From 93a26310b4895f5ab7b3f908e6fdaf5f29359249 Mon Sep 17 00:00:00 2001 From: Easton Pillay Date: Wed, 2 Feb 2022 09:59:51 -0600 Subject: [PATCH 1/8] Added inital pinned package spec. --- doc/specs/#476 - Pinned packages.md | 193 ++++++++++++++++++++++++++++ 1 file changed, 193 insertions(+) create mode 100644 doc/specs/#476 - Pinned packages.md diff --git a/doc/specs/#476 - Pinned packages.md b/doc/specs/#476 - Pinned packages.md new file mode 100644 index 0000000000..85a79ed5b1 --- /dev/null +++ b/doc/specs/#476 - Pinned packages.md @@ -0,0 +1,193 @@ +--- +author: Easton Pillay jedieaston/easton@planeteaston.com +created on: 2022-01-25 +last updated: 2022-02-02 +issue id: 476 +--- + +# Pinning a package. + +[comment]: # Link to issue: "For [#476](https://github.com/microsoft/winget-cli/issues/476)" + +## Abstract + +This spec describes the functionality behind "pinning" a package (freezing a package at a certain version so that it will be not be automatically upgraded). + +## Inspiration + +This functionality is inspired by functionality in other package managers, as well as community feedback. Many packages (software development tools and libraries commonly, but other software as well) introduce breaking changes that users may not want integrate into their workflow quite yet. + +## Solution Design + +A table of packages (by Name, Version and Product Code if available) that are currently pinned will be kept in the local tracking catalog. To be repository independent, these values should be correlated from local sources (Add and Remove Programs, Appx, etc). This also means that the user should be able to pin packages that were not installed via the Windows Package Manager, so that they won't be upgraded via `winget upgrade --all`. + + +## UI/UX Design + +[comment]: # What will this fix/feature look like? How will it affect the end user? + +The main interface for the pinning feature will be a new command, `winget pin`, with a couple of options: + + +``` +winget pin +``` + +Running `winget pin` with no arguments will show a table of currently pinned packages: + +``` +Name Id Version ------------------------------------------------------------------------------------------------ +Microsoft Bob Microsoft.Bob 2.35.0 +iTunes Apple.iTunes 12.0.199.4 + +``` + +``` +winget pin --set +``` + +`` correlates to a query, similar to `winget list`. When running this command, the package information will be stored in the table in the tracking catalog. This command should be able to accept Package Identifers (checked against all repositories) as well as names, tags, etc. If the package does not have a version number locally but is available from a source, then the version number from the source should be used. + +If there is no package directly available for software a user wants to pin, but it is [included as part of another package](https://github.com/microsoft/winget-cli/issues/1073), the package which includes said piece of software should be treated as pinned unless a newer version doesn't change the version of the pinned software. + +``` +winget pin --clear +``` + +It functions similarly to `winget pin --set`, but it clears the pin. This should automatically happen on `winget uninstall`, or if it is detected the package is no longer present on the system. + +Enhancements will also need to be made to other commands in the Windows Package Manager, including: + +``` +winget upgrade --include-pinned +``` + +With the new `--include-pinned` argument, Upgrade should show a separate table in addition to the regular table which shows possible upgrades to pinned packages. + +``` +<...> +Upgrades to pinned packages: + +Name Id Version Available Source +------------------------------------------------------------------------------------------------------------------------- +Clippy for Azure 2008 Datacenter Microsoft.Clippy.2008.Datacenter 2.35.0 2.35.1.2 winget +``` + + +``` +winget --include-pinned +``` + +Upgrade and Install will now require arguments to bypass the pin for a package temporarily, in which case the pin is updated to pin the new version after the installation completes. + +``` +winget install --pin +``` + +Install should also be extended to allow the user to pin a package at install time. + + + + +In addition to commands, there should be a new `Pinned` key in exported package lists, allowing users to move their pins to different systems: + +``` +// ... + { + "Packages": + [ + { + "PackageIdentifier": "Microsoft.Bob", + "PackageVersion" : 2.35.0, + "Pinned" : "true" + }, + ], + } +// ... +``` + +Lastly, there should be good error messaging throughout the Windows Package Manager in order to explain to users when something doesn't go quite right. + +As an example, consider the situation where a user has pinned their favorite package, Microsoft Bob: + +``` +PS C:\Users\billg> winget install --pin Microsoft.Bob +Found Microsoft Bob [Microsoft.Bob] Version 2.32.0 +This application is licensed to you by its owner. +Microsoft is not responsible for, nor does it grant any licenses to, third-party packages. +Downloading https://aka.ms/importantsystemdependencies/bob.exe +██████████████████████████████ 2.08 MB / 2.08 MB +Successfully verified installer hash +Starting package install... +Successfully installed +Microsoft.Bob has been pinned at version 2.32.0. +``` + +Then, later, that user tries to install a package that is dependent on a newer version of Microsoft Bob. The Windows Package Manager should not upgrade Microsoft Bob automatically, but instead should notify the user and give them information on how to continue: + +``` +PS C:\Users\billg> winget install --pin Microsoft.RoverTheDog +Found Rover the Dog [Microsoft.RoverTheDog] Version 5.1 +This application is licensed to you by its owner. +Microsoft is not responsible for, nor does it grant any licenses to, third-party packages. +This package requires the following dependencies: + - Packages + Microsoft.Bob, version 2.39.0. + +Microsoft Bob is currently pinned at version 2.32.0, but Rover the Dog 5.1 requires at least version 2.39.0. To upgrade Microsoft Bob and other pinned dependencies, add the argument `--include-pinned` to your previous command. +``` + +## Capabilities + +[comment]: # Discuss how the proposed fixes/features impact the following key considerations: + +### Accessibility + +[comment]: # How will the proposed change impact accessibility for users of screen readers, assistive input devices, etc. + +Accessibility should not be impacted by this change. There will be a few more tables printed to the terminal in certain cases, but they should use the current table implementation used by `winget upgrade` and `winget list`. + +### Security + +[comment]: # How will the proposed change impact security? + +Security of the Windows Package Manager should not be impacted by this change. However, security of user's software may be, as if they pin a insecure version of a package they currently will not be notified of important security updates within the Windows Package Manager. + +### Reliability + +[comment]: # Will the proposed change improve reliability? If not, why make the change? + +The change will improve reliability, as users will be able to have fine grained control of the Windows Package Manager's upgrade functionality to ensure their workflow is not disrupted. + +### Compatibility + +[comment]: # Will the proposed change break existing code/behaviors? If so, how, and is the breaking change "worth it"? + +There should not be any breaking changes to the code. Although there could be a mild breaking change to the behavior of `upgrade --all` (not all packages are upgraded anymore since pinned ones are skipped), this is purely opt-in from the user's perspective at this time (if they do not pin software, there should not be a change). + +### Performance, Power, and Efficiency + +## Potential Issues + +[comment]: # What are some of the things that might cause problems with the fixes/features proposed? Consider how the user might be negatively impacted. + +Outside of missing security updates and having possible dependency resolution failures due to pins, there should not be any other impacts. Considering the opt-in nature of pinning, it should not affect users unless they want to use it. + +## Future considerations + +[comment]: # What are some of the things that the fixes/features might unlock in the future? Does the implementation of this spec enable scenarios? + +- Group Policy or MDM control of pinned packages would be a natural addition to the defined functionality. Administrators may want to restrict upgrades for certain pieces of conflicting software if it will cause issues for some or all of their users. + +- Packages may want to define pins for their dependencies, if they can't use anything above a certain version of a dependency. These pins could be merged into the user's current pins, making sure that the packages currently installed keep working. + +## Resources + +[comment]: # Be sure to add links to references, resources, footnotes, etc. + +- [Brew - How do I stop certain formulae from being upgraded?](https://docs.brew.sh/FAQ#how-do-i-stop-certain-formulae-from-being-updated) + +- [NPM - package.json dependencies](https://docs.npmjs.com/cli/v7/configuring-npm/package-json#dependencies) + +- [APT - Introduction to Holding Packages](https://help.ubuntu.com/community/PinningHowto#Introduction_to_Holding_Packages) + From 141d794bc2373246ad43f9651a33b557e8507787 Mon Sep 17 00:00:00 2001 From: Easton Pillay Date: Wed, 2 Feb 2022 10:08:21 -0600 Subject: [PATCH 2/8] Fixed a boatload of typos :) --- doc/specs/#476 - Pinned packages.md | 35 +++++++++-------------------- 1 file changed, 11 insertions(+), 24 deletions(-) diff --git a/doc/specs/#476 - Pinned packages.md b/doc/specs/#476 - Pinned packages.md index 85a79ed5b1..745772ccc8 100644 --- a/doc/specs/#476 - Pinned packages.md +++ b/doc/specs/#476 - Pinned packages.md @@ -5,9 +5,9 @@ last updated: 2022-02-02 issue id: 476 --- -# Pinning a package. +# Pinning a package -[comment]: # Link to issue: "For [#476](https://github.com/microsoft/winget-cli/issues/476)" +For [#476](https://github.com/microsoft/winget-cli/issues/476) ## Abstract @@ -24,8 +24,6 @@ A table of packages (by Name, Version and Product Code if available) that are cu ## UI/UX Design -[comment]: # What will this fix/feature look like? How will it affect the end user? - The main interface for the pinning feature will be a new command, `winget pin`, with a couple of options: @@ -36,7 +34,8 @@ winget pin Running `winget pin` with no arguments will show a table of currently pinned packages: ``` -Name Id Version ------------------------------------------------------------------------------------------------ +Name Id Version +------------------------------------------------------------------------------------------------ Microsoft Bob Microsoft.Bob 2.35.0 iTunes Apple.iTunes 12.0.199.4 @@ -70,7 +69,7 @@ Upgrades to pinned packages: Name Id Version Available Source ------------------------------------------------------------------------------------------------------------------------- -Clippy for Azure 2008 Datacenter Microsoft.Clippy.2008.Datacenter 2.35.0 2.35.1.2 winget +Clippy for Azure 2011 Datacenter Microsoft.Clippy.2011.Datacenter 2.35.0 2.35.1.2 winget ``` @@ -78,7 +77,7 @@ Clippy for Azure 2008 Datacenter Microsoft.Clippy.2008.Datac winget --include-pinned ``` -Upgrade and Install will now require arguments to bypass the pin for a package temporarily, in which case the pin is updated to pin the new version after the installation completes. +Upgrade and Install will now need to use the same argument to bypass the pin for a package temporarily, in which case the pin is updated to pin the new version after the installation completes. ``` winget install --pin @@ -134,57 +133,45 @@ This package requires the following dependencies: - Packages Microsoft.Bob, version 2.39.0. -Microsoft Bob is currently pinned at version 2.32.0, but Rover the Dog 5.1 requires at least version 2.39.0. To upgrade Microsoft Bob and other pinned dependencies, add the argument `--include-pinned` to your previous command. +Microsoft Bob is currently pinned at version 2.32.0, but Rover the Dog 5.1 requires at least version 2.39.0. +To upgrade Microsoft Bob and other pinned dependencies, add the argument --include-pinned to your previous command. ``` ## Capabilities -[comment]: # Discuss how the proposed fixes/features impact the following key considerations: - ### Accessibility -[comment]: # How will the proposed change impact accessibility for users of screen readers, assistive input devices, etc. - Accessibility should not be impacted by this change. There will be a few more tables printed to the terminal in certain cases, but they should use the current table implementation used by `winget upgrade` and `winget list`. ### Security -[comment]: # How will the proposed change impact security? - Security of the Windows Package Manager should not be impacted by this change. However, security of user's software may be, as if they pin a insecure version of a package they currently will not be notified of important security updates within the Windows Package Manager. ### Reliability -[comment]: # Will the proposed change improve reliability? If not, why make the change? - The change will improve reliability, as users will be able to have fine grained control of the Windows Package Manager's upgrade functionality to ensure their workflow is not disrupted. ### Compatibility -[comment]: # Will the proposed change break existing code/behaviors? If so, how, and is the breaking change "worth it"? - There should not be any breaking changes to the code. Although there could be a mild breaking change to the behavior of `upgrade --all` (not all packages are upgraded anymore since pinned ones are skipped), this is purely opt-in from the user's perspective at this time (if they do not pin software, there should not be a change). ### Performance, Power, and Efficiency -## Potential Issues +There should not be any noticible performance changes. + -[comment]: # What are some of the things that might cause problems with the fixes/features proposed? Consider how the user might be negatively impacted. +## Potential Issues Outside of missing security updates and having possible dependency resolution failures due to pins, there should not be any other impacts. Considering the opt-in nature of pinning, it should not affect users unless they want to use it. ## Future considerations -[comment]: # What are some of the things that the fixes/features might unlock in the future? Does the implementation of this spec enable scenarios? - - Group Policy or MDM control of pinned packages would be a natural addition to the defined functionality. Administrators may want to restrict upgrades for certain pieces of conflicting software if it will cause issues for some or all of their users. - Packages may want to define pins for their dependencies, if they can't use anything above a certain version of a dependency. These pins could be merged into the user's current pins, making sure that the packages currently installed keep working. ## Resources -[comment]: # Be sure to add links to references, resources, footnotes, etc. - - [Brew - How do I stop certain formulae from being upgraded?](https://docs.brew.sh/FAQ#how-do-i-stop-certain-formulae-from-being-updated) - [NPM - package.json dependencies](https://docs.npmjs.com/cli/v7/configuring-npm/package-json#dependencies) From 1ab51e831be90b3fd35b3063a26993741bdd098d Mon Sep 17 00:00:00 2001 From: Easton Pillay Date: Wed, 2 Feb 2022 11:36:25 -0500 Subject: [PATCH 3/8] Hey, spelling bot! Most of those aren't typos. --- .github/actions/spelling/expect.txt | 30 ++++++++++++++++++----------- doc/specs/#476 - Pinned packages.md | 2 +- 2 files changed, 20 insertions(+), 12 deletions(-) diff --git a/.github/actions/spelling/expect.txt b/.github/actions/spelling/expect.txt index 580cb0be4b..0e8e8eef41 100644 --- a/.github/actions/spelling/expect.txt +++ b/.github/actions/spelling/expect.txt @@ -1,6 +1,5 @@ abcd adjacents -activatable adml admx affle @@ -10,7 +9,7 @@ aicli AICLIC ajor alreadyinstalled -amd +Amd amrutha anonymized APARTMENTTHREADED @@ -19,7 +18,6 @@ apicontract apiset appinstallertest appname -Archs arget argumentlist ARMNT @@ -43,6 +41,7 @@ Beigi bfd BFirst bght +billg bitmask bkup blargle @@ -72,6 +71,7 @@ chcp ci cinq CLIE +Clippy cloudapp clsid COINIT @@ -91,6 +91,7 @@ ctc Ctx curated CYRL +Datacenter Dbg debian deigh @@ -100,10 +101,11 @@ dirs diskfull dnld Dobbeleer -dsc +Dsc dustojnikhummer dvinns dw +easton ecfr ecfrbrowse endian @@ -140,9 +142,8 @@ GES GESMBH GHS gity -Globals Google -hackathon +Hackathon hashtable helplib helplibrary @@ -151,6 +152,7 @@ HINSTANCE hkey hlocal hmodule +Howto hre hresults htm @@ -164,6 +166,7 @@ IHost IID IISOn img +importantsystemdependencies IMutable IName inet @@ -186,6 +189,7 @@ IVector IWeb IZone jdk +jedieaston jfearn JObject jp @@ -220,13 +224,14 @@ lz malware maxvalue MBH +MDM mdmp megamorf memcpy middleware midl -minidump minexample +minidump minschema missingdependency MMmmbbbb @@ -247,7 +252,6 @@ myinstalldir mylog mysilent mysilentwithprogress -mytool NETFX netlify Newtonsoft @@ -257,6 +261,8 @@ normer NOSEPARATOR NOTAPROPERTY notmatch +npm +npmjs npp nsis nuffing @@ -266,9 +272,8 @@ objbase objidl ofile Outptr -Packagedx packageinuse -parametermap +PARAMETERMAP pathparts pathpaths Patil @@ -278,8 +283,10 @@ PEGI pfn pfxpath Pherson +Pillay pkgmgr pkindex +planeteaston PMS positionals powershellgallery @@ -366,6 +373,7 @@ tombstoned tpl transitioning trimstart +ubuntu UCase ucasemap UChars @@ -404,7 +412,7 @@ Webserver website WERSJA wesome -whatif +Whatif windir windowsdeveloper winerror diff --git a/doc/specs/#476 - Pinned packages.md b/doc/specs/#476 - Pinned packages.md index 745772ccc8..fd35e0e67f 100644 --- a/doc/specs/#476 - Pinned packages.md +++ b/doc/specs/#476 - Pinned packages.md @@ -157,7 +157,7 @@ There should not be any breaking changes to the code. Although there could be a ### Performance, Power, and Efficiency -There should not be any noticible performance changes. +There should not be any notable performance changes. ## Potential Issues From 75eacca22a540103a5dc60ff6827c0364876ba51 Mon Sep 17 00:00:00 2001 From: Easton Pillay Date: Wed, 2 Feb 2022 18:37:12 -0600 Subject: [PATCH 4/8] Fixed the little things from review by @denelon and @vedantmgoyal2009. --- doc/specs/#476 - Pinned packages.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/specs/#476 - Pinned packages.md b/doc/specs/#476 - Pinned packages.md index fd35e0e67f..42ee12bbd0 100644 --- a/doc/specs/#476 - Pinned packages.md +++ b/doc/specs/#476 - Pinned packages.md @@ -11,7 +11,7 @@ For [#476](https://github.com/microsoft/winget-cli/issues/476) ## Abstract -This spec describes the functionality behind "pinning" a package (freezing a package at a certain version so that it will be not be automatically upgraded). +This spec describes the functionality behind "pinning" a package (freezing a package at a certain version so that it will be not be automatically upgraded via `winget upgrade --all`). ## Inspiration @@ -98,7 +98,7 @@ In addition to commands, there should be a new `Pinned` key in exported package { "PackageIdentifier": "Microsoft.Bob", "PackageVersion" : 2.35.0, - "Pinned" : "true" + "Pinned" : true }, ], } From 32b55601972ac635e49499a6cc77ce78c07fb153 Mon Sep 17 00:00:00 2001 From: Easton Pillay Date: Thu, 3 Feb 2022 08:37:52 -0600 Subject: [PATCH 5/8] Added PowerShell cmdlets/arguments. --- doc/specs/#476 - Pinned packages.md | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/doc/specs/#476 - Pinned packages.md b/doc/specs/#476 - Pinned packages.md index 42ee12bbd0..6f6d1e4fe8 100644 --- a/doc/specs/#476 - Pinned packages.md +++ b/doc/specs/#476 - Pinned packages.md @@ -24,11 +24,14 @@ A table of packages (by Name, Version and Product Code if available) that are cu ## UI/UX Design +Several commands will need to be added to support pinning packages. Where applicable, equivalent names (or new arguments) for PowerShell cmdlets will also be given. + The main interface for the pinning feature will be a new command, `winget pin`, with a couple of options: ``` winget pin +PowerShell: Get-WinGetPinnedPackage ``` Running `winget pin` with no arguments will show a table of currently pinned packages: @@ -42,7 +45,8 @@ iTunes Apple.iTunes ``` ``` -winget pin --set +winget pin --set +PowerShell: Set-WinGetPinnedPackage ``` `` correlates to a query, similar to `winget list`. When running this command, the package information will be stored in the table in the tracking catalog. This command should be able to accept Package Identifers (checked against all repositories) as well as names, tags, etc. If the package does not have a version number locally but is available from a source, then the version number from the source should be used. @@ -51,6 +55,7 @@ If there is no package directly available for software a user wants to pin, but ``` winget pin --clear +PowerShell: Remove-WinGetPinnedPackage ``` It functions similarly to `winget pin --set`, but it clears the pin. This should automatically happen on `winget uninstall`, or if it is detected the package is no longer present on the system. @@ -59,6 +64,7 @@ Enhancements will also need to be made to other commands in the Windows Package ``` winget upgrade --include-pinned +PowerShell: Get-WinGetPackage -UpgradeAvailable -Pinned ``` With the new `--include-pinned` argument, Upgrade should show a separate table in addition to the regular table which shows possible upgrades to pinned packages. @@ -75,6 +81,7 @@ Clippy for Azure 2011 Datacenter Microsoft.Clippy.2011.Datac ``` winget --include-pinned +PowerShell: Install-WinGetPackage -Pinned / Upgrade-WinGetPackage -Pinned ``` Upgrade and Install will now need to use the same argument to bypass the pin for a package temporarily, in which case the pin is updated to pin the new version after the installation completes. @@ -87,7 +94,6 @@ Install should also be extended to allow the user to pin a package at install ti - In addition to commands, there should be a new `Pinned` key in exported package lists, allowing users to move their pins to different systems: ``` From 60bac9fba052b5089615b00b9c391b197c7365f8 Mon Sep 17 00:00:00 2001 From: Easton Pillay Date: Wed, 9 Feb 2022 12:25:44 -0600 Subject: [PATCH 6/8] Added RequiresExplicitUpgrade discussion among other things. --- doc/specs/#476 - Pinned packages.md | 40 ++++++++++++++++++++++------- 1 file changed, 31 insertions(+), 9 deletions(-) diff --git a/doc/specs/#476 - Pinned packages.md b/doc/specs/#476 - Pinned packages.md index 6f6d1e4fe8..c4379574d7 100644 --- a/doc/specs/#476 - Pinned packages.md +++ b/doc/specs/#476 - Pinned packages.md @@ -21,6 +21,8 @@ This functionality is inspired by functionality in other package managers, as we A table of packages (by Name, Version and Product Code if available) that are currently pinned will be kept in the local tracking catalog. To be repository independent, these values should be correlated from local sources (Add and Remove Programs, Appx, etc). This also means that the user should be able to pin packages that were not installed via the Windows Package Manager, so that they won't be upgraded via `winget upgrade --all`. +Some applications would also like to opt-out of `winget upgrade --all` if they manage their own upgrades or often make breaking changes. As such, the `RequiresExplicitUpgrade` key was added in manifest schema v1.1. Given that this creates the same end result for the user, packages that opt-out of upgrades in this manner should behave like pinned packages to the user, and they should be able to override the behavior listed in the manifest if they choose. + ## UI/UX Design @@ -37,15 +39,17 @@ PowerShell: Get-WinGetPinnedPackage Running `winget pin` with no arguments will show a table of currently pinned packages: ``` -Name Id Version ------------------------------------------------------------------------------------------------- -Microsoft Bob Microsoft.Bob 2.35.0 -iTunes Apple.iTunes 12.0.199.4 +Name Id Version Reason +------------------------------------------------------------------------------------------------------------- +Microsoft Bob Microsoft.Bob 2.35.0 Manual +iTunes Apple.iTunes 12.0.199.4 Via manifest ``` +The "Reason" field serves to explain why a application was pinned. If a package designates the `RequiresExplictUpgrade` property in their manifest, it should be explained here so that the user has a way to diagnose why it isn't automatically upgraded during `winget upgrade --all`. + ``` -winget pin --set +winget pin PowerShell: Set-WinGetPinnedPackage ``` @@ -58,7 +62,7 @@ winget pin --clear PowerShell: Remove-WinGetPinnedPackage ``` -It functions similarly to `winget pin --set`, but it clears the pin. This should automatically happen on `winget uninstall`, or if it is detected the package is no longer present on the system. +It functions similarly to `winget pin `, but it clears the pin. This should automatically happen on `winget uninstall`. Enhancements will also need to be made to other commands in the Windows Package Manager, including: @@ -80,11 +84,27 @@ Clippy for Azure 2011 Datacenter Microsoft.Clippy.2011.Datac ``` -winget --include-pinned -PowerShell: Install-WinGetPackage -Pinned / Upgrade-WinGetPackage -Pinned +winget +PowerShell: Install-WinGetPackage / Upgrade-WinGetPackage ``` -Upgrade and Install will now need to use the same argument to bypass the pin for a package temporarily, in which case the pin is updated to pin the new version after the installation completes. +Upgrade and Install should work as normal if a pinned package is requested, but print a warning to remind the user that it was previously pinned. + +``` +``` +PS C:\Users\billg> winget upgrade Microsoft.Bob +WARNING: This package was previously pinned at version 2.32.0. The pin will be updated to represent the new version number. +If you would like to remove the pin, use "winget pin --clear Microsoft.Bob". +Found Microsoft Bob [Microsoft.Bob] Version 2.39.0 +This application is licensed to you by its owner. +Microsoft is not responsible for, nor does it grant any licenses to, third-party packages. +Downloading https://aka.ms/importantsystemdependencies/bob.exe +██████████████████████████████ 2.08 MB / 2.08 MB +Successfully verified installer hash +Starting package install... +Successfully installed +Microsoft.Bob has been pinned at version 2.39.0. +``` ``` winget install --pin @@ -176,6 +196,8 @@ Outside of missing security updates and having possible dependency resolution fa - Packages may want to define pins for their dependencies, if they can't use anything above a certain version of a dependency. These pins could be merged into the user's current pins, making sure that the packages currently installed keep working. +- If a user uninstalls or upgrades a pinned package without using the Windows Package Manager, the local tracking catalog (given the definitions in this spec) will become out of sync with the "reality" of the packages's current status. The pinned packages table should have a method of staying in sync. + ## Resources - [Brew - How do I stop certain formulae from being upgraded?](https://docs.brew.sh/FAQ#how-do-i-stop-certain-formulae-from-being-updated) From f71f0dce4cdebf409e5c9cd76c721c7ea8603710 Mon Sep 17 00:00:00 2001 From: Easton Pillay Date: Wed, 9 Feb 2022 12:28:35 -0600 Subject: [PATCH 7/8] Oops, didn't check my markdown... --- doc/specs/#476 - Pinned packages.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/specs/#476 - Pinned packages.md b/doc/specs/#476 - Pinned packages.md index c4379574d7..eff6d991a2 100644 --- a/doc/specs/#476 - Pinned packages.md +++ b/doc/specs/#476 - Pinned packages.md @@ -90,7 +90,7 @@ PowerShell: Install-WinGetPackage / Upgrade-WinGetPackage Upgrade and Install should work as normal if a pinned package is requested, but print a warning to remind the user that it was previously pinned. -``` + ``` PS C:\Users\billg> winget upgrade Microsoft.Bob WARNING: This package was previously pinned at version 2.32.0. The pin will be updated to represent the new version number. From f6d3c82a03f997fb723041285f7c0082c5d8a7d8 Mon Sep 17 00:00:00 2001 From: Easton Pillay Date: Wed, 9 Feb 2022 12:31:06 -0600 Subject: [PATCH 8/8] Typo --- doc/specs/#476 - Pinned packages.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/specs/#476 - Pinned packages.md b/doc/specs/#476 - Pinned packages.md index eff6d991a2..31586c12da 100644 --- a/doc/specs/#476 - Pinned packages.md +++ b/doc/specs/#476 - Pinned packages.md @@ -46,7 +46,7 @@ iTunes Apple.iTunes ``` -The "Reason" field serves to explain why a application was pinned. If a package designates the `RequiresExplictUpgrade` property in their manifest, it should be explained here so that the user has a way to diagnose why it isn't automatically upgraded during `winget upgrade --all`. +The "Reason" field serves to explain why a application was pinned. If a package designates the `RequiresExplicitUpgrade` property in their manifest, it should be explained here so that the user has a way to diagnose why it isn't automatically upgraded during `winget upgrade --all`. ``` winget pin