Add changelog and update scripts removed tls bundle handling

Author: nikolarobottesla

CHANGELOG.md

@@ -0,0 +1,30 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic
+Versioning](https://semver.org/spec/v2.0.0.html).
+
+Unreleased changes should be tracked under the anticipated version header, with
+a date of UNRELEASED (e.g. `[1.2.0] - UNRELEASED`). This will allow the release
+action to catch the correct changelog section even if the release date hasn't
+been set yet.
+
+## [1.1.0] - 2025-08-11
+
+### Fixed
+- run-elevated-first.bat more reliable by adding '-ExecutionPolicy Bypass' 
+
+### Changed
+- Removed ability to use tls_bundle, instead conda is setup to use the system 
+truststore. This is generally prefferd.
+
+- Latest versions of National Instruments pkgs in Setup-NationalInstruments.ps1
+
+- versioning scheme: 1 version for project instead of individual versions for 
+each script
+
+## [1.0.0] - 2025-01-06
+### initial release
+

README.md

@@ -74,8 +74,6 @@ applications:
       **********************************************
       **********************************************
       -----END OPENSSH PRIVATE KEY-----
-# optional, needed for HTTPS inspection compatability (usually corporate environments)
-tls_bundle: "https://raw.githubusercontent.com/<org/user>/<repo>/main/tls-ca-bundle.txt"
 ```
 
 4. upload 3 files somewhere your users can access

gitpyup/Deploy-gitpyup.ps1

@@ -14,7 +14,8 @@ param(
 )
 
 # variables
-$scriptVersion = "v1"
+
+$version = "1.1.0"
 $gpun = "gitpyup"
 $installConfigFile = "installConfig.yaml"
 
@@ -194,7 +195,7 @@ function Write-LogOrHost {
     }
 }
 
-Write-LogOrHost "Hi you are running Deploy-gitpyup version: $scriptVersion"
+Write-LogOrHost "Hi you are running Deploy-gitpyup version: $version"
 if ($DebugMode) {
     Write-LogOrHost "Debug mode is enabled"
     $Env:GITPYUP_DEPLOY_DEBUG = $true
@@ -625,7 +626,6 @@ if ($installConfigPathObject.Exists) {
 $toAdd = @() # initialize shortcuts to add array
 $appNames = @()  # used to check for duplicate
 $appConfigs = @()  # used to accumulate all the configs
-$tlsBundleURL = $null  # used to store the tls bundle path
 
 # load the yml files
 foreach ($file in $yamlFiles) {
@@ -634,11 +634,6 @@ foreach ($file in $yamlFiles) {
     $configRoot = ConvertFrom-Yaml $fileContent
     $apps = $configRoot.applications
 
-    # update tls-bundle URL if it exists and is not already set
-    if (($null -eq $tlsBundleURL) -and $configRoot.ContainsKey("tls_bundle")) {
-        $tlsBundleURL = $configRoot.tls_bundle
-    }
-
     # loop through each application
     foreach ($application in $apps) {
         $name = $application.name
@@ -730,7 +725,6 @@ $installConfig = @{
     "applications" = $appConfigs
     "created_shortcuts" = $toAdd
     "install" = $install
-    "tls_bundle" = $tlsBundleURL
 }
 
 # save the config to a file
@@ -759,7 +753,6 @@ if ($Install.type -eq "AllUsers") {
     )
 }
 
-$Env:GITPYUP_BUNDLE_URL = $tlsBundleURL
 $Env:GITPYUP_INSTALL_PARENT = Split-Path -Path $install.path -Parent
 
 $confirm = ""

gitpyup/Setup-Application.ps1

@@ -15,8 +15,6 @@ param(
 . "./Utility-Functions.ps1"
 Start-Logging
 
-Write-Log "Setup-Application v1"
-
 if ($Name) {
     $appName = $Name
 } else {

gitpyup/Setup-NationalInstruments.ps1

@@ -22,17 +22,15 @@ function Write-LogOrHost {
     }
 }
 
-Write-LogOrHost "Setup-NationalInstruments v1"
-
 $ProgressPreference = 'SilentlyContinue'  # speeds up Invoke-WebRequest
 
 $nipm = "$Env:Programfiles\National Instruments\NI Package Manager\nipkg.exe"
 
+$ni4882Version = "25.0.0"
+$visaVersion = "25.3.0"
 $pkg_root = "https://download.ni.com/support/nipkg/products"
-$ni4882Version = "23.5"
-$visaVersion = "24.0"
 
-# array to configure packages
+# array to loop packages
 $packages = @(
     [pscustomobject]@{
         installID = "ni-488.2";
@@ -48,7 +46,7 @@ $packages = @(
 if (!(Test-Path $nipm)) {
     Write-LogOrHost "NI package manager not installed, downloading..."
     # Download NIPM. The URL can be passed as an argument.
-    $nipmUrl ="https://download.ni.com/support/nipkg/products/ni-package-manager/installers/NIPackageManager24.3.0.exe"
+    $nipmUrl = "https://download.ni.com/support/nipkg/products/ni-package-manager/installers/NIPackageManager25.5.0.exe"
     powershell.exe -Command `
     $ErrorActionPreference = 'Stop'; `
     Invoke-WebRequest -Uri $nipmUrl -OutFile NIPM_installer.exe ; `

gitpyup/Setup-Python.ps1

@@ -1,23 +1,22 @@
 <#
 Copyright (c) 2024 3M Company
-This script installs Miniforge3 for the 3M corporate environment.
+This script installs Miniforge3.
 It can be run as part of gitpyup for now.
 #> 
 
 # run Utility-Functions.ps1 to get the utility functions
 . "./Utility-Functions.ps1"
 Start-Logging
 
-Write-Log "Setup-Python v1"
-
-# check if admin and warn
+# check if admin and exit if true
 $currentPrincipal = New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent())
 $RunningAsAdmin = $currentPrincipal.IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)
 if ($RunningAsAdmin) {
     if (Test-Path "$Env:TEMP\gitpyup-as-admin") {
         Remove-Item -Force "$Env:TEMP\gitpyup-as-admin"
     } else {
         Write-Log "Please run this script as a regular user"
+        Wait-Logging
         Read-Host -Prompt "Press enter key to exit" | Out-Null
         exit
     }
@@ -78,12 +77,29 @@ $MiniforgeInstall = {
         Write-Log "...Miniforge folder removed"
     }
 
-    Write-Log "Miniforge not installed, downloading..."
-    $Link = "https://github.com/conda-forge/miniforge/releases/latest/download/Miniforge3-Windows-x86_64.exe"
-    Invoke-WebRequest $Link -OutFile "$env:UserProfile\Downloads\Miniforge3-Windows-x86_64.exe"
+    # check current folder for Miniforge exe
+    $InstallerName = "Miniforge3-Windows-x86_64.exe"
+    $DownloadLocation = "$env:UserProfile\Downloads\$InstallerName"
+
+    if (Test-Path $InstallerName) {
+        Write-Log "Miniforge already downloaded"
+        $Installer = "$PWD\$InstallerName"
+    } else {
+        if (Test-Path $DownloadLocation) {
+            Write-Log "Miniforge already downloaded"
+        } else {
+            Write-Log "Miniforge downloading..."
+            $Link = "https://github.com/conda-forge/miniforge/releases/latest/download/$InstallerName"
+            Invoke-WebRequest $Link -OutFile $DownloadLocation
     Write-Log "...Miniforge downloaded"
+        }
+        $Installer = $DownloadLocation
+    }
+
+    # unblock the installer
+    Unblock-File $Installer
+    
     Write-Log "Installing Miniforge..."
-    $Installer = "$env:UserProfile\Downloads\Miniforge3-Windows-x86_64.exe"
     $ArgumentList = "/InstallationType=JustMe /RegisterPython=1 /AddToPath=0 /S /D=$MiniforgeInstallPath"
     $Proc = Start-Process $Installer -Wait -ArgumentList $ArgumentList -PassThru
     if ($Proc.ExitCode -ne 0) {
@@ -100,16 +116,30 @@ $MiniforgeInstall = {
     $Proc = Start-Process @Conda -ArgumentList init
     Write-Log "...Miniforge initialized"
 }
+$MiniforgeInstallArgs = $MiniforgeInstallPath, $InstallType, $Conda
+$MiniforgeInstallEncoded, $MiniforgeInstallArgsEncoded = ConvertTo-Base64String $MiniforgeInstall $MiniforgeInstallArgs
 
 # Check if miniforge's conda.bat runs
-$CondaVersion = conda --version
-if (!($CondaVersion)) {
+$CondaVersion = Get-StandardOutput -Command "conda --version"
+if ($CondaVersion | Select-String -Pattern "CommandNotFoundException") {
+    if ($InstallType -eq "AllUsers") {
+        # Start-Process -FilePath "powershell" -Verb RunAs -Wait -ArgumentList (
+        Start-Process -FilePath "powershell" -Wait -NoNewWindow -ArgumentList (
+            "-EncodedCommand $MiniforgeInstallEncoded",
+            "-EncodedArguments $MiniforgeInstallArgsEncoded"
+        )
+    } else {
     & $MiniforgeInstall $MiniforgeInstallPath $InstallType $Conda
+    }
 } else {
     Write-Log "Miniforge3 already available"
     Write-Log "version: $CondaVersion"
 }
 
+# need to update to recent conda version for truststore support
+Write-Log "updating conda base env..."
+$Proc = Start-Process @Conda -ArgumentList "update -n base -c conda-forge conda -y"
+
 $EnvSetupScript = {
     param(
         [string]$EnvName,
@@ -124,90 +154,29 @@ $EnvSetupScript = {
     # this prevents a halts due to an interactive conda message about reporting errors
     conda config --set report_errors false
 
-    # this sections is needed if the device is subject to SSL inspection
-    # currently Minforge/conda does not have a way to use the system certs
-    # The bundle URL is set by an environment variable
-    if ($Env:GITPYUP_BUNDLE_URL) {
-
-        # remove existing gitpyup-tls-ca-bundle.pem if it exists
-        $BundlePath = "$env:ProgramData\gitpyup-tls-ca-bundle.pem"
-        if (Test-Path $BundlePath) {
-            Remove-Item -Force $BundlePath
-        }
-
-        # download the tls bundle
-        $URL = $Env:GITPYUP_BUNDLE_URL
-        Write-Log "downloading tls bundle from $URL"
-        Invoke-WebRequest $URL -OutFile $BundlePath
-        # are these redundant because setting the .condarc file?
-        conda config --set ssl_verify True
-        conda config --set ssl_verify $BundlePath
-
-        # Check for existing conda environment
-        # TODO get any existing conda environment directories
+    # set conda to use the system truststore
+    conda config --set ssl_verify truststore
 
-        # configure path to save environments depending on installation type
-        if ($InstallType -eq "AllUsers") {
-            $EnvDir = "$env:ProgramData\.conda\envs"
-        } else {
-            $EnvDir = "$env:UserProfile\.conda\envs"
-        }
-
-        # Create a .condarc file in the root dir of the MiniForge installation
-        $CondarcPath = "$MiniforgeInstallPath\.condarc"
-        $CondarcContent = 
+    # Check for existing conda environment
+    # configure path to save environments depending on installation type
+    if ($InstallType -eq "AllUsers") {
+        $EnvDir = "$env:ProgramData\.conda\envs"
+    } else {
+        $EnvDir = "$env:UserProfile\.conda\envs"
+}
+    # make sure the envs directory exists
+    New-Item -Path $EnvDir -ItemType Directory -Force
+    # Create a .condarc file in the root dir of the MiniForge installation
+    $CondarcPath = "$MiniforgeInstallPath\.condarc"
+    $CondarcContent = 
 "channels:
     - conda-forge
-ssl_verify: $BundlePath
+ssl_verify: truststore
 envs_dirs:
         - $EnvDir
     "
-        Set-Content -Force -Path $CondarcPath -Value $CondarcContent
+    Set-Content -Force -Path $CondarcPath -Value $CondarcContent
 
-    } else {
-        Write-Log "No bundle URL provided"
-    }
-
-    # function to check if pip has SSL errors, return true if error detected
-    function Test-PipTlsError {
-        # Define the command
-        $Command = "conda run -n $EnvName python -m pip install --dry-run tiny"
-        Write-Log "Running SSL test command: $Command"
-        # Create a temporary file for output
-        $TempFile = [System.IO.Path]::GetTempFileName()
-        # Execute the command and redirect output to the temporary file
-        Start-Process -FilePath "powershell.exe" -ArgumentList "-Command", $Command -RedirectStandardOutput $TempFile -NoNewWindow -Wait
-        # Read the output from the temporary file
-        $TlsTest = Get-Content -Path $TempFile
-        # Clean up the temporary file
-        Remove-Item -Path $TempFile
-
-        # $TlsTest = conda run -n $EnvName python -m pip install --dry-run tiny
-        if ($TlsTest | Select-String -Pattern "SSL: CERTIFICATE_VERIFY_FAILED") {
-            Write-Log "pip SSL error detected"
-            return $true
-        } else {
-            Write-Log "pip SSL error not detected"
-            return $false
-        }
-    }
-
-    # check if pip has SSL errors, install or uninstall pip-system-certs
-    if (Test-PipTlsError) {
-        # check if pip-system-certs is installed
-        if (!(conda run -n $EnvName python -m pip list | Select-String -Pattern pip-system-certs)) {
-            # patch pip and requests to use system certs
-            Write-Log "installing pip-system-certs..."
-            conda install -n $EnvName pip-system-certs -y
-            # conda run -n $EnvName python -m pip install --trusted-host pypi.org --trusted-host pypi.python.org --trusted-host files.pythonhosted.org pip-system-certs
-        }
-
-        # check if pip still has SSL errors, set pip to use the tls-ca-bundle.pem
-        if (Test-PipTlsError) {
-            Write-Log "pip still has SSL errors, setting pip to use tls-ca-bundle.pem"
-            conda run -n $EnvName python -m pip config set global.cert $BundlePath
-        }
-    }
 
     # attempt to update conda base environment
     Write-Log "updating conda base env..."
@@ -216,6 +185,7 @@ envs_dirs:
 
     # only wait if in debug mode
     if ($Env:GITPYUP_DEPLOY_DEBUG) {
+        Wait-Logging
         Read-Host -Prompt "Press enter key to exit" | Out-Null
     }
 }

gitpyup/run-elevated-first.bat

@@ -1,6 +1,6 @@
 @echo off
 
-echo run-elevated-v1
+echo run-elevated-v3
 
 pushd %~dp0
 
@@ -23,9 +23,11 @@ if exist Deploy-gitpyup.ps1 goto check_Permissions
     )
 
 :set_Policies_Unblock
-    echo Attempting to set execution policies and unblock Deploy-gitpyup.ps1...
-    powershell -Command "Set-ExecutionPolicy RemoteSigned -Scope CurrentUser -Force"
-    powershell -Command "Set-ExecutionPolicy RemoteSigned -Scope LocalMachine -Force"
+    echo Attempting to set execution policies and unblock deploy script...
+    powershell -ExecutionPolicy Bypass -Command "Set-ExecutionPolicy RemoteSigned -Scope CurrentUser -Force"
+    powershell -ExecutionPolicy Bypass -Command "Set-ExecutionPolicy RemoteSigned -Scope LocalMachine -Force"
+	echo There may be errors above. They can be ignored if 'CurrentUser' and 'LocalMachine' ExecutionPolicies are set to 'RemoteSigned' in the table below.
+	powershell -Command "Get-ExecutionPolicy -list"
     powershell -Command "Unblock-File Deploy-gitpyup.ps1"
     echo Next step: right click Deploy-gitpyup.ps1 and select 'Run with PowerShell'