-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Program 'winget.exe' failed to run: The file cannot be accessed by the system.At line:1 char:1 [Running Virtual Machine via SSH] #1474
Comments
This is a similar issue to #995. If it helps the team narrow it down, it doesn't just happen with This is probably not a winget problem then, but @denelon can you ask whoever manages the App Execution Aliases stuff to look into it? It basically blocks using winget remotely unless you get creative. Proofsies:
|
@jedieaston , my guess is that this is because PowerShell is attempting to read the file before launching it. The way that AEA is implemented in the OS makes the shells not work if they attempt to read it, since it isn't the actual file (nor any kind of file really). There are a few solutions:
Our changes for 1 are actually pretty easy, but again it would only (potentially) make something like this work:
And not the default path |
Obviously 3 would be wonderful, but if we have to settle for 1 that’d still be good enough to get winget working for now in these scenarios. By TBD, do you mean that the OS changes necessary for 1 aren’t in stable yet? The only thing I know of that rings a bell with that is |
Agreed on 3, I think there is a case for it but if it is going to take tens of hours of work then there needs to be a justification that meets the bar. Need to ensure that it is actually the problem first, then we can put it on the backlog. But even if it was a go today, I don't think we would see it released for at least a year and then it wouldn't be serviced back to older Windows versions. We need the short term solution too. By TBD I meant more "to be looked up because I remember seeing the PR but I have no idea when it was released, or if it even has been yet". This was work specifically to enable creating the process directly on the package file in certain instances. Normally packaged processes need to be launched by special API to enable all of packagy goodness (don't @ me), but this provided the ability to |
ah, I see everyone is busy with App Execution Aliases , but that's not the issue. |
But if I SSH as myself into the system, the MSIX apps I've installed as myself work. The AEAs don't though. |
TL;DR : win32 OpenSSH port might want to implement AEAs/NTFS reparse points handling mechanism. I believe, @JohnMcPMS you as a MS employee, your words/winget teams words will have more weight to the win32-openssh team than ours. people even have pointed out where the fix might be needed : https://github.com/PowerShell/openssh-portable/blob/0b73c4636d38f0c69424721d52d0e7752db99c81/contrib/win32/win32compat/fileio.c#L1124 Does it ? 🤔 here's a screenshot of me from a non-elevated shell sshing to myself and trying to launch a MSIX package over ssh (eg:
Update: |
Here you are trying to use a AEA, proving the point. Winget should work if you drill down into the correct package location and find the specific exe |
yeah, that's right ~\appdata\local\microsoft\windowsapps is the AEA folder. |
Oooh i see, I didnt realize that AEA's were plopped in a specific folder, figured they were just namespace links or some other magic. Forgive the comment |
@denelon Do you know how winget is executed during the Installation Validation step of the winget-pkgs pipeline? Presumably it isn't via PowerShell Remoting or SSH due to this bug. |
@mshaikhcool , do you have an issue that I could comment on? I don't really understand why these remoting shell type operations need to read the target "exe", but I can certainly comment on what could be done in this case. I'm not sure that the internal data of the AEA reparse point are public, but the type certainly is ( @jedieaston , @chuckferring would know for sure but I think it is part of a script run on the machine as remoting would not be allowed for security reasons. |
@jedieaston, you are correct. During validation the script is run on the validation machine. It is not done via PowerShell remoting or SSH. |
May I suggest |
I can confirm, with new preview version, I was able to use ssh on virtual machine with windows, update and install applications. |
Can anyone else confirm? If this is fixed, I would like to close this issue. |
I use Arch Linux. As my terminal Alacritty, use KVM for virtualization, and installed Windows 11 and use this for ssh server in Windows 11 VM. Hmm. I created new VM with Windows 11 and using in this VM Windows terminal I was able to ssh log in to first Windows 11 VM and without problem installed some programs (vim, libreoffice). EDIT. |
@ranavale does this fail only with SSH in VSCode? I'm not sure what the differences are between that and the ssh server @roland-rollo is using. |
It fails with any ssh/remoting/docker exec session due to the issue that @JohnMcPMS described around AEAs not working. Extracting AppInstallerCLI.exe and the requisite dependencies (resources, dlls, etc) are the only way I've gotten it to work so far. |
So can we get an MSI installer? It's a hard requirement until MSIX packages are fixed. |
IDK. That's been asked like a thousand times before. To be brutally honest, they are reluctant to ditch MSIX. |
It's not really MSIX that is the problem, it's the use of a App Execution Alias. You can create MSIX packages that plop "real" executables in the right places, but that comes with other tradeoffs (for one, you'll have a bunch of copies of winget installed under every profile instead of one in the system directory). |
Naturally, the installer would need to be configured properly. There needs to be two options:
If you're an Admin trying to update all software in the system, you obviously need admin rights and a system install. The current user install may have it's uses but I don't know what they are. Doesn't work for my use case, which is to use it like a Windows package manager. (Wasn't that the point?) |
Since other things lead me to come back to this issue, I will add that I have changed the name of the executable file in the package to be PS> $wingetPath = Join-Path (Get-AppxPackage Microsoft.DesktopAppInstaller).InstallLocation "winget.exe"
PS> Invoke-Expression "& '$wingetPath'"
Windows Package Manager (Preview) v1.4.2161-preview
... Not quite so clean as |
what a ruse . That was about the lack of powershell support (waiting for it). I love powershell, I even install it on linux because I don't like working with texts and "awk" and stupid unstructured data tools.
It would ideally be a symlink , hardlinks are hazardous. NTFS allow symlinks since Vista (https://learn.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-createsymboliclinka) . What ended up happening is AEA is basically a ".lnk" file and those only work on "explorer.exe". At least make the start shell API work on those then (I mean, this API https://learn.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-createprocessw). Perhaps it does work and its my system that's hosed, or perhaps I need to install the APPX on the system-wide account, who knows, all I know is that explorer is able to launch it, so I must also be able to launch it using the "ShellExecute". That elevation is connecting to powershell over OpenSSH. I think the real problem is not only knowing the real directory by entering the reparse point, but also permissions. Perhaps a simpler solution is to provide "shims" that do the proper calls to the proper RPC service. Just throw them in some user's public folder and ask the user to set its path to that. (incidentally "choco" seems to work) |
These per-user-installed UWP packages are analogous to flatpak or snaps in Linux. It seems disastrous to deploy the package manager itself in this fashion. In both a flatpak or a snap you first install the package manager at the system level, using the system package manager. Microsoft seems to have ignored all prior art here and failed to come up with a workable alternative. You can't skip the system level package manager. That needs to come first. Then you can install the UWP package manager (the windows store stuff) using the system package manager. All the problems I have seen with winget stem from this disconnect. They could be solved by a system level package manager that comes with the OS and can be used to install\repair winget. |
Ran into the exact same issue right now when I can rule out that this is about the execution aliases, because The exact same scenario worked last week, but that was before the latest Windows Update run. Edit #1: aaaand here we go:
For reference, that's a Edit #2: Alright and since this service starts on-demand it's always a fresh process anyway, so the fault is somewhere in the program (or in my Windows image). Edit #3: the typical routine of
PS: I think I may never quite fathom why a basic application like |
@exoosh we had this exact problem happen widely at work about 5 days ago. Most likely relates to some windows update. A workaround that seems to work was taking ownership of $env:userprofile\AppData\Local\Microsoft\WindowsApps, adding permissions and rebooting
Then rebooting and either reinstalling App Installer ( https://aka.ms/getwinget ) or running repair-WingetPackageManager
So in one way or another permissions do seem to factor in |
@n5ke thanks for chiming in. This is helpful. I was aware of the last two commands and knew that the SDs on these directories are generally rather restrictive, but I hadn't tried taking ownership to alleviate this issue. As far as I can tell taking ownership just had the purpose to make |
Yeah had to take ownership to be able to change permissions. With my limited windows understanding, I think it's just a matter of sacrificing some protection against some malware that might target/use windows apps in some cases. I can't think of a scenario where it would cause breakage and haven't seen any breakage in practice. It also shouldn't be a problem saving and then restoring them if need be, I think this would do it:
You are right applying to only WindowsApps\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe and WindowsApps\winget.exe might be enough, didn't try this, it's definitely better to minimize the changes if that works [edit] icacls doesn't backup ownership, this should serve better
|
Brief description of your issue
I created a VM and I installed winget using latest release on its github page, then I connected to my VM from VSCode SSH remote connection. I am trying to run the winget from my local remote-VSCode (connected to VM via SSH).
Program 'winget.exe' failed to run: The file cannot be accessed by the system. At line:1 char:1 [Running Virtual Machine via SSH]
Steps to reproduce
run comment "winget"
Expected behavior
winget to work
This is output when I login to my VM and run winget
Actual behavior
Program 'winget.exe' failed to run: The file cannot be accessed by the system. At line:1 char:1 [Running Virtual Machine via SSH]
Environment
Winget Package
Windows specifications:
App Installer
The text was updated successfully, but these errors were encountered: