is there an alternative to in-sourcing chocolatey packages into say artifactory, if your users haven't got internet access

Question

I am trying to set up Chocolatey, at my place of work. We do not allow users access to install software from the internet, but we do allow tools such as NuGet, Maven, Gradle and Chocolatey to pull down packages from reputable sources via Artifactory.

My problem is with Chocolatey which, as opposed to the other sources, appear to only package the installation scripts, but continue to source the payload from vendors websites.

My result is that chocolatey works, i get the choco package, and the execution of the choco package is usually successful, but then it fails with additional tasks such as:

choco install vs2012sdk
Chocolatey v0.10.11
Installing the following packages:
vs2012sdk
By installing you accept licenses for the packages.
Progress: Downloading VS2012SDK 1.0... 100%

VS2012SDK v1.0
vs2012sdk package files install completed. Performing other installation steps.
Attempt to get headers for http://download.microsoft.com/download/8/3/8/8387A8E1-E422-4DD5-B586-F1F2EC778817/vssdk_full.exe failed.

I guess i could upload all the sources into Artifactory and edit all the choco packages to point at my artifactory, but i'm hoping to avoid that.

Answer 1

Ah, i found an answer here: https://stackoverflow.com/questions/18528919/how-to-install-chocolatey-packages-offline

The community packages are not generally safe for production use, and should be internalized to follow your organizations requirements, and the approved sources should be managed internally as well.

They are however a very good starting point.