## 1. REQUIREMENTS ##
### Here are the requirements necessary to ensure this is successful.
### a. Internal/Private Cloud Repository Set Up ###
#### You'll need an internal/private cloud repository you can use. These are
#### generally really quick to set up and there are quite a few options.
#### Chocolatey Software recommends Nexus, Artifactory Pro, or ProGet as they
#### are repository servers and will give you the ability to manage multiple
#### repositories and types from one server installation.
### b. Download Chocolatey Package and Put on Internal Repository ###
#### You need to have downloaded the Chocolatey package as well.
#### Please see https://chocolatey.org/install#organization
### c. Other Requirements ###
#### i. Requires puppetlabs/chocolatey module
#### See https://forge.puppet.com/puppetlabs/chocolatey
## 2. TOP LEVEL VARIABLES ##
### a. Your internal repository url (the main one). ###
#### Should be similar to what you see when you browse
#### to https://community.chocolatey.org/api/v2/
$_repository_url = 'INTERNAL REPO URL'
### b. Chocolatey nupkg download url ###
#### This url should result in an immediate download when you navigate to it in
#### a web browser
$_choco_download_url = 'INTERNAL REPO URL/package/chocolatey.2.2.2.nupkg'
### c. Chocolatey Central Management (CCM) ###
#### If using CCM to manage Chocolatey, add the following:
#### i. Endpoint URL for CCM
# $_chocolatey_central_management_url = 'https://chocolatey-central-management:24020/ChocolateyManagementService'
#### ii. If using a Client Salt, add it here
# $_chocolatey_central_management_client_salt = "clientsalt"
#### iii. If using a Service Salt, add it here
# $_chocolatey_central_management_service_salt = 'servicesalt'
## 3. ENSURE CHOCOLATEY IS INSTALLED ##
### Ensure Chocolatey is installed from your internal repository
### Note: `chocolatey_download_url is completely different than normal
### source locations. This is directly to the bare download url for the
### chocolatey.nupkg, similar to what you see when you browse to
### https://community.chocolatey.org/api/v2/package/chocolatey
class {'chocolatey':
chocolatey_download_url => $_choco_download_url,
use_7zip => false,
}
## 4. CONFIGURE CHOCOLATEY BASELINE ##
### a. FIPS Feature ###
#### If you need FIPS compliance - make this the first thing you configure
#### before you do any additional configuration or package installations
#chocolateyfeature {'useFipsCompliantChecksums':
# ensure => enabled,
#}
### b. Apply Recommended Configuration ###
#### Move cache location so Chocolatey is very deterministic about
#### cleaning up temporary data and the location is secured to admins
chocolateyconfig {'cacheLocation':
value => 'C:\ProgramData\chocolatey\cache',
}
#### Increase timeout to at least 4 hours
chocolateyconfig {'commandExecutionTimeoutSeconds':
value => '14400',
}
#### Turn off download progress when running choco through integrations
chocolateyfeature {'showDownloadProgress':
ensure => disabled,
}
### c. Sources ###
#### Remove the default community package repository source
chocolateysource {'chocolatey':
ensure => absent,
location => 'https://community.chocolatey.org/api/v2/',
}
#### Add internal default sources
#### You could have multiple sources here, so we will provide an example
#### of one using the remote repo variable here
#### NOTE: This EXAMPLE requires changes
chocolateysource {'internal_chocolatey':
ensure => present,
location => $_repository_url,
priority => 1,
username => 'optional',
password => 'optional,not ensured',
bypass_proxy => true,
admin_only => false,
allow_self_service => false,
}
### b. Keep Chocolatey Up To Date ###
#### Keep chocolatey up to date based on your internal source
#### You control the upgrades based on when you push an updated version
#### to your internal repository.
#### Note the source here is to the OData feed, similar to what you see
#### when you browse to https://community.chocolatey.org/api/v2/
package {'chocolatey':
ensure => latest,
provider => chocolatey,
source => $_repository_url,
}
## 5. ENSURE CHOCOLATEY FOR BUSINESS ##
### If you don't have Chocolatey for Business (C4B), you'll want to remove from here down.
### a. Ensure The License File Is Installed ###
#### Create a license package using script from https://docs.chocolatey.org/en-us/guides/organizations/organizational-deployment-guide#exercise-4-create-a-package-for-the-license
# TODO: Add resource for installing/ensuring the chocolatey-license package
package {'chocolatey-license':
ensure => latest,
provider => chocolatey,
source => $_repository_url,
}
### b. Disable The Licensed Source ###
#### The licensed source cannot be removed, so it must be disabled.
#### This must occur after the license has been set by the license package.
## Disabled sources still need all other attributes until
## https://tickets.puppetlabs.com/browse/MODULES-4449 is resolved.
## Password is necessary with user, but not ensurable, so it should not
## matter what it is set to here. If you ever do get into trouble here,
## the password is your license GUID.
chocolateysource {'chocolatey.licensed':
ensure => disabled,
priority => '10',
user => 'customer',
password => '1234',
require => Package['chocolatey-license'],
}
### c. Ensure Chocolatey Licensed Extension ###
#### You will have downloaded the licensed extension to your internal repository
#### as you have disabled the licensed repository in step 5b.
#### Ensure the chocolatey.extension package (aka Chocolatey Licensed Extension)
package {'chocolatey.extension':
ensure => latest,
provider => chocolatey,
source => $_repository_url,
require => Package['chocolatey-license'],
}
#### The Chocolatey Licensed Extension unlocks all of the following, which also have configuration/feature items available with them. You may want to visit the feature pages to see what you might want to also enable:
#### - Package Builder - https://docs.chocolatey.org/en-us/features/paid/package-builder
#### - Package Internalizer - https://docs.chocolatey.org/en-us/features/paid/package-internalizer
#### - Package Synchronization (3 components) - https://docs.chocolatey.org/en-us/features/paid/package-synchronization
#### - Package Reducer - https://docs.chocolatey.org/en-us/features/paid/package-reducer
#### - Package Audit - https://docs.chocolatey.org/en-us/features/paid/package-audit
#### - Package Throttle - https://docs.chocolatey.org/en-us/features/paid/package-throttle
#### - CDN Cache Access - https://docs.chocolatey.org/en-us/features/paid/private-cdn
#### - Branding - https://docs.chocolatey.org/en-us/features/paid/branding
#### - Self-Service Anywhere (more components will need to be installed and additional configuration will need to be set) - https://docs.chocolatey.org/en-us/features/paid/self-service-anywhere
#### - Chocolatey Central Management (more components will need to be installed and additional configuration will need to be set) - https://docs.chocolatey.org/en-us/features/paid/chocolatey-central-management
#### - Other - https://docs.chocolatey.org/en-us/features/paid/
### d. Ensure Self-Service Anywhere ###
#### If you have desktop clients where users are not administrators, you may
#### to take advantage of deploying and configuring Self-Service anywhere
chocolateyfeature {'showNonElevatedWarnings':
ensure => disabled,
}
chocolateyfeature {'useBackgroundService':
ensure => enabled,
}
chocolateyfeature {'useBackgroundServiceWithNonAdministratorsOnly':
ensure => enabled,
}
chocolateyfeature {'allowBackgroundServiceUninstallsFromUserInstallsOnly':
ensure => enabled,
}
chocolateyconfig {'backgroundServiceAllowedCommands':
value => 'install,upgrade,uninstall',
}
### e. Ensure Chocolatey Central Management ###
#### If you want to manage and report on endpoints, you can set up and configure
### Central Management. There are multiple portions to manage, so you'll see
### a section on agents here along with notes on how to configure the server
### side components.
if $_chocolatey_central_management_url {
package {'chocolatey-agent':
ensure => latest,
provider => chocolatey,
source => $_repository_url,
require => Package['chocolatey-license'],
}
chocolateyconfig {'CentralManagementServiceUrl':
value => $_chocolatey_central_management_url,
}
if $_chocolatey_central_management_client_salt {
chocolateyconfig {'centralManagementClientCommunicationSaltAdditivePassword':
value => $_chocolatey_central_management_client_salt,
}
}
if $_chocolatey_central_management_service_salt {
chocolateyconfig {'centralManagementClientCommunicationSaltAdditivePassword':
value => $_chocolatey_central_management_client_salt,
}
}
chocolateyfeature {'useChocolateyCentralManagement':
ensure => enabled,
require => Package['chocolatey-agent'],
}
chocolateyfeature {'useChocolateyCentralManagementDeployments':
ensure => enabled,
require => Package['chocolatey-agent'],
}
}
chtof (maintainer) on 30 Jun 2019 12:51:17 +00:00:
User 'chtof' (maintainer) submitted package.
chocolatey-ops (reviewer) on 30 Jun 2019 13:26:32 +00:00:
powerfolder has passed automated validation. It may have or may still fail other checks like testing (verification).
Congratulations! This package passed automatic validation review without flagging on any issues the validator currently checks. A human review could still turn up issues a computer may not easily find.
chocolatey-ops (reviewer) on 30 Jun 2019 14:17:56 +00:00:
powerfolder has failed automated testing.
This is not the only check that is performed so check the package page to ensure a 'Ready' status.
Please visit https://gist.github.com/27f01e2f0e2fbffd8b670d8f2195b25b for details.
The package status will be changed and will be waiting on your next actions.
chtof (maintainer) on 30 Jun 2019 14:59:51 +00:00:
User 'chtof' (maintainer) submitted package.
chocolatey-ops (reviewer) on 30 Jun 2019 15:31:41 +00:00:
powerfolder has passed automated validation. It may have or may still fail other checks like testing (verification).
Congratulations! This package passed automatic validation review without flagging on any issues the validator currently checks. A human review could still turn up issues a computer may not easily find.
chocolatey-ops (reviewer) on 30 Jun 2019 16:13:06 +00:00:
powerfolder has failed automated testing.
This is not the only check that is performed so check the package page to ensure a 'Ready' status.
Please visit https://gist.github.com/5c3ea8cf2bd293bbf575db9a6bb7c8b8 for details.
The package status will be changed and will be waiting on your next actions.
chocolatey-ops (reviewer) on 20 Jul 2019 16:17:21 +00:00:
We've found powerfolder v14.4.0 in a submitted status and waiting for your next actions. It has had no updates for 20 or more days since a reviewer has asked for corrections. Please note that if there is no response or fix of the package within 15 days of this message, this package version will automatically be closed (rejected) due to being stale.
Take action:
If your package is failing automated testing, you can use the chocolatey test environment to manually run the verification and determine what may need to be fixed.
Note: We don't like to see packages automatically rejected. It doesn't mean that we don't value your contributions, just that we can not continue to hold packages versions in a waiting status that have possibly been abandoned. If you don't believe you will be able to fix up this version of the package within 15 days, we strongly urge you to log in to the site and respond to the review comments until you are able to.
chtof (maintainer) on 20 Jul 2019 17:22:04 +00:00:
Really strange, the URL https://my.powerfolder.com/dl/firSoD3LMSiXaonvfcs2TQf/PowerFolder_Latest_Installer.exe works from Windows 10 but not from chocolatey-test-environment.
I have also tried:
[Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls12
Invoke-WebRequest -Uri "https://my.powerfolder.com/dl/firSoD3LMSiXaonvfcs2TQf/PowerFolder_Latest_Installer.exe" -Headers @{"Upgrade-Insecure-Requests"="1"; "User-Agent"="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36"; "Accept"="text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3"; "Referer"="https://www.powerfolder.com/sync-and-share-download/"; "Accept-Encoding"="gzip, deflate, br"; "Accept-Language"="en-US,en;q=0.9"}
but it doesn't work:
Invoke-WebRequest : The request was aborted: Could not create SSL/TLS secure
Any idea/suggestion?
channel.
Pauby (reviewer) on 24 Jul 2019 08:19:00 +00:00:
We're looking at this internally just now. If you don't hear from us over the nxt few days give us a prod?
chocolatey-ops (reviewer) on 04 Aug 2019 16:18:05 +00:00:
Unfortunately there has not been progress to move powerfolder v14.4.0 towards an approved status within 15 days after the last review message, so we need to close (reject) the package version at this time. If you want to pick this version up and move it towards approval in the future, use the contact site admins link on the package page and we can move it back into a submitted status so you can submit updates.
Status Change - Changed status of package from 'submitted' to 'rejected'.
Pauby (reviewer) on 19 Aug 2019 14:56:52 +00:00:
Status Change - Changed status of package from 'rejected' to 'submitted'.
Pauby (reviewer) on 19 Aug 2019 15:18:16 +00:00:
There is a KB that I will need you to add as a dependency in order to get the TLS 1.2 working with the Chocolatey helpers on this. I'm looking at it now and will update as soon as I can.
chtof (maintainer) on 19 Aug 2019 16:39:12 +00:00:
User 'chtof' (maintainer) submitted package.
chocolatey-ops (reviewer) on 19 Aug 2019 17:14:03 +00:00:
powerfolder has passed automated validation. It may have or may still fail other checks like testing (verification).
Congratulations! This package passed automatic validation review without flagging on any issues the validator currently checks. A human review could still turn up issues a computer may not easily find.
chocolatey-ops (reviewer) on 19 Aug 2019 18:03:18 +00:00:
powerfolder has failed automated testing.
This is not the only check that is performed so check the package page to ensure a 'Ready' status.
Please visit https://gist.github.com/b7e87b484795a1c288e1a48842200ba5 for details.
The package status will be changed and will be waiting on your next actions.
chtof (maintainer) on 22 Aug 2019 13:21:21 +00:00:
Waiting for Paul KB.
Pauby (reviewer) on 30 Sep 2019 13:29:01 +00:00:
Hi Christophe,
The KB needed to work with TLS 1.2 is KB2919355 (https://chocolatey.org/packages/kb2919355). Can you add that as a dependency?
chtof (maintainer) on 01 Oct 2019 17:24:20 +00:00:
User 'chtof' (maintainer) submitted package.
chocolatey-ops (reviewer) on 01 Oct 2019 17:57:56 +00:00:
powerfolder has passed automated validation. It may have or may still fail other checks like testing (verification).
Congratulations! This package passed automatic validation review without flagging on any issues the validator currently checks. A human review could still turn up issues a computer may not easily find.
chocolatey-ops (reviewer) on 01 Oct 2019 20:01:17 +00:00:
powerfolder has failed automated testing.
This is not the only check that is performed so check the package page to ensure a 'Ready' status.
Please visit https://gist.github.com/ddde12b2d5ab5d6c6c013292801b7f11 for details.
The package status will be changed and will be waiting on your next actions.
chtof (maintainer) on 01 Oct 2019 20:07:54 +00:00:
Kb2919355 has been added on Paul recommendation. This kb needs a reboot and so, could you exempt this package from automated tests?
Pauby (reviewer) on 03 Oct 2019 10:31:34 +00:00:
Hi Christophe,
When installing the package I'm getting an error about hashes not matching.
chtof (maintainer) on 03 Oct 2019 10:52:31 +00:00:
User 'chtof' (maintainer) submitted package.
chocolatey-ops (reviewer) on 03 Oct 2019 11:26:29 +00:00:
powerfolder has passed automated validation. It may have or may still fail other checks like testing (verification).
Congratulations! This package passed automatic validation review without flagging on any issues the validator currently checks. A human review could still turn up issues a computer may not easily find.
chocolatey-ops (reviewer) on 03 Oct 2019 14:09:27 +00:00:
powerfolder has failed automated testing.
This is not the only check that is performed so check the package page to ensure a 'Ready' status.
Please visit https://gist.github.com/2f99d1ac5711e27206d33099b755e18a for details.
The package status will be changed and will be waiting on your next actions.
chtof (maintainer) on 05 Oct 2019 11:35:40 +00:00:
Rerun
Auto Verification Change - Verification tests have been set to rerun.
chocolatey-ops (reviewer) on 05 Oct 2019 12:37:28 +00:00:
powerfolder has failed automated testing.
This is not the only check that is performed so check the package page to ensure a 'Ready' status.
Please visit https://gist.github.com/9e7a46be13f4513dfafca75d92dd932c for details.
The package status will be changed and will be waiting on your next actions.
chtof (maintainer) on 05 Oct 2019 13:55:20 +00:00:
kb2919355 didn't solved the issue. As reminder:
"Really strange, the URL https://my.powerfolder.com/dl/firSoD3LMSiXaonvfcs2TQf/PowerFolderLatestInstaller.exe works from Windows 10 but not from chocolatey-test-environment.
I have also tried:
[Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls12
Invoke-WebRequest -Uri "https://my.powerfolder.com/dl/firSoD3LMSiXaonvfcs2TQf/PowerFolderLatestInstaller.exe" -Headers @{"Upgrade-Insecure-Requests"="1"; "User-Agent"="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36"; "Accept"="text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3"; "Referer"="https://www.powerfolder.com/sync-and-share-download/"; "Accept-Encoding"="gzip, deflate, br"; "Accept-Language"="en-US,en;q=0.9"}
but it doesn't work:
Invoke-WebRequest : The request was aborted: Could not create SSL/TLS secure
Any idea/suggestion?
channel."
flcdrg (reviewer) on 19 Oct 2019 09:23:09 +00:00:
Looking at the TLS info in Firefox, it indicates TLS1.3
chtof (maintainer) on 19 Oct 2019 09:39:31 +00:00:
Do you know a way to support TLS 1.3 in Windows 2013 (I haven't found such kb)?
Or do I have to add some logic to do not allow installation with W2003?
flcdrg (reviewer) on 19 Oct 2019 09:55:22 +00:00:
I think you'll need to add a dependency on .NET 4.7+
https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls
chtof (maintainer) on 19 Oct 2019 13:28:38 +00:00:
A new version has been released and have the same download link, that's why I request to reject this package version.
Status Change - Changed status of package from 'submitted' to 'rejected'.