Merge branch 'stable'

* stable: (23 commits)
  (GH-897) Fix DISM /all for newer Windows versions
  (maint) bring back in nuspec into solution folders
  (GH-598) Add output directory for choco pack
  (version) bump to 0.10.0
  (doc) update CHANGELOG/nuspec
  (GH-840) Do not set User Environment for SYSTEM
  (GH-840) Set TMP to cacheLocation as well
  (GH-830) Ensure process PSModulePath items
  (GH-112) Relax HTTPS checksum failure
  (maint) move noop run
  (GH-833) Don't set profile under certain conditions
  (doc) update generated docs
  (GH-112) update options for new version
  (GH-112) Checksums / Install Template
  (GH-112) Update parameter documentation
  (GH-112) Require checksums
  (GH-112) Allow Empty Checksums
  (GH-112) Checksum remote files unless checksum
  (GH-112) Allow user passed checksums
  (GH-112) rename checksum files for proper casing
  ...

.uppercut

@@ -16,9 +16,9 @@
   <!-- ASSEMBLY VARIABLES -->
   <property name="version.use_semanticversioning" value="true" overwrite="false" />
   <property name="version.major" value="0" overwrite="false" />
-  <property name="version.minor" value="9" overwrite="false" />
-  <property name="version.patch" value="10" overwrite="false" />
-  <property name="version.fix" value="3" overwrite="false" />
+  <property name="version.minor" value="10" overwrite="false" />
+  <property name="version.patch" value="0" overwrite="false" />
+  <property name="version.fix" value="0" overwrite="false" />
   <property name="version.nuget.prerelease" value="" overwrite="false" />
   <property name="version.use.build_date" value="false" overwrite="false" />
   <property name="assembly.description" value="${project.name} is a product of ${company.name} - All Rights Reserved." overwrite="false" />

CHANGELOG.md

@@ -1,3 +1,66 @@
+## [0.10.0](https://github.com/chocolatey/choco/issues?q=milestone%3A0.10.0+is%3Aclosed) (unreleased)
+What was planned for 0.9.10.4 is now 0.10.0. This is due partly to a breaking change we are making for security purposes and a move to provide better a better versioning scheme for the remainder of the sub-v1 versions of Chocolatey. Instead of 0.y.z.0 being considered where major verions occur in the sub 1 series, 0.y.0 will now be considered where those major versions occur. We also are moving right along towards v1 (and hope to be there in 2017).
+
+0.10.0 carries the fixes for 0.9.10.4 and includes a major security enhancement (checksum requirement).
+
+### BREAKING CHANGES
+
+ * [Security] Checksum requirement and enhancements - see [#112](https://github.com/chocolatey/choco/issues/112)
+
+Checksums in package scripts are meant as a measure to validate the originally intended downloaded resources used in the creation of a package are the same files that are received at a future date. This also ensures that the same files that are checked by all parts of moderation (if applicable) are the same files that are received by users for a package. This is seen mostly on the community repository because it is public and packages are subject to copyright laws (distribution rights), which typically requires the package scripts to download software from the official distribution locations. The Chocolatey framework has had the ability to use checksums in package scripts since [July 2014](https://chocolatey.org/packages/chocolatey/0.9.8.24#releasenotes).
+
+**What is the requirement?** choco will now fail if a package download resources from HTTP/FTP and does not use checksums to verify those downloaded resources. The requirement for HTTP/FTP is [#112](https://github.com/chocolatey/choco/issues/112). Soon we'll also require it for [HTTPS (#895)](https://github.com/chocolatey/choco/issues/895) as well.
+
+**How does this protect the community anymore than before?** During moderation review, there is a check of these downloaded binaries against VirusTotal (which verifies these binaries against 50-60+ different virus scanners). The binaries are also verified for installation purposes against a test computer. With an independent 3rd party checksum in the package itself, it guarantees that the files received by a user from those remote sources are the exact same files that were used in the verification process.
+
+**Why the requirement, and why now?** This is a measure of protection for the Chocolatey community. HTTP is easy to hack with both DNS poisoning and MITM (man in the middle) attacks. Without independent verification of the integrity of the downloaded resources, users can be left susceptible to these issues. We've been planning a move to require checksums for awhile now, with a planned longer and smoother transition for package maintainers to get packages updated to reduce breakages. Unfortunately there was a recent event with [FOSSHub getting hacked](http://www.audacityteam.org/compromised-download-partner/) (the [community repository had 8 possibly affected packages](http://us8.campaign-archive1.com/?u=86a6d80146a0da7f2223712e4&id=f2fe8dbe6b) and [we quickly took action](http://us8.campaign-archive1.com/?u=86a6d80146a0da7f2223712e4&id=2cbe87d486)), which necessitated a need for us to move in a much swifter fashion to ensure the protection of the community sooner, rather than later. The changes in Chocolatey represented by the checksum changes are a major step in the process to ensure protection. Requiring for HTTPS as well will mitigate any future compromises of software distribution sites that are used with Chocolatey packages.
+
+**Can I shut this behavior off or opt out per package?**
+You can shut off the checksum requirement by enabling the feature `allowEmptyChecksums`. This will return Chocolatey to previous behavior. We strongly recommend against it.
+
+You can shut it off or turn it per package install/upgrade with `--allow-empty-checksums` and `--require-checksums`, respectively. See https://chocolatey.org/docs/commands-install / https://chocolatey.org/docs/commands-upgrade.
+
+**Other things I should know?** Users also now have the ability to pass their own checksums and checksumtypes into the install. See https://chocolatey.org/docs/commands-install / https://chocolatey.org/docs/commands-upgrade.
+
+### KNOWN ISSUES
+
+ * [Known Issues](https://github.com/chocolatey/choco/labels/Bug)
+
+### FEATURES
+
+ * Pro/Business - Download a package without installing it - see [#108](https://github.com/chocolatey/choco/issues/108)
+
+### BUG FIXES
+
+ * Fix - Installing choco on Windows 10 Vagrant box stops Vagrant from being able to manage the box - see [#834](https://github.com/chocolatey/choco/issues/834)
+ * Fix - 64bit 7z.exe on 32bit system in chocolatey\tools - see [#836](https://github.com/chocolatey/choco/issues/836)
+ * Fix - [POSH Host] PowerShell exit code does not reset between packages in a single run - see [#854](https://github.com/chocolatey/choco/issues/854)
+ * Fix - Uninstall-ChocolateyZipPackage is failing - see [#871](https://github.com/chocolatey/choco/issues/871)
+ * Fix - "C:\Program Files\WindowsPowerShell\Modules" is missing in PSModulePath for cmd.exe [#830](https://github.com/chocolatey/choco/issues/830)
+ * Fix - Environment variables update fixes [#840](https://github.com/chocolatey/choco/issues/840)
+ * Fix - Handle null items better - see [#853](https://github.com/chocolatey/choco/issues/853)
+ * Fix - HKCU may not have Environment (Install of Chocolatey) - see [#375](https://github.com/chocolatey/choco/issues/375)
+ * Fix - Progress of download does not clear the whole output line - see [#875](https://github.com/chocolatey/choco/issues/875)
+ * Fix - Wrong download progress reported during package upgrade - see [#872](https://github.com/chocolatey/choco/issues/872)
+ * Fix - Uninstall not supporting side-by-side => ChocolateyUninstall.ps1 not run - see [#862](https://github.com/chocolatey/choco/issues/862)
+ * Fix - Uninstall ignores the version parameter - see [#861](https://github.com/chocolatey/choco/issues/861)
+ * Fix - Search by exact or by id only is case sensitive for remote sources - see [#889](https://github.com/chocolatey/choco/issues/889)
+ * Fix - Deprecated links inserted in .nuspec files created by `choco new ...` - see [#870](https://github.com/chocolatey/choco/issues/870)
+ * Fix - Get-OSArchitectureWidth doesn't do what it says it does - see [#828](https://github.com/chocolatey/choco/issues/828)
+ * Fix - When Choco fails to get a package from NuGet Core, fail the package with exit code 1 - see [#867](https://github.com/chocolatey/choco/issues/867)
+ * Fix - Illegal characters in path - see [#857](https://github.com/chocolatey/choco/issues/857)
+ * Fix - Get-OSArchitectureWidth doesn't do what it says it does - see [#828](https://github.com/chocolatey/choco/issues/828)
+
+### IMPROVEMENTS
+
+ * Do not install tab completion (edit of profile) under certain conditions - see [#833](https://github.com/chocolatey/choco/issues/833)
+ * Choco install with packages.config should print out the packages to install - see [#878](https://github.com/chocolatey/choco/issues/878)
+ * Larger default log file size and retention - see [#852](https://github.com/chocolatey/choco/issues/852)
+ * Allow getting installer type to be overridden - see [#885](https://github.com/chocolatey/choco/issues/885)
+ * Little command name correction on init.ps1 - see [#595](https://github.com/chocolatey/choco/issues/595)
+ * Tab completion - don't query if there is a file in the folder that meets completion - see [#847](https://github.com/chocolatey/choco/issues/847)
+
+
 ## [0.9.10.3](https://github.com/chocolatey/choco/issues?q=milestone%3A0.9.10.3+is%3Aclosed) (June 23, 2016)
 
 ### BUG FIXES

Scenarios.md

@@ -462,6 +462,16 @@
  * should contain tags
  * should not contain packages and versions with a pipe between them
 
+### ChocolateyPackCommand [ 2 Scenario(s), 2 Observation(s) ]
+
+#### when packing with an output directory
+
+ * generated package should be in specified output directory
+
+#### when packing without specifying an output directory
+
+ * generated package should be in current directory
+
 ### ChocolateyPinCommand [ 9 Scenario(s), 12 Observation(s) ]
 
 #### when listing pins with an existing pin

docs/generated/CommandsInstall.md

@@ -271,8 +271,41 @@ Includes [[default options/switches|CommandsReference#default-options-and-switch
        Defaults to empty. Available in 0.9.10+.
 
      --ignorechecksum, --ignore-checksum, --ignorechecksums, --ignore-checksums
-     IgnoreChecksums - Ignore checksums provided by the package. Available in 
-       0.9.9.9+.
+     IgnoreChecksums - Ignore checksums provided by the package. Overrides 
+       the default feature 'checksumFiles' set to 'True'. Available in 0.9.9.9+.
+
+     --allowemptychecksum, --allowemptychecksums, --allow-empty-checksums
+     Allow Empty Checksums - Allow packages to have empty checksums. 
+       Overrides the default feature 'allowEmptyChecksums' set to 'False'. 
+       Available in 0.10.0+.
+
+     --requirechecksum, --requirechecksums, --require-checksums
+     Require Checksums - Requires packages to have checksums. Overrides the 
+       default feature 'allowEmptyChecksums' set to 'False'. Available in 0.1-
+       0.0+.
+
+     --checksum, --downloadchecksum, --download-checksum=VALUE
+     Download Checksum - a user provided checksum for downloaded resources 
+       for the package. Overrides the package checksum (if it has one).  
+       Defaults to empty. Available in 0.10.0+.
+
+     --checksum64, --checksumx64, --downloadchecksumx64, --download-checksum-x64=VALUE
+     Download Checksum 64bit - a user provided checksum for 64bit downloaded 
+       resources for the package. Overrides the package 64-bit checksum (if it 
+       has one). Defaults to same as Download Checksum. Available in 0.10.0+.
+
+     --checksumtype, --checksum-type, --downloadchecksumtype, --download-checksum-type=VALUE
+     Download Checksum Type - a user provided checksum type. Overrides the 
+       package checksum type (if it has one). Used in conjunction with Download 
+       Checksum. Available values are 'md5', 'sha1', 'sha256' or 'sha512'. 
+       Defaults to 'md5'. Available in 0.10.0+.
+
+     --checksumtype64, --checksumtypex64, --checksum-type-x64, --downloadchecksumtypex64, --download-checksum-type-x64=VALUE
+     Download Checksum Type 64bit - a user provided checksum for 64bit 
+       downloaded resources for the package. Overrides the package 64-bit 
+       checksum (if it has one). Used in conjunction with Download Checksum 
+       64bit. Available values are 'md5', 'sha1', 'sha256' or 'sha512'. 
+       Defaults to same as Download Checksum Type. Available in 0.10.0+.
 
      --ignorepackagecodes, --ignorepackageexitcodes, --ignore-package-codes, --ignore-package-exit-codes
      IgnorePackageExitCodes - Exit with a 0 for success and 1 for non-succes-

docs/generated/CommandsReference.md

@@ -20,8 +20,8 @@ This is a listing of all of the different things you can pass to choco.
  * [[config|Commandsconfig]] - Retrieve and configure config file settings
  * [[feature|Commandsfeature]] - view and configure choco features
  * [[features|Commandsfeatures]] - view and configure choco features (alias for feature)
- * [[apikey|Commandsapikey]] - retrieves or saves an apikey for a particular source
  * [[setapikey|Commandssetapikey]] - retrieves or saves an apikey for a particular source (alias for apikey)
+ * [[apikey|Commandsapikey]] - retrieves or saves an apikey for a particular source
  * [[unpackself|Commandsunpackself]] - have chocolatey set it self up
  * [[version|Commandsversion]] - [DEPRECATED] will be removed in v1 - use [[`choco outdated`|Commandsoutdated]] or `cup <pkg|all> -whatif` instead
  * [[update|Commandsupdate]] - [DEPRECATED] RESERVED for future use (you are looking for upgrade, these are not the droids you are looking for)

docs/generated/CommandsUninstall.md

@@ -150,6 +150,10 @@ Includes [[default options/switches|CommandsReference#default-options-and-switch
      PackageParameters - Parameters to pass to the package. Defaults to 
        unspecified.
 
+ -m, --sxs, --sidebyside, --side-by-side, --allowmultiple, --allow-multiple, --allowmultipleversions, --allow-multiple-versions
+     AllowMultipleVersions - Should multiple versions of a package be 
+       installed? Defaults to false.
+
  -x, --forcedependencies, --force-dependencies, --removedependencies, --remove-dependencies
      RemoveDependencies - Uninstall dependencies when uninstalling package(s-
        ). Defaults to false.

docs/generated/CommandsUpgrade.md

@@ -173,8 +173,41 @@ Includes [[default options/switches|CommandsReference#default-options-and-switch
        Defaults to empty. Available in 0.9.10+.
 
      --ignorechecksum, --ignore-checksum, --ignorechecksums, --ignore-checksums
-     IgnoreChecksums - Ignore checksums provided by the package. Available in 
-       0.9.9.9+.
+     IgnoreChecksums - Ignore checksums provided by the package. Overrides 
+       the default feature 'checksumFiles' set to 'True'. Available in 0.9.9.9+.
+
+     --allowemptychecksum, --allowemptychecksums, --allow-empty-checksums
+     Allow Empty Checksums - Allow packages to have empty checksums. 
+       Overrides the default feature 'allowEmptyChecksums' set to 'False'. 
+       Available in 0.10.0+.
+
+     --requirechecksum, --requirechecksums, --require-checksums
+     Require Checksums - Requires packages to have checksums. Overrides the 
+       default feature 'allowEmptyChecksums' set to 'False'. Available in 0.1-
+       0.0+.
+
+     --checksum, --downloadchecksum, --download-checksum=VALUE
+     Download Checksum - a user provided checksum for downloaded resources 
+       for the package. Overrides the package checksum (if it has one).  
+       Defaults to empty. Available in 0.10.0+.
+
+     --checksum64, --checksumx64, --downloadchecksumx64, --download-checksum-x64=VALUE
+     Download Checksum 64bit - a user provided checksum for 64bit downloaded 
+       resources for the package. Overrides the package 64-bit checksum (if it 
+       has one). Defaults to same as Download Checksum. Available in 0.10.0+.
+
+     --checksumtype, --checksum-type, --downloadchecksumtype, --download-checksum-type=VALUE
+     Download Checksum Type - a user provided checksum type. Overrides the 
+       package checksum type (if it has one). Used in conjunction with Download 
+       Checksum. Available values are 'md5', 'sha1', 'sha256' or 'sha512'. 
+       Defaults to 'md5'. Available in 0.10.0+.
+
+     --checksumtype64, --checksumtypex64, --checksum-type-x64, --downloadchecksumtypex64, --download-checksum-type-x64=VALUE
+     Download Checksum Type 64bit - a user provided checksum for 64bit 
+       downloaded resources for the package. Overrides the package 64-bit 
+       checksum (if it has one). Used in conjunction with Download Checksum 
+       64bit. Available values are 'md5', 'sha1', 'sha256' or 'sha512'. 
+       Defaults to same as Download Checksum Type. Available in 0.10.0+.
 
      --ignorepackagecodes, --ignorepackageexitcodes, --ignore-package-codes, --ignore-package-exit-codes
      IgnorePackageExitCodes - Exit with a 0 for success and 1 for non-succes-

docs/generated/HelpersGetChecksumValid.md

@@ -63,6 +63,24 @@ Accept Pipeline Input? | false
 The expected checksum hash value of the File resource. The checksum
 type is covered by ChecksumType.
 
+**NOTE:** Checksums in packages are meant as a measure to validate the 
+originally intended file that was used in the creation of a package is
+the same file that is received at a future date. Since this is used for
+other steps in the process related to the [community repository](https://chocolatey.org/packages), it 
+ensures that the file a user receives is the same file a maintainer
+and a moderator (if applicable), plus any moderation review has 
+intended for you to receive with this package. If you are looking at a 
+remote source that uses the same url for updates, you will need to 
+ensure the package also stays updated in line with those remote 
+resource updates. You should look into [automatic packaging](https://chocolatey.org/docs/automatic-packages) 
+to help provide that functionality.
+
+**NOTE:** To determine checksums, you can get that from the original 
+site if provided. You can also use the [checksum tool available on 
+the [community feed](https://chocolatey.org/packages)](https://chocolatey.org/packages/checksum) (`choco install checksum`) 
+and use it e.g. `checksum -t sha256 -f path\to\file`. Ensure you 
+provide checksums for all remote resources used.
+
 Property               | Value
 ---------------------- | -----
 Aliases                |