search

microsoft / winget-cli

WinGet is the Windows Package Manager. This project includes a CLI (Command Line Interface), PowerShell modules, and a COM (Component Object Model) API (Application Programming Interface).
https://learn.microsoft.com/windows/package-manager/
MIT License
22.98k stars 1.43k forks source link

install in Windows-Sandbox #2081

Open dpprdan opened 2 years ago

dpprdan commented 2 years ago

Description of the new feature / enhancement

Add a new CLI option for installing packages into Windows Sandbox, e.g. via winget test <manifest>/winget sandbox <manifest> or winget install --sandbox <manifest>.

Note that this was already proposed in #253, but I cannot retrace why it was "only" implemented as a Powershell script and not natively into winget. Pinging @felipecrs, who might be interested in implementing this?

This would allow users to install/try applications in the Windows Sandbox directly from winget, without having to download/git clone the winget-pkgs repo.

UPDATE: Note that my request goes beyond verification/validation of manifests, but to have full winget functionality in the Windows Sandbox, plus being able to spin it up from the host machine and install the desired application with winget.

I use the SandboxTest.ps1 quite frequently for example when I want to install a different version than I have installed locally or when I want to have a clean environment. I would be even better, if I could tell someone "run winget install --sandbox <manifest of your application> to reproduce".

I am not sure if this has any overlap with #386.

Proposed technical implementation details

This would incorporate the functionality of SandboxTest.ps1, but natively in winget. That would make it possible to easily install applications from remote sources (msstore, winget-pkgs, etc.) as well.

IMHO winget install --sandbox <manifest> would be preferable, since we probably want "Install this manifest, just do it in the Windows-Sandbox". I don't know, however, if all winget install arguments would be applicable to a sandbox install as well.

felipecrs commented 2 years ago

I find it neat, indeed. But I'm not so sure if it is worth it.

The bar is lower for contributing a PowerShell script in a repository that will only get accessed by developers who clone it if compared to this repository.

If it were to be included in the winget-cli source code, I suspect we would need to spend many more cycles to make the code production-ready (we are talking about delivering it to any Windows 10/11 device out there). One example is internationalization.

Edit: I suspect this also the reason why wingetcreate is developed as a separate project.

But anyway, I'm saying this as my opinion only. I would be happy to see it in winget-cli as well.

Pinging @felipecrs, who might be interested in implementing this?

I am not interested... but that does not change much, as I know very little about C# anyway.

Trenly commented 2 years ago

I would also add that not every device supports the windows sandbox. Given that winget is supported on Win10 Home edition, it could be very confusing for someone to think that the option was available but then find they don’t meet the requirements to enable the sandbox. Given that developers are more likely to read into the documentation, having the script is good enough in my opinion.

There are also other challeneges to running winget in the sandbox such as ensuring that VCLibs and the XamlLibs are installed; This is relatively easy to do with a powershell script, but for the client to do this would involve more downloading and copying of files, unless it were to only download the application and provide it as a file available to the sandbox and not install winget inside the sandbox. This would mean that users should be informed that additional dependencies would be downloaded, which may cause some users security concerns.

For a majority of users, I dont believe there is a business case that makes sense to integrate directly with the sandbox for installation.

dpprdan commented 2 years ago

not every device supports the windows sandbox

I'd be surprised if that couldn't be queried easily on winget startup.

As for the business case:

Windows Sandbox provides a lightweight desktop environment to safely run applications in isolation. https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview

The winget command line tool enables users to discover, install, upgrade, remove and configure applications on Windows 10 and Windows 11 computers. https://docs.microsoft.com/en-us/windows/package-manager/winget/

Those are literally the first sentences on those two pages. "run applications" and "install (etc.) applications" sounds like those two should definitely work together. Actually I'd find it pretty weird if the Windows Package Manager wouldn't be integrated in the Windows Sandbox.

denelon commented 2 years ago

I think this is probably better in wingetcreate:

I see the use case of verification/validation in Sandbox more applies there.

Running in a sandbox as opposed to the OS is an interesting scenario to consider. I'll leave this one open to see if it gets any traction (as in more 👍).

dpprdan commented 2 years ago

@denelon Thanks! I see this as going beyond "just" verification/validation of manifests, namely to "discover, install, upgrade, remove and configure applications" in the sandbox for whatever reason. In my case this has mostly been debugging, but I am sure there are other use-cases as well.

Having winget available within the sandbox when it is installed on the host machine would already go a long way (is it on Win11? it definitely isn't on my Win10). Being able to spin up the sandbox from winget on the host machine (like SandboxTest.ps1 does) would be even better.

calle2010 commented 2 years ago

I wanted to test an automated installation script in Windows Sandbox and introduce winget for some dependencies. I found that winget is not available in the sandbox. I don't know of other implications, e. g. Microsoft Store is also not available there as well.

As it was mentioned before: The purpose of the sandbox to run apps in isolation and the ability to automate installation of apps using winget is a perfect fit.

felipecrs commented 2 years ago

@calle2010 you can definitely leverage the SandboxTest.ps1, as it allows you to run any other script.

calle2010 commented 2 years ago

Yes, I did that now. I had to adapt it, though, because e. g. I need other settings in the WSB file. I still believe it should be easier to use winget in Windows Sandbox.

vedantmgoyal9 commented 2 years ago

If anyone wants to permanently install WinGet (don't want to install everytime sandbox starts), they can use this gist made by one of the moderators of community repo: https://gist.github.com/Trenly/3e8ba9a9498c6cc12a9bb25e4179a98c

It will modify the sandbox's base image which the sandbox launches on start-up.

Slluxx commented 1 year ago

This should be a no-brainer. I expected it to be there already and got heavily dissapointed.

denelon commented 10 months ago

I used the new DSC Resource for configuring the WIndows Sandbox in:

I uploaded the files to that issue in a .zip.

We are working on samples and better documentation to be added to https://aka.ms/dsc.yaml.

vedantmgoyal9 commented 6 months ago

@denelon now that we can install winget using DSC, we can close this issue?

dpprdan commented 6 months ago

@vedantmgoyal9 "can install winget using DSC" doesn't mean that it winget is available in the sandbox after a "normal" winget install, is it? AFAIU DSC is a feature for developers (i.e. not all users) and requires additional install or configuration steps from the user.

What I meant with this issue is that winget is available in the sandbox on a default windows install (assuming that winget and sandbox are installed, of course).

This would allow users to install/try applications in the Windows Sandbox directly from winget, without having to download/git clone the winget-pkgs repo

... fuss with additional setup steps.

So being able to install winget using DSC does not solve this issue completely, as far as I am concerned (unless I am missing something?). If that's the best we can/want to do ATM, then that's fine, of course, but it does not solve it the way I meant.

denelon commented 6 months ago

I've reached out to the Windows Sandbox team with several requests. I don't have timelines for these, but I thought I'd share a few:

denelon commented 6 months ago

There are some additional caveats with the Sandbox since the default WDAGUtilityAccount is an administrator when it comes to having something like an argument to specify installing the package directly in the Windows Sandbox from the host OS. I do like where this is going though. I've found the ephemeral and isolated nature of the Windows Sandbox to be very useful from a WinGet Configuration validation scenario as well as a quick way to test a package out without installing it on my daily driver.

Slluxx commented 6 months ago

I hope we dont have to manually install WinGet. It should be available by default, without us needing to modify anything.

ScottBeeson commented 5 months ago

I'm here because I use sandbox daily for testing things. Today I wanted to use winget to deploy something and was pleased to find it should be on all recent versions of Windows 10 and 11. I was not pleased to find that it doesn't work in sandbox without additional setup.