Open rybal06 opened 5 years ago
@rybal06 thanks for reporting this issue, we will investigate this further! CC:\ @alerickson
Is there a work-around for this? We are seeing this behavior and it is blocking powershell usage on our hardened centos servers.
@RobCannon I'll properly address this issue with the GA of PowerShellGet v3, but as a workaround, could you try changing the umask value to 002 before installation?
@alerickson I tried this command to install on a fresh image and it does not work: sudo -- sh -c 'umask 002; yum install -y powershell'
I think I could fix this by setting file permissions explicitly on specific directories. Do you know which directories should be changed?
Running this seems to fix problems with finding modules. But installing modules still does not work.
sudo chmod 755 -R /usr/local/share/powershell
Get-PackageProvider is still not working. Not sure what file/directory it is trying to use. The permissions of /opt/microsoft/powershell/7 look right to me. It is -rw-r--r-- on .dll and most other files and -rwxr-xr-x for executables. Everything works if I run 'sudo pwsh', but we are trying to get this installed for non-root users.
This is the error I get from Get-PackageProvider:
Get-PackageProvider: Unhandled Exception - Message:'The type initializer for 'Microsoft.PackageManagement.Internal.Utility.Extensions.FilesystemExtensions' threw an exception.' Name:'TypeInitializationException' Stack Trace:' at Microsoft.PackageManagement.Internal.Utility.Extensions.FilesystemExtensions.MakeSafeFileName(String input)
at Microsoft.PackageManagement.Internal.Utility.Plugin.DynamicType.DefineDynamicType(Type interfaceType)
at Microsoft.PackageManagement.Internal.Utility.Plugin.DynamicType..ctor(Type interfaceType, OrderedDictionary`2 methods, List`2 delegates, List`1 stubs)
at Microsoft.PackageManagement.Internal.Utility.Plugin.DynamicType.<>c__DisplayClass9_0.<Create>b__3()
at Microsoft.PackageManagement.Internal.Utility.Extensions.DictionaryExtensions.GetOrAdd[TKey,TValue](IDictionary`2 dictionary, TKey key, Func`1 valueFunction)
at Microsoft.PackageManagement.Internal.Utility.Plugin.DynamicType.Create(Type tInterface, OrderedDictionary`2 instanceMethods, List`2 delegateMethods, List`1 stubMethods, List`2 usedInstances)
at Microsoft.PackageManagement.Internal.Utility.Plugin.DynamicInterface.CreateProxy(Type tInterface, Object[] instances)
at Microsoft.PackageManagement.Internal.Utility.Plugin.DynamicInterface.DynamicCast(Type tInterface, Object[] instances)
at Microsoft.PackageManagement.Internal.Utility.Plugin.DynamicInterface.DynamicCast[TInterface](Object[] instances)
at Microsoft.PackageManagement.Internal.Utility.Plugin.DynamicInterfaceExtensions.As[TInterface](Object instance)
at Microsoft.PowerShell.PackageManagement.Cmdlets.CmdletBase.get_PackageManagementHost()
at Microsoft.PowerShell.PackageManagement.Cmdlets.CmdletBase.SelectProviders(String[] names)
at Microsoft.PowerShell.PackageManagement.Cmdlets.GetPackageProvider.ProcessRecordAsync()
at Microsoft.PowerShell.PackageManagement.Cmdlets.AsyncCmdlet.<>c__DisplayClass83_0.<AsyncRun>b__0()'
I was able to fix the issues for us. As part of our image creation script, we were installing powershell, but also later running a script to install some modules into the AllUsers scope. The servers from this image will be used in places that are blocked from the internet, so we need to get the module baked into the image.
Anyway, when that script runs, it is running under the hardened umask 077. The /usr/local/share/powershell isn't created until the first modules are installed and the directory is created with the wrong file permissions. Powershell reacts badly and it messes up lots of aspects of modules.
So, the full work around is this (for centos 7):
curl -s https://packages.microsoft.com/config/rhel/7/prod.repo | sudo tee /etc/yum.repos.d/microsoft.repo
sudo -- sh -c 'umask 002; yum install -y powershell'
sudo chmod +x /tmp/powershell_init.ps1
sudo -- sh -c 'umask 002; /tmp/powershell_init.ps1'
Note that the powershell_init.ps1 has a hashbabg (#!/bin/pwsh) so it will automatically be invoked via the pwsh executable. Also note that my earlier attempt to fix things with 'sudo chmod 755 -R /usr/local/share/powershell' is NOT needed with this workaround.
@RobCannon, I never thank random strangers, but thank you so much for posting that! I've been trying to make a RedHat/Windows cross-platform PowerCLI utility and nothing I tried (including chmod 755) could get it to run as a non-root user. I completely uninstalled everything and used your workaround and it worked! (Although /tmp/powershell_init.ps1 didn't exist on my RH system so I did the chmod 755 for good measure)
/tmp/powershell_init.ps1 is our script for installing some common modules on the server. If you don't need that, you can omit that step. Glad I was able to help!
Steps to reproduce
Edit all default umask entries inside of /etc/bashrc & /etc/profile to 077. Re-source files, reboot host, or log out/log in to refresh user profile.
Verify that umask value has been updated for root user
As root, install powershell core by following RHEL directions: https://docs.microsoft.com/en-us/powershell/scripting/install/installing-powershell-core-on-linux?view=powershell-6
As a non-root user, attempt to install a powershell module to currentuser scope (join-object is used only as an example here)
ModuleType Version Name PSEdition ExportedCommands
Script 1.0.1 Join-Object Desk Join-Object
ModuleType Version Name PSEdition ExportedCommands
Manifest 1.2.2.0 Microsoft.PowerShell.Archive Desk {Compress-Archive, Expand-Archive} Manifest 6.1.0.0 Microsoft.PowerShell.Host Core {Start-Transcript, Stop-Transcript} Manifest 6.1.0.0 Microsoft.PowerShell.Management Core {Add-Content, Clear-Content, Clear-ItemProperty, Join-Path...} Manifest 6.1.0.0 Microsoft.PowerShell.Security Core {Get-Credential, Get-ExecutionPolicy, Set-ExecutionPolicy, ConvertFrom-SecureString...} Manifest 6.1.0.0 Microsoft.PowerShell.Utility Core {Format-List, Format-Custom, Format-Table, Format-Wide...} Script 1.1.7.2 PackageManagement Desk {Find-Package, Get-Package, Get-PackageProvider, Get-PackageSource...} Script 1.6.7 PowerShellGet Desk {Find-Command, Find-DSCResource, Find-Module, Find-RoleCapability...} Script 0.0 PSDesiredStateConfiguration Desk {GetResourceFromKeyword, GetSyntax, Update-ConfigurationErrorCount, Write-MetaConfigFi... Script 2.0.0 PSReadLine Desk {Get-PSReadLineKeyHandler, Set-PSReadLineKeyHandler, Remove-PSReadLineKeyHandler, Get-... Binary 1.1.2 ThreadJob Desk Start-ThreadJob
PS /home/user> Get-Module -ListAvailable
ModuleType Version Name PSEdition ExportedCommands
Manifest 1.2.2.0 Microsoft.PowerShell.Archive Desk {Compress-Archive, Expand-Archive} Manifest 6.1.0.0 Microsoft.PowerShell.Host Core {Start-Transcript, Stop-Transcript} Manifest 6.1.0.0 Microsoft.PowerShell.Management Core {Add-Content, Clear-Content, Clear-ItemProperty, Join-Path...} Manifest 6.1.0.0 Microsoft.PowerShell.Security Core {Get-Credential, Get-ExecutionPolicy, Set-ExecutionPolicy, ConvertFrom-SecureString...} Manifest 6.1.0.0 Microsoft.PowerShell.Utility Core {Format-List, Format-Custom, Format-Table, Format-Wide...} Script 1.1.7.2 PackageManagement Desk {Find-Package, Get-Package, Get-PackageProvider, Get-PackageSource...} Script 1.6.7 PowerShellGet Desk {Find-Command, Find-DSCResource, Find-Module, Find-RoleCapability...} Script 0.0 PSDesiredStateConfiguration Desk {GetPatterns, Get-CompatibleVersionAddtionaPropertiesStr, Get-ComplexResourceQualifier... Script 2.0.0 PSReadLine Desk {Get-PSReadLineKeyHandler, Set-PSReadLineKeyHandler, Remove-PSReadLineKeyHandler, Get-... Binary 1.1.2 ThreadJob Desk Start-ThreadJob