-
-
Save grenade/18b237e50919152a299d0082a396c1f8 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| if (${env:PROCESSOR_ARCHITEW6432} -eq 'ARM64') { | |
| if (-not (Test-Path -Path ('{0}\Mozilla\OpenCloudConfig\occ-public.key' -f $env:ProgramData) -ErrorAction SilentlyContinue)) { | |
| New-Item -Path ('{0}\Mozilla\OpenCloudConfig' -f $env:ProgramData) -ItemType Directory -ErrorAction SilentlyContinue | |
| $gpgKeyGenConfigPath = ('{0}\Mozilla\OpenCloudConfig\gpg-keygen-config.txt' -f $env:ProgramData) | |
| [IO.File]::WriteAllLines($gpgKeyGenConfigPath, @( | |
| 'Key-Type: RSA', | |
| 'Key-Length: 4096', | |
| 'Subkey-Type: RSA', | |
| 'Subkey-Length: 4096', | |
| 'Expire-Date: 0', | |
| ('Name-Real: {0} {1}' -f $env:USERNAME, [System.Net.Dns]::GetHostName()), | |
| ('Name-Email: {0}@{1}' -f $env:USERNAME, [System.Net.Dns]::GetHostName()), | |
| '%no-protection', | |
| '%commit', | |
| '%echo done' | |
| ), (New-Object -TypeName 'System.Text.UTF8Encoding' -ArgumentList $false)) | |
| if (Test-Path -Path $gpgKeyGenConfigPath -ErrorAction SilentlyContinue) { | |
| Write-Log -message ('{0} :: {1} created' -f $($MyInvocation.MyCommand.Name), $gpgKeyGenConfigPath) -severity 'DEBUG' | |
| Write-Log -message ('{0} :: {1}' -f $($MyInvocation.MyCommand.Name), (Get-Content -Path $gpgKeyGenConfigPath -Raw)) -severity 'DEBUG' | |
| $gpgBatchGenerateKeyStdOutPath = ('{0}\log\{1}.gpg-batch-generate-key.stdout.log' -f $env:SystemDrive, [DateTime]::Now.ToString("yyyyMMddHHmmss")) | |
| $gpgBatchGenerateKeyStdErrPath = ('{0}\log\{1}.gpg-batch-generate-key.stderr.log' -f $env:SystemDrive, [DateTime]::Now.ToString("yyyyMMddHHmmss")) | |
| Start-Process ('{0}\GNU\GnuPG\pub\gpg.exe' -f ${env:ProgramFiles(x86)}) -ArgumentList @('--batch', '--gen-key', ('{0}\Mozilla\OpenCloudConfig\gpg-keygen-config.txt' -f $env:ProgramData)) -Wait -NoNewWindow -PassThru -RedirectStandardOutput $gpgBatchGenerateKeyStdOutPath -RedirectStandardError $gpgBatchGenerateKeyStdErrPath | |
| if ((Get-Item -Path $gpgBatchGenerateKeyStdErrPath).Length -gt 0kb) { | |
| Write-Log -message ('{0} :: {1}' -f $($MyInvocation.MyCommand.Name), (Get-Content -Path $gpgBatchGenerateKeyStdErrPath -Raw)) -severity 'ERROR' | |
| } | |
| if ((Get-Item -Path $gpgBatchGenerateKeyStdOutPath).Length -gt 0kb) { | |
| Write-Log -message ('{0} :: {1}' -f $($MyInvocation.MyCommand.Name), (Get-Content -Path $gpgBatchGenerateKeyStdOutPath -Raw)) -severity 'INFO' | |
| } | |
| } else { | |
| Write-Log -message ('{0} :: error: {1} not created' -f $($MyInvocation.MyCommand.Name), $gpgKeyGenConfigPath) -severity 'ERROR' | |
| } | |
| } | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| if (${env:PROCESSOR_ARCHITEW6432} -eq 'ARM64') { | |
| if (-not (Test-Path -Path ('{0}\GNU\GnuPG\pub\gpg.exe' -f ${env:ProgramFiles(x86)}) -ErrorAction SilentlyContinue)) { | |
| if (-not (Test-Path -Path 'C:\Windows\Temp\gpg4win-2.3.0.exe' -ErrorAction SilentlyContinue)) { | |
| (New-Object Net.WebClient).DownloadFile('https://files.gpg4win.org/gpg4win-2.3.0.exe', 'C:\Windows\Temp\gpg4win-2.3.0.exe') | |
| } | |
| & 'C:\Windows\Temp\gpg4win-2.3.0.exe' @('/S') | |
| Start-Sleep -Seconds 60 | |
| } | |
| $commands = @( | |
| @{ | |
| 'executable' = ('{0}\GNU\GnuPG\pub\gpg.exe' -f ${env:ProgramFiles(x86)}) | |
| 'arguments' = @('--version') | |
| }, | |
| @{ | |
| 'executable' = ('{0}\GNU\GnuPG\pub\gpg.exe' -f ${env:ProgramFiles(x86)}) | |
| 'arguments' = @('--list-keys', 'releng-puppet-mail@mozilla.com') | |
| }, | |
| @{ | |
| 'executable' = ('{0}\GNU\GnuPG\pub\gpg.exe' -f ${env:ProgramFiles(x86)}) | |
| 'arguments' = @('--list-keys', ('{0}@{1}' -f $env:USERNAME, [System.Net.Dns]::GetHostName())) | |
| } | |
| ) | |
| $fingerprints = @(($(&('{0}\GNU\GnuPG\pub\gpg.exe' -f ${env:ProgramFiles(x86)}) @('--fingerprint', ('{0}@{1}' -f $env:USERNAME, [System.Net.Dns]::GetHostName()))) | ? { $_.Contains('Key fingerprint') }) | % { $_.Split('=')[1].Replace(' ', '') }) | |
| if (($fingerprints.Length -eq 1) -and (Test-Path -Path ('{0}\Mozilla\OpenCloudConfig\occ-public.key' -f $env:ProgramData) -ErrorAction SilentlyContinue)) { | |
| Write-Log -message ('{0} :: instance gpg key fingerprint: {1}' -f $($MyInvocation.MyCommand.Name), $fingerprints[0]) -severity 'INFO' | |
| } elseif (($fingerprints.Length -eq 1) -and (-not (Test-Path -Path ('{0}\Mozilla\OpenCloudConfig\occ-public.key' -f $env:ProgramData) -ErrorAction SilentlyContinue))) { | |
| Write-Log -message ('{0} :: instance gpg key fingerprint: {1}' -f $($MyInvocation.MyCommand.Name), $fingerprints[0]) -severity 'INFO' | |
| $commands += @{ | |
| 'executable' = ('{0}\GNU\GnuPG\pub\gpg.exe' -f ${env:ProgramFiles(x86)}) | |
| 'arguments' = @('--batch', '--export', '--output', ('{0}\Mozilla\OpenCloudConfig\occ-public.key' -f $env:ProgramData), '--armor', $fingerprints[0]) | |
| } | |
| } else { | |
| Write-Log -message ('{0} :: {1} keys queued for deletion' -f $($MyInvocation.MyCommand.Name), $fingerprints.Length) -severity 'DEBUG' | |
| foreach ($fingerprint in $fingerprints) { | |
| $commands += @{ | |
| 'executable' = ('{0}\GNU\GnuPG\pub\gpg.exe' -f ${env:ProgramFiles(x86)}) | |
| 'arguments' = @('--batch', '--delete-secret-key', $fingerprint) | |
| } | |
| $commands += @{ | |
| 'executable' = ('{0}\GNU\GnuPG\pub\gpg.exe' -f ${env:ProgramFiles(x86)}) | |
| 'arguments' = @('--batch', '--delete-key', $fingerprint) | |
| } | |
| } | |
| $commands += @{ | |
| 'executable' = ('{0}\GNU\GnuPG\pub\gpg.exe' -f ${env:ProgramFiles(x86)}) | |
| 'arguments' = @('--list-keys') | |
| } | |
| } | |
| foreach ($command in $commands) { | |
| try { | |
| $commandStdOutPath = ('{0}\log\{1}-arbitrary-command-stdout.log' -f $env:SystemDrive, [DateTime]::Now.ToString("yyyyMMddHHmmss")) | |
| $commandStdErrPath = ('{0}\log\{1}-arbitrary-command-stderr.log' -f $env:SystemDrive, [DateTime]::Now.ToString("yyyyMMddHHmmss")) | |
| Start-Process $command['executable'] -ArgumentList $command['arguments'] -Wait -NoNewWindow -PassThru -RedirectStandardOutput $commandStdOutPath -RedirectStandardError $commandStdErrPath | |
| if ((Get-Item -Path $commandStdErrPath).Length -gt 0kb) { | |
| Write-Log -message ('{0} :: {1} {2} ({3}): {4}' -f $($MyInvocation.MyCommand.Name), $command['executable'], [string]::Join(' ', $command['arguments']), [IO.Path]::GetFileNameWithoutExtension($commandStdErrPath), (Get-Content -Path $commandStdErrPath -Raw)) -severity 'ERROR' | |
| } | |
| if ((Get-Item -Path $commandStdOutPath).Length -gt 0kb) { | |
| Write-Log -message ('{0} :: {1} {2} ({3}): {4}' -f $($MyInvocation.MyCommand.Name), $command['executable'], [string]::Join(' ', $command['arguments']), [IO.Path]::GetFileNameWithoutExtension($commandStdOutPath), (Get-Content -Path $commandStdOutPath -Raw)) -severity 'DEBUG' | |
| } | |
| if (((Get-Item -Path $commandStdErrPath).Length -eq 0) -and ((Get-Item -Path $commandStdOutPath).Length -eq 0)) { | |
| Write-Log -message ('{0} :: no output from command: "{1} {2}"' -f $($MyInvocation.MyCommand.Name), $command['executable'], [string]::Join(' ', $command['arguments'])) -severity 'WARN' | |
| } | |
| } catch { | |
| Write-Log -message ('{0} :: error executing command: {1} {2}. {3}' -f $($MyInvocation.MyCommand.Name), $command['executable'], [string]::Join(' ', $command['arguments']), $_.Exception.Message) -severity 'ERROR' | |
| Write-Log -message ('{0} :: {1} not found' -f $($MyInvocation.MyCommand.Name), $command['executable']) -severity 'DEBUG' | |
| } | |
| } | |
| $env:PATH=('{0};{1}' -f $env:PATH, ('{0}\GNU\GnuPG\pub' -f ${env:ProgramFiles(x86)})) | |
| $(echo trust; echo 5; echo y; echo quit) | gpg --command-fd 0 --edit-key releng-puppet-mail@mozilla.com | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Set-GenericWorkerConfigValue { | |
| param( | |
| [string] $key, | |
| [string] $value, | |
| [string] $template = 'C:\generic-worker\generic-worker-template.config', | |
| [string] $path = 'C:\generic-worker\generic-worker.config' | |
| ) | |
| begin { | |
| Write-Log -message ('{0} :: begin - {1:o}' -f $($MyInvocation.MyCommand.Name), (Get-Date).ToUniversalTime()) -severity 'DEBUG' | |
| } | |
| process { | |
| if ((Test-Path -Path $template -ErrorAction SilentlyContinue) -and (-not (Test-Path -Path $path -ErrorAction SilentlyContinue))) { | |
| Copy-Item -Path $template -Destination $path | |
| Write-Log -message ('{0} :: copied: {1} to: {2}' -f $($MyInvocation.MyCommand.Name), $template, $path) -severity 'INFO' | |
| } | |
| $gwConfig=(Get-Content -Raw -Path $path | ConvertFrom-Json) | |
| if ($gwConfig.PSObject.Properties.Name -contains $key) { | |
| if ($gwConfig."$key" -eq $value) { | |
| Write-Log -message ('{0} :: required value: {1} detected in: {2} property of: {3}' -f $($MyInvocation.MyCommand.Name), $(if ($key -eq 'accessToken') { '*****' } else { $value }), $key, $path) -severity 'DEBUG' | |
| } else { | |
| [System.IO.File]::WriteAllLines($path, (& jq @('--arg', 'v', ('"{0}"' -f $value), ('. | .{0} = $v' -f $key), $path)), (New-Object -TypeName 'System.Text.UTF8Encoding' -ArgumentList $false)) | |
| Write-Log -message ('{0} :: value of: {1} changed from: {2} to: {3} in: {4}' -f $($MyInvocation.MyCommand.Name), $key, $(if ($key -eq 'accessToken') { '*****' } else { $gwConfig."$key" }), $(if ($key -eq 'accessToken') { '*****' } else { $value }), $path) -severity 'INFO' | |
| } | |
| } else { | |
| [System.IO.File]::WriteAllLines($path, (& jq @('--arg', 'v', ('"{0}"' -f $value), ('. | .{0} = $v' -f $key), $path)), (New-Object -TypeName 'System.Text.UTF8Encoding' -ArgumentList $false)) | |
| Write-Log -message ('{0} :: value of: {1} set to: {2} in: {3}' -f $($MyInvocation.MyCommand.Name), $key, $(if ($key -eq 'accessToken') { '*****' } else { $value }), $path) -severity 'INFO' | |
| } | |
| } | |
| end { | |
| Write-Log -message ('{0} :: begin - {1:o}' -f $($MyInvocation.MyCommand.Name), (Get-Date).ToUniversalTime()) -severity 'DEBUG' | |
| } | |
| } | |
| function New-LocalCache { | |
| param ( | |
| [string] $cacheDrive = $(if (Test-VolumeExists -DriveLetter 'Y') {'Y:'} else {$env:SystemDrive}), | |
| [string[]] $paths = @( | |
| ('{0}\hg-shared' -f $cacheDrive), | |
| ('{0}\pip-cache' -f $cacheDrive), | |
| ('{0}\tooltool-cache' -f $cacheDrive) | |
| ) | |
| ) | |
| begin { | |
| Write-Log -message ('{0} :: begin - {1:o}' -f $($MyInvocation.MyCommand.Name), (Get-Date).ToUniversalTime()) -severity 'DEBUG' | |
| } | |
| process { | |
| foreach ($path in $paths) { | |
| if (-not (Test-Path -Path $path -ErrorAction SilentlyContinue)) { | |
| New-Item -Path $path -ItemType directory -force | |
| Write-Log -message ('{0} :: {1} created' -f $($MyInvocation.MyCommand.Name), $path) -severity 'INFO' | |
| } else { | |
| Write-Log -message ('{0} :: {1} detected' -f $($MyInvocation.MyCommand.Name), $path) -severity 'DEBUG' | |
| } | |
| & 'icacls.exe' @($path, '/grant', 'Everyone:(OI)(CI)F') | |
| } | |
| } | |
| end { | |
| Write-Log -message ('{0} :: end - {1:o}' -f $($MyInvocation.MyCommand.Name), (Get-Date).ToUniversalTime()) -severity 'DEBUG' | |
| } | |
| } | |
| try { | |
| if (Test-Path -Path 'HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NV Domain') { | |
| $currentDomain = (Get-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters' -Name 'NV Domain').'NV Domain' | |
| } elseif (Test-Path -Path 'HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Domain') { | |
| $currentDomain = (Get-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters' -Name 'Domain').'Domain' | |
| } else { | |
| $currentDomain = $env:USERDOMAIN | |
| } | |
| } catch { | |
| $currentDomain = $env:USERDOMAIN | |
| } | |
| if ($currentDomain -match 'azure') { | |
| Write-Log -message ('{0} :: domain: {1}' -f 'debug.ps1', $currentDomain) -source 'MaintainSystem' -severity 'DEBUG' | |
| } | |
| if (Get-Service -Name @('WindowsAzureGuestAgent', 'WindowsAzureNetAgentSvc') -ErrorAction 'SilentlyContinue') { | |
| $azureDataPath = ('{0}\AzureData' -f $env:SystemDrive) | |
| if (Test-Path -Path $azureDataPath -ErrorAction 'SilentlyContinue') { | |
| Write-Log -message ('{0} :: {1} exists. listing contents:' -f $($MyInvocation.MyCommand.Name), $azureDataPath) -severity 'DEBUG' | |
| Get-ChildItem -Path $azureDataPath -Recurse | % { | |
| Write-Log -message ('{0} :: {1}' -f $($MyInvocation.MyCommand.Name), $_) -severity 'DEBUG' | |
| } | |
| } else { | |
| Write-Log -message ('{0} :: {1} does not exist' -f $($MyInvocation.MyCommand.Name), $azureDataPath) -severity 'WARN' | |
| } | |
| $instanceMetadata = ((Invoke-WebRequest -Headers @{'Metadata'=$true} -UseBasicParsing -Uri ('http://169.254.169.254/metadata/instance?api-version={0}' -f '2019-06-04')).Content) | |
| Write-Log -message ('instance metadata :: {0}' -f $instanceMetadata) -severity 'DEBUG' | |
| } | |
| if ($false) { | |
| $privateKeyPath = 'C:\generic-worker\ed25519-private.key' | |
| if (-not (Test-Path -Path $privateKeyPath -ErrorAction SilentlyContinue)) { | |
| & 'C:\generic-worker\generic-worker.exe' @('new-ed25519-keypair', '--file', $privateKeyPath) | |
| if (Test-Path -Path $privateKeyPath -ErrorAction SilentlyContinue) { | |
| Write-Log -message ('{0} :: created: {1}' -f $($MyInvocation.MyCommand.Name), $privateKeyPath) -severity 'INFO' | |
| } | |
| } | |
| Remove-Item 'C:\generic-worker\run-generic-worker.bat' -Confirm:$false -Force -ErrorAction SilentlyContinue | |
| Remove-Item 'C:\generic-worker\gw.config' -Confirm:$false -Force -ErrorAction SilentlyContinue | |
| (New-Object Net.WebClient).DownloadFile('https://raw.githubusercontent.com/mozilla-releng/OpenCloudConfig/azure/userdata/Configuration/GenericWorker/run-az-generic-worker-and-reboot.bat', 'C:\generic-worker\run-generic-worker.bat') | |
| $clientId = (Get-ItemProperty -Path 'HKLM:\SOFTWARE\Mozilla\GenericWorker' -Name 'clientId' -ErrorAction SilentlyContinue).clientId | |
| if (-not $clientId.EndsWith('-azure')) { | |
| $clientId = ('{0}-azure' -f $clientId) | |
| } | |
| $workerPool = $clientId.Replace('azure/', '') | |
| Set-GenericWorkerConfigValue -key 'provisionerId' -value $workerPool.Split('/')[0] | |
| Set-GenericWorkerConfigValue -key 'workerType' -value $workerPool.Split('/')[1] | |
| Set-GenericWorkerConfigValue -key 'clientId' -value $clientId | |
| Set-GenericWorkerConfigValue -key 'accessToken' -value (Get-ItemProperty -Path 'HKLM:\SOFTWARE\Mozilla\GenericWorker' -Name 'accessToken' -ErrorAction SilentlyContinue).accessToken | |
| Set-GenericWorkerConfigValue -key 'publicIP' -value ((Invoke-WebRequest -Headers @{'Metadata'=$true} -UseBasicParsing -Uri ('http://169.254.169.254/metadata/instance/network/interface/0/ipv4/ipAddress/0/publicIpAddress?api-version={0}&format=text' -f '2019-06-04')).Content) | |
| Set-GenericWorkerConfigValue -key 'workerId' -value (((Invoke-WebRequest -Headers @{'Metadata'=$true} -UseBasicParsing -Uri ('http://169.254.169.254/metadata/instance?api-version={0}' -f '2019-06-04')).Content) | ConvertFrom-Json).compute.name | |
| Set-GenericWorkerConfigValue -key 'rootURL' -value 'https://firefox-ci-tc.services.mozilla.com' | |
| Set-GenericWorkerConfigValue -key 'ed25519SigningKeyLocation' -value 'C:\generic-worker\ed25519-private.key' | |
| Set-GenericWorkerConfigValue -key 'tasksDir' -value 'Z:\\' | |
| Set-GenericWorkerConfigValue -key 'cachesDir' -value 'Y:\caches' | |
| Set-GenericWorkerConfigValue -key 'cachesDir' -value 'Y:\downloads' | |
| Set-GenericWorkerConfigValue -key 'wstAudience' -value 'firefoxcitc' | |
| Set-GenericWorkerConfigValue -key 'wstServerURL' -value 'https://firefoxci-websocktunnel.services.mozilla.com' | |
| Set-GenericWorkerConfigValue -key 'workerLocation' -value ('{0}' -f $env:TASKCLUSTER_WORKER_LOCATION) | |
| Set-GenericWorkerConfigValue -key 'runAfterUserCreation' -value 'C:\generic-worker\task-user-init.cmd' | |
| Set-GenericWorkerConfigValue -key 'taskclusterProxyExecutable' -value 'C:\generic-worker\taskcluster-proxy.exe' | |
| Set-GenericWorkerConfigValue -key 'sentryProject' -value 'generic-worker' | |
| Set-GenericWorkerConfigValue -key 'workerGroup' -value 'azure' | |
| #Set-GenericWorkerConfigValue -key 'availabilityZone' -value '' | |
| #Set-GenericWorkerConfigValue -key 'region' -value '' | |
| #Set-GenericWorkerConfigValue -key 'deploymentId' -value (Get-ItemProperty -Path 'HKLM:\SOFTWARE\Mozilla\OpenCloudConfig\Source' -Name 'Revision' -ErrorAction SilentlyContinue).Revision | |
| New-LocalCache | |
| } | |
| if (${env:PROCESSOR_ARCHITEW6432} -eq 'ARM64') { | |
| $userProfiles = @(Get-ChildItem -path 'HKLM:\Software\Microsoft\Windows NT\CurrentVersion\ProfileList' | ? { $_.Name -match 'S-1-5-21-'}) | |
| Write-Log -message ('{0} :: {1} UserProfiles detected' -f $($MyInvocation.MyCommand.Name), $userProfiles.Length) -severity 'DEBUG' | |
| foreach ($userProfile in $userProfiles) { | |
| $sid = [System.Io.Path]::GetFileName($userProfile) | |
| try { | |
| $user = (New-Object System.Security.Principal.SecurityIdentifier ($sid)).Translate([System.Security.Principal.NTAccount]).Value | |
| Write-Log -message ('{0} :: UserProfile: {1} - {2}' -f $($MyInvocation.MyCommand.Name), $user, $sid) -severity 'DEBUG' | |
| } catch { | |
| # the translate call in the try block above will fail if the user profile sid does not map to a user account. | |
| # if that is the case, we remove the sid from the registry profile list, in order to prevent the registry consuming too much disk space | |
| # for all the task user profiles created and deleted by the generic worker. | |
| $userProfile | Remove-Item -Force -Confirm:$false | |
| Write-Log -message ('{0} :: UserProfile sid: {1} failed to map to a user account and was removed' -f $($MyInvocation.MyCommand.Name), $sid) -severity 'DEBUG' | |
| } | |
| } | |
| $occKey=(Get-ItemProperty -Path 'HKLM:\SOFTWARE\Mozilla\OpenCloudConfig' -Name 'LastBitbarCredentialReset' -ErrorAction SilentlyContinue) | |
| foreach ($username in @('bitbar', 'testdroid')) { | |
| $userSessions = @(Get-CimInstance Win32_LoggedOnUser | ? { $_.Antecedent.Name -eq $username }) | |
| if ($userSessions.Length -gt 0) { | |
| Write-Log -message ('{0} :: BitbarLocalAccount: {1} {2} session(s) detected' -f $($MyInvocation.MyCommand.Name), $userSessions.Length, $username) -severity 'WARN' | |
| } | |
| if ((Test-Path -Path ('{0}\Mozilla\OpenCloudConfig\.{1}.pw' -f $env:ProgramData, $username) -ErrorAction SilentlyContinue) -and ((-not ($occKey.LastBitbarCredentialReset)) -or ([DateTime]::Parse($occKey.LastBitbarCredentialReset) -lt [DateTime]::UtcNow.AddDays(-1)))) { | |
| #[System.Reflection.Assembly]::LoadWithPartialName("System.Web") | |
| #$password = $([System.Web.Security.Membership]::GeneratePassword(16,8)) | |
| $password = (Get-Content -Path ('{0}\Mozilla\OpenCloudConfig\.{1}.pw' -f $env:ProgramData, $username)) | |
| try { | |
| & net @('user', $username, $password) | |
| Write-Log -message ('{0} :: BitbarLocalAccount: credentials changed for user: {1}.' -f $($MyInvocation.MyCommand.Name), $username) -severity 'INFO' | |
| $passwordChanged = $true | |
| } | |
| catch { | |
| Write-Log -message ('{0} :: BitbarLocalAccount: failed to set credentials for user: {1}. {2}' -f $($MyInvocation.MyCommand.Name), $username, $_.Exception.Message) -severity 'ERROR' | |
| $passwordChanged = $false | |
| } | |
| try { | |
| & net @('user', $username, '/active:yes') | |
| Write-Log -message ('{0} :: BitbarLocalAccount: account enabled for user: {1}.' -f $($MyInvocation.MyCommand.Name), $username) -severity 'INFO' | |
| $accountEnabled = $true | |
| } | |
| catch { | |
| Write-Log -message ('{0} :: BitbarLocalAccount: failed to enabled account for user: {1}. {2}' -f $($MyInvocation.MyCommand.Name), $username, $_.Exception.Message) -severity 'ERROR' | |
| $accountEnabled = $false | |
| } | |
| if ($passwordChanged -and $accountEnabled) { | |
| Set-ItemProperty -Path 'HKLM:\SOFTWARE\Mozilla\OpenCloudConfig' -Name 'LastBitbarCredentialReset' -Type 'String' -Value ([DateTime]::UtcNow.ToString('u')) | |
| Write-Log -message ('{0} :: BitbarLocalAccount: bitbar credential reset complete' -f $($MyInvocation.MyCommand.Name)) -severity 'INFO' | |
| } else { | |
| Write-Log -message ('{0} :: BitbarLocalAccount: bitbar credential reset failed' -f $($MyInvocation.MyCommand.Name)) -severity 'ERROR' | |
| } | |
| } elseif ($occKey.LastBitbarCredentialReset) { | |
| Write-Log -message ('{0} :: BitbarLocalAccount: detected recent bitbar credential reset at: {1}' -f $($MyInvocation.MyCommand.Name), $occKey.LastBitbarCredentialReset) -severity 'DEBUG' | |
| } | |
| } | |
| $userWinLogon=(Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon').DefaultUserName | |
| $userGwCurrent=(Get-Content -Raw -Path 'C:\generic-worker\current-task-user.json' | ConvertFrom-Json).name | |
| $userGwNext=(Get-Content -Raw -Path 'C:\generic-worker\next-task-user.json' | ConvertFrom-Json).name | |
| Write-Log -message ('{0} :: GenericWorkerObserve: Winlogon\DefaultUserName: {1}, gw\current: {2}, gw\next: {3}' -f $($MyInvocation.MyCommand.Name), $userWinLogon, $userGwCurrent, $userGwNext) -severity 'DEBUG' | |
| $gwLastExitCode=(Get-Content -Raw -Path 'C:\generic-worker\last-exit-code.json' | ConvertFrom-Json).exitCode | |
| $gwLastExitUsername=(Get-Content -Raw -Path 'C:\generic-worker\last-exit-code.json' | ConvertFrom-Json).username | |
| Write-Log -message ('{0} :: GenericWorkerObserve: last exit-code: {1}, username: {2}' -f $($MyInvocation.MyCommand.Name), $gwLastExitCode, $gwLastExitUsername) -severity 'DEBUG' | |
| $occKey=(Get-ItemProperty -Path 'HKLM:\SOFTWARE\Mozilla\OpenCloudConfig' -Name 'LastGenericWorkerReset' -ErrorAction SilentlyContinue) | |
| if (($gwLastExitCode -eq 69) -or (-not ($occKey.LastGenericWorkerReset)) -or ([DateTime]::Parse($occKey.LastGenericWorkerReset) -lt [DateTime]::UtcNow.AddHours(-24))) { | |
| if ($gwLastExitCode -eq 69) { | |
| Write-Log -message ('{0} :: GenericWorkerReset: detected generic worker panic on last run' -f $($MyInvocation.MyCommand.Name)) -severity 'DEBUG' | |
| } | |
| if ($occKey.LastGenericWorkerReset) { | |
| Write-Log -message ('{0} :: GenericWorkerReset: detected {1} generic worker reset at: {2}' -f $($MyInvocation.MyCommand.Name), $(if ($gwLastExitCode -eq 69) { 'last' } else { 'outdated' }), $occKey.LastGenericWorkerReset) -severity 'DEBUG' | |
| } | |
| $resetPaths = @( | |
| 'C:\generic-worker\current-task-user.json', | |
| 'C:\generic-worker\next-task-user.json', | |
| 'C:\generic-worker\tasks-resolved-count.txt', | |
| 'C:\generic-worker\directory-caches.json', | |
| 'C:\generic-worker\file-caches.json' | |
| ) | |
| foreach ($resetPath in $resetPaths) { | |
| if (Test-Path -Path $resetPath -ErrorAction SilentlyContinue) { | |
| Remove-Item $resetPath -Confirm:$false -Force -ErrorAction SilentlyContinue | |
| Write-Log -message ('{0} :: GenericWorkerReset: deleted {1}' -f $($MyInvocation.MyCommand.Name), $resetPath) -severity 'INFO' | |
| } | |
| } | |
| $resetRegistryValues = @( | |
| 'AutoAdminLogon', | |
| 'DefaultDomainName', | |
| 'DefaultUserName', | |
| 'DefaultPassword' | |
| ) | |
| foreach ($resetRegistryValue in $resetRegistryValues) { | |
| Remove-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name $resetRegistryValue -Force -ErrorAction SilentlyContinue | |
| Write-Log -message ('{0} :: GenericWorkerReset: deleted HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\{1}' -f $($MyInvocation.MyCommand.Name), $resetRegistryValue) -severity 'INFO' | |
| } | |
| Set-ItemProperty -Path 'HKLM:\SOFTWARE\Mozilla\OpenCloudConfig' -Name 'LastGenericWorkerReset' -Type 'String' -Value ([DateTime]::UtcNow.ToString('u')) | |
| Write-Log -message ('{0} :: GenericWorkerReset: generic worker reset complete' -f $($MyInvocation.MyCommand.Name)) -severity 'INFO' | |
| } else { | |
| Write-Log -message ('{0} :: GenericWorkerObserve: detected recent generic worker reset at: {1}' -f $($MyInvocation.MyCommand.Name), $occKey.LastGenericWorkerReset) -severity 'DEBUG' | |
| } | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| if (${env:PROCESSOR_ARCHITEW6432} -eq 'ARM64') { | |
| $userProfiles = @(Get-ChildItem -path 'HKLM:\Software\Microsoft\Windows NT\CurrentVersion\ProfileList' | ? { $_.Name -match 'S-1-5-21-'}) | |
| Write-Log -message ('{0} :: {1} UserProfiles detected' -f $($MyInvocation.MyCommand.Name), $userProfiles.Length) -severity 'DEBUG' | |
| foreach ($userProfile in $userProfiles) { | |
| $sid = [System.Io.Path]::GetFileName($userProfile) | |
| try { | |
| $user = (New-Object System.Security.Principal.SecurityIdentifier ($sid)).Translate([System.Security.Principal.NTAccount]).Value | |
| Write-Log -message ('{0} :: UserProfile: {1} - {2}' -f $($MyInvocation.MyCommand.Name), $user, $sid) -severity 'DEBUG' | |
| } catch { | |
| # the translate call in the try block above will fail if the user profile sid does not map to a user account. | |
| # if that is the case, we remove the sid from the registry profile list, in order to prevent the registry consuming too much disk space | |
| # for all the task user profiles created and deleted by the generic worker. | |
| $userProfile | Remove-Item -Force -Confirm:$false | |
| Write-Log -message ('{0} :: UserProfile sid: {1} failed to map to a user account and was removed' -f $($MyInvocation.MyCommand.Name), $sid) -severity 'DEBUG' | |
| } | |
| } | |
| $occKey=(Get-ItemProperty -Path 'HKLM:\SOFTWARE\Mozilla\OpenCloudConfig' -Name 'LastBitbarCredentialReset' -ErrorAction SilentlyContinue) | |
| foreach ($username in @('bitbar', 'testdroid')) { | |
| $userSessions = @(Get-CimInstance Win32_LoggedOnUser | ? { $_.Antecedent.Name -eq $username }) | |
| if ($userSessions.Length -gt 0) { | |
| Write-Log -message ('{0} :: BitbarLocalAccount: {1} {2} session(s) detected' -f $($MyInvocation.MyCommand.Name), $userSessions.Length, $username) -severity 'WARN' | |
| } | |
| if ((Test-Path -Path ('{0}\Mozilla\OpenCloudConfig\.{1}.pw' -f $env:ProgramData, $username) -ErrorAction SilentlyContinue) -and ((-not ($occKey.LastBitbarCredentialReset)) -or ([DateTime]::Parse($occKey.LastBitbarCredentialReset) -lt [DateTime]::UtcNow.AddDays(-1)))) { | |
| #[System.Reflection.Assembly]::LoadWithPartialName("System.Web") | |
| #$password = $([System.Web.Security.Membership]::GeneratePassword(16,8)) | |
| $password = (Get-Content -Path ('{0}\Mozilla\OpenCloudConfig\.{1}.pw' -f $env:ProgramData, $username)) | |
| try { | |
| & net @('user', $username, $password) | |
| Write-Log -message ('{0} :: BitbarLocalAccount: credentials changed for user: {1}.' -f $($MyInvocation.MyCommand.Name), $username) -severity 'INFO' | |
| $passwordChanged = $true | |
| } | |
| catch { | |
| Write-Log -message ('{0} :: BitbarLocalAccount: failed to set credentials for user: {1}. {2}' -f $($MyInvocation.MyCommand.Name), $username, $_.Exception.Message) -severity 'ERROR' | |
| $passwordChanged = $false | |
| } | |
| try { | |
| & net @('user', $username, '/active:yes') | |
| Write-Log -message ('{0} :: BitbarLocalAccount: account enabled for user: {1}.' -f $($MyInvocation.MyCommand.Name), $username) -severity 'INFO' | |
| $accountEnabled = $true | |
| } | |
| catch { | |
| Write-Log -message ('{0} :: BitbarLocalAccount: failed to enabled account for user: {1}. {2}' -f $($MyInvocation.MyCommand.Name), $username, $_.Exception.Message) -severity 'ERROR' | |
| $accountEnabled = $false | |
| } | |
| if ($passwordChanged -and $accountEnabled) { | |
| Set-ItemProperty -Path 'HKLM:\SOFTWARE\Mozilla\OpenCloudConfig' -Name 'LastBitbarCredentialReset' -Type 'String' -Value ([DateTime]::UtcNow.ToString('u')) | |
| Write-Log -message ('{0} :: BitbarLocalAccount: bitbar credential reset complete' -f $($MyInvocation.MyCommand.Name)) -severity 'INFO' | |
| } else { | |
| Write-Log -message ('{0} :: BitbarLocalAccount: bitbar credential reset failed' -f $($MyInvocation.MyCommand.Name)) -severity 'ERROR' | |
| } | |
| } elseif ($occKey.LastBitbarCredentialReset) { | |
| Write-Log -message ('{0} :: BitbarLocalAccount: detected recent bitbar credential reset at: {1}' -f $($MyInvocation.MyCommand.Name), $occKey.LastBitbarCredentialReset) -severity 'DEBUG' | |
| } | |
| } | |
| $ipAddresses = @(Get-NetIPConfiguration | ? { $_.IPv4DefaultGateway -ne $null -and $_.NetAdapter.Status -ne "Disconnected" } | % { $_.IPv4Address.IPAddress }) | |
| Write-Log -message ('{0} :: instance ipv4 addresses: {1}.' -f $($MyInvocation.MyCommand.Name), [string]::Join(',', $ipAddresses)) -severity 'INFO' | |
| $autoLogonKeys=@( | |
| 'DefaultUserName', | |
| 'DefaultDomainName', | |
| 'AutoAdminLogon', | |
| 'ForceAutoLogon', | |
| 'AutoLogonSID', | |
| 'LastUsedUsername' | |
| ) | |
| foreach ($prop in @((Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon').PsObject.Properties | ? { @('System.String', 'System.Int32').Contains($_.TypeNameOfValue) -and ($_.Name -ne 'DefaultPassword') -and (-not $_.Name.StartsWith('PS')) -and (-not $_.Name.StartsWith('Si')) })) { | |
| Write-Log -message ('{0} :: Winlogon/{1} read as: {2}' -f $($MyInvocation.MyCommand.Name), $prop.Name, $prop.Value) -severity 'INFO' | |
| if ($prop.Name -eq 'AutoLogonSID') { | |
| try { | |
| $user = (New-Object System.Security.Principal.SecurityIdentifier ($prop.Value)).Translate([System.Security.Principal.NTAccount]).Value | |
| Write-Log -message ('{0} :: Winlogon/AutoLogonSID: {1} mapped to user: {2}' -f $($MyInvocation.MyCommand.Name), $prop.Value, $user) -severity 'DEBUG' | |
| } catch { | |
| Write-Log -message ('{0} :: Winlogon/AutoLogonSID: {1} did not map to a known user.' -f $($MyInvocation.MyCommand.Name), $prop.Value) -severity 'DEBUG' | |
| } | |
| } | |
| } | |
| $occKey=(Get-ItemProperty -Path 'HKLM:\SOFTWARE\Mozilla\OpenCloudConfig' -Name 'LastGenericWorkerReset' -ErrorAction SilentlyContinue) | |
| if ((-not ($occKey.LastGenericWorkerReset)) -or ([DateTime]::Parse($occKey.LastGenericWorkerReset) -lt [DateTime]::UtcNow.AddHours(-(Get-Random -InputObject 20..30)))) { | |
| if ($occKey.LastGenericWorkerReset) { | |
| Write-Log -message ('{0} :: GenericWorkerReset: detected outdated generic worker reset at: {1}' -f $($MyInvocation.MyCommand.Name), $occKey.LastGenericWorkerReset) -severity 'DEBUG' | |
| } | |
| $resetPaths = @( | |
| 'C:\generic-worker\current-task-user.json', | |
| 'C:\generic-worker\next-task-user.json', | |
| 'C:\generic-worker\tasks-resolved-count.txt', | |
| 'C:\generic-worker\directory-caches.json', | |
| 'C:\generic-worker\file-caches.json' | |
| ) | |
| foreach ($resetPath in $resetPaths) { | |
| if (Test-Path -Path $resetPath -ErrorAction SilentlyContinue) { | |
| Remove-Item $resetPath -Confirm:$false -Force -ErrorAction SilentlyContinue | |
| Write-Log -message ('{0} :: GenericWorkerReset: deleted {1}' -f $($MyInvocation.MyCommand.Name), $resetPath) -severity 'INFO' | |
| } | |
| } | |
| Set-ItemProperty -Path 'HKLM:\SOFTWARE\Mozilla\OpenCloudConfig' -Name 'LastGenericWorkerReset' -Type 'String' -Value ([DateTime]::UtcNow.ToString('u')) | |
| Write-Log -message ('{0} :: GenericWorkerReset: generic worker reset complete' -f $($MyInvocation.MyCommand.Name)) -severity 'INFO' | |
| } else { | |
| Write-Log -message ('{0} :: GenericWorkerReset: detected recent generic worker reset at: {1}' -f $($MyInvocation.MyCommand.Name), $occKey.LastGenericWorkerReset) -severity 'DEBUG' | |
| } | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| if (${env:PROCESSOR_ARCHITEW6432} -eq 'ARM64') { | |
| if ((Test-Path -Path 'C:\generic-worker\generic-worker.config' -ErrorAction SilentlyContinue) -and (-not (Test-Path -Path 'C:\generic-worker\master-generic-worker.json' -ErrorAction SilentlyContinue))) { | |
| Copy-Item -Path 'C:\generic-worker\generic-worker.config' -Destination 'C:\generic-worker\master-generic-worker.json' | |
| } | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| if (${env:PROCESSOR_ARCHITEW6432} -eq 'ARM64') { | |
| if ((Test-Path -Path ('{0}\gnupg\secring.gpg' -f $env:AppData) -ErrorAction SilentlyContinue) -and ((Get-Item ('{0}\gnupg\secring.gpg' -f $env:AppData)).length -gt 0kb)) { | |
| Write-Log -message ('{0} :: gpg keyring detected' -f $($MyInvocation.MyCommand.Name)) -severity 'DEBUG' | |
| New-Item -Path 'C:\builds' -ItemType Directory -ErrorAction SilentlyContinue | |
| New-Item -Path ('{0}\Mozilla\OpenCloudConfig' -f $env:ProgramData) -ItemType Directory -ErrorAction SilentlyContinue | |
| $ipAddresses = @(Get-NetIPConfiguration | ? { $_.IPv4DefaultGateway -ne $null -and $_.NetAdapter.Status -ne "Disconnected" } | % { $_.IPv4Address.IPAddress }) | |
| $gwConfig=(Get-Content -Raw -Path 'C:\generic-worker\gw.config' | ConvertFrom-Json) | |
| if (($gwConfig.requiredDiskSpaceMegabytes) -or (-not ($ipAddresses.Contains($gwConfig.publicIP))) -or ($gwConfig.rootURL -ne 'https://firefox-ci-tc.services.mozilla.com') -or ($gwConfig.clientId -ne 'project/releng/generic-worker/bitbar-gecko-t-win10-aarch64') -or ($gwConfig.wstAudience -ne 'firefoxcitc')) { | |
| Write-Log -message ('{0} :: invalid config detected. rootURL: {1}, clientId: {2}, publicIP: {3}, wstAudience: {4}' -f $($MyInvocation.MyCommand.Name), $gwConfig.rootURL, $gwConfig.clientId, $gwConfig.publicIP, $gwConfig.wstAudience) -severity 'WARN' | |
| Remove-Item 'C:\generic-worker\gw.config' -Confirm:$false -force -ErrorAction SilentlyContinue | |
| Remove-Item 'C:\generic-worker\generic-worker.config' -Confirm:$false -force -ErrorAction SilentlyContinue | |
| Remove-Item 'C:\generic-worker\master-generic-worker.json' -Confirm:$false -force -ErrorAction SilentlyContinue | |
| } else { | |
| Write-Log -message ('{0} :: valid config detected. rootURL: {1}, clientId: {2}, publicIP: {3}' -f $($MyInvocation.MyCommand.Name), $gwConfig.rootURL, $gwConfig.clientId, $gwConfig.publicIP) -severity 'DEBUG' | |
| } | |
| [hashtable] $resources = @{ | |
| 'C:\builds\taskcluster-worker-ec2@aws-stackdriver-log-1571127027.json' = 'https://s3.amazonaws.com/windows-opencloudconfig-packages/FirefoxBuildResources/taskcluster-worker-ec2@aws-stackdriver-log-1571127027.json.gpg?raw=true'; | |
| 'C:\builds\relengapi.tok' = 'https://s3.amazonaws.com/windows-opencloudconfig-packages/FirefoxBuildResources/relengapi.tok.gpg?raw=true'; | |
| 'C:\builds\occ-installers.tok' = 'https://s3.amazonaws.com/windows-opencloudconfig-packages/FirefoxBuildResources/occ-installers.tok.gpg?raw=true'; | |
| ('{0}\Mozilla\OpenCloudConfig\project_releng_generic-worker_bitbar-gecko-t-win10-aarch64.txt' -f $env:ProgramData) = 'https://gist.github.com/grenade/dfbf31ef54bb6a0191fc386240bb71e7/raw/project_releng_generic-worker_bitbar-gecko-t-win10-aarch64.txt.gpg'; | |
| 'C:\generic-worker\gw.config' = ('https://github.com/mozilla-releng/OpenCloudConfig/raw/master/cfg/generic-worker/{0}.json.gpg' -f $(if ([System.Net.Dns]::GetHostName().ToLower().StartsWith('yoga-')) { 't-lenovoyogac630-{0}' -f [System.Net.Dns]::GetHostName().Split('-')[1] } else { [System.Net.Dns]::GetHostName().ToLower() })); | |
| 'C:\generic-worker\generic-worker.config' = ('https://github.com/mozilla-releng/OpenCloudConfig/raw/master/cfg/generic-worker/{0}.json.gpg' -f $(if ([System.Net.Dns]::GetHostName().ToLower().StartsWith('yoga-')) { 't-lenovoyogac630-{0}' -f [System.Net.Dns]::GetHostName().Split('-')[1] } else { [System.Net.Dns]::GetHostName().ToLower() })); | |
| 'C:\generic-worker\master-generic-worker.json' = ('https://github.com/mozilla-releng/OpenCloudConfig/raw/master/cfg/generic-worker/{0}.json.gpg' -f $(if ([System.Net.Dns]::GetHostName().ToLower().StartsWith('yoga-')) { 't-lenovoyogac630-{0}' -f [System.Net.Dns]::GetHostName().Split('-')[1] } else { [System.Net.Dns]::GetHostName().ToLower() })); | |
| ('{0}\Mozilla\OpenCloudConfig\OpenCloudConfig.private.key' -f $env:ProgramData) = 'https://github.com/mozilla-releng/OpenCloudConfig/raw/master/cfg/OpenCloudConfig.private.key.gpg'; | |
| ('{0}\Mozilla\OpenCloudConfig\.bitbar.pw' -f $env:ProgramData) = 'https://github.com/mozilla-releng/OpenCloudConfig/raw/master/cfg/bitbar/.bitbar.pw.gpg'; | |
| ('{0}\Mozilla\OpenCloudConfig\.testdroid.pw' -f $env:ProgramData) = 'https://github.com/mozilla-releng/OpenCloudConfig/raw/master/cfg/bitbar/.testdroid.pw.gpg' | |
| } | |
| foreach ($localPath in $resources.Keys) { | |
| $downloadUrl = $resources.Item($localPath) | |
| if (-not (Test-Path -Path $localPath -ErrorAction SilentlyContinue)) { | |
| try { | |
| (New-Object Net.WebClient).DownloadFile($downloadUrl, ('{0}.gpg' -f $localPath)) | |
| } catch { | |
| Write-Log -message ('{0} :: error downloading {1} to {2}. {3}' -f $($MyInvocation.MyCommand.Name), $downloadUrl, ('{0}.gpg' -f $localPath), $_.Exception.Message) -severity 'ERROR' | |
| } | |
| if (Test-Path -Path ('{0}.gpg' -f $localPath) -ErrorAction SilentlyContinue) { | |
| Write-Log -message ('{0} :: {1} downloaded from {2}' -f $($MyInvocation.MyCommand.Name), ('{0}.gpg' -f $localPath), $downloadUrl) -severity 'INFO' | |
| Start-Process ('{0}\GNU\GnuPG\pub\gpg.exe' -f ${env:ProgramFiles(x86)}) -ArgumentList @('-d', ('{0}.gpg' -f $localPath)) -Wait -NoNewWindow -PassThru -RedirectStandardOutput $localPath -RedirectStandardError ('{0}\log\{1}.gpg-decrypt-{2}.stderr.log' -f $env:SystemDrive, [DateTime]::Now.ToString("yyyyMMddHHmmss"), [IO.Path]::GetFileNameWithoutExtension($localPath)) | |
| if (Test-Path -Path $localPath -ErrorAction SilentlyContinue) { | |
| Write-Log -message ('{0} :: decrypted {1} to {2}' -f $($MyInvocation.MyCommand.Name), ('{0}.gpg' -f $localPath), $localPath) -severity 'INFO' | |
| } | |
| Remove-Item -Path ('{0}.gpg' -f $localPath) -Force | |
| Write-Log -message ('{0} :: deleted "{1}"' -f $($MyInvocation.MyCommand.Name), ('{0}.gpg' -f $localPath)) | |
| } | |
| } else { | |
| Write-Log -message ('{0} :: detected {1}. skipping download from {2}' -f $($MyInvocation.MyCommand.Name), $localPath, $downloadUrl) -severity 'DEBUG' | |
| } | |
| } | |
| } else { | |
| Write-Log -message ('{0} :: gpg keyring not found' -f $($MyInvocation.MyCommand.Name)) -severity 'ERROR' | |
| } | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| if (${env:PROCESSOR_ARCHITEW6432} -eq 'ARM64') { | |
| if (Test-Path -Path ('{0}\Mozilla\OpenCloudConfig\occ-public.key' -f $env:ProgramData) -ErrorAction SilentlyContinue) { | |
| Write-Log -message ('{0} :: gpg public key found at: {1}' -f $($MyInvocation.MyCommand.Name), ('{0}\Mozilla\OpenCloudConfig\occ-public.key' -f $env:ProgramData)) -severity 'DEBUG' | |
| $publicKey = (Get-Content -Path ('{0}\Mozilla\OpenCloudConfig\occ-public.key' -f $env:ProgramData) -Raw) | |
| Write-Log -message ('{0} :: {1}' -f $($MyInvocation.MyCommand.Name), $publicKey) -severity 'DEBUG' | |
| } else { | |
| Write-Log -message ('{0} :: gpg public key not found at: {1}' -f $($MyInvocation.MyCommand.Name), ('{0}\Mozilla\OpenCloudConfig\occ-public.key' -f $env:ProgramData)) -severity 'ERROR' | |
| } | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| if (${env:PROCESSOR_ARCHITEW6432} -eq 'ARM64') { | |
| $commands = @( | |
| @{ | |
| 'executable' = 'ver' | |
| }, | |
| @{ | |
| 'executable' = 'wmic' | |
| 'arguments' = @('qfe', 'list') | |
| }, | |
| @{ | |
| 'executable' = 'systeminfo' | |
| } | |
| ) | |
| $occKey=(Get-ItemProperty -Path 'HKLM:\SOFTWARE\Mozilla\OpenCloudConfig' -Name 'LastRegsvr32Reset' -ErrorAction SilentlyContinue) | |
| if ((-not ($occKey.LastRegsvr32Reset)) -or ([DateTime]::Parse($occKey.LastRegsvr32Reset) -lt [DateTime]::UtcNow.AddDays(-1))) { | |
| foreach ($dll in @(Get-ChildItem -Path ('{0}\System32\*.dll' -f $env:SystemRoot))) { | |
| $commands += @{ | |
| 'executable' = 'regsvr32' | |
| 'arguments' = @('/s', $dll.FullName) | |
| } | |
| } | |
| Set-ItemProperty -Path 'HKLM:\SOFTWARE\Mozilla\OpenCloudConfig' -Name 'LastRegsvr32Reset' -Type 'String' -Value ([DateTime]::UtcNow.ToString('u')) | |
| Write-Log -message ('{0} :: Regsvr32Reset: regsvr32 reset complete' -f $($MyInvocation.MyCommand.Name)) -severity 'INFO' | |
| } else { | |
| Write-Log -message ('{0} :: Regsvr32Reset: detected recent regsvr32 reset at: {1}' -f $($MyInvocation.MyCommand.Name), $occKey.LastRegsvr32Reset) -severity 'DEBUG' | |
| } | |
| foreach ($command in $commands) { | |
| try { | |
| $commandStdOutPath = ('{0}\log\{1}-arbitrary-command-stdout.log' -f $env:SystemDrive, [DateTime]::Now.ToString("yyyyMMddHHmmss")) | |
| $commandStdErrPath = ('{0}\log\{1}-arbitrary-command-stderr.log' -f $env:SystemDrive, [DateTime]::Now.ToString("yyyyMMddHHmmss")) | |
| if ($command.ContainsKey('arguments')) { | |
| Start-Process $command['executable'] -ArgumentList $command['arguments'] -Wait -NoNewWindow -PassThru -RedirectStandardOutput $commandStdOutPath -RedirectStandardError $commandStdErrPath | |
| } else { | |
| Start-Process $command['executable'] -Wait -NoNewWindow -PassThru -RedirectStandardOutput $commandStdOutPath -RedirectStandardError $commandStdErrPath | |
| } | |
| if ((Get-Item -Path $commandStdErrPath).Length -gt 0kb) { | |
| $lineNumber = 0 | |
| foreach ($lineContent in (Get-Content -Path $commandStdErrPath)) { | |
| Write-Log -message ('{0} :: DebugCommand - {1} {2} ({3}) line {4}: {5}' -f $($MyInvocation.MyCommand.Name), $command['executable'], $(if ($command.ContainsKey('arguments')) { [string]::Join(' ', $command['arguments']) } else {}), [IO.Path]::GetFileNameWithoutExtension($commandStdErrPath), $lineNumber++, $lineContent) -severity 'ERROR' | |
| } | |
| } | |
| if ((Get-Item -Path $commandStdOutPath).Length -gt 0kb) { | |
| $lineNumber = 0 | |
| foreach ($lineContent in (Get-Content -Path $commandStdOutPath)) { | |
| Write-Log -message ('{0} :: DebugCommand - {1} {2} ({3}) line {4}: {5}' -f $($MyInvocation.MyCommand.Name), $command['executable'], $(if ($command.ContainsKey('arguments')) { [string]::Join(' ', $command['arguments']) } else {}), [IO.Path]::GetFileNameWithoutExtension($commandStdOutPath), $lineNumber++, $lineContent) -severity 'DEBUG' | |
| } | |
| } | |
| if (((Get-Item -Path $commandStdErrPath).Length -eq 0) -and ((Get-Item -Path $commandStdOutPath).Length -eq 0)) { | |
| Write-Log -message ('{0} :: DebugCommand - {1} {2} (no output)' -f $($MyInvocation.MyCommand.Name), $command['executable'], $(if ($command.ContainsKey('arguments')) { [string]::Join(' ', $command['arguments']) } else {})) -severity 'WARN' | |
| } | |
| } catch { | |
| Write-Log -message ('{0} :: DebugCommand - {1} {2} (exception). {3}' -f $($MyInvocation.MyCommand.Name), $command['executable'], $(if ($command.ContainsKey('arguments')) { [string]::Join(' ', $command['arguments']) } else {}), $_.Exception.Message) -severity 'ERROR' | |
| Write-Log -message ('{0} :: {1} not found' -f $($MyInvocation.MyCommand.Name), $command['executable']) -severity 'DEBUG' | |
| } | |
| } | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| if (${env:PROCESSOR_ARCHITEW6432} -eq 'ARM64') { | |
| Set-ItemProperty -Path 'HKLM:\SOFTWARE\Mozilla\OpenCloudConfig\Source' -Type 'String' -Name 'Revision' -Value 'master' | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment