Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
    Pieter De Decker
    @pieterdd
    @r15ch13 How many maintainers are there? Would one rogue maintainer be enough to distribute malware or are code reviews by at least one other maintainer enforced through GitHub's pull request system?
    Richard Kuhnt
    @r15ch13
    @pieterdd 5-6 (can't see the users list, only @lukesampson has these privileges). Currently there are no enforced code reviews on the master branch. So one maintainer is able distribute malware, yes. From the user list of https://github.com/scoopinstaller I can see that some of those maintainers don't have two-factor auth active also. Hm, this should be addressed.
    Pieter De Decker
    @pieterdd
    @r15ch13 Okay, good to know. I agree that mandatory two-factor would help make Scoop safer. While we're on this topic, have you guys ever considered adding an option to scoop install letting people view the JSON file before deciding if they want to proceed with the installation? That might be a simple way to give end users more power to see what they install.
    Pieter De Decker
    @pieterdd
    On second thought, maybe it's better if I just file a feature request on GitHub for that 😉
    Chawye Hsu
    @chawyehsu
    Currently, no. But you could use scoop info <app> and scoop virustotal <app> to dig into the package, before running scoop install <app>.
    scoop virustotal <app> is a good enough way to inspect and analyze suspicious files of a package, I think.
    Pieter De Decker
    @pieterdd
    Good tips, thanks!
    xeijin
    @xeijin

    May be of interest to some here:

    I don't always have access to PowerShell & Git to update my own external bucket, so using a modified appveyor.yml + checkver.ps1 I now automatically update any app manifests when the AppVeyor CI build runs:

    https://gitlab.com/xeijin-dev/propositum-bucket/blob/master/appveyor.yml

    xeijin
    @xeijin

    @xeijin, you probably copied the junction folders (e.g. 'current' and persisted directories) as folders. XCOPY does that. It's said that FastCopy does the trick (haven't tried it)

    By the way @niboan thanks for your help. I did eventually find the issue (though would have found it even quicker had I read your mention!)

    I was 7zip-ing the entire contents of the scoop folder for upload to BinTray as an artifact. However the .7z format doesn't support junctions/symlinks.

    To workaround this I first had to create a .tar archive with 7zip (which preserves the symlinks) and then create a .7z archive from the .tar to get the filesize down, as .tar doesn't support compression.

    Clint Priest
    @cpriest
    There's a problem w/ the keypirinha package that causes it to fail every time an update happens. (The keypirinha package contains a portable folder in the zip file and it fails on the attempt to persist that.) Where would I report that issue appropriately?
    Dan Schmidt
    @codeswish
    Hey, I'm confused about the difference between dotnet and dotnet-sdk. When I install dotnet, it says it is deprecated and to instead install dotnet-sdk. I install dotnet-sdk and uninstalled dotnet, but now I have no dotnet-cli. I uninstalled dotnet because I was having issues that I thought were related to it not using the current version .net sdk, not sure about this. Basically, I'm just wondering the scoop way of installing dotnet-sdk and the dotnet cli
    Dan Schmidt
    @codeswish
    Well, I just reinstalled dotnet and ran dotnet restore on my HelloWorld app and it is now working.
    Ross Smith II
    @rasa
    What’s up with WhatsApp? https://github.com/lukesampson/scoop-extras/search?q=whatsapp&type=Commits
    Richard Kuhnt
    @r15ch13
    probably some A/B testing on their side. We can't do much about that
    Sam Garfinkel
    @sgarfinkel
    Is there a way to change which bucket a current installation is using? I have my own parallel bucket that runs some post-installation scripts, but unfortunately I already installed the main version of some things. Rather than completely reinstall from my own bucket, I was hoping there might be some way to change which bucket scoop used to track future changes.
    Richard Kuhnt
    @r15ch13
    @sgarfinkel you could try to change the "install.json" which is located in every installed apps directory to use your bucket. The next run of scoop update <app> should use your bucket
    Sam Garfinkel
    @sgarfinkel
    @r15ch13 Ok, I will try that. Thanks!
    xeijin
    @xeijin
    Does anyone know what autohotkey doesnt make the necessary file associations with .ahk files when installed?
    I notice there's another package 'autohotkey-installer' which looks like it would fix the issue, but it requires UAC which is what I am generally trying to avoid with scoop...
    Clint Priest
    @cpriest
    file associations would need to be done in the registry which would require elevation anyways
    if you want to capture those though, you could run something like regshot or some other registry capture/diff tool while you run the installer
    xeijin
    @xeijin
    @cpriest thanks, will take a look.
    Tres Finocchiaro
    @tresf

    file associations would need to be done in the registry which would require elevation anyways

    Although this statement is true for HKEY_CLASSES_ROOT, user file associations can be placed in HKEY_CURRENT_USER\Software\Classes\ without elevation.

    equinox
    @equinox
    @r15ch13 Hey, when you get a spare moment, could you take a look at why cygwin isn't updating beyond 2.895? I think it's because the sha512 aren't being updated on https://cygwin.com/sha512.sum but I have no idea how to help resolve the issue. Version 2.895 is from back in October '18, whereas it's at 3.0.1 as of a week or two ago. Thanks!
    Yannick Schinko
    @BrainStone
    Hi there. After installing dig, I'm unable to run it through the GitBash.
    I'm getting this error: C:/Users/<me>/scoop/shims/dig.exe: error while loading shared libraries: ?: cannot open shared object file: No such file or directory
    It works fine from the powershell
    Any idea what's wrong?
    Ross Smith II
    @rasa
    @equinox Setup’s version is still 2.895. The Cygwin.dll’s version is 3.01. They should list setup’s version number to avoid the confusion.
    equinox
    @equinox
    @rasa cheers for the response and yeah they should, it sure confused the heck out of me!
    Clint Priest
    @cpriest
    Would it be possible to require a description for a package manifest?
    The library is growing so quickly it's hard to keep up with everything available, going through scoop info followed by scoop home (because there is no short description) is a bit annoying
    Richard Kuhnt
    @r15ch13
    @cpriest might be a good thing. Currently there are many manifest without a description that need to be updated before we make it a requirement.
    Richard Kuhnt
    @r15ch13
    The following command lists all manifests without a description:
    Get-ChildItem bucket\*.json | % { @{ file = $_; json = $(Get-Content $_ | ConvertFrom-Json)} } | ? { $null -eq $_.json.description } | % { $_.File.FullName }
    Clint Priest
    @cpriest
    I'd be happy to try and contribute descriptions to those that aren't fitting the requirement yet
    Mathias Hermansson
    @se35710

    Can we change the version logic when running scoop update <manifest> to always install the bucket version even if it evaluates to a "lower" version then what is currently installed?

    Reasons:

    1. Upstream rollback of version, eg downgrade because of bug or other reasons.
    2. "-" in version, for example almost all java packages (11-33 versus 11.0.2-12).
    Bruce Sun
    @athrunsun
    Hey guys, what happens if I define both jp and regex of hash in autoupdate? Will it use that regex to extract hash from the json result (extracted by that jsonpath)?
    Richard Kuhnt
    @r15ch13
    @athrunsun No jsonpath and regex don't work together for autoupdate.hash.
    Lin Kun
    @ssfjhh
    What is the checkver used for?
    If scoop need developers' PR to update app to new version?
    Richard Kuhnt
    @r15ch13
    checkver is for checking for program updates and downloading/calculating the checksum. It updates the *.json file and you can create a pull-request. (all apps in official bucket get updated automatically by https://github.com/ScoopInstaller/Excavator)
    Lin Kun
    @ssfjhh
    It's my understanding that developers don't need to creat a PR to update a APP's version. You may update them termly via this Excavator?
    Am I right?
    How offen you update the apps in offcial bucket?
    Richard Kuhnt
    @r15ch13
    The update service runs every hour. As long as the developers of an app don't change the URL or use a crazy version number (that doesn't match the checkver information of the json file) then it will get updated. The logfiles can be found here: https://scoop.r15.ch/
    Lin Kun
    @ssfjhh
    scoop is much better than I thought.
    Bruce Sun
    @athrunsun
    @r15ch13 Thanks for your reply. Does scoop reset also recreating shortcuts (.lnk) for apps?
    Richard Kuhnt
    @r15ch13
    @athrunsun yes it does
    Bruce Sun
    @athrunsun
    @r15ch13 OK, thank you very much!
    Bruno Bigras
    @bbigras
    On https://scoop.sh/, the "programs" link is broken
    it points to https://github.com/lukesampson/scoop/tree/master/bucket