Update Documentation for Confirmation Flag `-y` where there might still be timeout prompts for security and additional situations

[externl]

What You Are Seeing?

Uninstall of git using the -y flag hangs on prompt asking to remove git.install

What is Expected?

-y should imply yes since the documentation states:

 -y, --yes, --confirm
     Confirm all prompts - Chooses affirmative answer instead of prompting. 
       Implies --accept-license

How Did You Get This To Happen? (Steps to Reproduce)

Ran choco uninstall -y git

Output Log

$ choco uninstall -y git
Uninstalling the following packages:
git
You are uninstalling git, which is likely a metapackage for an 
 *.install/*.portable package that it installed 
 (git represents discoverability).
For the question below, you have 20 seconds to make a selection.
Would you like to uninstall git.install as well?([Y]es/[N]o):
Timeout or your choice of '' is not a valid selection.
git v2.17.0
     Skipping auto uninstaller - No registry snapshot.
     git has been successfully uninstalled.
    Chocolatey uninstalled 1/2 packages. 
     See the log for details (C:\ProgramData\chocolatey\logs\chocolatey.log).
    Warnings:
     - git.install - To finish removing git, please also run the command: `choco uninstall git.install`.

[ferventcoder]

For the question below, you have 20 seconds to make a selection.

It doesn't hang, it stops and waits for 20 seconds. When you use -y, it never hangs. If you find otherwise, that would be a bug.

[externl]

The other part of this issue is that git.install is not uninstalled even though -y is specified. The documentation says Confirm all prompts

[ferventcoder]

Unfortunately not every question should be a yes, these are areas where there are extras - if the checksums are wrong, choco asks you want you want to do instead of just moving forward as well, that's a security issue and we wouldn't want the confirmation add to just blinding move that forward as well.

Here you've asked it to uninstall git, but you have not asked it to uninstall git.install as well, so we ask if you want to grab that as well. If it were to automatically do that, that would be surprising (aka a bug). I am not sure if that explains the difference, but maybe we should add that to the documentation about the confirmation prompt.

[externl]

A documentation update would be great.

EDIT: Is there a way to somehow auto uninstall git.install along with git?

[ferventcoder]

Clarifying, git and git.install are two distinct packages, alongside the Git software (likely installed into Programs and Features). You are asking Chocolatey to manage a package, which might also remove some software (depending on the package itself). Chocolatey is trying to be helpful here as it sees you are likely to want to actually uninstall more than just the meta git package, so it suggests that you might also want to uninstall git.install if you are attempting to have the end result where you have removed the Git software.

You could say choco uninstall git.install git to get both at once.

[externl]

In our CI we install git, then are trying to uninstall git. Should we be using git.install instead everywhere?

[ferventcoder]

Reopened and renamed issue to capture the documentation update needs.

[ferventcoder]

In our ci we install git, then are trying to uninstall git. Should we be using git.install instead everywhere?

You are likely to need to clarify. You installed the git package. You can uninstall the git package, but that does not remove the Git software. That is installed by the git.install installer package.

A really good way of thinking about this is that Chocolatey manages "Packages" (strictly nupkg files) and packages manage software in some way (maybe hold runtime binaries, manage installers, run scripts, set configuration, etc).

[ferventcoder]

So if your end goal is to have the Git software removed, you do need to uninstall the package that put that there - yes that is confusing that there is a meta git package and a git.install package that it brings. If you are using Chocolatey inside of an organization, you get to decide how those packages look. If you are using the community repository though, you are kind of beholden to the way it was set for those package details - plus you are accepting that you have less reliability using that public repository due to packages there needing to ensure they comply with distribution rights - https://chocolatey.org/docs/community-packages-disclaimer

[externl]

Ok, I see. We typically do something like:

choco install -y git
choco install -y jdk10
choco install -y ...

Sometimes if a VM is already provisioned we need to downgrade a package, in this case git. Since --allow-downgrade doesn't seem to be supported by the git installer, we just ran an uninstall on the git package (Note this is really in a ruby script with an array in a Vagrantfile).

Is there a way to automatically have a package uninstall all of it's "things"?

[ferventcoder]

Force dependencies I believe.

[ferventcoder]

Something like choco uninstall git --force-dependencies -y.

https://chocolatey.org/docs/commands-uninstall:

 -x, --forcedependencies, --force-dependencies, --removedependencies, --remove-dependencies
     RemoveDependencies - Uninstall dependencies when uninstalling package(s-
       ). Defaults to false.

You might need to be careful with that one though, so test it to be sure there are no conflicts with it attempting to uninstall some dependency that is shared across other packages as well.

[externl]

Thanks @ferventcoder I'll try that.

[Blackclaws]

I want to use chocolatey noninteractively called from another program to install software packages that are portable and do not require admin privileges. Is there any way to actually bypass this 20 seconds timeout if you know that you are non-elevated by choice without passing anything to stdin?

[Destroy666x]

IMO just add something like -fy (forced yes) or anything similar to have a 100% way to avoid any questions/prompts/waiting time. Software really doesn't need this kind of warning when it runs commands, this is aimed at users. And I understand it is important to keep e.g. this prompt for users regardless of the basic param, even though a warning that's colored to stand out could perhaps be enough.