Open BatmanAMA opened 5 years ago
Should be resolved by above PR and included in next release
Turns out this is more complicated than I thought. Have backed out the main change until the wrinkles are sorted out, but current code (to be included in next release) removes the fwlinks and directly goes to www.powershellgallery.com
I have found another related issue when trying to 'Register-PSRepository -Default -proxy http://proxy:8080 -proxycredential $cred' behind a web proxy. The proxy credentials aren't getting passed to Resolve-Location and when Resolve-Location executes 'Ping-Endpoint' the status code returned is 407 (Proxy authentication required). The registration then fails silently.
PSCore 6.1.1 PowerShellGet 2.0.4 PackageManagement 1.2.4
Attached is the debug output from the failed attempt failed_debug.txt
I did a quick fix by changing https://github.com/PowerShell/PowerShellGet/blob/9e3b40f2661a59190b132356aba1be632ff0fe7b/src/PowerShellGet/private/functions/Resolve-Location.ps1#L65 to
if((($statusCode -eq 200) -or ($statusCode -eq 401) -or ($statusCode -eq 407)) -and $resolvedLocation)
and then PSGallery was registered correctly. Attached is the debug output with the quick fix. successful_debug.txt
Since we no longer ping go.microsoft.com, I think we can resolve this issue, even though we still actually contact the repository URL (which is what I was trying to remove).
But if we can't reach powershellgallery.com, we still fail silently which is a problem.
Same-same here, exactly as @BatmanAMA described.
docker run --rm -it mcr.microsoft.com/powershell:ubuntu-16.04
Register-PSRepository -Default
Get-PSRepository
Best guess is that remote endpoints are blocked, due to either proxy settings or additional software that replaces SSL certs, and therefore we seem to have same-same issues as in this ticket.
Silent fail, no visibility even with the -Debug / -Verbose flags. Looking into more details.
Stepping back a bit, why does it even ping (web request) an end point using an overly elaborate Ping-Endpoint function? I should be able to register a PowerShell repository if that repository is unavailable. Downstream components/functions should then error out that the repository is unavailable and report the source location for someone to investigate why. I don't see why this cmdlet has to be so convoluted.
Description of the issue
Register-PSRepository pings an undocumented endpoint(https://go.microsoft.com/fwlink/?LinkID=397631&clcid=0x409). When this ping-endpoint fails for any reason, it doesn't throw an error.
I also would recommend that this function ping what the endpoint resolves to (https://www.powershellgallery.com/api/v2/items/psscript) instead so that firewall rules allowing https://www.powershellgallery.com/ work without needing to know this other URL. If that can't/won't be done, the additional URL should be added to the documentation for register-psrepository.
Steps to reproduce
Configure a third party firewall (we have Palo Alto, but I don't think that would matter) to drop internet based traffic without a specific matching rule. Add in a rule to allow https traffic to www.powershellgallery.com
Expected behavior
Either:
Actual behavior
No output to Error, Warning or Information channels from Register-PSRepository and afterwards, the output of Get-PSRepository has not changed (if it was empty, it remains so. If you had other repos, only they are shown.)
I set $DebugPreference to continue and I see it's trying to ping a different url (https://go.microsoft.com/fwlink/?LinkID=397631&clcid=0x409) entirely. This fails due to the default deny of the firewall and the command returns $Null instead of throwing an error.
debug output
Environment data