Downloads:
8,192
Downloads of v 2018.12.22:
279
Last Update:
28 Dec 2018
Package Maintainer(s):
Software Author(s):
- Bill Curran
Tags:
(unofficial) Chocolatey .nuspec Checker (Script)
This is not the latest version of (unofficial) Chocolatey .nuspec Checker (Script) available.
- 1
- 2
- 3
2018.12.22 | Updated: 28 Dec 2018
Downloads:
8,192
Downloads of v 2018.12.22:
279
Maintainer(s):
Software Author(s):
- Bill Curran
(unofficial) Chocolatey .nuspec Checker (Script) 2018.12.22
This is not the latest version of (unofficial) Chocolatey .nuspec Checker (Script) available.
Legal Disclaimer: Neither this package nor Chocolatey Software, Inc. are affiliated with or endorsed by Bill Curran. The inclusion of Bill Curran trademark(s), if any, upon this webpage is solely to identify Bill Curran goods or services and not for commercial purposes.
- 1
- 2
- 3
All Checks are Passing
3 Passing Tests
Deployment Method: Individual Install, Upgrade, & Uninstall
To install (unofficial) Chocolatey .nuspec Checker (Script), run the following command from the command line or from PowerShell:
To upgrade (unofficial) Chocolatey .nuspec Checker (Script), run the following command from the command line or from PowerShell:
To uninstall (unofficial) Chocolatey .nuspec Checker (Script), run the following command from the command line or from PowerShell:
Deployment Method:
This applies to both open source and commercial editions of Chocolatey.
1. Enter Your Internal Repository Url
(this should look similar to https://community.chocolatey.org/api/v2/)
2. Setup Your Environment
1. Ensure you are set for organizational deployment
Please see the organizational deployment guide
2. Get the package into your environment
Option 1: Cached Package (Unreliable, Requires Internet - Same As Community)-
Open Source or Commercial:
- Proxy Repository - Create a proxy nuget repository on Nexus, Artifactory Pro, or a proxy Chocolatey repository on ProGet. Point your upstream to https://community.chocolatey.org/api/v2/. Packages cache on first access automatically. Make sure your choco clients are using your proxy repository as a source and NOT the default community repository. See source command for more information.
- You can also just download the package and push it to a repository Download
-
Open Source
-
Download the package:
Download - Follow manual internalization instructions
-
-
Package Internalizer (C4B)
-
Run: (additional options)
choco download choco-nuspec-checker --internalize --version=2018.12.22 --source=https://community.chocolatey.org/api/v2/
-
For package and dependencies run:
choco push --source="'INTERNAL REPO URL'"
- Automate package internalization
-
Run: (additional options)
3. Copy Your Script
choco upgrade choco-nuspec-checker -y --source="'INTERNAL REPO URL'" --version="'2018.12.22'" [other options]
See options you can pass to upgrade.
See best practices for scripting.
Add this to a PowerShell script or use a Batch script with tools and in places where you are calling directly to Chocolatey. If you are integrating, keep in mind enhanced exit codes.
If you do use a PowerShell script, use the following to ensure bad exit codes are shown as failures:
choco upgrade choco-nuspec-checker -y --source="'INTERNAL REPO URL'" --version="'2018.12.22'"
$exitCode = $LASTEXITCODE
Write-Verbose "Exit code was $exitCode"
$validExitCodes = @(0, 1605, 1614, 1641, 3010)
if ($validExitCodes -contains $exitCode) {
Exit 0
}
Exit $exitCode
- name: Install choco-nuspec-checker
win_chocolatey:
name: choco-nuspec-checker
version: '2018.12.22'
source: INTERNAL REPO URL
state: present
See docs at https://docs.ansible.com/ansible/latest/modules/win_chocolatey_module.html.
chocolatey_package 'choco-nuspec-checker' do
action :install
source 'INTERNAL REPO URL'
version '2018.12.22'
end
See docs at https://docs.chef.io/resource_chocolatey_package.html.
cChocoPackageInstaller choco-nuspec-checker
{
Name = "choco-nuspec-checker"
Version = "2018.12.22"
Source = "INTERNAL REPO URL"
}
Requires cChoco DSC Resource. See docs at https://github.com/chocolatey/cChoco.
package { 'choco-nuspec-checker':
ensure => '2018.12.22',
provider => 'chocolatey',
source => 'INTERNAL REPO URL',
}
Requires Puppet Chocolatey Provider module. See docs at https://forge.puppet.com/puppetlabs/chocolatey.
4. If applicable - Chocolatey configuration/installation
See infrastructure management matrix for Chocolatey configuration elements and examples.
This package was approved by moderator gep13 on 03 Jan 2019.
choco-nuspec-checker (CNC) is a PowerShell script designed for Chocolatey package maintainers (creators) to check Chocolatey .nuspec files for common errors and ommisions.
FEATURES:
- CNC checks for all tags and reports if any are missing
- CNC checks for common oversights and reports about them
- CNC checks for common verifier warnings
If you find choco-nuspec-checker useful please consider donating: https://www.paypal.me/bcurran3donations or become a patron at https://www.patreon.com/bcurran3
$packageName = 'choco-nuspec-checker'
$script = 'CNC.ps1'
Remove-Item "$env:ChocolateyInstall\bin\$script" -Force | Out-Null
# CNC.ps1 Copyleft 2018 by Bill Curran AKA BCURRAN3
$CNCver = "2018.12.28" # Version of this script
Write-Host
Write-Host "CNC.ps1 v$CNCver - (unofficial) Chocolatey .nuspec Checker ""CNC - Put it through the Bill.""" -ForegroundColor white
Write-Host "Copyleft 2018 Bill Curran ([email protected]) - free for personal and commercial use" -ForegroundColor white
# Get and parse .nuspec in current directory
#ENCHANCEMENT: Should accept a filespec and use that as well
$LocalnuspecFile = Get-Item *.nuspec
if (!($LocalnuspecFile)) {
Write-Warning "No .nuspec file found."
return
}
# Validate that URL elements are actually URLs and verify the URLs are good
function Validate-URL([string]$element,[string]$url){
if (($url -match "http://") -or ($url -match "https://")){
$HTTP_Request = [System.Net.WebRequest]::Create("$url")
$HTTP_Response = $HTTP_Request.GetResponse()
$HTTP_Status = [int]$HTTP_Response.StatusCode
$HTTP_Response.Close()
if ($HTTP_Status -eq 200) {
# do nothing, it's good!
} else {
Write-Warning " ** $element - $url looks like a bad or non-responding URL, please check."
}
} else {
Write-Warning " ** $element - ""$url"" is not a valid URL"
}
}
# Import package.nuspec file to get values
$nuspecXML = $LocalnuspecFile
[xml]$nuspecFile = Get-Content $nuspecXML
$NuspecAuthors = $nuspecFile.package.metadata.authors
$NuspecBugTrackerURL = $nuspecFile.package.metadata.bugtrackerurl
$NuspecConflicts = $nuspecFile.package.metadata.conflicts # Built for the future
$NuspecCopyright = $nuspecFile.package.metadata.copyright
$NuspecDependencies = $nuspecFile.package.metadata.dependencies # Not fully implemented yet
$NuspecDescription = $nuspecFile.package.metadata.description
$NuspecDocsURL = $nuspecFile.package.metadata.docsurl
$NuspecFiles = $nuspecFile.package.files.file # Not fully implemented yet
$NuspecIconURL = $nuspecFile.package.metadata.iconurl
$NuspecID = $nuspecFile.package.metadata.id
$NuspecLicenseURL = $nuspecFile.package.metadata.licenseurl
$NuspecMailingListURL = $nuspecFile.package.metadata.mailinglisturl
$NuspecOwners = $nuspecFile.package.metadata.owners
$NuspecPackageSourceURL = $nuspecFile.package.metadata.packagesourceurl
$NuspecProjectSourceURL = $nuspecFile.package.metadata.projectsourceurl
$NuspecProjectURL = $nuspecFile.package.metadata.projecturl
$NuspecProvides = $nuspecFile.package.metadata.provides # Built for the future
$NuspecReleaseNotes = $nuspecFile.package.metadata.releasenotes
$NuspecReplaces = $nuspecFile.package.metadata.replaces # Built for the future
$NuspecRequireLicenseAcceptance = $nuspecFile.package.metadata.requirelicenseacceptance
$NuspecSummary = $nuspecFile.package.metadata.summary
$NuspecTags = $nuspecFile.package.metadata.tags
$NuspecTitle = $nuspecFile.package.metadata.title
$NuspecVersion = $nuspecFile.package.metadata.version
# Report empty elements and misc possible oversights
Write-Host
Write-Host "CNC summary of "$LocalnuspecFile.Name":" -ForegroundColor Magenta
if (!($NuspecAuthors)) {Write-Warning " ** <authors> element is empty, this element is a requirement."}
if (!($NuspecBugTrackerURL)) {
Write-Warning " ** <bugTrackerUrl> - element is empty"
} else {
Validate-URL "<bugTrackerUrl>" $NuspecBugTrackerURL
}
#if (!($NuspecConflicts)) {Write-Warning " ** <conflicts> element is empty"} # Built for the future
if (!($NuspecCopyright)) {Write-Warning " ** <copyright> - element is empty"}
if (!($NuspecDependencies)) {Write-Warning " ** <dependencies> - element is empty"}
if (!($NuspecDescription)) {Write-Warning " ** <description> - element is empty, this element is a requirement."}
if (!($NuspecDocsURL)) {
Write-Warning " ** <docsUrl> - element is empty"
} else {
Validate-URL "<docsUrl>" $NuspecDocsURL
}
if (!($NuspecFiles)) {Write-Warning " ** <files> - element is empty"}
if (!($NuspecIconURL)) {
Write-Warning " ** <iconUrl> - element is empty"
} else {
Validate-URL "<iconUrl>" $NuspecIconURL
}
if ($NuspecIconURL -match "raw.githubusercontent"){
Write-Warning " ** <iconUrl> - Your package icon links directly to GitHub. Please use a CDN such as:"
Write-Host " https://www.staticaly.com, https://raw.githack.com, or https://gitcdn.link." -ForeGround Cyan
}
if ($NuspecIconURL -match "cdn.rawgit.com"){
Write-Warning " ** <iconUrl> - Your package icon uses RawGit CDN. It will be going offline in October 2019. Please change to a CDN such as:"
Write-Host " https://www.staticaly.com, https://raw.githack.com, or https://gitcdn.link." -ForeGround Cyan
}
$AcceptableIconExts=@("png","svg")
$IconExt=($NuspecIconURL | Select-String -Pattern $AcceptableIconExts)
if (!($IconExt)){
Write-Warning " ** <iconURL> - .PNG and .SVG are the preferred package icon file types."
}
if (!($NuspecID)) {Write-Warning " ** <id> - element is empty, this element is a requirement."}
if (!($NuspecLicenseURL)) {
Write-Warning " ** <licenseUrl> - element is empty"
} else {
Validate-URL "<licenseUrl>" $NuspecLicenseURL
}
if (!($NuspecMailingListURL)) {
Write-Warning " ** <mailingListUrl> - element is empty"
} else {
Validate-URL "<mailingListUrl>" $NuspecMailingListURL
}
if (!($NuspecOwners)) {Write-Warning " ** <owners> element is empty, this element is a requirement."}
if (!($NuspecPackageSourceURL)) {
Write-Warning " ** <packageSourceUrl> - element is empty"
} else {
Validate-URL "<packageSourceUrl>" $NuspecPackageSourceURL
}
if (!($NuspecProjectSourceURL)) {
Write-Warning " ** <projectSourceUrl> - element is empty"
} else {
Validate-URL "<projectSourceUrl>" $NuspecProjectSourceURL
}
if (!($NuspecProjectURL)) {
Write-Warning " ** <projectUrl> - element is empty, this element is a requirement."
} else {
Validate-URL "<projectUrl>" $NuspecProjectURL
}
#if (!($NuspecProvides)) {Write-Warning " ** <provides> element is empty"} # Built for the future
if (!($NuspecReleaseNotes)) {Write-Warning " ** <releaseNotes> element is empty"}
#if (!($NuspecReplaces)) {Write-Warning " ** <replaces> element is empty"} # Built for the future
if (!($NuspecRequireLicenseAcceptance)) {Write-Warning " ** <requireLicenseAcceptance> - element is empty"}
if (!($NuspecSummary)) {Write-Warning " ** <summary> - element is empty"}
if (!($NuspecTags)) {Write-Warning " ** <tags> - element is empty"}
if (!($NuspecTitle)) {Write-Warning " ** <title> - element is empty, this element is a requirement."}
if (!($NuspecVersion)) {Write-Warning " ** <version> - element is empty, this element is a requirement."}
if ($NuspecAuthors -eq $NuspecOwners){
Write-Warning " ** <owners> and <authors> elements are the same. This will trigger a message from the verifier:"
Write-Host 'The package maintainer field (owners) matches the software author field (authors) in the nuspec. The reviewer will ensure that the package maintainer is also the software author.' -ForeGround Cyan
}
if ($NuspecProjectURL -eq $NuspecProjectSourceURL){
Write-Warning " ** <projectUrl> and <projectSourceUrl> elements are the same. This will trigger a message from the verifier:"
Write-Host 'ProjectUrl and ProjectSourceUrl are typically different, but not always. Please ensure that projectSourceUrl is pointing to software source code or remove the field from the nuspec.' -ForeGround Cyan
}
if ($NuspecTags -match "chocolatey"){
Write-Warning " ** There is a tag named chocolatey. This will trigger a message from the verifier:"
Write-Host 'Tags (tags) should not contain 'chocolatey' as a tag. Please remove that in the nuspec.' -ForeGround Cyan
}
Write-Host
Write-Host "Found CNC.ps1 useful?" -ForegroundColor white
Write-Host "Buy me a beer at https://www.paypal.me/bcurran3donations" -ForegroundColor white
Write-Host "Become a patron at https://www.patreon.com/bcurran3" -ForegroundColor white
return
# TDL
# show dependencies and version - • Package contains dependencies with no specified version. You should at least specify a minimum version of a dependency.
# Check for common binary types and mention: binary files (.exe, .msi, .zip) have been included. The reviewer will ensure the maintainers have distribution rights.
# What else?
Log in or click on link to see number of positives.
In cases where actual malware is found, the packages are subject to removal. Software sometimes has false positives. Moderators do not necessarily validate the safety of the underlying software, only that a package retrieves software from the official distribution point and/or validate embedded software against official distribution point (where distribution rights allow redistribution).
Chocolatey Pro provides runtime protection from possible malware.
Copyleft Bill Curran
This package has no dependencies.
Ground Rules:
- This discussion is only about (unofficial) Chocolatey .nuspec Checker (Script) and the (unofficial) Chocolatey .nuspec Checker (Script) package. If you have feedback for Chocolatey, please contact the Google Group.
- This discussion will carry over multiple versions. If you have a comment about a particular version, please note that in your comments.
- The maintainers of this Chocolatey Package will be notified about new comments that are posted to this Disqus thread, however, it is NOT a guarantee that you will get a response. If you do not hear back from the maintainers after posting a message below, please follow up by using the link on the left side of this page or follow this link to contact maintainers. If you still hear nothing back, please follow the package triage process.
- Tell us what you love about the package or (unofficial) Chocolatey .nuspec Checker (Script), or tell us what needs improvement.
- Share your experiences with the package, or extra configuration or gotchas that you've found.
- If you use a url, the comment will be flagged for moderation until you've been whitelisted. Disqus moderated comments are approved on a weekly schedule if not sooner. It could take between 1-5 days for your comment to show up.