0

I am building a windows docker image and use a package manager called choco for automating package installation. I would like to avoid downloading packages from the internet every time I modify and rebuild the dockerfile. Locally we run an Artifactory server that purpose But the package I am installing has hardcoded url value which is pointing to microsoft.com

In the package installation script here https://community.chocolatey.org/packages/visualcpp-build-tools#files

$packageName = 'visualcpp-build-tools'
$installerType = 'EXE'
$url = 'https://download.microsoft.com/download/5/A/8/5A8B8314-CA70-4225-9AF0-9E957C9771F7/vs_BuildTools.exe'
$checksum = 'E77D433C44F3D0CBF7A3EFA497101DE93918C492C2EBCAEC79A1FAF593D419BC'

How can I overcome this hardcoded Url value and force the install script to download the package from my local artifactory server?

Before discovering the hardcoded Url value inside the package installation script, I tried using the --source option with choco install as described in the guide here https://jfrog.com/blog/artifactory-as-a-caching-mechanism-for-package-managers/ but I noticed that the package is still downloaded from the internet.

Alin
  • 3
  • 1

1 Answers1

1

Packages on the Chocolatey Community Repository often can't include the original binaries due to licenses and distribution rights - leading to each user downloading the file from the source URL.

However, you can manually re-create the package with the downloaded file inside - to do so, you should:

  • Extract the relevant content of the nupkg file (e.g. the tools directory and nuspec file)
  • Download the file specified in URL (which is the file being downloaded repeatedly during the package installation) to the tools directory (or somewhere else within the package)
  • Replace the URL in URL with the relative path to the downloaded file
  • Run choco pack $PathToNuspecFile (in the root of the extracted files)
  • Upload the resultant nupkg file to your Artifactory instance

Alternatively, you could host the binary file on your Artifactory server and update URL to point to that. This would have the potential benefit of not downloading the full size if you had logic in the package that would short-circuit the installation before the actual install step, e.g. if you had gigantic MSU file you only wanted to download if you needed to apply it.

Finally, one of the parts of a licensed copy of Chocolatey for Business is the Package Internalizer.
This automates the process described above, allowing you to simply call choco download visualcpp-build-tools --internalize.

James Ruskin
  • 808
  • 7
  • 13
  • Where can I find the nupkg file? – Alin Nov 11 '22 at 12:44
  • You can either download it from the Chocolatey Community Repository, or your Artifactory instance. – James Ruskin Nov 11 '22 at 13:38
  • I got an error in the pack command "Cannot add part for the specified URI because it is already in the package." What does that mean and how to fix it? – Alin Nov 18 '22 at 18:12
  • Googling it indicates that it's likely down to your having two files that are evaluating to the same name attempting to be packaged. I'd guess that, if you unpacked the existing nupkg file, you may have some metadata left that should be cleaned up - but it's hard to tell without seeing what you've done, or any changes you've made. I'd recommend deleting `[Content_Types].xml`, the `package` directory, and the `rels` directory and retrying the pack command - if that works, I'll update my answer to mention not attempting to repack those files. – James Ruskin Nov 21 '22 at 11:30
  • 1
    Yes, that was it! All worked fine after removing a meta file called _rels/.rels – Alin Nov 21 '22 at 14:40