Home > Articles > Programming > Windows Programming

  • Print
  • + Share This
From the author of

Using the Microsoft PowerShell Gallery

Although the PowerShell Gallery is a Microsoft property, you need to be aware that these public repositories consist of both Microsoft-supplied and community-supplied modules. Thus, you need to be careful in choosing resources to download.

Let’s say that we want to install the WinRAR archiver on our Windows 8.1 workstation by using OneGet. We use the Find-Package cmdlet to search for the package:

Find-Package -Name WinRAR

The provider ’nuget v2.8.4.30’ is not installed.
’nuget’ may be manually downloaded from ’https://oneget.org/nuget-anycpu-2.8.4.30.exe’ and copied
to ’C:\Program Files\OneGet\ProviderAssemblies’.
Would you like OneGet to automatically download and install ’nuget’ now?
[Y] Yes  [N] No  [S] Suspend  [?] Help (default is "Y"):

What in the world is this? Don’t panic. Recall that the PowerShell Gallery is used by the PowerShellGet module manager. For software packages, we need another package manager called NuGet. Press Enter to continue with the previous command:

Find-Package -Name WinRAR

Name      Version      Status       ProviderName     Source           Summary
----      -------      ------       ------------     ------           -------
winrar    5.20.1       Available    Chocolatey       chocolatey       WinRAR is a powe...

Excellent! But you’re probably thinking, "Tim, you said that the PowerShell Gallery is for modules only!" That’s correct, young Padawan. Do you see the name "Chocolatey" in the previous output? PowerShell automatically added the Chocolatey community repo (which Microsoft doesn’t own, incidentally) to our provider list. Let’s verify that:

Get-PackageProvider

Name    Version          DynamicOptions
----    ------          --------------
msu        10.0.9800.0      {}
msi        10.0.9800.0      {AdditionalArguments}
ARP        10.0.9800.0      {IncludeWindowsInstaller}
PSModule   10.0.9800.0      {OneGetProvider, Location, InstallUpdate, Installation...
Chocolatey 2.8.4.30         {SkipDependencies, ContinueOnFailure, ExcludeVersion, ...
NuGet      2.8.4.30         {Destination, SkipDependencies, ContinueOnFailure, Exc...

We can look at NuGet and Chocolatey in this output as the mechanism by which we can connect with the repositories (package sources):

Get-PackageSource

Name       ProviderName     IsTrusted  IsRegistered IsValidated  Location
----       ------------     ---------  ------------ -----------  --------
PSGallery  PSModule         False      True         False        https://w...
chocolatey Chocolatey       False      True         False        http://ch...

Notice that both the PSGallery and chocolatey package sources are not trusted by the local computer. Therefore you’ll always be prompted for confirmation whenever you attempt a download from those repositories.

You need to be ever-mindful of the fact that nothing prevents Joe or Jane Hacker from uploading malware to the chocolatey repo. For this reason, the PowerShell team suggests using chocolatey solely for development/experimental purposes, and setting up your own private repository for your administrators safely behind your corporate firewall. (I’ll show you how to do that in a moment.)

  • + Share This
  • 🔖 Save To Your Account