Package to exe fails when calling ConvertTo-SecureString

dvcpro · November 14, 2022, 6:54pm

Visual Studio Code
Version: 1.73.1

I have run into an issue when packaging an executable. ConvertTo-SecureString is failing.
This was working fine before but sometime in the last few weeks it stopped.
Note: In that time PowerShell was upgraded to 7.3.

Have a simple script:
$PSVersionTable.PSVersion
$pw = “01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e6a902…”
$ss = ConvertTo-SecureString $pw
Write-Host “Press any key to close window.”
[void][System.Console]::ReadKey($true)

Running executable:
Major Minor Patch PreReleaseLabel BuildLabel

7 2 0
ConvertTo-SecureString:
Line |
10 | $ss = ConvertTo-SecureString $pw
| ~~~~~~~~~~~~~~~~~~~~~~
| The ‘ConvertTo-SecureString’ command was found in the module ‘Microsoft.PowerShell.Security’, but the module could not be loaded. For more information, run ‘Import-Module Microsoft.PowerShell.Security’.
Press any key to close window.

My package.psd1 file:
@{
Root = ‘C:_PS\test\test_token.ps1’
OutputPath = 'C:_PS\test'
Package = @{
Enabled = $true
DotNetVersion = ‘net6.0’
PowerShellVersion = “7.2.0”
PackageType = ‘Console’
}
Bundle = @{
Enabled = $true
Modules = $true
}
}

I tried using:
Import-Module Microsoft.PowerShell.Security
But I get:
Error in TypeData “System.Security.AccessControl.ObjectSecurity”: The member AuditToString is already present.
And still get the ConvertTo-SecureString error.

Any ideas?
thanks,

adam · November 14, 2022, 11:11pm

Are you running this on a machine that has PS7.3 installed? I wonder if there is a module version mismatch.

dvcpro · November 15, 2022, 8:44am

Yes running 7.3.0. Was installed a week or two ago. Pretty sure this is when the issue happened.

In fact Microsoft.PowerShell.Security is called out in What’s New under Breaking Changes and Improvements.

adam · November 15, 2022, 1:40pm

We should be able to add support for 7.3 packaging pretty easily now that .NET 7 is GA’d. That might be the easiest solution.

dvcpro · November 15, 2022, 2:23pm

Perfect.

dvcpro · December 8, 2022, 6:39pm

Greetings,
I noticed that documentation shows that PowerShell 7.3.x with net7.0 is supported for Packaging.

I tried it and get:
Merge-Script: Invalid .NET Versions specified for selected PowerShell version. Valid values are: netcoreapp31, net50, net60

I am running on PS 7.3.0.
My package.psd1 file cpntains:
DotNetVersion = ‘net7.0’
PowerShellVersion = “7.3.0”

Any suggestions?
Thanks

Lex · January 23, 2023, 3:10pm

Any updates on this?
I have the same issue. (twice the security string and the merge-script error when using PW 7.3.x and net7.0)

dvcpro · January 23, 2023, 4:05pm

Nope, I still get the same thing. I simply reverted to using PS 5 for now. I will ultimately need to follow up.

Lex · January 23, 2023, 5:43pm

Thanks. In fact this is the only piece of code which doesnt work for me.

dvcpro · January 23, 2023, 6:26pm

Same here. It works really well overall.

Lex · January 23, 2023, 7:38pm

I have found the solution, thanks to a github article:

github.com/Powershell/Powershell

Cert:\ PSDrive is unavailable on PowerShell 5.1 launched by cmd when cmd is launched on PowerShell 7.3

opened 02:38AM - 11 Nov 22 UTC

closed 12:00AM - 30 Nov 22 UTC

masaru-iritani

Resolution-Answered

### Prerequisites - [X] Write a descriptive title. - [X] Make sure you are able… to repro it on the [latest released version](https://github.com/PowerShell/PowerShell/releases) - [X] Search the existing issues. - [X] Refer to the [FAQ](https://github.com/PowerShell/PowerShell/blob/master/docs/FAQ.md). - [X] Refer to [Differences between Windows PowerShell 5.1 and PowerShell](https://docs.microsoft.com/powershell/scripting/whats-new/differences-from-windows-powershell). ### Steps to reproduce `Cert:\` PSDrive provided by Certificate provider is unavailable on PowerShell 5.1 launched by cmd.exe if and only if the cmd.exe was launched on PowerShell 7.3. This issue causes an error on running a batch script which launches PowerShell 5.1. Although this issue happens on PowerShell 5.1, I file it for PowerShell 7.3 because it is reproduced only when cmd.exe is launched on PowerShell 7.3. | Environment | Issue | |:-:|:-:| | PS 5.1 | Not repro | | PS 5.1 on PS 7.3 | Not repro | | PS 5.1 on cmd on PS 5.1 | Not repro | | PS 5.1 on cmd on PS 7.2.7 | Not repro | | PS 5.1 on cmd on PS 7.3 | Repro | ### Expected behavior ```console PS> cmd /c C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Command Get-PSDrive Name Used (GB) Free (GB) Provider Root CurrentLocation ---- --------- --------- -------- ---- --------------- Alias Alias C 445.17 30.10 FileSystem C:\ ..._7.3.0.0_x64__8wekyb3d8bbwe Cert Certificate \ D 906.38 25.13 FileSystem D:\ E 0.06 0.42 FileSystem E:\ Env Environment Function Function HKCU Registry HKEY_CURRENT_USER HKLM Registry HKEY_LOCAL_MACHINE Variable Variable WSMan WSMan ``` ### Actual behavior ```console PS> cmd /c C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Command Get-PSDrive Name Used (GB) Free (GB) Provider Root CurrentLocation ---- --------- --------- -------- ---- --------------- Alias Alias C 445.17 30.10 FileSystem C:\ ..._7.3.0.0_x64__8wekyb3d8bbwe Cert Certificate \ D 906.38 25.13 FileSystem D:\ E 0.06 0.42 FileSystem E:\ Env Environment Function Function HKCU Registry HKEY_CURRENT_USER HKLM Registry HKEY_LOCAL_MACHINE Variable Variable WSMan WSMan ``` ### Error details ```console No error is returned. ``` ### Environment data ```powershell PS> $PSVersionTable Name Value ---- ----- PSVersion 7.3.0 PSEdition Core GitCommitId 7.3.0 OS Microsoft Windows 10.0.22623 Platform Win32NT PSCompatibleVersions {1.0, 2.0, 3.0, 4.0…} PSRemotingProtocolVersion 2.3 SerializationVersion 1.1.0.1 WSManStackVersion 3.0 ``` ### Visuals [CertPSDriveUnavailable.zip](https://github.com/PowerShell/PowerShell/files/9985850/CertPSDriveUnavailable.zip) is a step recording capturing following steps. 1. Launch PowerShell 7.3 with no profile. 2. Run "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Command Get-PSDrive" and get Cert PSDrive as expected. 3. Run "cmd /c C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Command Get-PSDrive" and get **no Cert PSDrive**.

Then env trick is not yet working for me, but what I used instead is:

Import-Module -Name “C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Security\Microsoft.PowerShell.Security.psd1” -Verbose -Force

(-Verbose -Force just to see extra output an make things a bit easier to read)

I need to so some smart detection about 32 or 64 bit version is running and adjust the path above. But my first test show the is doing the job.

dvcpro · January 23, 2023, 7:53pm

That is very cool, thanks for sharing. I’ll try it when I can. This won’t however fix the merge-script problem, have you tried?

Lex · January 23, 2023, 8:02pm

No but that is a Pro tools thing I guess. They dont support yet the combination of PW 7.3.x and .Net7