search

microsoft / winget-cli

WinGet is the Windows Package Manager. This project includes a CLI (Command Line Interface), PowerShell modules, and a COM (Component Object Model) API (Application Programming Interface).
https://learn.microsoft.com/windows/package-manager/
MIT License
23.38k stars 1.45k forks source link

Allow custom source to bypass SmartScreen #3111

Open stevapple opened 1 year ago

stevapple commented 1 year ago

Description of the new feature / enhancement

SmartScreen is good, but unfortunately sometimes it can be annoying due to network and other problems. winget now skips SmartScreen for default sources, and we wish to apply the same magic to custom sources that are trusted by the user.

Proposed technical implementation details

Add a new Group Policy option and CLI flag that explicitly "trusts" a source, allowing it to skip SmartScreen checks.

ktmitton commented 1 year ago

I would love to see this implemented. My organization is trying to roll out custom software, and the SmartScreen warning is not ideal.

Something additional I'd like to add, maybe instead of or in addition to the Group Policy suggested above, we could trust the executable if it is signed by a trusted source?

denelon commented 4 months ago

The latest version of WinGet allows you to specify the source as "trusted".

PS C:\Users\denelon> winget source add -?
Windows Package Manager (Preview) v1.9.1981-preview
Copyright (c) Microsoft Corporation. All rights reserved.

Add a new source. A source provides the data for you to discover and install packages. Only add a new source if you trust it as a secure location.

usage: winget source add [-n] <name> [-a] <arg> [[-t] <type>] [<options>]

The following arguments are available:
  -n,--name                   Name of the source
  -a,--arg                    Argument given to the source
  -t,--type                   Type of the source

The following options are available:
  --trust-level               Trust level of the source (none or trusted)
  --header                    Optional Windows-Package-Manager REST source HTTP header
  --accept-source-agreements  Accept all source agreements during source operations
  --explicit
  -?,--help                   Shows help about the selected command
  --wait                      Prompts the user to press any key before exiting
  --logs,--open-logs          Open the default logs location
  --verbose,--verbose-logs    Enables verbose logging for winget
  --nowarn,--ignore-warnings  Suppresses warning outputs
  --disable-interactivity     Disable interactive prompts
  --proxy                     Set a proxy to use for this execution
  --no-proxy                  Disable the use of proxy for this execution

More help can be found at: https://aka.ms/winget-command-source