[NoBrainer] PowerShell modules, digital signatures, nuspec files and packages automated

As announced a couple of days ago we started pushing some of our PowerShell modules to GitHub and NuGet. And soon it became obvious that keeping all the scripts, signatures, versions and packages in sync was some tedious and error-prone work. This should definitely be automated, you might instantly think – and right you are! So here are some small scripts let that you take care of some of the repetitive tasks…


  • a base folder with all your script modules
  • a digital certificate for code signing
    in case you do not have a certificate and if you are in Switzerland, you can cheaply get a code signing certificate by buying a Post SuisseID which also serves that purpose.
  • PowerShell modules with manifest files
  • a nuspec template file


Update-Signature lets you easily sign all your script files (ps1, psm1, psd1) recursively. It makes use of the Microsoft supplied Cmdlet Set-AuthenticodeSignature which applies a authenticode signature comment block at the end of the scripts.

Update-Signature C:\github
Update-Signature C:\github\myscript.ps1

The script will process all scripts if a folder is specified but also accepts pipeline input for individual files.


Update-ManifestRevision compare the version and revision of the manifest file of a PowerShell module against the last write time of the files in the module folder. If the last write time is newer the revision of the module manifest is automatically adjusted and the signature is updated as well.

# Version number of this module.
ModuleVersion = ''

Again, you can either scan a folder path recursively or specify individual files.


Update-Nuspec lets you create a new nuspec file (and a nupkg) if the version number in the module manifest is higher than the highest existing version number of a nuspec file in the module folder. When the nuspec file is created all referencesd items from the manifest are included in the nuspec file (such as RootModule, NestedModules, FileList, and the manifest itself).

Update-Nuspec C:\github\biz.dfch.PS.module\biz.dfch.PS.module.psd1

If the module vesion of biz.dfch.PS.module.psd1 is ‘′ then this will create a new nuspec file: ‘C:\github\biz.dfch.PS.module\biz.dfch.PS.module.1.0.4.nuspec‘.

Once more, you can either scan a folder path recursively or specify individual files.


With these three easy steps you can automate most of your PowerShell post-build tasks. You can find the scripts in our Gist at https://gist.github.com/dfch/5a263d63e1967b7e1892


  1. […] This approach can also be combined with more formal releases such as NuGet packages as I described in PowerShell modules, digital signatures, nuspec files and packages automated. […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: