🍫 Make Windows Tasty with Chocolatey

Chocolatey is one of the best sysadmin tools for Windows in existence.

Sunday, August 30, 2020 6:13 PM

Having recently switched from Ubuntu to Windows, I forgot how awfully Windows handled the software installation process. Updating all your packages is a nightmare and eventually you forget which applications you've installed to your system and. But if you want your Windows package installation experience to reflect more of what you'll find on Linux, use Chocolatey.

I had heard of Chocolatey before but I didn't have the opportunity to use it since I was rolling on Ubuntu. Having used it for about a week now, I can confidently say that it is one of the best sysadmin tools for Windows in existence.

There are plenty of other binary package managers out there for Windows but Chocolatey makes the experience simplistic and powerful. It has a consistent and easy to follow interface. It doesn't take a whole lot to get started and its certainly less complex than npm.

Using Chocolatey will be easy and intuitive if you've some sort of package manager before. Whether that would be apt or npm, they operate primarily in the same way.

🤔 How do I get started?

You should never trust any blog on the internet to tell you what to paste in your PowerShell console, especially with administrator privileges. You should verify with the official installation and usage instructions on Chocolatey's website.

Install Chocolatey

Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))

Installing a package

choco install <package name>

Want to find some software to install?

Head to https://chocolatey.org/packages

Want to upgrade all your packages at once?

choco upgrade all -y

Uninstalling a package

choco uninstall <package name>

List all the packages you've installed

clist --local

🔐 What about security?

If you're using the community repository, Chocolatey actually handles security pretty well. All packages have to be approved by a moderator before they can be made available and you can even audit each of the package files to make sure that they don't contain anything fishy.

This is the tools\chocolateyinstall.ps1 file for AWS CLI version 2:

$ErrorActionPreference = 'Stop';

$toolsDir   = "$(Split-Path -parent $MyInvocation.MyCommand.Definition)"
$url64      = 'https://awscli.amazonaws.com/AWSCLIV2-2.0.42.msi'
$checksum64 = 'a4a690235e48768183c692d3b0fb246ab6dbde41dc0d04ad98e680ca6b73c345'

$packageArgs = @{
  packageName   = $env:ChocolateyPackageName
  unzipLocation = $toolsDir
  fileType      = 'MSI'
  url64bit      = $url64
  softwareName  = 'AWS Command Line Interface v2*'
  checksum64    = $checksum64
  checksumType64= 'sha256'
  silentArgs    = "/qn /norestart /l*v `"$($env:TEMP)\$($packageName).$($env:chocolateyPackageVersion).MsiInstall.log`""
  validExitCodes= @(0, 3010, 1641)

Install-ChocolateyPackage @packageArgs

You can verify the installation URL for the package and the checksum of the package. If you notice something that doesn't look quite right, you can report the package directly to Chocolatey.

🏢 Enterprise considerations

If you're really serious about security or you plan on running Chocolatey for your organization, consider hosting your own Chocolatey repository server. You can read up more about that here.

🧐 How does Chocolatey work under the hood?

Windows geeks might be familiar with NuGet. It was built by a Microsoft affiliated non-profit and it serves as a package manager for .NET applications and libraries. Chocolatey is built on top of NuGet but was adapted for more consumer orientated software.

Whenever you install a Chocolatey package, you are downloading the source from a Chocolatey repository; wheter that be the public repository or one that you've rolled yourself. Typically, the package also includes a few automation scripts which are required to get the package installed correctly.

Once everything has been downloaded, Chocolatey handles running the automation scripts and if available checks the hashes in order to enforce download integrity.

By default, all the packages you install are in ChocolateyInstall\lib. This is because Chocolatey needs to track all your packages in order to install, update, and uninstall correctly.

You can read more about this process here.

I know this article ended up more like an advertisement for Chocolatey but I have really grown to like them. I'm not paid by them in any sort of way.