Comments (7)
nathpete-msft
commented on May 21, 2024
1
@JudahGabriel in this specific case IrfanView does provide their own hosting, they just hide it under alternate downloads:
https://www.irfanview.info/files/iview454_x64.zip
I'd recommend taking a look at where manifests other package managers like Scoop are pulling from as a reference point. That's how I found that link for IrfanView:
https://github.com/lukesampson/scoop-extras/blob/master/bucket/irfanview.json
from winget-pkgs.
chausner
commented on May 21, 2024
1
@JudahGabriel in this specific case IrfanView does provide their own hosting, they just hide it under alternate downloads:
https://www.irfanview.info/files/iview454_x64.zip
Even that link is not a direct download:
iwr https://www.irfanview.info/files/iview454_x64.zip
StatusCode : 200
StatusDescription : OK
Content : <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html><head><meta
content="text/html; charset=ISO-8859-1"
http-equiv="content-type"><title>download: files/iview454_x64.zip</title>…
They deliberately got rid of all direct links.
You only get the direct download when setting the referer appropriately:
iwr https://www.irfanview.info/files/iview454_x64.zip -Headers @{Referer="https://www.irfanview.info/files/iview454_x64.zip"}
from winget-pkgs.
lavinir
commented on May 21, 2024
1
You can download the file and then check for the actual download link in your browser.
Those are usually dynamically generated links that expire. I'm also looking for a good solution to this but have not found one outside of hosting it myself.
from winget-pkgs.
JudahGabriel
commented on May 21, 2024
Follow up: I tried moving the installer to my own CDN and direct linking to that, but that doesn't work either. The PR fails saying it couldn't validate whether the installer contained malicious software. 🤷♀️🏳
The URL to the installer is on my CDN: https://winget.b-cdn.net/iview454_setup.exe
Exact error I'm getting:
The package manager bot determined there was an issue with one of the installers listed in the url field, and cannot continue. Please verify the installers are not malicious. If you feel this failure is in error, please file an issue.
I do feel it's in error.
from winget-pkgs.
denelon
commented on May 21, 2024
This has been something we've been investigating. We do SmartScreen and a few other checks to reduce the likelihood of malicious software ending up in the repository.
from winget-pkgs.
JaiganeshKumaran
commented on May 21, 2024
You can download the file and then check for the actual download link in your browser.
from winget-pkgs.
JudahGabriel
commented on May 21, 2024
Yep, these are dynamic links that are generated with a special token. This isn't a URL that can be used in winget packages; the link won't work.
This is again why winget needs to have its own CDN mirror of installers.
from winget-pkgs.
Related Issues (20)
- [Package Issue]: HuaWei.QuickAppIde HOT 3
- [Update Request]: PageEdit v2.1.0 HOT 1
- [Update Request]: OpenSC.OpenSC 0.25.1 HOT 1
- [Update Request]: HomeBank.HomeBank 5.7.4
- [Package Issue]: update Publisher Name/ID for packages of NewTek to NDI HOT 1
- [Package Request]: FreifunkMeet (Jitsi electron fork) HOT 1
- [Package Request]: Sailcut CAD
- [Package Issue]: Microsoft.SQLServerManagementStudio upgrade loop HOT 2
- [Package Request]: XyGrib HOT 2
- [Package Issue]: VideoLAN.VLC HOT 2
- [Package Issue]: Microsoft.VisualStudio.2022.Enterprise does not respect the servicing channel HOT 1
- [Package Issue]: Microsoft.PowerToys HOT 8
- [Package Issue]: GnuWin32.Grep HOT 1
- [Package Issue]: Microsoft.RemoteDesktopClient no start menu shortcut in machine scope HOT 2
- [Update Request]: Microsoft.VisualStudio.2022.Community HOT 1
- [Package Request]: New package: Microsoft.Promptflow version 1.7.0 HOT 1
- DisplayLink driver not updated HOT 1
- [Update Request]: Hydrus Network
- [Package Request]: Meinberg NTP
- [Package Request]: GameRanger HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from winget-pkgs.