Skip to content

Latest commit

 

History

History
67 lines (63 loc) · 3.34 KB

File metadata and controls

67 lines (63 loc) · 3.34 KB

PowerShell Community Call - May 20, 2021

Agenda

  • OpenSSH update
  • Working Groups/Community update
  • Crescendo preview 2
  • SecretManagement 1.1 design change affecting extensions
  • PowerShellGet v3 update
  • Community Demos
  • Q&A

Notes

  • OpenSSH
    • Originally planned to update to 8.1 in 20H1 (and then 20H2)
    • Due to mixups, this was delayed until the last month, upon which we shipped an 8.1 WU update for all machines downlevel to 20H1
    • 8.6 will be out as a GitHub release (beta) in the next few weeks
    • Due to the validation length of 8.6, it will not ship into 21H2, but instead will show up in 22H1 (or the equivalent)
    • Generally, the version of OpenSSH shipping in Windows is the only supported version
      • Installing "manually" from GitHub to downlevel is not a supported scenario
    • The Azure Gallery does have a supported extension for Azure Windows VMs or Arc-enabled servers
      • Currently on 7.7 but will be updating soon
  • Working Groups / Community update
  • Module compatibility
    • Lots of feedback around M365 module compatibility with PowerShell 7
    • Highly engaged and making progress
  • Crescendo preview.2
    • Released last week, now with command elevation!
    • Flexibile enough to elevate on both Windows and Linux (Start-Process and sudo)
    • Some issues with elevation on Windows
    • Next preview: plan to make improvements to output handling
  • SecretManagement 1.1 design change for vault extensions
    • Vault extensions get registered with SecretManagement as implementations for retreiving and setting secrets in a vault
    • Today, these extension modules are loaded into the same session in which the user is executing
    • This design prevents vault extensions from operating in Constrained Language Mode (CLM)
    • Code Integrity (CI) policy is an application control policy that locks down a machine
      • Essentially runs "trusted" scripts/modules in full language mode vs. CLM
    • SecretManagement is designed to run in CLM but cannot today beause of how it loades extension modules today
    • Going forward, vault extensions will get loaded into fresh sessions via new runspaces
    • This change breaks extension modules like KeePass in how they unlock the vault
      • Unlocking can be done interactively (e.g. prompt for password), but it also needs to work in non-interactive (e.g. CI/CD) scenarios
    • Original issue (here)[PowerShell/SecretStore#64], but conversation will continue in SecretManagement
  • PowerShellGet 3.0 update
    • Despite lack of a major preview update, a ton of work has gone into PSGetv3 within the last month
    • Particularly getting into code review for Find-Module
    • Are also looking into issues and PRs across the board coming in from community
      • Keep playing with PSGetv3 and filing issues!
    • Not a firm date on next release, but would love to ship in June
  • Microsoft/Community demos
    • Updates to Guest Configuration cmdlets (Michelle Yang)