3
Vote

Add verification of newly added package source using Add-Packagesource

description

When using Add-PackageSource, there is no verification of whether the source actually exists. It just adds the source with no questions asked and you won't know until you attempt to find/install a package that the path is not valid.
Add-PackageSource -Name Fail -Location http://this.willnotwork.com/keeptrying -Provider Chocolatey
Even though this is obviously wrong, it is still added and appears in the list of sources when using Get-Packagesource.

Some sort of checking, be it using Invoke-WebRequest (if url; otherwise Test-Path for folder) or some other approach to verify the validity of the location would help to ensure that the proper package sources are being added to the list of available sources.

file attachments

comments

christoph_hausner wrote Apr 7, 2014 at 10:43 AM

What if you currently don't have internet access but still want to add a package source?

boeprox wrote Apr 7, 2014 at 11:19 AM

I would recommend having an additional parameter such as -NoVerify or -DoNotCheck to skip the checking of the source.

fearthecowboy wrote Apr 7, 2014 at 7:28 PM

We've talking about handling repository verification during add-packagesource

It's always going to be up to the package provider to validate a location, although we'll expose this thru the plugin-model API.

I'm torn between making it verify it by default, or making the verification check a switch.
> Add-PackageSource -Name foo -Location http://foo -Provider Chocolatey -NoVerify
vs
> Add-PackageSource -Name foo -Location http://foo -Provider Chocolatey -Verify
I'm going to consult the PowerShell core team to see which way they'd like it, and get back to you.

bherila wrote Apr 7, 2014 at 9:24 PM

I would recommend having an additional parameter such as -NoVerify or -DoNotCheck to skip the checking of the source.
Can't we just use -Force for that? I'm in favor of verification by default.

boeprox wrote Apr 8, 2014 at 3:09 AM

Can't we just use -Force for that? I'm in favor of verification by default.
I would vote for a -Force parameter as long as there is some sort of confirmation prompt if verification of the source fails during the addition of the package source and -Force is not specified. I am also in favor of it verifying by default and being ignored if the -Force parameter is used.
Just an example of what I am talking about:
Function Add-PackageSource {
    [cmdletbinding()]
    Param (
        $Name,
        $Location,
        $Provider,
        [switch]$Trusted,
        [switch]$Force
    )
    If ($PSCmdlet.ShouldProcess("Add-PackageSource","$Location")) {
        $Verified = (Get-Random -InputObject ($False,$True)) # <Some code to check location is available>
        If (-Not $Verified) {
            If ($Force -OR $PSCmdlet.ShouldContinue("Continue adding $($Location)?","Unable to Verify!")) {
                #Continue adding the source
            }
        }
    }
}
More info on cmdlets using Confirmation and -Force here and here.