@@ -305,7 +305,7 @@ function Import-Certificate() {
305305 [CmdletBinding()]
306306 param (
307307 [parameter(Mandatory=$true)]
308- [string]$CertificatePath ,
308+ $CertificateData ,
309309 [parameter(Mandatory=$false)]
310310 [System.Security.Cryptography.X509Certificates.StoreLocation]$StoreLocation="LocalMachine",
311311 [parameter(Mandatory=$false)]
@@ -316,8 +316,7 @@ function Import-Certificate() {
316316 $store = New-Object System.Security.Cryptography.X509Certificates.X509Store(
317317 $StoreName, $StoreLocation)
318318 $store.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadWrite)
319- $cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2(
320- $CertificatePath)
319+ $cert = [System.Security.Cryptography.X509Certificates.X509Certificate2]::new($CertificateData)
321320 $store.Add($cert)
322321 }
323322}
@@ -389,9 +388,6 @@ function Invoke-GarmFailure() {
389388 }
390389}
391390
392- $PEMData = @"
393- {{.CABundle}}
394- "@
395391$GHRunnerGroup = "{{.GitHubRunnerGroup}}"
396392
397393function Install-Runner() {
@@ -410,9 +406,11 @@ function Install-Runner() {
410406 Throw "missing metadata URL"
411407 }
412408
413- if($PEMData.Trim().Length -gt 0){
414- Set-Content $env:TMP\garm-ca.pem $PEMData
415- Import-Certificate -CertificatePath $env:TMP\garm-ca.pem -StoreName Root -StoreLocation LocalMachine
409+ $bundle = wget -UseBasicParsing -Headers @{"Accept"="application/json"; "Authorization"="Bearer $Token"} -Uri $MetadataURL/system/cert-bundle
410+ $converted = ConvertFrom-Json $bundle
411+ foreach ($i in $converted.root_certificates.psobject.Properties){
412+ $data = [System.Convert]::FromBase64String($i.Value)
413+ Import-Certificate -CertificateData $data -StoreName Root -StoreLocation LocalMachine
416414 }
417415
418416 Update-GarmStatus -CallbackURL $CallbackURL -Message "downloading tools from $DownloadURL"
@@ -451,10 +449,11 @@ function Install-Runner() {
451449 $protectedBytes = [Security.Cryptography.ProtectedData]::Protect( $encodedBytes, $null, [Security.Cryptography.DataProtectionScope]::LocalMachine )
452450 [System.IO.File]::WriteAllBytes((Join-Path $runnerDir ".credentials_rsaparams"), $protectedBytes)
453451
454- wget -UseBasicParsing -Headers @{"Accept"="application/json"; "Authorization"="Bearer $Token"} -Uri $MetadataURL/system/service-name -OutFile "C:\runner\.service"
452+ $serviceNameFile = (Join-Path $runnerDir ".service")
453+ wget -UseBasicParsing -Headers @{"Accept"="application/json"; "Authorization"="Bearer $Token"} -Uri $MetadataURL/system/service-name -OutFile $serviceNameFile
455454
456455 Update-GarmStatus -CallbackURL $CallbackURL -Message "Creating system service"
457- $SVC_NAME=(gc -raw "C:\runner\.service" )
456+ $SVC_NAME=(gc -raw $serviceNameFile )
458457 New-Service -Name "$SVC_NAME" -BinaryPathName "C:\runner\bin\RunnerService.exe" -DisplayName "$SVC_NAME" -Description "GitHub Actions Runner ($SVC_NAME)" -StartupType Automatic
459458 Start-Service "$SVC_NAME"
460459 Update-GarmStatus -Message "runner successfully installed" -CallbackURL $CallbackURL -Status "idle" | Out-Null
0 commit comments