cristiancmoises
/
wingetautoupdate
mirror of https://github.com/Romanitho/Winget-AutoUpdate
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Corrected and Safe

pull/275/head
KnifMelti 2023-02-04 01:08:38 +01:00
parent 29f4ef3812
commit 013e66ebdc
5 changed files with 85 additions and 57 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
README.md
View File

@ -103,6 +103,9 @@ Thanks to [Weatherlights](https://github.com/Weatherlights) in [#256 (reply in t
**-ModsPath** **-ModsPath**
Get Mods from external Path (**URL/UNC/Local**) - download/copy to `mods` in Winget-AutoUpdate installation location if external mods are newer. Get Mods from external Path (**URL/UNC/Local**) - download/copy to `mods` in Winget-AutoUpdate installation location if external mods are newer.
Security:
If -ModsPath is used during installation WAU assumes it's an enterprise environment and adds a **Deny rule** to the file rights for the directory `mods` for **Local Users** (SID: S-1-5-32-545) making it impossible to implement own scripts that can be executed in **SYSTEM** context.
For **URL**: This requires a site directory with **Directory Listing Enabled** and no index page overriding the listing of files (or an index page with href listing of all the **Mods** to be downloaded): For **URL**: This requires a site directory with **Directory Listing Enabled** and no index page overriding the listing of files (or an index page with href listing of all the **Mods** to be downloaded):
``` ```
<ul> <ul>

13
Winget-AutoUpdate-Install.ps1
View File

@ -367,7 +367,7 @@ function Install-WingetAutoUpdate {
New-ItemProperty $regPath -Name WAU_BypassListForUsers -Value 1 -PropertyType DWord -Force | Out-Null New-ItemProperty $regPath -Name WAU_BypassListForUsers -Value 1 -PropertyType DWord -Force | Out-Null
} }
#Set ACL for users on logfile #Set ACL for Authenticated Users on logfile
$LogFile = "$WingetUpdatePath\logs\updates.log" $LogFile = "$WingetUpdatePath\logs\updates.log"
if (test-path $LogFile) { if (test-path $LogFile) {
$NewAcl = Get-Acl -Path $LogFile $NewAcl = Get-Acl -Path $LogFile
@ -380,6 +380,17 @@ function Install-WingetAutoUpdate {
Set-Acl -Path $LogFile -AclObject $NewAcl Set-Acl -Path $LogFile -AclObject $NewAcl
} }
#Most likely an enterprise with central mods, not a home user
if ($ModsPath) {
# Set ReadOnly on Mods Directory for Local Users - Security risk if not done (they could create a script of their own - System Context)!
$directory = Get-Item -Path "$WingetUpdatePath\mods"
$acl = Get-Acl -Path $directory.FullName
$userSID = New-Object System.Security.Principal.SecurityIdentifier("S-1-5-32-545")
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule($userSID, "Write", "Deny")
$acl.SetAccessRule($rule)
Set-Acl -Path $directory.FullName -AclObject $acl
}
#Create Shortcuts #Create Shortcuts
if ($StartMenuShortcut) { if ($StartMenuShortcut) {
if (!(Test-Path "${env:ProgramData}\Microsoft\Windows\Start Menu\Programs\Winget-AutoUpdate (WAU)")) { if (!(Test-Path "${env:ProgramData}\Microsoft\Windows\Start Menu\Programs\Winget-AutoUpdate (WAU)")) {

14
Winget-AutoUpdate/Winget-Upgrade.ps1
View File

@ -203,14 +203,14 @@ if (Test-Network) {
Write-Log "Checking application updates on Winget Repository..." "yellow" Write-Log "Checking application updates on Winget Repository..." "yellow"
$outdated = Get-WingetOutdatedApps $outdated = Get-WingetOutdatedApps
#If something is wrong with the winget source, exit #If something unusual happened
if ($outdated -like "Problem:*") { if ($outdated -like "An unusual*") {
Write-Log "Critical: An error occured, exiting..." "red" Write-Log "$outdated" "cyan"
Write-Log "$outdated" "red" $outdated = $False
New-Item "$WorkingDir\logs\error.txt" -Value "$outdated" -Force
Exit 1
} }
#Run only if $outdated is populated!
if ($outdated) {
#Log list of app to update #Log list of app to update
foreach ($app in $outdated) { foreach ($app in $outdated) {
#List available updates #List available updates
@ -267,6 +267,8 @@ if (Test-Network) {
if ($InstallOK -gt 0) { if ($InstallOK -gt 0) {
Write-Log "$InstallOK apps updated ! No more update." "Green" Write-Log "$InstallOK apps updated ! No more update." "Green"
} }
}
if ($InstallOK -eq 0) { if ($InstallOK -eq 0) {
Write-Log "No new update." "Green" Write-Log "No new update." "Green"
} }

2
Winget-AutoUpdate/functions/Get-WingetOutdatedApps.ps1
View File

@ -13,7 +13,7 @@ function Get-WingetOutdatedApps {
#Start Convertion of winget format to an array. Check if "-----" exists (Winget Error Handling) #Start Convertion of winget format to an array. Check if "-----" exists (Winget Error Handling)
if (!($upgradeResult -match "-----")) { if (!($upgradeResult -match "-----")) {
return "Problem:`n$upgradeResult" return "An unusual thing happened (maybe all apps are upgraded):`n$upgradeResult"
} }
#Split winget output to lines #Split winget output to lines

12
Winget-AutoUpdate/functions/Invoke-PostUpdateActions.ps1
View File

@ -53,6 +53,18 @@ function Invoke-PostUpdateActions {
Write-Log "-> MaxLogFiles/MaxLogSize setting was missing. Fixed with 3/1048576 (in bytes, default is 1048576 = 1 MB)." Write-Log "-> MaxLogFiles/MaxLogSize setting was missing. Fixed with 3/1048576 (in bytes, default is 1048576 = 1 MB)."
} }
#Most likely an enterprise with central mods, not a home user
$ModsPath = Get-ItemProperty $regPath -Name WAU_ModsPath -ErrorAction SilentlyContinue
if ($ModsPath) {
# Set ReadOnly on Mods Directory for Local Users - Security risk if not done (they could create a script of their own - System Context)!
$directory = Get-Item -Path "$WingetUpdatePath\mods"
$acl = Get-Acl -Path $directory.FullName
$userSID = New-Object System.Security.Principal.SecurityIdentifier("S-1-5-32-545")
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule($userSID, "Write", "Deny")
$acl.SetAccessRule($rule)
Set-Acl -Path $directory.FullName -AclObject $acl
}
#Convert about.xml if exists (previous WAU versions) to reg #Convert about.xml if exists (previous WAU versions) to reg
$WAUAboutPath = "$WorkingDir\config\about.xml" $WAUAboutPath = "$WorkingDir\config\about.xml"
if (test-path $WAUAboutPath) { if (test-path $WAUAboutPath) {