I just installed chocolatey through nuGet using the following steps in the admin shell: chocolatey nuget install. However, when I try to get any package, I am asked for credentials (which I assume is not meant to happen). Can anyone point out what I am doing wrong?
chocolatey
Maybe not a fix, but I found a work around. It is possible to download the *.nupkg files from https://chocolatey.org/packages and then run choco install [packageFile], which doesn't require the server to be contacted and this avoids the permission issue.
Related
I was trying the command '''choco install ffmpeg''' but the following error appear
ffmpeg not installed. An error occurred during installation:
Access denied to path 'C:\ProgramData\chocolatey\lib\ffmpeg\legal'.
The most common reason for this is that you may not be running choco from an administrative shell; make sure you start the shell as administrator before running the command.
If you already are, or that does not resolve the issue, it's possible there's an issue with the ffmpeg package itself, and it may be worth contacting the package maintainer via the links on the community repository to get it addressed.
I have installed boost-msvc14 1.59.0 but whenever I try installing osquery it says that it didn't find boost-msvc14 1.59.0 .
My boost directory is in C:/local. powershell is very slow in terms of downloading that's why I don't want to use powershell to install it. How can I fix this problem?
Old question. In recent osquery builds, you can use the make-win64-dev-env.bat, which uses Chocolatey packages. They get placed in \ProgramData\chocolatey. You can run choco list -l to list your installed packages.
Working with the OneGet chocolatey provider, if I run the a command like the following...
Install-Package fooo
directly on a box the chocolatey package is cached in <%LocalAppData%>\Nuget\Cache. If I rerun the same command the package is read out of this cache.
However if I wrap up this command in a DSC resource and run it on a box I can not find where the package is cached. It is definitely cached somewhere. anyone know where? You would have thought it would be under the user that DSC was running as, although I am not sure what user it does run as and have also gone through all the user folders with no joy.
DSC does indeed run as the local system account, thanks briantist.
It is cached here: C:\Windows\system32\config\systemprofile\AppData\Local\NuGet
found with the help of the following link
https://serverfault.com/questions/9325/where-can-i-find-data-stored-by-a-windows-service-running-as-local-system-accou
I'm trying to install NuGet packages like Unity or EntityFramework, but after downloading Nuget cannot install those and returns this error message:
Your machine group policy or user group policy disables execution of PowerShell script.
Adjust your group policy settings to allow execution of PowerShell scripts
How can I resolve this issue? Thanks in advance ;)
Currently old version of NuGet aka not > 1.4 do not sign powershell scripts and thus you need to run the following from a powershell command line:
set-executionpolicy Unrestricted
in 1.4 we are going to sign the scripts so you shouldn't have this problem. Although 1.4 has not shipped yet, but very very soon :)
The above fix might fail if your administrator has locked down powershell scripts in that case you can either ask them to do this for you or wait till NuGet 1.4 is released.
When you install a package from NuGet, it can run some Powershell scripts to set things up (such as exporting commands to be used in the Package Manager console).
I'm trying (and failing) to find details of what these scripts can/can't do. Specifically - should we be worried about malicious code in these? Can they read the filesystem, send web requests, etc.?
When NuGet sets up the PowerShell host, it checks to see what the current ExecutionPolicy is. If it is not Unrestricted, RemoteSigned, or Bypass, it forces the ExcecutionPolicy to RemoteSigned for the current process (devenv.exe).
PowerShell does not see the embedded scripts init.ps1, install.ps1, etc. as being downloaded from the Internet, so there is nothing preventing a malicious script from doing anything on your machine that your account has permissions to do.
At this point, all NuGet package creators are pretty much on the "honor" system. I believe Ruby Gems have a similar situtation.
NuGet does have the ability to use private package sources, so if security is critical, I suggest you download and vet all packages, and only allow installing packages from these trusted sources.
I'll defer to someone from the NuGet team, but I'm almost certain they run under the current execution policy.
Here's a clip from my own nuget console:
PM> Get-ExecutionPolicy
RemoteSigned
If I open PowerShell as an admin and change the execution policy, nuget reports the change:
PM> Get-ExecutionPolicy
Restricted
In sum, whatever execution policy you've got on your default host also applies to the nuget console.
When you download a script from the internet, unless it is installed with a setup program where you have given it escalated permissions to install, the scripts are marked as blocked. You have to authorize (unblock) them by right clicking on the scripts and choosing the button Unblock.