From where does chocolatey find the packages to download? For example if I am installing VirtualBox then from where does it find the latest package to download and is there any chance that it might download an outdated version?
Chocolatey from where does it find the package
1.8k views Asked by user3547774 At
1
There are 1 answers
Related Questions in CHOCOLATEY
- Facebook Api - Albums/Photos/Comments
- How to get Facebook subscriber count + friend count
- Firebase facebook authentication not working
- Facebook iOS SDK 4 error info.plist
- Why don't any of my facebook share buttons work?
- Can't perform authentication through facebook with Parse
- PlayN and Firefox issues
- How do I stop the facebook send widget from going off the screen?
- Add extended permissions - Facebook
- Pass image, summary, URL to Facebook share button in ASP.NET MVC
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Popular Tags
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Packages Are Found by Sources
Chocolatey uses the sources you have provided it to determine the location of the package. If you don't provide a source (or list of sources), it will use the default sources, which you can see by running
choco source list. You can add to or remove sources (such as the community package repository aka https://chocolatey.org/api/v2).Each source can have a priority, which defines the order that Chocolatey searches the sources to find a package. If a package is found on a higher priority source, that package version is used even if there is a newer version on another lower priority source.
Packages vs Software
A package in Chocolatey speak has a slightly different terminology than software.
For more terminology, check out https://chocolatey.org/docs/getting-started#terminology
VirtualBox Example
Let's use the VirtualBox package as an example to get started with...
Most likely you will find you haven't configured any additional sources (based on your question), so that means you likely only have the default community package repository you are using for a package source.
Have a look here:
https://chocolatey.org/packages/virtualbox#files
This shows you the contents of the Chocolatey package for VirtualBox. If you have a read through the chocolateyInstall.ps1 file you will see exactly where the binaries for this package are being downloaded from:
You can look in the files section of each Chocolatey package to find out where the installation files are coming from. Assuming that you haven't enabled the global acceptance of package installation through the Chocolatey features, you can actually view the installation scripts at the time of installation as well. i.e. when you do
choco install virtualboxyou will be prompted with 3 options,yes,no, andprint. In this case,printwill show you the installation script and you can see what is about to be downloaded/installed onto your machine.The only time that the above will be different is if the package that you are installing is what we refer to as an
embeddedpackage (which is more typical for organization use since they are hosting internal packages and are not subject to distribution rights like the public community repository). In embedded cases, the installation binaries are already contained within the chocolatey package, so there is no requirement for additional files to be downloaded. When using an embedded package, I would encourage you to look through the VERIFICATION.txt which should be contained within a Chocolatey package on the community repository to review instructions on where the embedded binary comes from, and a mechanism to verify that the contents are what they should be.Outdated Versions?
With respect to your other question:
In the case of VirtualBox, this is highly unlikely. If you click on the Package Source link from the package page on Chocolatey.org, you will see that you get taken to this location. This package is part of the Core Team Packages Repository. This repository is making use of the AU Chocolatey Automatic Package Updater Module. As a result, the packages within this repository are checked regularly (at present every 6 hours) for new software versions, and if there are any, they will automatically be pushed to Chocolatey.org. Packages within this repository are maintained by a team of volunteers (myself included) so there is a high chance that packages will be kept up to date that are in here.
However...
This is not the same for all packages that exist on Chocolatey.org's community package repository. The community repository is a community effort, and with almost 4500 packages, I am sure you can understand that some packages may not be as up to date as they could be. These should be evaluated on a case by case basis to ensure that this fit your requirements.
The final thing that I would say is that if up to date packages are your core concern, then you always have the option of NOT using the community repository. Since this is a community feed at the end of the day, it is NOT recommended for internal/production usage for organizations. Instead, you would want to look at pulling these packages internally within your own environment. This can be done either manually or by utilising the business options within Chocolatey.