choco feature enable -n allowEmptyChecksums

[deckerjohn]

Hello,

Not sure if anyone can help me but boxstarter seems to ignore this or I am missing some sort of extra switch? If I throw this in a gist or txt it gets ignored, or seems to. I also cannot seem to use
--allowEmptyChecksums. Both switches seem to work fine if I run chocolatey natively

Thanks for anyones help

[janezdu]

I have the same issue (breaking in gist, working natively).

Funnily enough, when I put cinst nodejs.install -y --allow-empty-checksums in a gist and run it as a boxstarter script, it will print the help for the choco install command with the command switch descriptions overlapping each other (interleaved lines, much more visible with shell colouring): https://gist.github.com/zhuangjindu/8ae15b093d6c567860fdaad246d88ce4

[deckerjohn]

Yeah. Exact same thing I was a bit lazy and didn't copy the whole output

[mwrock]

Boxstarter runs with an embedded chocolatey.dll and does not leverage choco.exe. So the version of chocolatey currently bundled with boxstarter does not understand what --allow-empty-checksums is.

[deckerjohn]

Mark thanks so much does the same apply to

Choco feature enable or is that usable?

I love this program by the way been a long time since I had this much fun
building boxes

[mwrock]

Thanks @deckerjohn! I think feature enable is the same story.

[mightywomble]

SO, within the space of a month, my automated deployment system has gone from working to useless

Packages which installed on our test servers a month ago, i come back to test before a roll out and now i get

By installing you accept licenses for the packages.
 adobereader v2015.007.20033
  Downloading adobereader
    from 'http://ardownload.adobe.com/pub/adobe/reader/win/AcrobatDC/1500720033/AcroRdrDC1500720033_MUI.exe'
  Download of AcroRdrDC1500720033_MUI.exe (146.89 MB) completed.
  WARNING: Missing package checksums are not allowed (by default for HTTP/FTP,
   HTTPS when feature 'allowEmptyChecksumsSecure' is disabled) for
   safety and security reasons. Although we strongly advise against it,
   if you need this functionality, please set the feature
   'allowEmptyChecksums' ('choco feature enable -n
   allowEmptyChecksums')
   or pass in the option '--allow-empty-checksums'.
  Empty checksums are no longer allowed by default for non-secure sources. Please ask the maintainer to add checksums to
  this package. In the meantime if you need this package to work correctly, please enable the feature
  allowEmptyChecksums or provide the runtime switch '--allowEmptyChecksums'. We strongly advise against allowing empty
  checksums for HTTP/FTP sources.
  At C:\ProgramData\chocolatey\helpers\functions\Get-CheckSumValid.ps1:160 char:5
-     throw "Empty checksums are no longer allowed by default for non-s ...
-     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  - CategoryInfo          : OperationStopped: (Empty checksums...TP/FTP sources.:String) [], RuntimeException
  - FullyQualifiedErrorId : Empty checksums are no longer allowed by default for non-secure sources. Please ask the
    maintainer to add checksums to this package. In the meantime if you need this package to work correctly, please en
    able the feature allowEmptyChecksums or provide the runtime switch '--allowEmptyChecksums'. We strongly advise aga
    inst allowing empty checksums for HTTP/FTP sources.
    The install of adobereader was NOT successful.
    Error while running 'C:\ProgramData\chocolatey\lib\adobereader\tools\chocolateyInstall.ps1'.
    See log for details.
    Chocolatey installed 0/1 package(s). 1 package(s) failed.

so i think, ok, i'll add
choco feature enable -n allowEmptyChecksums
to the text file

no difference

ok, i'll add the --allow-empty-checksums switch to the

cinst adobereader --allow-empty-checksums

no joy each a package is tried to be installed and the visual output of choco help

So is this something which can be fixed soon in boxstarter, do i need to do something on my proget repo or do i need to spend more time working on this solution?

So far mwrock has explained WHAT is causing the problem, was wondering if there was a timescale on a fix?

(And please don't take this the wrong way, i have a huge appreciation for what you've done here, its a fantastic package.. this problem has just knocked me back as i've got to find another method rather than BoxStarter to get this working :-( )

[gep13]

@mightywomble you might want to have a look at the suggestions that were made here:

https://gitter.im/chocolatey/choco?at=57b456a68d93113d5f039dac

To see if that will help you out.

[mwrock]

To echo that thread, there are incompatibilities with boxstarter and the latest chocolatey releases. The best way to work around this, though admittedly not a great solution is to uninstall chocolatey 0.10.0. In the past, having boxstarter coexist with newer versions of chocolatey has not been a problem but 0.10.0 is a (intentionally) breaking change and its powershell helper files require the --allow-empty-checksums flag to work properly and the chocolatey engine inside boxstarter does not understand that parameter.

[mightywomble]

Thanks, i'll give downgrading a go,
Just for future reference is having this "working" in the pipeline?

For anyone else having this issue
choco upgrade chocolatey --version 0.9.10.3 --allow-downgrade

Does appear to fix the problem (pretty obvious now i think about it, however on a plus side I did manage to make some internal php scripts run better, so not all bad today)

@gep13 and @mwrock your help as always is appreciated..

[mightywomble]

@mwrock quick question, is there somewhere listed the chocolaty parameters which boxstarter does understand at present? I couldn't find these and i think they may be quite useful..

[mwrock]

I had hoped to update the chocolatey dll a couple weeks back but ran into a couple fundamental incompatibilities that require either some updates to choco or ratrher deep refactorings to boxstarter. I need to do some more debugging to determine if a small update/fix in chocolatey can be made to accomodate boxstarter before moving to a major version change in boxstarter.

Boxstarter currently ships with the equivilent of chocolatey 0.9.10-beta-20151210. If you try to use a parameter that choco does not understand, I believe you should get error messaging including a list of supported switches.

[ferventcoder]

I went to look up that version. I need to spend more time with BoxStarter source (it wasn't obvious).

[mwrock]

Thats handled by a build task @ferventcoder https://github.com/mwrock/boxstarter/blob/master/BuildScripts/default.ps1#L230

[flatlinebb]

That's not entirely accurate - Boxstarter is installing the latest chocolatey, version 0.10.0. I just ran it and it keeps failing due to the new requirements. I specifically did not install chocolatey as part of my gist, to see if Boxstarter's version would work better. It didn't.

Here is my boxstarter log file:
http://pastebin.com/5Kriww3h

and here is my gist file:
https://gist.githubusercontent.com/flatlinebb/3b807d3b2afe248f02956740fc27dd10/raw/4d68e9d91dd65d8d85dcf6ec1b85ff54d7156690/gistfile1.txt

[mwrock]

Well your package is installing chocolatey (https://gist.githubusercontent.com/flatlinebb/3b807d3b2afe248f02956740fc27dd10/raw/71bdd58d436f241b13b74eb1ea8d4bca0309fbe9/gistfile1.txt) that will install the latest version.

[flatlinebb]

I will take that part out and try again. I thought I already did, but maybe
I forgot to save the edit.

EDIT:
Updated gist file:
https://gist.githubusercontent.com/flatlinebb/3b807d3b2afe248f02956740fc27dd10/raw/4d68e9d91dd65d8d85dcf6ec1b85ff54d7156690/gistfile1.txt

EDIT2:
OK, I didn't realize that every edit of the gist file creates a new URL, so I've been running the same URL, which is why it didn't run with my changes. facepalm
I'm new to using gist, you live and you learn.

[deckerjohn]

I resolved by downgrading chocolatey with no ill effects on my build script. Thanks for everyones input on this thread I learned a lot!!

[ferventcoder]

Let's not close this, boxstarter still needs to have this ability.

[deckerjohn]

Ok, sorry I'm new to all the proceedings around here :-)

[gep13]

@deckerjohn said...
Ok, sorry I'm new to all the proceedings around here :-)

Not a problem at all. You should see a re-open button below, since you created the issue. Can you click that?

[ferventcoder]

Another workaround you can do is set $env:ChocolateyAllowEmptyChecksums - now that won't work with choco 0.10.x as it ensures those environment vars are not influenced externally, but it will work with Boxstarter and the version of Chocolatey it is using.

https://github.com/chocolatey/choco/blob/4171c8880ba678be364ca6cc36a64dc70633cae9/src/chocolatey.resources/helpers/functions/Get-CheckSumValid.ps1#L129

[ferventcoder]

Another workaround - use --ignore-checksums instead. We know that is going to be there.

[ferventcoder]

I added all of the different options you have when you run into this issue here: chocolatey/choco#112 (comment)

The first option is consumer-based. Did you know you could pass the checksums yourself (of course boxstarter needs upgrade chocolatey.lib to support it first)?

[sumo300]

Hmm.. BoxStarter seems to use whatever version of Chocolatey is installed if Chocolatey is installed first. I proved this by doing just that and then using the "downgrade" option of Chocolatey and the BoxStarter Shell recognized the "updated" older version of Chocolatey now installed.

This did trigger some inconvenience and explains why using our scripts from scratch mostly works vs. our "advanced" instructions which start with installing Chocolatey and BoxStarter manually first and are totally broken. Usually, each person is required to go the advanced route as when we use the straight script that grabs/installs BoxStarter from boxstarter.org, it fails with that silly .NET 2.0 error. Not always, but I tend to blame our "enterprise" restrictions.

[dragon788]

@sumo300 are you doing this from inside the Boxstarter shell or just via the web or an Invoke-Boxstarter call with a script using cinst/choco?

[sumo300]

@dragon788 Inside the BoxStarter Shell.

[dragon788]

When you say the script that grabs boxstarter from the website, do you mean
the click once or the bootstrapper? I haven't had any issues with the
bootstrapper other than having to ignore a certificate error or two
depending on the endpoint. Right now boxstarter.org isn't doing SSL so that
isn't an issue there.

Good to know that can use the newer versions come out although I found
there a certain arguments that are better set via the environment because
boxstarter doesn't always pass them through, although chocolatey also
ignores some via the environment as a security measure.

[OlafHaag]

I just tried boxstarting my fresh Windows installation, but a quarter of the packages (25 of 80+ total) failed due to missing checksums. Just after the failure I came to read about it here. Will there be a fix rather than the workarounds? Because it seems, the packages won't all be upated with checksums any time soon.

[ferventcoder]

Will there be a fix rather than the workarounds?

You mean a fix to boxstarter? Or something else?

[OlafHaag]

A fix to boxstarter. I thought that's why the issue is still open. Fortunately I was easily able to install the failed packages afterwards in one go thanks to choco.

[ferventcoder]

Was thinking so but just making sure :)

[pauby]

PR #219 merged. Boxstarter uses a later version of Chocolatey lib now. Resolving this issue.