Chocolatey 0.10 breaking some installers.

[javydekoning]

0.10.0 includes a major security enhancement (checksum requirement). This breaks several packages right now and will hopefully be fixed by maintainers in the future. However the cChocoPackageInstaller resource requires an ability to set the --allow-empty-checksums param.

[OxHobbs]

I ran into this issue as well and have added an additional property that allows you to specify a property to bypass the checksum (--allowEmptyChecksums). Added pull request to address the issue.

[ferventcoder]

I appreciate the way you stated this @javydekoning. Very nice.

For other folks looking for more information, take a look at chocolatey/choco#910

[javydekoning]

@FatherDragon Thanks, I also added a pull request with a slightly more dynamic approach to also allow other Choco Install Params as this feature is currently lacking. See PR #50

@ferventcoder cool, thanks for including the reference. Very nice addition to Choco :)

[4c74356b41]

Could you, perhaps enlighten me? Params = "--allow-empty-checksums" doesn't work.

Thanks!

[ferventcoder]

@4c74356b41 anything with Params goes into package parameters - choco install --package-parameters 'value of Params here'

[4c74356b41]

I'm talking about cchoco. when specifying Params = "--allow-empty-checksums" package fails, but when doing the same thing manually install succeeds

[lawrencegripper]

The params argument in cChoco maps to the "--package-parameters" argument on choco not as a parameter on the choco command.

What your config will do, if I haven't missunderstood, is this..

choco install git --package-parameters '--allow-empty-checksums'

Where what you want is this...

choco install git --allow-empty-checksums

#52 is working on adding this functionality at the moment

[4c74356b41]

So there's no way to install package with empty checksum using cchoco at the moment?
And no way to configure choco natively?
choco feature enable -n allowEmptyChecksums? Without adding script resource to dsc configuration?

[lawrencegripper]

Correct, @javydekoning has kindly submitted a PR to fix this and is making some changes before we merge it in and push out an update.

[4c74356b41]

hm, could you perhaps add ability to configure chocolatey: (and this could be, say, comma separated list?)

    cChocoInstaller installChoco
    {
        InstallDir = "c:\choco"
        DependsOn = "[File]ChocoDir"
        Params = "feature enable -n allowEmptyChecksums, feature enable -n allowGlobalConfirmation" 
    }

[lawrencegripper]

We're looking at enabling this on a per-package basis, for flexibility, rather than in cChocoInstaller. Happy to discuss allowing something in cChocoInstaller but best to start a seperate issue to talk through this now.

If you'd like to look at what is being worked have a read of #52 I'm going to close off this issue for now though so we don't have two conversations running in parallel.

[ferventcoder]

For posterity sake, I added all of the different options you have when you run into this issue here: chocolatey/choco#112 (comment)

The first option is consumer-based. Did you know you could pass the checksums yourself (once #52 is implemented of course)?

[4c74356b41]

yeah, I figured that out, but atm cchoco doesn't support that.
seems that the only option now is to use script extension along with cchoco to install such packages.