I am trying to undestand how Chocolatey knows which packages are isntalled locally from an algoritihim perspective.
Breaking a similair question down, it says packages are installed by listing %ChocolateyInstall%\lib - Further, it is not based on folders, but on the actual nupkg files in those folders.
However, changing the autohotkey.nuspec file contents and running choco list --localonly --trace does not change the listed version:
<?xml version="1.0"?>
<package xmlns="http://schemas.microsoft.com/packaging/2010/07/nuspec.xsd">
<metadata>
<id>autohotkey</id>
<version>1.1.34.03</version>
<title>AutoHotkey</title>
<authors>Lexikos</authors>
<owners>chocolatey-community</owners>
<licenseUrl>http://ahkscript.org/docs/license.htm</licenseUrl>
<projectUrl>http://ahkscript.org/</projectUrl>
<iconUrl>https://cdn.jsdelivr.net/gh/chocolatey-community/chocolatey-packages@edba4a5849ff756e767cba86641bea97ff5721fe/icons/autohotkey.png</iconUrl>
<requireLicenseAcceptance>true</requireLicenseAcceptance>
<description>AutoHotkey is a free, open source macro-creation and automation software utility that allows users to automate repetitive tasks. It is driven by a custom scripting language that is aimed specifically at providing keyboard shortcuts, otherwise known as hotkeys.
<summary>AutoHotkey is a free, open source macro-creation and automation software utility that allows users to automate repetitive tasks. It is driven by a custom scripting language that is aimed specifically at providing keyboard shortcuts, otherwise known as hotkeys.</summary>
<releaseNotes />
<tags>automation hotkeys scripting windows foss admin</tags>
<projectSourceUrl>https://github.com/Lexikos/AutoHotkey_L</projectSourceUrl>
<packageSourceUrl>https://github.com/chocolatey-community/chocolatey-packages/tree/master/automatic/autohotkey</packageSourceUrl>
<dependencies>
<dependency id="autohotkey.install" version="1.1.34.03" />
</dependencies>
</metadata>
</package>
I also see on the --trace command it is enumerating the C:\ProgramData\chocolatey\.chocolatey directory:
Chocolatey v0.12.1
Operating System Version Number: 10.0.22000.0
Initializing global mutex
Waiting on the mutex handle for 2000 milliseconds
Entered mutex to deserialize 'C:\ProgramData\chocolatey\.chocolatey\autohotkey.1.1.34.03\.files'
autohotkey 1.1.34.03
There is no nuspec file here, there is however a link to these files via the .files:
<?xml version="1.0" encoding="utf-8"?>
<fileSnapshot xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<files>
<file path="C:\ProgramData\chocolatey\lib\autohotkey\autohotkey.nupkg" checksum="EB9A1007BD3396C00FC3F81A1A263D7C" />
<file path="C:\ProgramData\chocolatey\lib\autohotkey\autohotkey.nuspec" checksum="35556D23E18F690885A5AFB8C2FD4450" />
<file path="C:\ProgramData\chocolatey\lib\autohotkey\tools\chocolateyInstall.ps1" checksum="808E7B237718D1A247D800E5ADA4EBD0" />
</files>
</fileSnapshot>
Is chocolatey implementing a custom C# NuGetProject class that enumerates the C:\ProgramData\chocolatey\.chocolatey directory, then following the files link to the nuspec file?
Also how does it verify the checksums, is this part of the nuget nuspec standard or something chocolatey is doing seperately?