Enhance documentation (multiple requests)

[bcurran3]

I'm glad Chocolatey Simple Server exists. It's aptly named. Installing it is fairly simple, but since there are 432 downloads and sparse documentation with not much info on configuration and use, I'm very surprised there aren't 432x~2 questions about it. :)

My suggestions:

Administrator Information currently says "The ApiKey for this repository is set to xxxxx Please set that using the setapikey command above, substituting that value for '{apikey}'. " but needs instructions on where to set the apikey for the server, i.e. edit web.config and look for...

Repository URLs currently says "In the package manager settings, add the following URL to the list of Package Sources: " The choco command to do that should be added and follow the format of the following two statements and examples.

It should be noted that you can't push and overwrite (same version) packages, you must delete the existing package first. "Failed to process request. 'Not Acceptable'. The remote server returned an error: (406) Not Acceptable.." was scary until I figured it out. The ability to overwrite would be preferred to me. If this is somehow deemed a security problem, OK, make it a configurable setting on the server please.

It is stated where you can add packages, but it's not necessarily intuitive. I recommend some verbiage massaging to make the message more clear that you can directly copy package files to the xxxx folder without having to push them and that the server will automatically find them and make them available. Don't forget to update the chocolatey.server\app_data\Packages\Readme.txt file too!

"To add packages to the feed put package files (.nupkg files) in the folder "D:\chocolatey.server\App_Data\Packages"." - it would be useful if the location was a link so I could click it and have Explorer pop up there.

Related to above, it should be stated where to delete packages. Probably combining is best, "To add packages to the feed or delete them, go to...."

It should be noted that viewing packages via http://servername/chocolatey/Packages will fail on Chrome and it is recommend to use a different browser. If a workaround such as a Chrome extension is available to display the XML as a web page like we expect, it should be noted as well.

/Packages list DESPERATELY needs package versions displayed!

A delete package button from the /Packages list would be nice.

Clicking the package name and being able to view the full description would be nice.

(Yeah, I know. Those are obvious future roadmap items.)

Something should be noted on what "Click here to clear the package cache." actually does. Yeah, it's probably clear to you Mr Chocolatey, but new Chocolatey Simple Server admins might think, "I better not click that. I don't want it to delete all my packages or something bad." Just some small info stating under what conditions it's useful and/or recommended to clear the package cache. Then something saying Chocolatey Simple Server will rebuild the cache automatically. Cache re-population will be fast on small repositories but might take some time on large repositories (xxxxxxx packages). Honestly, I have no clue if my examples hold true or not, it's all guess work, no documentation. :) I do see the servername.cache.bin file though.

It should be noted about using HTTP versus HTTPS in the documentation instead of just finding out about it when trying to push a package over HTTP.

I created a self-signed cert for my inhouse test Chocolatey Simple Server. I tried to push a package and got error "The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel." Since it's self-signed of course I get not trusted errors in Firefox too. I'll probably delete, recreate, and try again. Adding info about this subject would be helpful in the documentation. Adding configurable levels of security including a lower level one that doesn't care if a self-signed cert was found to choco would be awesome. (My Exchange server has a real cert, but I'd rather keep Chocolatey Simple Server on my apps server which otherwise doesn't need a cert.)

Already mentioned, but package parameter for where to install Chocolatey Simple Server is needed. I don't keep data on the C: drive of ANY of my servers, yet the tools dir is very useful to keep on C:.

It would be useful to notate how choco prioritizes sources. I'm pretty sure anyone setting up Chocolatey Simple Server is going to have the community feed as a source. Then they're going to add their local Chocolatey Simple Server as a source. So if you push a package to your local server that is also in the community repository, which one will cinst use? I'm assuming it searches in the order listed in the chocolatey.config, meaning it will by default download from the community repository first. Assuming this is true, most people running and using Chocolatey Simple Server internally would probably want to have their local repository searched first and the community repository searched second (if at all). This is probably documented elsewhere, but should be replicated and re-written with Chocolatey Simple Server in mind or at the very least hotlinked.

Related to above and I'll have to post in the choco issues... In the case of multiple sources in chocolatey.config it would be useful to display WHICH source is being used when choco installs a package; i.e I push a package to the community feed and my local Chocolatey Simple Server. I later edit the package and push it to one of the feeds. Right before I push it to the other server I get distracted by lunch. I come back forgetting everything I did before because I'm in a food coma as well as short term memory loss. I CINST the package and get results I didn't expect because the third revision of package xxx vx.x is on the local server but the second revision of package xxx vx.x was used from the community feed. So "Chocolatey v0.10.8 Professional Installing the following packages: test-package" would be nice instead to say "test-package from source https://theetherverse." Of course if only one source is configured it wouldn't need to display anything different for the masses then it currently does. Sure, maybe this enhancement should be a C4B issue.

Take the above suggestion and duplicate that idea for clist. Sure, I can tell clist -s "'https://somewhere/out/there'", if I can remember it, to view packages from one source. It would be useful to have a -ss (show sources) option so that I could CLIST -L -SS (or something) to list all installed packages and where they came from.

The current "Setup Normally" documentation states "Disable or remove the Default website" It should be noted why; or more importantly how to make Chocolatey Simple Server coexist with pre-existing production web servers. I tested and now am using on a new IIS installation I'm sure a lot of people don't want to setup a new server just for Chocolatey Simple Server if they don't need to.

I'm glad I got that out of my system. Now maybe I can sleep peacefully! That's all I can think of at the moment, I'm sure I've got more. :)

Keep up the good work and evolution of that work.

Let me know what to break out of here and move elsewhere.

[ferventcoder]

Administrator Information currently says "The ApiKey for this repository is set to xxxxx Please set that using the setapikey command above, substituting that value for '{apikey}'. " but needs instructions on where to set the apikey for the server, i.e. edit web.config and look for...

Since we have that covered under #25, let's keep that discussion there.

For everything else. I get you need a place to get all of your ideas down and that's good. However, once you have that, please create issues in manageable separate chunks (we can help with that). For each piece that provides a specific piece of value being able to be released on its own, that is a separate issue/ticket IMHO. So let's start looking at how we can add votes and comments to existing issues here and how we can add new issues for the specific items here that don't exist. Does that sound fair?

[bcurran3]

Agreed ("Let me know what to break out of here and move elsewhere.").

Mass thoughts/opinions to put through the First Level Chocolatey Filtration System (FLCFS) - in hindsight I should have put it in the Chocolatey Google Group. Was hoping for some "That's a good idea, let's open an issue for that!" or "Not needed as it's already documented here..." or "No way, we're never going to do that" etc etc.

I'll open individual issues as soon as time allows!

[ferventcoder]

Mailing list or gitter are good places to get started yes. 👍

[ferventcoder]

Repository URLs currently says "In the package manager settings, add the following URL to the list of Package Sources: " The choco command to do that should be added and follow the format of the following two statements and examples.

Completed for 0.2.3

[ferventcoder]

/Packages list DESPERATELY needs package versions displayed!

It's an Atom-based feed. We've added to the documentation to properly set your expectations. We don't control how browsers display this.

A delete package button from the /Packages list would be nice.

See above statement. We've provided documentation for 0.2.3 on how to delete packages.

[ferventcoder]

Something should be noted on what "Click here to clear the package cache." actually does.

Completed for 0.2.3

[ferventcoder]

Clicking the package name and being able to view the full description would be nice.

See comments about Atom-based feeds above.

If you want a pretty view of packages and information, please use Chocolatey GUI.

[ferventcoder]

It should be noted that you can't push and overwrite (same version) packages, you must delete the existing package first. "Failed to process request. 'Not Acceptable'. The remote server returned an error: (406) Not Acceptable.." was scary until I figured it out. The ability to overwrite would be preferred to me. If this is somehow deemed a security problem, OK, make it a configurable setting on the server please.

I'm not a fan of that new message, but let's create a separate issue for that.

The actual nuance of why it is a bad idea - package version immutability. Covered ad naseum at https://chocolatey.org/docs/how-to-host-feed#package-version-immutability

Here's what the docs will have in v0.2.3 (minus links and formatting):

By default, you can't replace an existing package version. This is recommended for package version immutability and your sanity. If you absolutely understand what you are doing and want to enable replacing existing versions, please think about it a little longer. Then think about it some more as it is a very bad idea. Then set allowOverrideExistingPackageOnPush in appSettings to true.

It is stated where you can add packages, but it's not necessarily intuitive. I recommend some verbiage massaging to make the message more clear that you can directly copy package files to the xxxx folder without having to push them and that the server will automatically find them and make them available. Don't forget to update the chocolatey.server\app_data\Packages\Readme.txt file too!

Completed for 0.2.3

"To add packages to the feed put package files (.nupkg files) in the folder "D:\chocolatey.server\App_Data\Packages"." - it would be useful if the location was a link so I could click it and have Explorer pop up there.

Please create a separate issue for this. Not sure how easy it is to open explorer from a browser. Thanks!

Related to above, it should be stated where to delete packages. Probably combining is best, "To add packages to the feed or delete them, go to...."

Completed for 0.2.3.

[ferventcoder]

It should be noted about using HTTP versus HTTPS in the documentation instead of just finding out about it when trying to push a package over HTTP.

I created a self-signed cert for my inhouse test Chocolatey Simple Server. I tried to push a package and got error "The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel." Since it's self-signed of course I get not trusted errors in Firefox too. I'll probably delete, recreate, and try again. Adding info about this subject would be helpful in the documentation. Adding configurable levels of security including a lower level one that doesn't care if a self-signed cert was found to choco would be awesome. (My Exchange server has a real cert, but I'd rather keep Chocolatey Simple Server on my apps server which otherwise doesn't need a cert.)

Might not be a bad idea - please create a separate issue.

[ferventcoder]

Already mentioned, but package parameter for where to install Chocolatey Simple Server is needed. I don't keep data on the C: drive of ANY of my servers, yet the tools dir is very useful to keep on C:.

Please follow https://github.com/chocolatey/simple-server/issues/22

[ferventcoder]

It would be useful to notate how choco prioritizes sources. I'm pretty sure anyone setting up Chocolatey Simple Server is going to have the community feed as a source. Then they're going to add their local Chocolatey Simple Server as a source. So if you push a package to your local server that is also in the community repository, which one will cinst use? I'm assuming it searches in the order listed in the chocolatey.config, meaning it will by default download from the community repository first. Assuming this is true, most people running and using Chocolatey Simple Server internally would probably want to have their local repository searched first and the community repository searched second (if at all). This is probably documented elsewhere, but should be replicated and re-written with Chocolatey Simple Server in mind or at the very least hotlinked.

The documentation actually states exactly how this works. So we've linked to it for v0.2.3.

https://chocolatey.org/docs/commands-source:

 --priority=VALUE
     Priority - The priority order of this source as compared to other 
       sources, lower is better. Defaults to 0 (no priority). All priorities 
       above 0 will be evaluated first, then zero-based values will be 
       evaluated in config file order. Available in 0.9.9.9+.

[ferventcoder]

Related to above and I'll have to post in the choco issues... In the case of multiple sources in chocolatey.config it would be useful to display WHICH source is being used when choco installs a package; i.e I push a package to the community feed and my local Chocolatey Simple Server.

There should be an existing issue, so attempt to find that first. I want it as well (so do customers).

[ferventcoder]

The current "Setup Normally" documentation states "Disable or remove the Default website" It should be noted why; or more importantly how to make Chocolatey Simple Server coexist with pre-existing production web servers. I tested and now am using on a new IIS installation I'm sure a lot of people don't want to setup a new server just for Chocolatey Simple Server if they don't need to.

Please file a separate issue on this one.

[ferventcoder]

All items stated above in comments completed for 0.2.3. Please file separate issues for the following comments:

• Linking to explorer folder - https://github.com/chocolatey/simple-server/issues/26#issuecomment-364760392
• HTTP pushing and self-signed SSL certs (two issues please) - https://github.com/chocolatey/simple-server/issues/26#issuecomment-364760457
• chocolatey/choco - display which source - https://github.com/chocolatey/simple-server/issues/26#issuecomment-364760677
• chocolatey/choco-wiki - docs surrounding other websites co-exsting - https://github.com/chocolatey/simple-server/issues/26#issuecomment-364760738

[bcurran3]

I think you misinterpreted this one:

/Packages list DESPERATELY needs package versions displayed!

It's an Atom-based feed. We've added to the documentation to properly set your expectations. We don't control how browsers display this.

This isn't about VIEWING the feed, this is about what information the feed DISPLAYS.

I'm looking at the list of packages available from http://myserver/chocolatey/Packages...

It shows MyPackageExampleForRob twice, meaning there are two distinct versions of the package on the server, but I have no way of knowing what version numbers they are unless I go look at the physical directory where they are stored.

What is currently displayed: package name, package date, and nuspec summary field.

What's requested is to add package version info next to the package name at minimum. Making the package name a link to the rest of the nuspec information would be preferred.

A delete package button from the /Packages list would be nice.

See above statement. We've provided documentation for 0.2.3 on how to delete packages.

Thank you. Extra documentation is good and a lot of my purpose. Typically on a computer there are usually three ways to accomplish the same task. If there was a DELETE button next to the package name (and version!) in the display from http://myserver/chocolatey/Packages it would eliminate the need for the new documentation (GRIN) and accomplish the desired task in a faster and more intuitive way.

[ferventcoder]

What I'm telling you is the output is XML and it contains EVERYTHING including version. Atom like RSS based feeds (remember blog readers?) do not control how they are displayed in browsers.

What you are seeing in Firefox is a fabrication - what you see in Chrome is what it actually looks like.

[bcurran3]

Clicking the package name and being able to view the full description would be nice.

See comments about Atom-based feeds above.

If you want a pretty view of packages and information, please use Chocolatey GUI.

I think this comment got misinterpreted as well.

(CONFUSED LOOK) Are you saying that Chocolatey GUI has support to look in the package folder of Chocolatey Simple Server and display those packages? (I haven't checked, but I'm guessing not.)

What I'm requesting is that the generated http://myserver/chocolatey/Packages feed information has more detail. Back to...

What's requested is to add package version info next to the package name at minimum. Making the package name a link to the rest of the nuspec information would be preferred.

[bcurran3]

(jumping into Gitter for discussion)

[ferventcoder]

If you want the visual to be nice, use Chocolatey GUI to get that. HTH

[bcurran3]

(in Gitter)

If you want the visual to be nice, use Chocolatey GUI to get that. HTH

Maybe my request is to not generate XML, but to generate HTML?

The display method doesn't matter, it's how to get a similar package list display as chocolatey.org. I don't feel the problem should be blamed on browsers, I think the generated info should be targeted for browser compatibility. I'm not sure what use an Atom/RSS feed is inside of an organization. Sysadmins should be aware of what they are already doing. :) Maybe I'm not seeing some big picture here, but currently it doesn't make sense to me who would be using this information outside of a browser.

(The idea of installing Chocolatey GUI on every computer in an organization and configuring to view the feed from a local server for additional available information doesn't make sense to me. It involves touching possibly hundreds or thousands of computers verses touching one server.)

[bcurran3]

The actual nuance of why it is a bad idea - package version immutability. Covered ad naseum at https://chocolatey.org/docs/how-to-host-feed#package-version-immutability

Here's what the docs will have in v0.2.3 (minus links and formatting):

By default, you can't replace an existing package version. This is recommended for package version immutability and your sanity. If you absolutely understand what you are doing and want to enable replacing existing versions, please think about it a little longer. Then think about it some more as it is a very bad idea. Then set allowOverrideExistingPackageOnPush in appSettings to true.

One for the docs - Where's "appSettings" found? (web.config? chocolatey.config?)

I understand immutability. I'm not really fan when thinking about it in real world use cases.

In an organization, the average user can't push packages and there are going to be a limited number of sysadmins that can/will/do (if even more than one - but who knows the scale of the org?). I'm of the belief that the one or two sysadmins pushing packages are creating packages and pushing them, then have a need for testing said packages, and the end users aren't even aware of the package(s). The sysadmin, during testing of the package to make sure it works,....might find a problem to fix and want to re-push the package. By default he can't.

I am a fan of administrators having Godlike power by default and never being denied something they're trying to do. :) Conversely I'm a fan of end users having no permissions/power and it being given to them on an as needed basis. (Pretend we had a Novell versus Microsoft ideology here.)

So in current probable use, TWO Chocolatey Simple Servers might be a solution for larger organizations that can "afford" to have a production Chocolatey Simple Server and a development Chocolatey Simple Server (not too hard since IIS is available in most recent versions of Windows and I assume Chocolatey Simple Server could be setup locally.) Devs would just have to know all the Chocolatey Simple Server "quirks" and deal with the immutable limitation, scratch that, "feature" and only push fully tested and working packages to the production server. It seems like unnecessary complexity to me.

Immutability might be a desired feature after all is tested well and good. How could "well and good" be determined? Number of downloads? No. Some set amount of time? No. Some flag/signoff to mark a package on Chocolatey Simple Server as good/done/finished/immutable? Probably a good idea. I believe that immutability would be a better idea implemented at a more granular package level instead of the global server level. I realize it's a "simple" server, but some added complexity of "simple" management would be welcomed.

I guess the root problem at the moment to "solve" this and other mentioned suggestions is that the only way to interact with Chocolatey Simple Server is by choco and physically manipulating files on the server. I believe that management of packages on Chocolatey Simple Server should be done via the web interface which really boils down making it possible from the feed display....or preferrably a management page. Yup, a management page is what's needed. The feed list is for end users, the management page is for administering the content (packages) on the Chocolatey Simple Server. Yessiree, that's the answer.

[ferventcoder]

Simple Server. ;)

[bcurran3]

(That last comment went through a LOT of edits.)

[ferventcoder]

Let's start with this - choco upgrade chocolatey.server and see what you have there.

Bigger picture: the Packages link is for Chocolatey, not for you. The /Packages is the same as you see when you go to https://chocolatey.org/api/v2/Packages.

We can't make it HTML - it's purpose is to be XML so that it can actually be used with Chocolatey and Chocolatey GUI.

[bcurran3]

All items stated above in comments completed for 0.2.3. Please file separate issues for the following comments:

Linking to explorer folder - #26 (comment) HTTP pushing and self-signed SSL certs (two issues please) - #26 (comment) chocolatey/choco - display which source - #26 (comment) chocolatey/choco-wiki - docs surrounding other websites co-exsting - #26 (comment)

Done!

[bcurran3]

Let's start with this - choco upgrade chocolatey.server and see what you have there.

Done. I'm not sure what in particular you wanted me to see. New issues created. :)

Bigger picture: the Packages link is for Chocolatey, not for you. The /Packages is the same as you see when you go to https://chocolatey.org/api/v2/Packages.

I get it and understand the difference between the URLs on the chocolatey.org site, but I think the view packages link in CSS should point to a (currently non existent) HTML page with more package information; short term solution/request would be to change the verbiage to say something like "To view the package feed click here." (Niggling, but within reason.) I think the intuitive expectation from anyone who is a Chocolatey user is to view results somewhat similar to what they are used to on chocolatey.org. I've viewed https://chocolatey.org/api/v2/Packages quite a few times but I suspect most haven't. I'd really like to capture and save all the data from https://chocolatey.org/api/v2/Packages and make an attempt at a program that checks installed programs and compares them to Chocolatey packages for "conversion!")

We can't make it HTML - it's purpose is to be XML so that it can actually be used with Chocolatey and Chocolatey GUI.

I get it's purpose/need/design/use/etc. But why can't we have two URLs, the necessary feed URL and a not-yet-implemented HTML list of packages with management functions built in? I guess now my initial inquiry/request wasn't clear from a developer viewpoint, I'm not asking to (impossibly) change design/functionality - I'm asking to add features/functionality. :)

Should I open an issue to (more clearly spell out) add web based management on the desirable roadmap?

Now stop banging your head against the wall because of me, we need to keep your brain working at 110%+.