1
0
I am attempting to install Conemu using Chocolatey. It appears that the Canonical package references SourceForge, a know malware/spyware source:
$package = 'ConEmu'
$version = '15.06.29'
$stage = 'Preview'
$isSytem32Bit = (($Env:PROCESSOR_ARCHITECTURE -eq 'x86') -and `
($Env:PROCESSOR_ARCHITEW6432 -eq $null))
$os = if ($isSytem32Bit) { "x86" } else { "x64" }
$url = "https://downloads.sf.net/project/conemu/$stage/ConEmuSetup.$($version.replace('.','')).exe?use_mirror=autoselect"
# MSI installer, but packed inside wrapper to select x86 or x64
# version. Therefore, treat it as EXE type.
$params = @{
PackageName = $package;
FileType = 'exe';
SilentArgs = "/p:$os /passive";
Url = $url;
Url64bit = $url;
}
Install-ChocolateyPackage @params
# Done
As a result, attempts to install Conemu fails in a corporate environment (sf.net is blocked by the firewall).
I've attempted to specify the latest GitHub package, but have been unsuccessful:
PS> choco install conemu -s "https://github.com/Maximus5/ConEmu/releases/download/v15.06.29/ConEmuSetup.150629.exe" --version=15.06.29
Chocolatey v0.9.9.8 Installing the following packages: conemu By installing you accept licenses for the packages. conemu not installed. The package was not found with the source(s) listed. If you specified a particular version and are receiving this message, it is possible that the package name exists but the version does not. Version: "15.06.29" Source(s): "https://github.com/Maximus5/ConEmu/releases/download/v15.06.29/ConEmuSetup.150629.exe"
Chocolatey installed 0/1 package(s). 1 package(s) failed. See the log for details (C:\ProgramData\chocolatey\logs\chocolatey.log). Failures: - conemu
What am I missing?
BTW, what's a crazy corporate decision to ban whole site in case of a few pages had adware? There is no guarantee at all that other sites, github for example, have no adware in users' binaries! – Maximus – 2015-07-01T15:30:31.733
Seems like a reasonable policy to me. I spent an hour trying to remove adware from one of my relative's macs. Now imaging the time it would take to do that if 1000s of workstations are infected. While the Github repo may have included that in the project, Github itself doesn't do that. – Craig – 2015-07-01T16:52:23.813
1In a corporate environment, I would expect folks not to be using/depending on the community feed and instead creating their own packages, hosting the underlying native installer binaries (or embedding them in the pkgs), and hosting their own internal choco server. Trusting the internet is kind of a scary proposition, especially for production purposes. But I am not sure what the OPs use is. – ferventcoder – 2015-07-02T03:39:45.207
I'm guessing based on installing ConEmu is that it is more end user (developer) driven and you are just running into corporate policy? – ferventcoder – 2015-07-02T03:43:00.660
@Maximus apparently sourceforge malware in one case at least, is so pervasive even a techie can shoot himself. http://blog.tedd.no/2014/11/25/sourceforge-malware/
– barlop – 2015-07-02T09:45:16.137@ferventcoder, perhaps you could move FileZilla's project to Github, too. – Craig – 2015-07-02T13:46:21.010
@Craig It's not my project, you will want to follow up with the software developers for FileZilla with that question. – ferventcoder – 2015-07-02T15:37:48.007