On any given Chocolatey client, packages are going to be installed primarily from a remote repository. Although you can actually install a package located on your local machine, centralizing usually makes much more sense from a design standpoint. This remote repository can be a file share, the Chocolatey community repository, or for enterprises it is ideally an internal web server.
What is even better is that you can configure multiple repositories for a Chocolatey client. Chocolatey can search each repository for a package during an install if needed. In this article, I'll demonstrate how to add multiple repositories and prioritize them on a Chocolatey client.
Adding a Repository
By default, Chocolatey clients are installed with the community repository configured. In an enterprise setup, it is best to disable or remove this due to software distribution and security issues. This means that you will need an internal repository to add to your clients.
To do this we use choco source with the add parameter. In this command we specify the source (repository URL), name, priority, and in this case the –user and –password (configured in IIS).
C:\> choco source add -n=choco-1 -s'https://choco-1.domain.com/chocolatey' --priority=11 --user='domain\chocoadmin' --password='MyPassword'
Now, Chocolatey will search this repository for packages by default. I will not need to specify the repository during list, install or upgrade operations (although I can if needed).
Prioritizing a Repository
In Chocolatey, the higher a priority a repository is, the sooner it is searched during install. So in this example, any repository with a lower priority would be searched afterwards. To view all repositories and their priorities we can just use choco source:
C:\> choco source
Chocolatey v0.10.11 Business
Test-1 - https://Test-1/chocolatey (Authenticated)| Priority 10|Bypass Proxy - False|Self-Service - False|Admin Only - False.
chocolatey.licensed - https://licensedpackages.chocolatey.org/api/v2/ (Authenticated)| Priority 10|Bypass Proxy - False|Self-Service - False|Admin Only - False.
choco-2 - https://choco-2/chocolatey | Priority 0|Bypass Proxy - False|Self-Service - False|Admin Only - False.
choco-1 - https://choco-1 /chocolatey (Authenticated)| Priority 11|Bypass Proxy - False|Self-Service - False|Admin Only - False.
As you can see, the repository “choco-1” has a priority of 11 and “test-1” has a priority of 10. This means that during operations where Chocolatey is searching for a package, it will look into the choco-1 repository first.
Temporarily Adding a Protected Repository
There are certain instances where you may want to add repositories only during a certain time, such as upgrading packages. For example, if I have a PowerShell script that runs to upgrade any package on a machine, but some packages may have been installed from a protected repository, I can add that repository during choco upgrade all and then remove it at the end of a script like this:
choco source add --name=choco-1 --ssource'https://choco-1/chocolatey' --priority=11 --user='domain\chocouser' --password='MyPassword'
choco upgrade all -y
choco source remove --name=choco-1
This means that this repository will only be accessible during the time that choco upgrade all –y is running. After this, no user on that machine would have the ability to install software from “choco-1”.
An alternative to removing a repository would be to disable it with choco source disable. One downside to this method is that any end user with administrative privileges would be able to enable that repository and then use it to install software.
Dan Franciscus
Dan Franciscus is a systems engineer and VMware Certified Professional (VCP) specializing in VMware, PowerShell, and other Microsoft-based technologies. You can reach Dan at his blog (http://www.winsysblog.com/) or Twitter at @dan_franciscus.