From 40052faa02600a33f0988cc5fe9600d042dde345 Mon Sep 17 00:00:00 2001
From: Keith Hill <r_keith_hill@hotmail.com>
Date: Sat, 18 Feb 2017 14:19:34 -0700
Subject: [PATCH 1/2] Add-PoshGitToProfile should not modify signed prof

Forgot to address this issue before shipping 0.7.0 - https://github.com/dahlbyk/posh-git/issues/328#issuecomment-269740506

Merge to develop.
---
 src/Utils.ps1 | 40 +++++++++++++++++++++++++++++++++-------
 1 file changed, 33 insertions(+), 7 deletions(-)

diff --git a/src/Utils.ps1 b/src/Utils.ps1
index 3a9aa4c09..48c7fb6a3 100644
--- a/src/Utils.ps1
+++ b/src/Utils.ps1
@@ -82,18 +82,32 @@ function Invoke-Utf8ConsoleCommand([ScriptBlock]$cmd) {
 .OUTPUTS
     None.
 #>
-function Add-PoshGitToProfile([switch]$AllHosts, [switch]$Force, [switch]$WhatIf) {
+function Add-PoshGitToProfile {
+    [CmdletBinding(SupportsShouldProcess)]
+    param(
+        [Parameter()]
+        [switch]
+        $AllHosts,
+
+        [Parameter()]
+        [switch]
+        $Force,
+
+        [Parameter(ValueFromRemainingArguments)]
+        [psobject[]]
+        $TestParams
+    )
+
     $underTest = $false
 
     $profilePath = if ($AllHosts) { $PROFILE.CurrentUserAllHosts } else { $PROFILE.CurrentUserCurrentHost }
 
     # Under test, we override some variables using $args as a backdoor.
-    # TODO: Can we just turn these into optional parameters with well-defined behavior?
-    if (($args.Count -gt 0) -and ($args[0] -is [string])) {
-        $profilePath = [string]$args[0]
+    if (($TestParams.Count -gt 0) -and ($TestParams[0] -is [string])) {
+        $profilePath = [string]$TestParams[0]
         $underTest = $true
-        if ($args.Count -gt 1) {
-            $ModuleBasePath = [string]$args[1]
+        if ($TestParams.Count -gt 1) {
+            $ModuleBasePath = [string]$TestParams[1]
         }
     }
 
@@ -138,6 +152,16 @@ function Add-PoshGitToProfile([switch]$AllHosts, [switch]$Force, [switch]$WhatIf
         return
     }
 
+    # If the profile script exists and is signed, then we should not modify it
+    if (Test-Path -LiteralPath $profilePath) {
+        $sig = Get-AuthenticodeSignature $profilePath
+        if ($sig.Status -eq [System.Management.Automation.SignatureStatus]::Valid) {
+            Write-Warning "The profile script '$profilePath' is signed and cannot be updated."
+            Write-Warning "Add the command 'Import-Module posh-git' to your profile and resign it."
+            return
+        }
+    }
+
     # Check if the location of this module file is in the PSModulePath
     if (Test-InPSModulePath $ModuleBasePath) {
         $profileContent = "`nImport-Module posh-git"
@@ -146,7 +170,9 @@ function Add-PoshGitToProfile([switch]$AllHosts, [switch]$Force, [switch]$WhatIf
         $profileContent = "`nImport-Module '$ModuleBasePath\posh-git.psd1'"
     }
 
-    Add-Content -LiteralPath $profilePath -Value $profileContent -Encoding UTF8 -WhatIf:$WhatIf
+    if ($PSCmdlet.ShouldProcess($profilePath, "Add 'Import-Module posh-git' to profile")) {
+        Add-Content -LiteralPath $profilePath -Value $profileContent -Encoding UTF8
+    }
 }
 
 <#

From 857672c3e721bf7d241a32b14df53051de763434 Mon Sep 17 00:00:00 2001
From: Keith Hill <r_keith_hill@hotmail.com>
Date: Sun, 19 Feb 2017 17:02:12 -0700
Subject: [PATCH 2/2] Switch from SigStatus to SigType.

SignatureStatus appears to have four enum values that correspond to a signed file vs three for not signed.  Switching to check the SignatureType value as it will indicate Authenticode when file is Authenticode signed even if the hash doesn't match (been modified previously) or the cert is not trusted / incompatible.
---
 src/Utils.ps1 | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/Utils.ps1 b/src/Utils.ps1
index 48c7fb6a3..eb3318726 100644
--- a/src/Utils.ps1
+++ b/src/Utils.ps1
@@ -142,7 +142,7 @@ function Add-PoshGitToProfile {
     }
 
     if (!$profilePath) {
-        Write-Warning "Skipping add of posh-git import; no profile found."
+        Write-Warning "Skipping add of posh-git import to profile; no profile found."
         Write-Verbose "`$profilePath          = '$profilePath'"
         Write-Verbose "`$PROFILE              = '$PROFILE'"
         Write-Verbose "CurrentUserCurrentHost = '$($PROFILE.CurrentUserCurrentHost)'"
@@ -155,8 +155,8 @@ function Add-PoshGitToProfile {
     # If the profile script exists and is signed, then we should not modify it
     if (Test-Path -LiteralPath $profilePath) {
         $sig = Get-AuthenticodeSignature $profilePath
-        if ($sig.Status -eq [System.Management.Automation.SignatureStatus]::Valid) {
-            Write-Warning "The profile script '$profilePath' is signed and cannot be updated."
+        if ($sig.SignatureType -eq [System.Management.Automation.SignatureType]::Authenticode) {
+            Write-Warning "Skipping add of posh-git import to profile; '$profilePath' appears to be signed."
             Write-Warning "Add the command 'Import-Module posh-git' to your profile and resign it."
             return
         }