Request for Signing the Pode Module for Enhanced Security

[mdaneri]

Describe the Change

Signing the PowerShell module would enhance its security by ensuring its authenticity and integrity. This is especially important given the widespread use of Pode in various production environments where security is paramount.

Key Benefits:

• Authenticity: Users can verify that the module comes from a trusted source.
• Integrity: Ensures that the module has not been tampered with since it was signed.
• Confidence: Increases user confidence in using Pode, especially in security-sensitive environments.

To sign the code, the cheapest solution I found is provided by https://Certum.eu Euro 69 for the first year and Euro 20 per year https://shop.certum.eu/open-source-code-signing.html

####Change to pode.build.ps1 to support signing

Task Sign{
 # Define the base directory where your scripts are located
    $path = './pkg'

    if ($Version){

        if (! (Test-Path $path)) {
            Invoke-Build Pack -Version $Version
        }
        #$cert = New-SelfSignedCertificate -DnsName yourname -CertStoreLocation Cert:\CurrentUser\My -Type CodeSigning

        # Get the code signing certificate
        $cert = @(Get-ChildItem cert:\CurrentUser\My -CodeSigningCert)[0]

        # Check if a code signing certificate is available
        if ($null -eq $cert ) {
            Write-Error 'No code signing certificate found.'
            exit
        }

        # Recursively find all .ps1 and .psd1 files and sign them
        Get-ChildItem -Path $path -Recurse -Include *.ps1, *.psd1 | ForEach-Object {
            write-host "Signing $($_.FullName)"
            Set-AuthenticodeSignature -FilePath $_.FullName -Certificate $cert
        }
    }else{
        Write-Error "Parameter -Version is required"
    }


}