chocolatey/chocolatey-licensed-issues

Feature request: Add the ability to prevent packages from being installed using a 'blacklist'

torbengb opened this issue · 5 comments

Checklist

  • I have verified this is the correct repository for opening this issue.
  • I have verified no other issues exist related to my request.

Is Your Feature Request Related To A Problem? Please describe.

  • Sometimes we install a package and then discover that it is harmful to our system (for whatever individual reason, such as violating corporate guidelines). Or, we install a package and then discover that we unsuccessfully tried that one before. Or, we have other reasons to explicitly forbid certain packages from being installed.
  • Chocolatey contains no whitelist and no blacklist to prevent the installation of such packages.

Describe The Solution. Why is it needed?

Similar to the ability to pin a certain version of a package, this feature request suggests the ability to blacklist certain packages:

Conceptual example:

  1. choco disallow bisq* would add bisq* to a blacklist. (Note the use of * as a wildcard here.)
  2. choco install bisq would check bisq against the list and find a match, therefore it will fail the installation with an error "package is disallowed" and abort the installation.

Additional Context

Josh King suggested on Discord that this could be implemented using a pre-install hook, and I am currently working on a proof of concept for that, in the form of a global pre-install hook.

Related Issues

No response

pauby commented

This isn't something we'd look to add to Chocolatey CLI FOSS. It's already solved using hook-scripts. But the solution would be to not have the package in your repository.

I can see the use case for this in an organizational context, so I'll move it over to the licensed repository.

already solved using hook-scripts

Oh, that would be wonderful! I could not find a hook that does this. Could you point me to it, please?

pauby commented

Let me clarify what I said:

already solved using hook-script functionality

That was indicated in the Discord chat you mentioned.

There is a repository of community submitted hook-scripts available, but there is only one in there at the moment. You could use that as a template.

Ah, so you're saying it can be done with hooks but that does not currently exist. I am trying to implement a hook like that, but it's new territory to me and I am not finished yet.

pauby commented

Ah, so you're saying it can be done with hooks but that does not currently exist.

Yes and no. What I'm saying is that the Discord discussion indicated that this could be done with hook-script functionality. The best place to ask about this would be back on Discord.