I am sharing a automation issue that we have recently faced.
We run signed PowerShell scripts only, few of our script on migration to GIT and then pulling it to the servers (automated via CICD pipeline) started erroring out as shown in below screenshot.
On checking further using below command to verify signature we have found status coming as HashMismatch
Get-AuthenticodeSignature -FilePath “filepath onserver”
We were scratching our head and was not able to find any solution on Internet and it was not occurring for all scripts but some of the projects only.
Suddenly we have noticed a warning that has given us the clue and we headed in right direction of resolving it.
This warning comes on GIT where it replaces LF with CRLF.
That is a change happened which was being detected as unauthorized, after we turned that off for the projects We were able to resolve this error.
Here is the command to turn it OFF:
git config –global core.autocrlf false
To find how many scripts are impacted by it we have used below PowerShell snippet on the Server:
Get-ChildItem -Recurse | where{$_.Name -like “*.ps1”} | ForEach-Object{
$getsignature = Get-AuthenticodeSignature -FilePath $_.FullName
if($getsignature){
if($getsignature.status -eq “HashMismatch”){
write-host “$($_.FullName)” -ForegroundColor yellow
}
}
else{
write-host “$($_.FullName)” -ForegroundColor Red
}
}
If you are in same situation, you can follow the above solution and it will save you troubleshooting time.
Thanks for reading …
Tech Wizard
Tech Wizard 