Open TheCakeIsNaOH opened 8 months ago
Hello, just my opinion, but, that's currently possible to say checksumfor none for local, but the checksum are still relevant for the VERIFICATION.txt file.
I think it's interesting to keep it
that's currently possible to say checksumfor none for local, but the checksum are still relevant for the VERIFICATION.txt file.
The checksums are automatically found when using Get-RemoteFiles
if I remember correctly, so the automatic checksumming is non-applicable for package that have embedded binaries with a VERIFICATION.txt`
I'm coming across this issue now, this wasn't something we added in the initial release of chocolatey-au
as we wanted it to be (for the most part) a drop-in replacement for the original au
module.
With that said, it makes sense to remove this functionality. There will be a point in the future where this functionality will no longer work due to the monkey patching of the PowerShell scripts and planned changes to Chocolatey CLI.
I recommend anyone currently using the automatic checksum feature, to switch over to use Get-RemoteChecksum
for non-embedded packages, and Get-RemoteFiles
for embedded packages when possible.
Would it make sense to deprecate it with a warning message? Possibly added to the same place as the the message from https://github.com/chocolatey-community/chocolatey-au/issues/57
One potential improvement to make before releasing a version of chocolatey-au would be to remove automatic checksumming. https://github.com/chocolatey-community/chocolatey-au/blob/c28a2fd28a20153cfc8d378253e6c61ded5e4d48/AU/Public/Update-Package.ps1#L114-L201
The current automatic checksumming implementation uses monkey patching to modify the
chocolateyInstall.psm1
module, and then executes the package'schocolateyInstall.ps1
to download the installer. This is a bad idea for a number of reasons:chocolateyInstall.psm1
module.chocolateyInstall.ps1
package script not having any other operations beside the call to the powershell helper, or in cases where there is another call (adding desktop shortcuts, etc), then those will happen.The automatic checksumming can be replaced by adding a
au_BeforeUpdate
function to eachupdate.ps1
(that needs it, embedded packages do not) to explicitly get the checksums. There is an example function below:The downside of this is that it would be a significant breaking change from the way AU currently does things. Additionally, if the download is more complex, it may require a complex
au_BeforeUpdate
which duplicates code from thechocolateyInstall.ps1
, for example theddu
package requires a referrer page to be downloaded first: https://github.com/tunisiano187/Chocolatey-packages/blob/58fe4dcc9d3ededdec31593c6a04a37dde22984a/automatic/ddu/tools/chocolateyInstall.ps1#L8