[Enhancement] Verify package ID received was package ID requested

[Valknjoggr]

I ran into this error:

C:\admin\Chocolatey\bin>choco install greenfoot -source http://private.feed.ca/PhpNuget3/nuget
Chocolatey (v0.9.8.23) is installing 'greenfoot' and dependencies. By installing
you accept the license for 'greenfoot' and each dependency you are installing.
'swimmygui 24.0' already installed.
If you want to reinstall the current version of an existing package, please use
the -force command.

Finished installing 'greenfoot' and dependencies - if errors not shown in console, none detected. Check log for errors if unsure.
Reading environment variables from registry. Please wait... Done.

Note the request for greenfoot, and the attempt to install swimmygui.

I believe the issue to be two fold.
One: PhpNuget (the only feed I got working with my systems) is broken, in that when a FindPackagesById() request comes in, it does not return all 'packagename' entries, but it returns all the entries in the feed. In this case the FindPackagesById()?id='greenfoot', gets non-greenfoot packages, as well as greenfoot packages. Chocolatey should not trust that a feed gives correct information, and it should do better checks on the package IDs returned to make sure they match the request.

Two: There may be a bug in the version matching algorithm. The greenfoot package version was 2.4.0 and swimmygui had version 24.0. That may be why swimmygui was chosen over other packages listed in the feed.

Thanks and keep up the good work.

[ferventcoder]

• You are on an older version of chocolatey. Please upgrade and see if this is still an issue.

1. I've never seen that happen before (installing the wrong package). Ever. It could have been an Issue with your source (I've never seen private.feed.ca), which explains a problem. Do you trust that source?
2. I don't think there is a bug in the matching algorithm, I think it's related to that feed doing something completely wonky.

Perhaps the client should do a better job with feeds, but the problem here is with the feed doing the wrong thing, not with chocolatey doing the wrong thing.

Let's update this issue a bit to something more workable regarding the client doing an id match versus what was requested.

[Valknjoggr]

Thanks for the quick reply.

private.feed.ca is just a name I used to hide my private feed server from the world. I totally trust it as I made all the nuget listings on it. Sorry for any confusion.

Here is a test with v0.9.8.27.

C:\admin\Chocolatey\bin>choco install greenfoot -source http://private.feed.ca/PhpNuget3/nuget
Chocolatey (v0.9.8.27) is installing 'greenfoot' and dependencies. By installing you accept the
license for 'greenfoot' and each dependency you are installing.
'mediacoder 0.8.31.5645' already installed. If you want to reinstall the current version of an
existing package, please use the -force command.

Finished installing 'greenfoot' and dependencies - if errors not shown in console, none detected. > Check log for errors if unsure.

Again the wrong package is selected.

It appears the version comparsion was a red herring, just happened to sort of match up the first time.

[ferventcoder]

What I'd need from you is a -debug output and fiddler output.

[Valknjoggr]

As debug and fiddler output have sensitive information, files have been shared with ferventcoder, via g+.

[ferventcoder]

Might want to make sure it is https://plus.google.com/+RobReynolds_FerventCoder/

[Valknjoggr]

I've tried to alert +RobReynolds_FerventCoder gain in G+. If my G+ skills lacking, and if there's a better way to get these files to you, please let me know.