most customisable and low-latency cross platform/shell prompt renderer
https://ohmyposh.dev
MIT License
16.54k stars 2.32k forks source link

Auto-Upgrade - oh-my-posh.ee not signed - AppLocker/WDAC Problem #5229

Closed SebCT closed 1 month ago

SebCT commented 1 month ago

Code of Conduct

What happened?

After upgrading from Oh My Posh 21.21.1.0 to 21.21.2.0, the oh-my-posh.exe in "AppData\Local\Programs\oh-my-posh\bin" is not signed - the previous version gets renamed in oh-my-posh.exe.old, which is still signed.

You can see that the exe has no code signing if you right-click on it:

image

Here the previous version which will be renamed in .old, still has the valid code signing certificate:

image

If i install the install-amd64.exe from 21.21.2.0, everything is fine and the oh-my-posh.exe is perfectly code signed.

I know that the auto-upgrade worked some time before without that issue (exe was still signed), so i hope this issue can be corrected? The Auto-Upgrade function is very nice and if code stays signed it works with AppLocker and WDAC just like the installer.

Thanks in advance.

Theme

powerlevel10k_rainbow.omp.json

What OS are you seeing the problem on?

Windows

Which shell are you using?

powershell

Log output

Doesn't work, because the new updated exe isn't signed anymore, so Application allowlisting like AppLocker or WDAC blocks it.
JanDeDobbeleer commented 1 month ago

@SebCT auto upgrade replaces the binary which isn't signed indeed, it is validated on installation though. I'll need to build that in so it can sign when building the executables.