Thoughts on Chocolatey
I’ve been using Chocolatey on my Windows machine for some time to manage some of my applications like git, R, RStudio, MiKTeX and TexStudio. Rather than looking for an installer from their respective websites to install and update, I just run choco install and choco upgrade from PowerShell instead. I find that managing these applications this way is much more convenient and maintainable than otherwise.
Motivation
Windows applications tend to be distributed through executable installers, which can come from a variety of sources, nowadays usually downloads from the internet.
Apart from the inherent risk of downloading and running arbitrary code from the internet, managing these applications can often be complicated and inconvenient. Used installers pile up in your downloads folder, uninstallation entails going into a separate “Add or Remove Programs” menu and keeping applications updated sometimes means reinstalling the entire application.
In a way, this provides you with more freedom compared to mobile operating systems which encourage applications to only be installed through official app stores, but the trade-off is the convenience of managing all your applications from the same place.
Admittedly, this is not the case all the time. Microsoft has been pushing the Windows Store which provides the same app management experience and sandboxing provided by the Play Store and Apple App Store. Recently there has been a trend towards “installation manager”-type software provided by vendors to manage their own applications such as the Adobe Creative Cloud application for Creative Cloud products or the JetBrains Toolbox for their various IDEs. Platforms like Steam and Origin have also been doing this for applications purchased through them since the beginning. Nevertheless, standalone installers are still extremely common.
Package management
Those who have used Unix-like operating systems would be familiar with package managers such as APT (Debian/Ubuntu), YUM(RHEL/Centos), and Homebrew (macOS). Applications themselves can have package managers as well: text editors like Atom, Sublime Text and Visual Studio Code have APM, Package Control and the Visual Studio Marketplace respectively, Vim has a few, and most programming languages have their own repositories for distributing source code.
While not every piece of software can be installed through a package manager, it is often the easiest way to install common applications. For example, managing git on Ubuntu using the command line:
# install
sudo apt update
sudo apt install git# update
sudo apt upgrade git# uninstall
sudo apt remove git
Meanwhile, the process on Windows could be:
- Install: Download the appropriate installer for your system from https://git-scm.com/download/win and run it
- Update: Download the appropriate installer for the new version from https://git-scm.com/download/win and run it
- Uninstall: Look for the entry for git in the “Add or Remove Programs” and hit uninstall
While this may be a contrived example, it’s not entirely unrealistic. What if we could do the same thing on Windows as on Ubuntu?
Enter Chocolatey
Chocolatey is a package manager for Windows which allows for unattended software deployment, making it possible for to set up Windows servers and company machines automatically. However, as non-commercial end users, we’re just interested in the package management part.
Chocolatey brings the ease of command-line software installation offered by package managers on Unix-like systems to Windows. (Many Chocolatey packages are actually just scripts which download and run the actual installer for an application, but at least you don’t have to do it yourself.) Dependencies are sorted out and installed if necessary just like other package managers.
Chocolatey says they take security seriously, and Chocolatey community packages are at least automatically verified and moderated before being approved. And if the website which you download your installer from can be hacked and the installer replaced with a malicious version like what happened with Handbrake recently, there isn’t much more to lose. Maybe the additional checks may even detect something amiss if you use Chocolatey, who knows?
Although Chocolatey needs to be run as administrator by default while you may sometimes wish to install applications for specific users, this is similar to other package managers which also need to be run as root. You can just install the user-specific stuff separately without Chocolatey.
Generally, my own process for deciding whether to install something with Chocolatey is something like:
- Is there a Chocolatey package for it?
- Is it a commonly downloaded package? (possibly flawed thinking: safety in numbers)
- Is it ok to install this with administrator privileges?
- Do I need just one version of this?
Despite all these considerations, I still feel it’s generally safe to install packages through Chocolatey, just like with any other package manager on any other platform. While it does seem like most applications really have no need for admin rights especially if the application is just a static binary, most installers request elevation anyway so there isn’t really a difference (not that this is a good thing).
Point number 4 refers specifically to programming languages such as Node.js, which you may sometimes have reason to work with multiple versions of at the same time, for example if you want to test something you’re developing with multiple Node versions. In this case I use nvm (for Windows) for managing my Node versions instead. I did run into a minor inconvenience since installed yarn using Chocolatey, and it declares a dependency on Node.js (as I wrote this I realised that there’s an IgnoreDependencies flag I could use when installing a package, although I haven’t tried it out yet).
Getting started with Chocolatey
I wasn’t planning for this post to be a tutorial on how to use Chocolatey, but the Chocolatey website itself has excellent instructions on installing it at https://chocolatey.org/install.
After you’ve installed Chocolatey, you can start using the basic choco install, choco upgrade and choco uninstall commands to manage your applications. Another helpful command is choco list -lo which lists all packages you have installed through Chocolatey on your system.
If you still have more questions regarding Chocolatey, you can try checking our their FAQ here: https://chocolatey.org/docs/chocolatey-faqs.
Why I wrote this post
Actually I had another reason for writing this post: I had originally wanted to write a post about using LaTeX, but realised that it may be troublesome to go through installation instructions for a basic LaTeX toolchain. This prompted me to write this post so that if things I write about in future posts do involve installing additional software, hopefully using Chocolatey will make those initial steps easier (at least on Windows).
