edyoung
commented
5 years ago Should be resolved by above PR and included in next release
Open BatmanAMA opened 5 years ago
edyoung
commented
5 years ago Should be resolved by above PR and included in next release
edyoung
commented
5 years ago Turns out this is more complicated than I thought. Have backed out the main change until the wrinkles are sorted out, but current code (to be included in next release) removes the fwlinks and directly goes to www.powershellgallery.com
muzzar78
commented
5 years ago I have found another related issue when trying to 'Register-PSRepository -Default -proxy http://proxy:8080 -proxycredential $cred' behind a web proxy. The proxy credentials aren't getting passed to Resolve-Location and when Resolve-Location executes 'Ping-Endpoint' the status code returned is 407 (Proxy authentication required). The registration then fails silently.
PSCore 6.1.1 PowerShellGet 2.0.4 PackageManagement 1.2.4
Attached is the debug output from the failed attempt failed_debug.txt
I did a quick fix by changing https://github.com/PowerShell/PowerShellGet/blob/9e3b40f2661a59190b132356aba1be632ff0fe7b/src/PowerShellGet/private/functions/Resolve-Location.ps1#L65 to
if((($statusCode -eq 200) -or ($statusCode -eq 401) -or ($statusCode -eq 407)) -and $resolvedLocation)and then PSGallery was registered correctly. Attached is the debug output with the quick fix. successful_debug.txt
edyoung
commented
5 years ago Since we no longer ping go.microsoft.com, I think we can resolve this issue, even though we still actually contact the repository URL (which is what I was trying to remove).
edyoung
commented
5 years ago But if we can't reach powershellgallery.com, we still fail silently which is a problem.
avishnyakov
commented
5 years ago Same-same here, exactly as @BatmanAMA described.
docker run --rm -it mcr.microsoft.com/powershell:ubuntu-16.04
Register-PSRepository -Default
Get-PSRepositoryBest guess is that remote endpoints are blocked, due to either proxy settings or additional software that replaces SSL certs, and therefore we seem to have same-same issues as in this ticket.
Silent fail, no visibility even with the -Debug / -Verbose flags. Looking into more details.
Benny1007
commented
5 years ago Stepping back a bit, why does it even ping (web request) an end point using an overly elaborate Ping-Endpoint function? I should be able to register a PowerShell repository if that repository is unavailable. Downstream components/functions should then error out that the repository is unavailable and report the source location for someone to investigate why. I don't see why this cmdlet has to be so convoluted.
Description of the issue
Register-PSRepository pings an undocumented endpoint(https://go.microsoft.com/fwlink/?LinkID=397631&clcid=0x409). When this ping-endpoint fails for any reason, it doesn't throw an error.
I also would recommend that this function ping what the endpoint resolves to (https://www.powershellgallery.com/api/v2/items/psscript) instead so that firewall rules allowing https://www.powershellgallery.com/ work without needing to know this other URL. If that can't/won't be done, the additional URL should be added to the documentation for register-psrepository.
Steps to reproduce
Configure a third party firewall (we have Palo Alto, but I don't think that would matter) to drop internet based traffic without a specific matching rule. Add in a rule to allow https traffic to www.powershellgallery.com
Expected behavior
Either:
Actual behavior
No output to Error, Warning or Information channels from Register-PSRepository and afterwards, the output of Get-PSRepository has not changed (if it was empty, it remains so. If you had other repos, only they are shown.)
I set $DebugPreference to continue and I see it's trying to ping a different url (https://go.microsoft.com/fwlink/?LinkID=397631&clcid=0x409) entirely. This fails due to the default deny of the firewall and the command returns $Null instead of throwing an error.
debug output
Environment data