vexx32
commented
5 years ago And then sign the module. (Please.)
Open pauby opened 5 years ago
vexx32
commented
5 years ago And then sign the module. (Please.)
gep13
commented
5 years ago @vexx32 said... And then sign the module. (Please.)
Just to be clear, all psm1 and ps1 files that are shipped as part of Chocolatey are already signed.
johnwc
commented
5 years ago @pauby Can you point to a reference on best practice for not dot sourcing from a PSM1 file? Specifically the point on security. I have not seen anything for either points.
pauby
commented
5 years ago @johnwc Have a look at the Unofficial PowerShell Best Practices and Style Guide.
With dot sourcing, anything placed in the folders that are being dot sourced will also be dot sourced in. With individual files they can also be replaced with whatever code you want and they will also be dot sourced in.
Choco has PowerShell Helpers at programdata\chocolatey\helpers and the chocolateyInstall.psm1 file dot sources the individual PowerShell scripts from the functions folder.
This not considered the best practice now. For the sake of security and speed it's considered better to have the code inside of the PowerShell Module Script (the .psm1 file).
My suggestion is to move all of the code under functions into the chocolateyInstall.psm1 file.