(#223) Removes Chocolatey Install Script from Repository

The QSG now pulls the latest-current version at install time, which means we no longer have to keep it updated in two places.

Additionally, it allows for overriding the script by downloading it in advance to the specified location. This may or may not solve #227.

Author: JPRuskin

Set-SslSecurity.ps1

@@ -77,8 +77,9 @@ process {
     Start-Transcript -Path "$env:SystemDrive\choco-setup\logs\Set-SslCertificate-$(Get-Date -Format 'yyyyMMdd-HHmmss').txt"
 
     # Dot-source helper functions
-    . .\scripts\Get-Helpers.ps1
-    #Collect current certificate configuration
+    $ScriptDir = Join-Path $PSScriptRoot "scripts"
+    . $ScriptDir\Get-Helpers.ps1
+    # Collect current certificate configuration
     $Certificate = if ($Subject) {
         Get-Certificate -Subject $Subject
     }
@@ -138,14 +139,6 @@ process {
     # Connect to Nexus
     Connect-NexusServer -Hostname $SubjectWithoutCn -Credential $Credential -UseSSL
 
-    # Add updated scripts to raw repo in Nexus
-
-    # Push ChocolateyInstall.ps1 to raw repo
-    $ScriptDir = "$env:SystemDrive\choco-setup\files\scripts"
-    $ChocoInstallScript = "$ScriptDir\ChocolateyInstall.ps1"
-    (Get-Content -Path $ChocoInstallScript) -replace "{{hostname}}", $SubjectWithoutCn | Set-Content -Path $ChocoInstallScript
-    New-NexusRawComponent -RepositoryName 'choco-install' -File "$ChocoInstallScript"
-
     # Push ClientSetup.ps1 to raw repo
     $ClientScript = "$ScriptDir\ClientSetup.ps1"
     (Get-Content -Path $ClientScript) -replace "{{hostname}}", $SubjectWithoutCn | Set-Content -Path $ClientScript
@@ -288,7 +281,7 @@ process {
 
         $ScriptBlock | Set-Content -Path $EndpointScript
 
-        #Agent Setup
+        # Agent Setup
         $agentArgs = @{
             CentralManagementServiceUrl = "https://$($SubjectWithoutCn):24020/ChocolateyManagementService"
             ServiceSalt = $ServiceSaltValue
@@ -300,14 +293,14 @@ process {
 
     else {
 
-         #Agent Setup
+         # Agent Setup
          $agentArgs = @{
             CentralManagementServiceUrl = "https://$($SubjectWithoutCn):24020/ChocolateyManagementService"
         }
 
         Install-ChocolateyAgent @agentArgs
 
-        #Register endpoint script
+        # Register endpoint script
         (Get-Content -Path $EndpointScript) -replace "{{hostname}}", "'$SubjectWithoutCn'" | Set-Content -Path $EndpointScript
         if ($IsSelfSigned) {
             $ScriptBlock = @"

Start-C4bNexusSetup.ps1

@@ -71,6 +71,22 @@ process {
     # Temporary workaround to reset the NuGet v3 cache, such that it doesn't capture localhost as the FQDN
     Remove-NexusRepositoryFolder -RepositoryName ChocolateyInternal -Name v3
 
+    # Push latest ChocolateyInstall.ps1 to raw repo
+    $ScriptDir = "$env:SystemDrive\choco-setup\files\scripts"
+    $ChocoInstallScript = "$ScriptDir\ChocolateyInstall.ps1"
+
+    if (-not (Test-Path $ChocoInstallScript)) {
+        Invoke-WebRequest -Uri 'https://chocolatey.org/install.ps1' -OutFile $ChocoInstallScript
+    }
+
+    $Signature = Get-AuthenticodeSignature -FilePath $ChocoInstallScript
+
+    if ($Signature.Status -eq 'Valid' -and $Signature.SignerCertificate.Subject -eq 'CN="Chocolatey Software, Inc.", O="Chocolatey Software, Inc.", L=Topeka, S=Kansas, C=US') {
+        New-NexusRawComponent -RepositoryName 'choco-install' -File $ChocoInstallScript
+    } else {
+        Write-Error "ChocolateyInstall.ps1 script signature is not valid. Please investigate."
+    }
+
     # Add ChocolateyInternal as a source repository
     choco source add -n 'ChocolateyInternal' -s "$((Get-NexusRepository -Name 'ChocolateyInternal').url)/index.json" --priority 1