Comments (13)
We're working on a REST API that would be simpler for this use case. I do clearly see a need to update the documentation here.
from winget-cli-restsource.
If you are using REST APIs, doesn't that preclude using an SMB share? Or is the REST API in addition to using SMB transport of the underlying package content and meta data?
from winget-cli-restsource.
If i may guess restapi is basicly tellimg it where in storage it is and all infor required
from winget-cli-restsource.
I think the issue microsoft/winget-cli#160 would address the SMB concern.
from winget-cli-restsource.
The client today pulls a package down that is a set of pointers to the manifests. We're looking at enabling a REST API so third parties wouldn't have to build a signed package with an index similar to what we currently have. The API would support queries from the client and provide manifests for the client to use for package installation.
from winget-cli-restsource.
A local repository would be very interesting for us because we are maintaining a huge repository of software for the whole university.
from winget-cli-restsource.
I think this may be a duplicate of microsoft/winget-cli#118
from winget-cli-restsource.
https://github.com/microsoft/winget-cli-restsource is a reference implementation for an HTTPS REST API source.
from winget-cli-restsource.
Draft PR is out with documentation and a PowerShell script to ease deployment.
from winget-cli-restsource.
The client today pulls a package down that is a set of pointers to the manifests. We're looking at enabling a REST API so third parties wouldn't have to build a signed package with an index similar to what we currently have. The API would support queries from the client and provide manifests for the client to use for package installation.
Please only use signed manifests.
from winget-cli-restsource.
@doctordns we thumbprint the manifests used in the PreIndexed package (the default "winget" source). That helps ensure they aren't modified/corrupted by the time the client receives them. The REST API hands the data to the client in JSON format. If the source is not compromised, HTTPS/TLS would protect the data in transit. Does that alleviate your concern or did I misunderstand?
from winget-cli-restsource.
Not really, in my view.
If you want to use winget on the server-side, we need fully digitally signed manifests. I was long against using this tool for servers, but with signed manifests from Microsoft, winget, once we get cmdlets, seems the best way to move forward. At least for officially released and supported MSFT code - such as WAC.
from winget-cli-restsource.
@doctordns thanks for the clarity on this. I'll have the team look into what it would take to digitally sign manifests. This would apply to the PreIndexed default source named "winget" when it is pulling files down from Azure storage. I'm not sure what options we would have for a REST based source. I'll have to see what that would look like, and what it entails.
from winget-cli-restsource.
Related Issues (20)
- Completely broken HOT 1
- Unable to Invoke API Requests
- OpenApi definition: autorest
- How should a REST source handle different ManifestVersions?
- Full Offline / closed network capabilities including feed generation HOT 5
- Missing application settings under Azure function
- make a non azure referance implementation HOT 5
- Parameter missing in Automate the creation of a Windows Package Manager REST source HOT 2
- New-WinGetSource cmdlet doesn't exist HOT 1
- Select and upgrade like options HOT 3
- Add Manifest to Private Repo using "Add-WingetManifest" command failed. HOT 1
- Entra ID authentication
- Package installed from private repository is being listed as being installed from public repository HOT 6
- Unable to Create Rest Source HOT 4
- Installer `RepairBehavior` never used by the 1.7.0 API schema?
- Native Winget Repo Server for Windows Server HOT 6
- Deployment fails if there are multiple CosmosDB accounts in the RG HOT 1
- New-WinGetSource fails with Unauthorized error on publish-azwebapp HOT 1
- The Test-PowerShellModuleExist function is irrelevant and should be removed
- Inline help for New-WingetSource is missing the fact that Az.Storage is needed.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from winget-cli-restsource.