-
Notifications
You must be signed in to change notification settings - Fork 100
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
cChocoInstaller fails to install Chocolatey, chocolatey folder already exists #151
Comments
I'm seeing the same behavior - cleaning things up, like the c:\choco directory, PATH variables, registry etc and just running the install from PowerShell directly on the same machine (without using DSC) seems to work fine. Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1')) All was working fine yesterday. |
Note we pushed a security fix to install.ps1 plus quite a bit of cleanup. We've checked quite a bit with it, but it's hard to catch every area of things that could occur. Here's where the problem lies: VERBOSE: [dominos-web]: [[cChocoInstaller]Install] Env:ChocolateyInstall has C:\Choco That should be downloaded elsewhere, not to the folder where the installation is. So yeah, the install script will detect the folder is already created and not install there. |
To insulate yourself from changes that we are making in terms of the community and the packages repository (as we will be making quite a few over the next few months), it would be best to provide a script to point to a chocolatey nupkg in your internal infrastructure. This is also going to be your best workaround while this gets fixed in cChoco. |
I think issue on both sides
|
The problem lies in that someone could pre-create the folder and drop a hijacking dll in here. Then when Chocolatey installs and puts folders on the SYSTEM path, those hijacking DLLs are still there. Even though it installs and asserts admin privileges to the default location (not to So to fix the security issue, if there is an existing folder where Chocolatey was going to install, it just doesn't. Errorring in a terminating way on this is just completely out - that would cause a lot consternation as compared to what is currently being seen (it would affect a far larger number of users).
There are a few things to do in cChoco on this. I think we may see some small issues with other integrations as well. I am sorry to hear we didn't catch this as part of our testing. |
DSC resource has property ChocoInstallScriptURL, it would be good then to option to provide option to set in stone which version of install script resource will use so integration would not break when new versions are released (like what you can do with docker tags) |
I think this is where the bug hits:
|
In the interim you can use following to make cChoco resource work. It's official install.ps1 file which does not consider Choco folder with single file as a valid chocolatey installation
|
As @steviecoaster pointed, the problem is simply that cChoco downloads the |
Changes in the Chocolatey install.ps1 means downloading to Choco install folder stops the install. Amended the code to download the install.ps1 file to a temporary folder and execute it from there.
(GH-151) Download install.ps1 to temp folder.
* development: Update module versions for release (GH-151) Download install.ps1 to temp folder. (maint) Set pester to a max version of 4.10.1 (GH-20) add cChocoConfig resource Adding comments and tests Add pull request template (doc) Add issue template configuration (doc) Remove invalid issue template (doc) Update issue templates throw if using prerelease with minimumversion quick fixes DSCResources/cChocoPackageInstall/cChocoPackageInstall.psm1 adding support for specifying minimum version
* Workaround to cChco issue chocolatey/cChoco#151 * Implement temporary workaround to blocking cChoco issue * Update DSC module cChoco to 2.5 * Update DSC module cChoco to 2.5 * Fix installation of Fiddler * Revert "Fix installation of Fiddler" This reverts commit cac5bf1.
Describe the bug
Right now cChocoinstaller will download installation package and will execute it ignoring warnings from installation package and still adding environment variables etc to system
Actual code for chocolatey install (below) will consider presence of folder where chocolatey is installed and presense any file there (which is where DSC downloads file) an indication that chocolatey is already installed. This will prevent chocolatey to be ever installed and lead to errors like below
Error
To Reproduce
Will fail
Expected behavior
Shall install chocolatey
The text was updated successfully, but these errors were encountered: