-
Notifications
You must be signed in to change notification settings - Fork 708
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Create Chocolatey package #562
Comments
Can you describe the value of doing so? What can I now do that is cool? |
Easy to install and receive updates. I use chocolatey to create workstation setup scripts. E.g. Thanks |
To save duplicating work, it's probably worth mentioning that a package already exists. It's not been updated for a while, but see jivkok/Chocolatey-AutomaticPackages#17. |
I think that the requirement from my perspective is really to be able to install the product via a common package manager from the command-line. Given the movement to command-line and automatic management of systems (infrastructure as code), some kind of installer that doesn't require clicking in a GUI and downloading via a browser would be great. Microsoft has recognised in the past the value of such a product via their OneGet or PackageManagement product, but unfortunately that initiative seems to be dead in the water. Currently, the only viable Windows package manager is Chocolatey, which is probably why the original poster created the issue with this title. Our developer machines are built using a PowerShell script, so the result of not having an installer accessible via a common package manager is that they don't have this product installed on their machines unless they download it themselves, which restricts the spread and popularity of PerfView within our organisation. |
OneGet was renamed PowerShellGet. It can still do generic nuget
repositories, but the code quality is low and good luck getting Microsoft
to fix bugs in it, even when you point out the exact lines of code that are
broken.
Ultimately, I hope PowerShellGet dies a sweet death and someone who
understands how Yumm/Rpm or Synaptic package manager works builds it
correctly. So far, the only intelligently designed package manager for
Windows is paket. NuGet is finally improving but missing much of the genius
of paket's dependancy model (the bug in 3.3 where they returned a non-zero
exit code inexplicably on a successful run is just the tip of the iceberg
with my frustration with Nuget, or the fact NuGet Restore would barf on
nested solutions, etc..).
…On Sun, Sep 2, 2018, 7:13 PM nzbart ***@***.***> wrote:
I think that the requirement from my perspective is really to be able to
install the product via a common package manager from the command-line.
Given the movement to command-line and automatic management of systems
(infrastructure as code), some kind of installer that doesn't require
clicking in a GUI and downloading via a browser would be great. Microsoft
has recognised in the past the value of such a product via their OneGet or
PackageManagement product, but unfortunately that initiative seems to be
dead in the water. Currently, the only viable Windows package manager is
Chocolatey, which is probably why the original poster created the issue
with this title.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#562 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAbT_f5sqPgXWLShA4cLn7xLzPMDGj3tks5uXGYQgaJpZM4SEdq8>
.
|
I truly don't understand the nuances of package managers. Indeed in Chocolatey seems to have competitors like paket and oneget. But from my perspective, I don't actually care to pick a winner. It is enough to support thing that people want. This is clearly something that that community that cares about it should be doing. I would assume that making a Chocolatey package (or updating the one referenced above) is pretty easy for someone to 'just do'. They may not need any change at all from this repository (other than updating the docs to point people at the package). In short, I am OK with SMALL, obviously otherwise non-impactful pull requests to help make package managers work with PerfView. What I need however is someone who ACTUALLY uses these package managers to take the lead and come up with at design, vet it here, and submit any PRs that are needed. My expectation is that it would take only a day or so of work. So if people want this, there is nothing stopping you. Please vet what you intend here before investing significant effort, but that should be a formality. If you need information from me just ask. |
Pretty much all Windows package managers speak nuspec as a common language, and differ only in what "helper files" to run to install the package. For example, OctoPack requires PostDeploy.ps1, Chocolatey requires ChocolateyInstall.ps1, etc.
I think for your application, there are a couple of discrete tasks:
.\PerfView.exe abort /LogFile:dummy.log /AcceptEula This is required to write: I suppose it would be good to have an integration test to ensure this behavior stays that way.
|
Thanks @jzabroski for the discussion. Yes, the command
will accept the Eula, but you could also simply skip it and simpy copy the EXE. There is no 'installation' it is just that the behavor of the app is slightly different the first time you run it. There is a pitfall for users that what to script PerfView (they have to remember to use /AcceptEula), but arguably there is no 'installation' necessary for perfview.
Sounds easy enough for anyone to create a PR (presumably they go in src\PerfVIew)
Note that if the PerfVIew is deployed by a nuget package, we now sign all of our packages (which would include this new one). I can make sure that this new package gets signed and uploaded go Nuget.org when updates happen (we already do this for the TraceEvent nuget package. So I am asking somone who cares about this to make a PR to make the nuspec and chocately file and test that it works locally, as well as update to the *.md files so we can document how to use it (I will also need this to test the end-to-end). |
Just FYI (although I would recommend simply not having an 'install' at all.
There is a command in the GUI 'File -> Clear User Config' that does that. You probably wanted a non-gui way of doing it. If you delete the directory %APPDATA%\PerfView you will remove all config associated with PerfView. |
I'm just describing the bare minimum required to be compliant with pretty much any package manager. Here is the user story: As a system administrator using Boxstarter to configure clean,consistent User Desktop deployments of Windows within my company, I want to be able to silently install software and accept all licenses on behalf of the user.
Checksuming the final nupkg ("compiled archive" zip) is an external checksum, but not a checksum on the individual components. A nuspec file can take a download URL to get the final package from, as in an "online installer", similar to how Visual Studio installs/upgrades on your machine today. I probably anonymously report, under my pseudonym, more man-in-the-middle attacks of this variety than any other attack vector I report. I'm also guilty of it myself: https://github.com/jzabroski/chocolatey-packages/blob/master/appfabric.caching/chocolateyInstall.ps1 - This example code also shows you why simply signing the NuGet package with NuGet package signing is not sufficient, as the nuspec file is just a shell for metadata whereas the ChocolateyInstall.ps1 is where the meat and potatoes is. |
I imagine this is one of these policy issues that is part of an 'arms race'. EULA by design are supposed to be 'in your face' for legal reasons. I would suggest that we side-step the issue by not trying to auto-accept for now, and get that 'goodness' to users, and then treat as a separate issue whether the last step can be done by Microsoft (we can't stop people outside Microsoft from doing lots of things, but we have to at least obey our own rules (and I don't know what they are in this case, some research is needed)). On the issue of checksums: Note that PerfView.exe is also digitically signed itself (as is PerfVIew64.exe). The page https://github.com/Microsoft/perfview/blob/master/documentation/Downloading.md tells you how to check the signature manually using windows explorer or signtool, but I have no illusions that people will actually do this. |
No, it's really just that with a lot of machine building tools, any application that pops up can cause the whole process to hang. Auto-accept is a misnomer, anyway. It's really "I know what the license says and I don't have time to re-read it, so please just let me install this." Msiexec.exe already supports this feature implicitly through /quiet Windows [Standard Installer Command-Line Options(https://docs.microsoft.com/en-us/windows/desktop/msi/standard-installer-command-line-options), but I get your legalistic reasons for working on an open source project a Microsoft and wanting to clear things through legal (or not wanting to deal with it at all). |
PerfView 2.0.26 is now available on Chocolatey: https://chocolatey.org/packages/perfview |
I am going to close the issue. PLease reopen and restart the discussion if you feel the need. |
Please add Chocolatey distribution package. https://chocolatey.org
The text was updated successfully, but these errors were encountered: