-
Notifications
You must be signed in to change notification settings - Fork 905
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Chocolatey doesn't elevate #434
Comments
@Link-Satonaka you've probably had a look through Start-ChocolateyProcessAsAdmin. https://github.com/chocolatey/choco/blob/master/src/chocolatey.resources/helpers/functions/Start-ChocolateyProcessAsAdmin.ps1#L66 is the line where it passes If you wouldn't mind, use |
Also, if you haven't had a chance, you should read up on why you need to change the default install location - https://github.com/chocolatey/choco/wiki/Installation#non-administrative-install Note that non-admins can write to the default install location, but they cannot append or modify existing files. We are locking this down further in 0.9.9.9, see #398. |
Noted, thanks. It's strange, the paint.net installer will request elevation if run, but when passed through Start-ChocolateyProcessAsAdmin, it fails with |
Do you have a debug log for this one? |
Using this install script http://sprunge.us/MTGd $packageName = 'paint.net'
$fileType = 'EXE'
$silentArgs = '/auto DESKTOPSHORTCUT=0'
$url = '{{DownloadUrl}}'
# Zipped installer
Get-ChocolateyWebFile $packageName "$ENV:Temp\paint.net.install.zip" $url
Get-ChocolateyUnzip "$ENV:Temp\paint.net.install.zip" "$ENV:Temp\pdn"
$installFile = Get-ChildItem -Path "$ENV:Temp\pdn" -Recurse -Include "*.exe" | Select-Object -First 1
# elevation bug
Install-ChocolateyPackage $packageName $fileType $silentArgs $installFile
#Start-Process -FilePath "$installFile" -ArgumentList "$silentArgs" -Verb Runas Dump of the log |
Once you've downloaded the file, you should use |
I wonder what may have changed with Windows 10 and elevation. Apparently it may not be enough to use RunAS anymore. |
Did not know about |
Right now you are copying the file onto itself. |
OK, yeah I noticed it copied the file when using |
I can confirm that choco just fails on non-admin console on win10. |
The problem is that I've seen named pipes mooted as a hairy workaround. But I have a slightly less hairy workaround. First use Would it be ok to stick such a private, intermediary, script in the same |
Probably not. We are working on rewriting these functions into c# cmdlets. We won't have the same issues when we do that (I know this for a fact as that is what shimgen does already). |
Using Win10, no new issues for me since 8.1 with chocolatey, @yurikoles |
Understandable.
OK, I'm still pretty sure about my diagnosis. I presume shimgen isn't redirecting stderr? Here's a minimal testcase. It doesn't invoke UAC, because UseShellExecute = false to allow RedirectStandardError = true. using System.Diagnostics;
namespace StartProcessTest
{
class Program
{
static void Main(string[] args)
{
var procInfo = new ProcessStartInfo("notepad");
procInfo.RedirectStandardError = true;
procInfo.UseShellExecute = false;
procInfo.Verb = "runas";
Process.Start(procInfo);
}
}
} |
Actually, it appears that we do switch on UseShellExecute to true, but somehow we are still redirecting StdErr? |
It's done through EnableRaisingEvents though |
Interesting. Honestly, I'm a bit confused. Regardless, I'll leave this for now given the planned rewrite. @Link-Satonaka, for an ugly interim workaround, I suggest you comment out the following lines of $psi.RedirectStandardError = $true # L59
$psi.UseShellExecute = $false # L60
$s.StandardError.ReadToEnd() | Out-File $errorFile # L81
$innerError = Get-Content $errorFile | Out-String # L88 |
@ferventcoder why don't you use git-flow approach to resolve this issue in stable to don't keep users waiting for rewrite? |
@Link-Satonaka are your Win10 instance is clean install or upgrade? I have a clean install one from 1511 ISO. |
@yurikoles I'm not quite sure what you are referring to. If you are talking about a quick fix and then a permanent fix later, that really doesn't have anything to do with git-flow. And really neither does stable vs master. Git Flow is an approach to development but it doesn't dictate where one should resolve an issue. Most common workflows would do a bug fix in the stable branch. |
@yurikoles rewrite - Now I understand. We already pushed master to stable in preparation for 0.9.10. If we think this is a big enough issue, I can create a 0.9.9.x branch off of the last tag and move forward there. However I am working on a possible fix right now. |
pleaserino fixerino the bugerino it's very annoying to have to run cmd/powershell in admin mode every time |
This is a dealbreaker for me. I would expect (being a long time Windows user) to just be able to run a choco install command and not have to worry about it. When elevation is needed, Windows will prompt me. Instead I get this wall of text saying I need to run my terminal as admin. I am very happy to use Windows Terminal nowadays and it has really improved my workflow by a lot. I have all my git bash, wsl and powershell windows neatly in tabs inside one window. It would thus really hurt my workflow to open a new cmd window as admin just to execute choco commands and I'd rather just execute a downloaded installer because of this. please fix. If you do, that's one step closer to unix for developers and one argument less to ditch Windows for Ubuntu or something. |
Here's a few very basic functions you can add to your powershell profile to maintain a good workflow. Function cupall {
$env:LOCALAPPDATA = "C:\Users\$env:USERNAME\AppData\Local"
$env:USERPROFILE = "C:\Users\$env:USERNAME"
Start-Process -FilePath 'powershell.exe' -ArgumentList 'cup all -y; Read-Host' -Verb RunAs
}
Function cinst {
param (
[Parameter(Mandatory = $true)]
[string]$package
)
$env:LOCALAPPDATA = "C:\Users\$env:USERNAME\AppData\Local"
$env:USERPROFILE = "C:\Users\$env:USERNAME"
Start-Process -FilePath 'powershell.exe' -ArgumentList "cinst $package; Read-Host" -Verb RunAs
}
Function cuninst {
param (
[Parameter(Mandatory = $true)]
[string]$package
)
$env:LOCALAPPDATA = "C:\Users\$env:USERNAME\AppData\Local"
$env:USERPROFILE = "C:\Users\$env:USERNAME"
Start-Process -FilePath 'powershell.exe' -ArgumentList "cuninst $package; Read-Host" -Verb RunAs
} |
Hey. Is there any updates on this issue? |
@technic This is on the backlog but isn't something we have prioritized just now. |
Any updates? |
If we are working on an issue we will update the labels, add comments etc. You'd see some activity here. We're not working on this at the moment. To set expectations, we don't have any plans in the immediate future. It is something we do want to look at and implement, if possible, but have no timescales to share. |
Testing this with a simple test-case package which just calls This continues until the machine runs out of memory and Windows seems to sometimes prompt to kill the misbehaving process tree. As is noted in our documentation, the non-admin installation configuration is... not straightforward and we don't expect this kind of thing to work in a lot of cases. There may be something to be said for the |
This is an unbelievable shame ...and perhaps it will help the project to understand why potential customers quickly remove Chocolatey from the evaluation:
So one of the most important key features for a tool like Chocolatey is:
So we are curious to see whether Choco will manage to provide this trivial basic function in the next decade - I hope it very much, because Chocolatey has som really great features 😃 |
With Chocolatey for Business Self Service, elevation happens in the background, so the user isn't prompted to do anything. This is not a feature of Chocolatey FOSS. Are you using Chocolatey for Business? |
First- I'm using the proper User / Admin configuration that the Windows userbase tend to scoff at. That is, I use a "User" account, and when I "Run as Admin" UAC runs the executable under an entirely different "Admin" account. This is par for the course in linux, but as I'm sure you're aware most Windows users tend to just create one Administrative account and call it a day.
I bring this up because there's a good chance this is the root of the issue- something is written so that it works in an Administrative account and doesn't actually properly utilize UAC. I don't really know anything about how chocolatey is set up, but I do know that the powershell
Start-Process $process -Verb Runas
correctly requests elevation for both User and Admin type accounts.
The problem: chocolatey does not elevate processes for me. Many installers internally request elevation, so the problem appears intermittent, but I'm fairly certain chocolatey consistently fails every time it tries to elevate a process itself. As such, whichever packages in the repo that rely on chocolatey to elevate WILL fail unless I run cinst from an administrative powershell terminal.
The text was updated successfully, but these errors were encountered: