Downloads:

3,140

Downloads of v 2019.01.03:

97

Last Update:

04 Jan 2019

Package Maintainer(s):

Software Author(s):

  • Bill Curran

Tags:

bcurran3 cnc choco unofficial nuspec checker

(unofficial) Chocolatey .nuspec Checker (Script)

This is not the latest version of (unofficial) Chocolatey .nuspec Checker (Script) available.

2019.01.03 | Updated: 04 Jan 2019

Downloads:

3,140

Downloads of v 2019.01.03:

97

Maintainer(s):

Software Author(s):

  • Bill Curran

(unofficial) Chocolatey .nuspec Checker (Script) 2019.01.03

This is not the latest version of (unofficial) Chocolatey .nuspec Checker (Script) available.

All Checks are Passing

2 Passing Test


Validation Testing Passed


Verification Testing Passed

Details

To install (unofficial) Chocolatey .nuspec Checker (Script), run the following command from the command line or from PowerShell:

>

To upgrade (unofficial) Chocolatey .nuspec Checker (Script), run the following command from the command line or from PowerShell:

>

To uninstall (unofficial) Chocolatey .nuspec Checker (Script), run the following command from the command line or from PowerShell:

>

NOTE: This applies to both open source and commercial editions of Chocolatey.

1. Ensure you are set for organizational deployment

Please see the organizational deployment guide

  • Open Source or Commercial:
    • Proxy Repository - Create a proxy nuget repository on Nexus, Artifactory Pro, or a proxy Chocolatey repository on ProGet. Point your upstream to https://chocolatey.org/api/v2. Packages cache on first access automatically. Make sure your choco clients are using your proxy repository as a source and NOT the default community repository. See source command for more information.
    • You can also just download the package and push it to a repository Download

3. Enter your internal repository url

(this should look similar to https://chocolatey.org/api/v2)

4. Choose your deployment method:


choco upgrade choco-nuspec-checker -y --source="'STEP 3 URL'" [other options]

See options you can pass to upgrade.

See best practices for scripting.

Add this to a PowerShell script or use a Batch script with tools and in places where you are calling directly to Chocolatey. If you are integrating, keep in mind enhanced exit codes.

If you do use a PowerShell script, use the following to ensure bad exit codes are shown as failures:


choco upgrade choco-nuspec-checker -y --source="'STEP 3 URL'"
$exitCode = $LASTEXITCODE

Write-Verbose "Exit code was $exitCode"
$validExitCodes = @(0, 1605, 1614, 1641, 3010)
if ($validExitCodes -contains $exitCode) {
  Exit 0
}

Exit $exitCode

- name: Ensure choco-nuspec-checker installed
  win_chocolatey:
    name: choco-nuspec-checker
    state: present
    version: 2019.01.03
    source: STEP 3 URL

See docs at https://docs.ansible.com/ansible/latest/modules/win_chocolatey_module.html.

Coming early 2020! Central Managment Reporting available now! More information...


chocolatey_package 'choco-nuspec-checker' do
  action    :install
  version  '2019.01.03'
  source   'STEP 3 URL'
end

See docs at https://docs.chef.io/resource_chocolatey_package.html.


Chocolatey::Ensure-Package
(
    Name: choco-nuspec-checker,
    Version: 2019.01.03,
    Source: STEP 3 URL
);

Requires Otter Chocolatey Extension. See docs at https://inedo.com/den/otter/chocolatey.


cChocoPackageInstaller choco-nuspec-checker
{
   Name     = 'choco-nuspec-checker'
   Ensure   = 'Present'
   Version  = '2019.01.03'
   Source   = 'STEP 3 URL'
}

Requires cChoco DSC Resource. See docs at https://github.com/chocolatey/cChoco.


package { 'choco-nuspec-checker':
  provider => 'chocolatey',
  ensure   => '2019.01.03',
  source   => 'STEP 3 URL',
}

Requires Puppet Chocolatey Provider module. See docs at https://forge.puppet.com/puppetlabs/chocolatey.


salt '*' chocolatey.install choco-nuspec-checker version="2019.01.03" source="STEP 3 URL"

See docs at https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.chocolatey.html.

5. If applicable - Chocolatey configuration/installation

See infrastructure management matrix for Chocolatey configuration elements and examples.

This package was approved by moderator gep13 on 07 Jan 2019.

Description


choco://choco-nuspec-checker
To use choco:// protocol URLs, install (unofficial) choco:// Protocol support


Screenshot of (unofficial) Chocolatey .nuspec Checker (Script)

choco-nuspec-checker (CNC) is a PowerShell script designed for Chocolatey package maintainers (creators) to check Chocolatey .nuspec files for common errors and ommisions.

FEATURES:

  • CNC checks for all tags and reports if any are missing
  • CNC checks for dead URLs and reports them
  • CNC checks for common oversights and reports about them (CDNs, icon image types, etc)
  • CNC checks for common verifier warnings

PACKAGE NOTES

If you find choco-nuspec-checker useful please consider donating: https://www.paypal.me/bcurran3donations or become a patron at https://www.patreon.com/bcurran3


tools\ChocolateyInstall.ps1
$packageName = 'choco-nuspec-checker' 
$toolsDir    = "$(Split-Path -parent $MyInvocation.MyCommand.Definition)"
$script      = 'CNC.ps1'
$CNCHeader   = 'CNCHeader.txt'
$CNCFooter   = 'CNCFooter.txt'
$CheckExecutionPolicy = Get-ExecutionPolicy

Write-Host "  ** $packageName - FYI: Your PowerShell Execution Policy is curently set to $CheckExecutionPolicy" -ForeGround Yellow

Move-Item "$toolsDir\$script" $env:ChocolateyInstall\bin -Force 
if (!(Test-Path $ENV:ChocolateyInstall\bin\$CNCHeader)) {
    Move-Item "$toolsDir\$CNCHeader" $env:ChocolateyInstall\bin -Force
	$WhoAmI=whoami
    $Acl = Get-Acl "$env:ChocolateyInstall\bin\$CNCHeader"
    $Ar = New-Object  system.security.accesscontrol.filesystemaccessrule($WhoAmI,"FullControl","Allow")
    $Acl.SetAccessRule($Ar)
    Set-Acl "$env:ChocolateyInstall\bin\$CNCHeader" $Acl
   }
if (!(Test-Path $ENV:ChocolateyInstall\bin\$CNCFooter)) {
    Move-Item "$toolsDir\$CNCFooter" $env:ChocolateyInstall\bin -Force
	$WhoAmI=whoami
    $Acl = Get-Acl "$env:ChocolateyInstall\bin\$CNCFooter"
    $Ar = New-Object  system.security.accesscontrol.filesystemaccessrule($WhoAmI,"FullControl","Allow")
    $Acl.SetAccessRule($Ar)
    Set-Acl "$env:ChocolateyInstall\bin\$CNCFooter" $Acl	
   }
tools\ChocolateyUninstall.ps1
$packageName = 'choco-nuspec-checker' 
$script      = 'CNC.ps1'
$CNCHeader   = 'CNCHeader.txt'
$CNCFooter   = 'CNCFooter.txt'

Remove-Item "$ENV:ChocolateyInstall\bin\$script" -Force | Out-Null
Remove-Item "$ENV:ChocolateyInstall\bin\$CNCHeader" -Force | Out-Null
Remove-Item "$ENV:ChocolateyInstall\bin\$CNCFooter" -Force | Out-Null
tools\CNC.ps1
# CNC.ps1 Copyleft 2018 by Bill Curran AKA BCURRAN3
[email protected]("png","svg")
$CDNlist     = "https://www.staticaly.com, https://raw.githack.com, https://gitcdn.link, or https://www.jsdelivr.com"
$CNCHeader   = 'CNCHeader.txt'
$CNCFooter   = 'CNCFooter.txt'

Write-Host
Write-Host "CNC.ps1 v2019.01.03 - (unofficial) Chocolatey .nuspec Checker ""CNC - Put it through the Bill.""" -ForegroundColor white
Write-Host "Copyleft 2018-2019 Bill Curran ([email protected]) - free for personal and commercial use" -ForegroundColor white

# Get and parse .nuspec in current directory
#ENCHANCEMENT: Should accept a filespec and use that as well
$LocalnuspecFile = Get-Item *.nuspec
if (!($LocalnuspecFile)) {
    Write-Warning "No .nuspec file found."
	return
   }

# Validate that URL elements are actually URLs and verify the URLs are good
function Validate-URL([string]$element,[string]$url){
if (($url -match "http://") -or ($url -match "https://")){
    $HTTP_Request = [System.Net.WebRequest]::Create("$url")
    $HTTP_Response = $HTTP_Request.GetResponse() 
    $HTTP_Status = [int]$HTTP_Response.StatusCode
	$HTTP_Response.Close()
    if ($HTTP_Status -eq 200) {
	   # do nothing, it's good!
       } else {
         Write-Warning "  ** $element - $url looks like a bad or non-responding URL, please check."
       }
  } else {
    Write-Warning "  ** $element - ""$url"" is not a valid URL"
  }	   
}

# FUTURE ENHANCEMENT to add a standardized header to the description
function Add-Header{
$NuspecDescription=(Get-Content $CNCHeaderFile)+$NuspecDescription
}

# FUTURE ENHANCEMENT to add a standardized footer to the description
function Add-Footer{
$NuspecDescription=$NuspecDescription+(Get-Content $CNCFooterFile)
}

# FUTURE ENHANCEMENT to open all URLs to view
function Open-URLs{
if ($NuspecBugTrackerURL){&start $NuspecBugTrackerURL}
if ($NuspecDocsURL){&start $NuspecDocsURL}
if ($NuspecIconURL){&start $NuspecIconURL}
if ($NuspecLicenseURL){&start $NuspecLicenseURL}
if ($NuspecMailingListURL){&start $NuspecMailingListURL}
if ($NuspecPackageSourceURL){&start $NuspecPackageSourceURL}
if ($NuspecProjectSourceURL){&start $NuspecProjectSourceURL}
if ($NuspecProjectURL){&start $NuspecProjectURL}
}

# Import package.nuspec file to get values
$nuspecXML = $LocalnuspecFile
[xml]$nuspecFile = Get-Content $nuspecXML
$NuspecAuthors = $nuspecFile.package.metadata.authors
$NuspecBugTrackerURL = $nuspecFile.package.metadata.bugtrackerurl	
$NuspecConflicts = $nuspecFile.package.metadata.conflicts # Built for the future
$NuspecCopyright = $nuspecFile.package.metadata.copyright
$NuspecDependencies = $nuspecFile.package.metadata.dependencies # Not fully implemented yet
$NuspecDescription = $nuspecFile.package.metadata.description
$NuspecDocsURL = $nuspecFile.package.metadata.docsurl
$NuspecFiles = $nuspecFile.package.files.file # Not fully implemented yet
$NuspecIconURL = $nuspecFile.package.metadata.iconurl
$NuspecID = $nuspecFile.package.metadata.id
$NuspecLicenseURL = $nuspecFile.package.metadata.licenseurl
$NuspecMailingListURL = $nuspecFile.package.metadata.mailinglisturl
$NuspecOwners = $nuspecFile.package.metadata.owners
$NuspecPackageSourceURL = $nuspecFile.package.metadata.packagesourceurl
$NuspecProjectSourceURL = $nuspecFile.package.metadata.projectsourceurl
$NuspecProjectURL = $nuspecFile.package.metadata.projecturl
$NuspecProvides = $nuspecFile.package.metadata.provides # Built for the future
$NuspecReleaseNotes = $nuspecFile.package.metadata.releasenotes
$NuspecReplaces = $nuspecFile.package.metadata.replaces # Built for the future
$NuspecRequireLicenseAcceptance = $nuspecFile.package.metadata.requirelicenseacceptance
$NuspecSummary = $nuspecFile.package.metadata.summary
$NuspecTags = $nuspecFile.package.metadata.tags
$NuspecTitle = $nuspecFile.package.metadata.title
$NuspecVersion = $nuspecFile.package.metadata.version

# Report empty elements and misc possible oversights
Write-Host
Write-Host "CNC summary of "$LocalnuspecFile.Name":" -ForegroundColor Magenta
#Write-Host $NuspecDescription -foreground green
if (!($NuspecAuthors)) {Write-Warning "  ** <authors> element is empty, this element is a requirement."}
if (!($NuspecBugTrackerURL)) {
     Write-Warning "  ** <bugTrackerUrl> - element is empty"
   } else {
     Validate-URL "<bugTrackerUrl>" $NuspecBugTrackerURL
	}
#if (!($NuspecConflicts)) {Write-Warning "  ** <conflicts> element is empty"} # Built for the future
if (!($NuspecCopyright)) {Write-Warning "  ** <copyright> - element is empty"}
if (!($NuspecDependencies)) {Write-Warning "  ** <dependencies> - element is empty"}
if (!($NuspecDescription)) {
    Write-Warning "  ** <description> - element is empty, this element is a requirement."
   } else {
     if ($NuspecDescription -match "cdn.rawgit.com"){
         Write-Warning "  ** <description> - RawGit CDN will be going offline October 2019. Please change to a CDN such as:"
         Write-Host "           ** $CDNlist" -ForeGround Cyan
       }
	}

if (!($NuspecDocsURL)) {
    Write-Warning "  ** <docsUrl> - element is empty"
   } else {
     Validate-URL "<docsUrl>" $NuspecDocsURL
	}
if (!($NuspecFiles)) {Write-Warning "  ** <files> - element is empty"}
if (!($NuspecIconURL)) {
    Write-Warning "  ** <iconUrl> - element is empty"
   } else {
     Validate-URL "<iconUrl>" $NuspecIconURL
	 if ($NuspecIconURL -match "raw.githubusercontent"){
         Write-Warning "  ** <iconUrl> - Your package icon links directly to GitHub. Please use a CDN such as:"
         Write-Host "           ** $CDNlist" -ForeGround Cyan
        }
     if ($NuspecIconURL -match "cdn.rawgit.com"){
        Write-Warning "  ** <iconUrl> - RawGit CDN will be going offline October 2019. Please change to a CDN such as:"
        Write-Host "           ** $CDNlist" -ForeGround Cyan
       }
   }

$IconExt=($NuspecIconURL | Select-String -Pattern $AcceptableIconExts)
if (!($IconExt)){
    Write-Warning "  ** <iconUrl> - .PNG and .SVG are the preferred package icon file types." 
  }

if (!($NuspecID)) {Write-Warning "  ** <id> - element is empty, this element is a requirement."}
if (!($NuspecLicenseURL)) {
    Write-Warning "  ** <licenseUrl> - element is empty"
   } else {
     Validate-URL "<licenseUrl>" $NuspecLicenseURL
	}	
if (!($NuspecMailingListURL)) {
    Write-Warning "  ** <mailingListUrl> - element is empty"
   } else {
     Validate-URL "<mailingListUrl>" $NuspecMailingListURL
	}		
if (!($NuspecOwners)) {Write-Warning "  ** <owners> element is empty, this element is a requirement."}
if (!($NuspecPackageSourceURL)) {
    Write-Warning "  ** <packageSourceUrl> - element is empty"
   } else {
     Validate-URL "<packageSourceUrl>" $NuspecPackageSourceURL
	}		
if (!($NuspecProjectSourceURL)) {
    Write-Warning "  ** <projectSourceUrl> - element is empty"
   } else {
     Validate-URL "<projectSourceUrl>" $NuspecProjectSourceURL
	}	
if (!($NuspecProjectURL)) {
    Write-Warning "  ** <projectUrl> - element is empty, this element is a requirement."
   } else {
     Validate-URL "<projectUrl>" $NuspecProjectURL
	}	
#if (!($NuspecProvides)) {Write-Warning "  ** <provides> element is empty"} # Built for the future
if (!($NuspecReleaseNotes)) {Write-Warning "  ** <releaseNotes> element is empty"}
#if (!($NuspecReplaces)) {Write-Warning "  ** <replaces> element is empty"} # Built for the future
if (!($NuspecRequireLicenseAcceptance)) {Write-Warning "  ** <requireLicenseAcceptance> - element is empty"}
if (!($NuspecSummary)) {Write-Warning "  ** <summary> - element is empty"}
if (!($NuspecTags)) {Write-Warning "  ** <tags> - element is empty"}
if (!($NuspecTitle)) {Write-Warning "  ** <title> - element is empty, this element is a requirement."}
if (!($NuspecVersion)) {Write-Warning "  ** <version> - element is empty, this element is a requirement."}

if ($NuspecAuthors -eq $NuspecOwners){
    Write-Warning "  ** <owners> and <authors> elements are the same. This will trigger a message from the verifier:"
    Write-Host '           ** The package maintainer field (owners) matches the software author field (authors) in the nuspec. The reviewer will ensure that the package maintainer is also the software author.' -ForeGround Cyan
}

if ($NuspecProjectURL -eq $NuspecProjectSourceURL){
    Write-Warning "  ** <projectUrl> and <projectSourceUrl> elements are the same. This will trigger a message from the verifier:"
    Write-Host '           ** ProjectUrl and ProjectSourceUrl are typically different, but not always. Please ensure that projectSourceUrl is pointing to software source code or remove the field from the nuspec.' -ForeGround Cyan
}

if ($NuspecTags -match "chocolatey"){
    Write-Warning "  ** There is a tag named chocolatey. This will trigger a message from the verifier:"
    Write-Host '           ** Tags (tags) should not contain 'chocolatey' as a tag. Please remove that in the nuspec.' -ForeGround Cyan
}

Write-Host
Write-Host "Found CNC.ps1 useful?" -ForegroundColor white
Write-Host "Buy me a beer at https://www.paypal.me/bcurran3donations" -ForegroundColor white
Write-Host "Become a patron at https://www.patreon.com/bcurran3" -ForegroundColor white
return

# TDL
# show dependencies and version - •	Package contains dependencies with no specified version. You should at least specify a minimum version of a dependency. 
# Check for common binary types and mention: binary files (.exe, .msi, .zip) have been included. The reviewer will ensure the maintainers have distribution rights. 
# What else?
tools\CNCFooter.txt
tools\CNCHeader.txt

Log in or click on link to see number of positives.

In cases where actual malware is found, the packages are subject to removal. Software sometimes has false positives. Moderators do not necessarily validate the safety of the underlying software, only that a package retrieves software from the official distribution point and/or validate embedded software against official distribution point (where distribution rights allow redistribution).

Chocolatey Pro provides runtime protection from possible malware.

Version Downloads Last Updated Status
(unofficial) Chocolatey .nuspec Checker (Script) 2020.09.21-pre 23 Monday, September 21, 2020 Approved
(unofficial) Chocolatey .nuspec Checker (Script) 2020.09.20 57 Sunday, September 20, 2020 Approved
(unofficial) Chocolatey .nuspec Checker (Script) 2020.09.15 56 Wednesday, September 16, 2020 Approved
(unofficial) Chocolatey .nuspec Checker (Script) 2020.04.06.0001 311 Monday, April 6, 2020 Approved
(unofficial) Chocolatey .nuspec Checker (Script) 2020.04.06 52 Monday, April 6, 2020 Approved
(unofficial) Chocolatey .nuspec Checker (Script) 2020.01.16 183 Thursday, January 16, 2020 Approved
(unofficial) Chocolatey .nuspec Checker (Script) 2019.12.14 84 Saturday, December 14, 2019 Approved
(unofficial) Chocolatey .nuspec Checker (Script) 2019.09.01 165 Monday, September 2, 2019 Approved
(unofficial) Chocolatey .nuspec Checker (Script) 2019.08.26 113 Tuesday, August 27, 2019 Approved

CHANGELOG:

  • 2019.01.03 - fixed some URL checking handling that could cause PS errors, updated list of CDN recommendations, added checking for RawGit URLs in description, cosmetic updates
  • 2018.12.22-2018-12.28 - intial release

ROADMAP:

  • take a filespec to check .nuspec files outside of the local path
  • automatically convert RawGit CDN URLs to Staticaly or a possibly a selectable preference
  • (out of original scope) option to insert configurable headers and footers into description (some groundwork laid)
  • option to open and view all URLs (some groundwork laid)
  • capture and test URLs found in description
  • add more verifier warnings and errors

This package has no dependencies.

Discussion for the (unofficial) Chocolatey .nuspec Checker (Script) Package

Ground Rules:

  • This discussion is only about (unofficial) Chocolatey .nuspec Checker (Script) and the (unofficial) Chocolatey .nuspec Checker (Script) package. If you have feedback for Chocolatey, please contact the Google Group.
  • This discussion will carry over multiple versions. If you have a comment about a particular version, please note that in your comments.
  • The maintainers of this Chocolatey Package will be notified about new comments that are posted to this Disqus thread, however, it is NOT a guarantee that you will get a response. If you do not hear back from the maintainers after posting a message below, please follow up by using the link on the left side of this page or follow this link to contact maintainers. If you still hear nothing back, please follow the package triage process.
  • Tell us what you love about the package or (unofficial) Chocolatey .nuspec Checker (Script), or tell us what needs improvement.
  • Share your experiences with the package, or extra configuration or gotchas that you've found.
  • If you use a url, the comment will be flagged for moderation until you've been whitelisted. Disqus moderated comments are approved on a weekly schedule if not sooner. It could take between 1-5 days for your comment to show up.
comments powered by Disqus