Public/Test-ModuleHash.ps1
|
<#
.SYNOPSIS Validate module files .DESCRIPTION Validate all module files against the cryptographic hash created when the module was published. A file containing all hashes will be downloaded from the GitHub release and compared to the module files currently in use. .EXAMPLE Test-ModuleHash .INPUTS None .OUTPUTS Boolean #> function Test-ModuleHash { [CmdletBinding()] [OutputType([Boolean])] param ( ) try { Invoke-webrequest -Uri "https://github.com/gdbarron/VenafiPS/releases/download/v$ModuleVersion/hash.json" -OutFile ('{0}/hash.json' -f $env:TEMP) -UseBasicParsing $json = (Get-Content -Path ('{0}/hash.json' -f $env:TEMP) -Raw) | ConvertFrom-Json } catch { Write-Error "Unable to download and process hash.json, $_" return $false } $hashFailed = $json | ForEach-Object { Write-Verbose ('Checking {0}' -f $_.File) $thisHash = Get-ChildItem -Path ('{0}/../{1}' -f $PSScriptRoot, $_.File) | Get-FileHash -Algorithm SHA256 if ( $thisHash.Hash -ne $_.Hash ) { $thisHash.Path } } if ( $hashFailed ) { Write-Error ('hash check failed for the following files: {0}' -f ($hashFailed -join ', ')) } -not $hashFailed } |