Comments (7)
We are running a background process to check and see if the "Sha256" for an installer is still valid for the manifests. There is still work to automatically generate new manifests when files change.
One of the primary use cases for package managers is to be able to install a specific version of a package. If we only have access to a "latest" version of a package from the source, this creates challenges. We're considering additional meta-data in the manifest to identify these kinds of packages.
from winget-pkgs.
We've introduced automation to generate a valid manifest with the correct hash with the installer has changed at the URL provided by a manifest.
from winget-pkgs.
Related discussion: https://github.com/microsoft/winget-pkgs/issues/278
from winget-pkgs.
The challenge here is the SHA256 hash of the installer. The "latest" manifest would become invalid as soon as the newer "version" showed up with a different hash. We also run static analysis on any binary before it is included in the repository.
May users are intentional about wanting specific versions of software.
from winget-pkgs.
How about including a list of versions inside the manifest?
There could be a 'lastest' version and then also additional, fixed versions if there are download URLs for those.
This would sovle the problem of wrong version numbers if there's only a dynamic download URL where a specific version can't be selected.
It would also enable functionality like winget show <app-name> --versions
to list all available versions and executing winget install <app-name> -v 'x.x.x'
.
The static versions could be kept up-to-date, but this solution would prevent packages from becoming outdated simply because the latest version hasn't been pushed to the repo yet, which sometimes is the case with (linux) package managers.
from winget-pkgs.
VLC is interesting in that the SHA is located next to the download for latest. I don't know if this is a common pattern, but would a SHA at the same directory of the download be an avenue to consider?
from winget-pkgs.
@Chaphasilor we're looking at a few options, but we're likely to avoid trying to list every version of a package in a single manifest. Any time any of them changed, or became unavailable, we'd have to modify the manifest. We do list the versions for all current manifests:
'winget show vscode --versions'
'winget show --name Git -e --versions'
from winget-pkgs.
Related Issues (20)
- [Package Request]: ldplayer HOT 2
- [Package Request]: Sumatra PDF HOT 2
- [Package Issue]: Deepl.Deepl installer hash mismatch
- [Package Issue]: FreedomScientific.JAWS.2023 HOT 2
- [Package Request]: Microsoft Powershell Core (Preview) HOT 2
- [Update Request]: Betterbird
- [Update Request]: Update Vesktop to 1.5.2
- [Update Request]: Update Git to 2.45.1 HOT 5
- [Package Issue]: ZAP.ZAP detected by Microsoft Defender Antivirus as PUA HOT 14
- [Update Request]: Microsoft PIX HOT 1
- [Update Request]: WinRAR
- [Package Request]: Cakewalk
- [Package Issue]: Python.Python override causes installer to ignore scope HOT 7
- [Package Request]: Pixia
- [Package Issue]: AltSnap.AltSnap
- [Update Request]: Neovim version 0.10.0
- [Update Request]: Balsamiq Wireframes version 4.7.5 - Current version 4.7.4 unable do install via winget!
- [Update Request]: agentransack
- [Package Issue]: Microsoft.PowerBI HOT 1
- [Package Issue]: Google.PlayGames.Beta
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from winget-pkgs.