krew
krew copied to clipboard
kubernetes-sigs
Cannot install krew on Windows
Installing krew 0.3.4 on my Windows machine fails consistently with the following error message:
failed to install some plugins: [krew]: install failed: failed while moving files to the installation directory: could not rename/copy directory "C:\\Users\\$me\\AppData\\Local\\Temp\\krew-temp-move638654202" to "C:\\Users\\$me\\.krew\\store\\krew\\v0.3.4": rename C:\Users\$me\AppData\Local\Temp\krew-temp-move638654202 C:\Users\$me\.krew\store\krew\v0.3.4: Access is denied.
I suspect that this issue may be caused by the anti-virus software installed on the corporate laptop, which I cannot disable.
I saw that you already created a fallback for renaming the directory in #375 to fix another edge case. Is there any reason why this fallback cannot be enabled unconditionally? I'm pretty sure that would resolve my issue.
Can you please run with -v=5 option and show the log output?
Also, please bear in mind that admin privileges are required to install plugins on Windows due to the use of symlinks (https://github.com/kubernetes-sigs/krew/pull/375#issuecomment-553784636).
Since I have developer mode enabled, it's not the admin privileges. I ran the following as admin anyway, just to make sure:
PS C:\> & "$env:TEMP\krew.exe" install --manifest="$env:TEMP\krew.yaml" -v=5
I0817 09:07:28.224622 17616 setup_check.go:55] Assuming this is the first run
I0817 09:07:28.226622 17616 root.go:200] Ensure creating dir: "C:\\Users\\$USER\\.krew"
I0817 09:07:28.229622 17616 root.go:200] Ensure creating dir: "C:\\Users\\$USER\\.krew\\store"
I0817 09:07:28.234939 17616 root.go:200] Ensure creating dir: "C:\\Users\\$USER\\.krew\\bin"
I0817 09:07:28.235941 17616 root.go:200] Ensure creating dir: "C:\\Users\\$USER\\.krew\\receipts"
I0817 09:07:28.236938 17616 root.go:120] skipping upgrade check
I0817 09:07:28.236938 17616 root.go:142] detected windows, will check for old krew installations to clean up
I0817 09:07:28.237974 17616 root.go:178] could not find krew's own plugin receipt, skipping cleanup of stale krew installations
I0817 09:07:28.238976 17616 install.go:163] --manifest specified, not ensuring plugin index
I0817 09:07:28.239974 17616 install.go:123] Will install plugin: krew
Installing plugin: krew
I0817 09:07:28.240964 17616 install.go:58] Looking for installed versions
I0817 09:07:28.240964 17616 platform.go:43] Matching platform for labels(arch=amd64,os=windows)
I0817 09:07:28.241972 17616 platform.go:51] Found matching platform with index (3)
I0817 09:07:28.241972 17616 install.go:77] Install plugin krew at version=v0.3.4
I0817 09:07:28.241972 17616 install.go:94] Creating download staging directory
I0817 09:07:28.242972 17616 install.go:99] Successfully created download staging directory "C:\\Users\\$USER\\AppData\\Local\\Temp\\krew-downloads840724231"
I0817 09:07:28.242972 17616 fetch.go:39] Fetching "https://github.com/kubernetes-sigs/krew/releases/download/v0.3.4/krew.tar.gz"
I0817 09:07:29.255640 17616 downloader.go:42] Reading archive file into memory
I0817 09:08:28.532342 17616 downloader.go:47] Read 17148821 bytes from archive into memory
I0817 09:08:28.532342 17616 verifier.go:51] Compare sha256 (6629b1d7ad215322361f8dd270396fd1a23555fdbde8dcc1ba4ad860978b319a) signed version
I0817 09:08:28.536309 17616 downloader.go:203] detected "application/x-gzip" file type
I0817 09:08:28.542372 17616 downloader.go:100] tar: extracting to "C:\\Users\\$USER\\AppData\\Local\\Temp\\krew-downloads840724231"
I0817 09:08:28.544342 17616 downloader.go:118] tar: processing "./LICENSE" (type=48, mode=-rw-r--r--)
I0817 09:08:28.547365 17616 downloader.go:137] tar: ensuring parent dirs exist for regular file, dir=C:\Users\$USER\AppData\Local\Temp\krew-downloads840724231
I0817 09:08:28.551312 17616 downloader.go:154] tar: processed "./LICENSE"
I0817 09:08:28.551312 17616 downloader.go:118] tar: processing "./krew-darwin_amd64" (type=48, mode=-rwxr-xr-x)
I0817 09:08:28.552316 17616 downloader.go:137] tar: ensuring parent dirs exist for regular file, dir=C:\Users\$USER\AppData\Local\Temp\krew-downloads840724231
I0817 09:08:28.658333 17616 downloader.go:154] tar: processed "./krew-darwin_amd64"
I0817 09:08:28.658333 17616 downloader.go:118] tar: processing "./krew-linux_amd64" (type=48, mode=-rwxr-xr-x)
I0817 09:08:28.660333 17616 downloader.go:137] tar: ensuring parent dirs exist for regular file, dir=C:\Users\$USER\AppData\Local\Temp\krew-downloads840724231
I0817 09:08:28.751336 17616 downloader.go:154] tar: processed "./krew-linux_amd64"
I0817 09:08:28.751336 17616 downloader.go:118] tar: processing "./krew-linux_arm" (type=48, mode=-rwxr-xr-x)
I0817 09:08:28.753328 17616 downloader.go:137] tar: ensuring parent dirs exist for regular file, dir=C:\Users\$USER\AppData\Local\Temp\krew-downloads840724231
I0817 09:08:28.834328 17616 downloader.go:154] tar: processed "./krew-linux_arm"
I0817 09:08:28.835301 17616 downloader.go:118] tar: processing "./krew-windows_amd64.exe" (type=48, mode=-rwxr-xr-x)
I0817 09:08:28.836300 17616 downloader.go:137] tar: ensuring parent dirs exist for regular file, dir=C:\Users\$USER\AppData\Local\Temp\krew-downloads840724231
I0817 09:08:28.929327 17616 downloader.go:154] tar: processed "./krew-windows_amd64.exe"
I0817 09:08:28.929327 17616 downloader.go:156] tar extraction to C:\Users\$USER\AppData\Local\Temp\krew-downloads840724231 complete
I0817 09:08:28.931301 17616 move.go:157] Creating directory "C:\\Users\\$USER\\.krew\\store\\krew"
I0817 09:08:28.933333 17616 move.go:163] Creating temp plugin move operations dir "C:\\Users\\$USER\\AppData\\Local\\Temp\\krew-temp-move629790906"
I0817 09:08:28.933333 17616 move.go:125] Finding move targets from "C:\\Users\\$USER\\AppData\\Local\\Temp\\krew-downloads840724231" to "C:\\Users\\$USER\\AppData\\Local\\Temp\\krew-temp-move629790906" with file operation=index.FileOperation{From:"./krew-windows_amd64.exe", To:"krew.exe"}
I0817 09:08:28.934306 17616 move.go:44] Trying to move single file directly from="C:\\Users\\$USER\\AppData\\Local\\Temp\\krew-downloads840724231" to="C:\\Users\\$USER\\AppData\\Local\\Temp\\krew-temp-move629790906" with file operation=index.FileOperation{From:"./krew-windows_amd64.exe", To:"krew.exe"}
I0817 09:08:28.934306 17616 move.go:48] Detected single move from file operation=index.FileOperation{From:"./krew-windows_amd64.exe", To:"krew.exe"}
I0817 09:08:28.934306 17616 move.go:132] Move file from "C:\\Users\\$USER\\AppData\\Local\\Temp\\krew-downloads840724231\\krew-windows_amd64.exe" to "C:\\Users\\$USER\\AppData\\Local\\Temp\\krew-temp-move629790906\\krew.exe"
I0817 09:08:28.936336 17616 move.go:141] Move operations are complete
I0817 09:08:28.936336 17616 move.go:125] Finding move targets from "C:\\Users\\$USER\\AppData\\Local\\Temp\\krew-downloads840724231" to "C:\\Users\\$USER\\AppData\\Local\\Temp\\krew-temp-move629790906" with file operation=index.FileOperation{From:"./LICENSE", To:"."}
I0817 09:08:28.937299 17616 move.go:44] Trying to move single file directly from="C:\\Users\\$USER\\AppData\\Local\\Temp\\krew-downloads840724231" to="C:\\Users\\$USER\\AppData\\Local\\Temp\\krew-temp-move629790906" with file operation=index.FileOperation{From:"./LICENSE", To:"."}
I0817 09:08:28.937299 17616 move.go:48] Detected single move from file operation=index.FileOperation{From:"./LICENSE", To:"."}
I0817 09:08:28.937299 17616 move.go:132] Move file from "C:\\Users\\$USER\\AppData\\Local\\Temp\\krew-downloads840724231\\LICENSE" to "C:\\Users\\$USER\\AppData\\Local\\Temp\\krew-temp-move629790906\\LICENSE"
I0817 09:08:28.939299 17616 move.go:141] Move operations are complete
I0817 09:08:28.941300 17616 move.go:173] Move directory "C:\\Users\\$USER\\AppData\\Local\\Temp\\krew-temp-move629790906" to "C:\\Users\\$USER\\.krew\\store\\krew\\v0.3.4"
I0817 09:08:28.943299 17616 move.go:176] Cleaning up installation directory due to error during copying files
I0817 09:08:29.004333 17616 install.go:101] Deleting the download staging directory C:\Users\$USER\AppData\Local\Temp\krew-downloads840724231
W0817 09:08:29.010333 17616 install.go:138] failed to install plugin "krew": install failed: failed while moving files to the installation directory: could not rename/copy directory "C:\\Users\\$USER\\AppData\\Local\\Temp\\krew-temp-move629790906" to "C:\\Users\\$USER\\.krew\\store\\krew\\v0.3.4": rename C:\Users\$USER\AppData\Local\Temp\krew-temp-move629790906 C:\Users\$USER\.krew\store\krew\v0.3.4: Access is denied.
F0817 09:08:29.010333 17616 root.go:75] rename C:\Users\$USER\AppData\Local\Temp\krew-temp-move629790906 C:\Users\$USER\.krew\store\krew\v0.3.4: Access is denied.
could not rename/copy directory "C:\\Users\\$USER\\AppData\\Local\\Temp\\krew-temp-move629790906" to "C:\\Users\\$USER\\.krew\\store\\krew\\v0.3.4"
sigs.k8s.io/krew/internal/installation.moveToInstallDir
/home/runner/work/krew/krew/internal/installation/move.go:179
sigs.k8s.io/krew/internal/installation.install
/home/runner/work/krew/krew/internal/installation/install.go:111
sigs.k8s.io/krew/internal/installation.Install
/home/runner/work/krew/krew/internal/installation/install.go:78
sigs.k8s.io/krew/cmd/krew/cmd.init.1.func1
/home/runner/work/krew/krew/cmd/krew/cmd/install.go:130
github.com/spf13/cobra.(*Command).execute
/home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:762
github.com/spf13/cobra.(*Command).ExecuteC
/home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:852
github.com/spf13/cobra.(*Command).Execute
/home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:800
sigs.k8s.io/krew/cmd/krew/cmd.Execute
/home/runner/work/krew/krew/cmd/krew/cmd/root.go:73
main.main
/home/runner/work/krew/krew/cmd/krew/main.go:24
runtime.main
/opt/hostedtoolcache/go/1.13.7/x64/src/runtime/proc.go:203
runtime.goexit
/opt/hostedtoolcache/go/1.13.7/x64/src/runtime/asm_amd64.s:1357
failed while moving files to the installation directory
sigs.k8s.io/krew/internal/installation.install
/home/runner/work/krew/krew/internal/installation/install.go:112
sigs.k8s.io/krew/internal/installation.Install
/home/runner/work/krew/krew/internal/installation/install.go:78
sigs.k8s.io/krew/cmd/krew/cmd.init.1.func1
/home/runner/work/krew/krew/cmd/krew/cmd/install.go:130
github.com/spf13/cobra.(*Command).execute
/home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:762
github.com/spf13/cobra.(*Command).ExecuteC
/home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:852
github.com/spf13/cobra.(*Command).Execute
/home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:800
sigs.k8s.io/krew/cmd/krew/cmd.Execute
/home/runner/work/krew/krew/cmd/krew/cmd/root.go:73
main.main
/home/runner/work/krew/krew/cmd/krew/main.go:24
runtime.main
/opt/hostedtoolcache/go/1.13.7/x64/src/runtime/proc.go:203
runtime.goexit
/opt/hostedtoolcache/go/1.13.7/x64/src/runtime/asm_amd64.s:1357
install failed
sigs.k8s.io/krew/internal/installation.Install
/home/runner/work/krew/krew/internal/installation/install.go:85
sigs.k8s.io/krew/cmd/krew/cmd.init.1.func1
/home/runner/work/krew/krew/cmd/krew/cmd/install.go:130
github.com/spf13/cobra.(*Command).execute
/home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:762
github.com/spf13/cobra.(*Command).ExecuteC
/home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:852
github.com/spf13/cobra.(*Command).Execute
/home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:800
sigs.k8s.io/krew/cmd/krew/cmd.Execute
/home/runner/work/krew/krew/cmd/krew/cmd/root.go:73
main.main
/home/runner/work/krew/krew/cmd/krew/main.go:24
runtime.main
/opt/hostedtoolcache/go/1.13.7/x64/src/runtime/proc.go:203
runtime.goexit
/opt/hostedtoolcache/go/1.13.7/x64/src/runtime/asm_amd64.s:1357
failed to install some plugins: [krew]
sigs.k8s.io/krew/cmd/krew/cmd.init.1.func1
/home/runner/work/krew/krew/cmd/krew/cmd/install.go:157
github.com/spf13/cobra.(*Command).execute
/home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:762
github.com/spf13/cobra.(*Command).ExecuteC
/home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:852
github.com/spf13/cobra.(*Command).Execute
/home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:800
sigs.k8s.io/krew/cmd/krew/cmd.Execute
/home/runner/work/krew/krew/cmd/krew/cmd/root.go:73
main.main
/home/runner/work/krew/krew/cmd/krew/main.go:24
runtime.main
/opt/hostedtoolcache/go/1.13.7/x64/src/runtime/proc.go:203
runtime.goexit
/opt/hostedtoolcache/go/1.13.7/x64/src/runtime/asm_amd64.s:1357
/opt/hostedtoolcache/go/1.13.7/x64/src/runtime/asm_amd64.s:1357
failed while moving files to the installation directory
sigs.k8s.io/krew/internal/installation.install
/home/runner/work/krew/krew/internal/installation/install.go:112
sigs.k8s.io/krew/internal/installation.Install
/home/runner/work/krew/krew/internal/installation/install.go:78
sigs.k8s.io/krew/cmd/krew/cmd.init.1.func1
/home/runner/work/krew/krew/cmd/krew/cmd/install.go:130
github.com/spf13/cobra.(*Command).execute
/home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:762
github.com/spf13/cobra.(*Command).ExecuteC
/home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:852
github.com/spf13/cobra.(*Command).Execute
/home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:800
sigs.k8s.io/krew/cmd/krew/cmd.Execute
/home/runner/work/krew/krew/cmd/krew/cmd/root.go:73
main.main
/home/runner/work/krew/krew/cmd/krew/main.go:24
runtime.main
/opt/hostedtoolcache/go/1.13.7/x64/src/runtime/proc.go:203
runtime.goexit
/opt/hostedtoolcache/go/1.13.7/x64/src/runtime/asm_amd64.s:1357
install failed
sigs.k8s.io/krew/internal/installation.Install
/home/runner/work/krew/krew/internal/installation/install.go:85
sigs.k8s.io/krew/cmd/krew/cmd.init.1.func1
/home/runner/work/krew/krew/cmd/krew/cmd/install.go:130
github.com/spf13/cobra.(*Command).execute
/home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:762
github.com/spf13/cobra.(*Command).ExecuteC
/home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:852
github.com/spf13/cobra.(*Command).Execute
/home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:800
sigs.k8s.io/krew/cmd/krew/cmd.Execute
/home/runner/work/krew/krew/cmd/krew/cmd/root.go:73
main.main
/home/runner/work/krew/krew/cmd/krew/main.go:24
runtime.main
/opt/hostedtoolcache/go/1.13.7/x64/src/runtime/proc.go:203
runtime.goexit
/opt/hostedtoolcache/go/1.13.7/x64/src/runtime/asm_amd64.s:1357
failed to install some plugins: [krew]
sigs.k8s.io/krew/cmd/krew/cmd.init.1.func1
/home/runner/work/krew/krew/cmd/krew/cmd/install.go:157
github.com/spf13/cobra.(*Command).execute
/home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:762
github.com/spf13/cobra.(*Command).ExecuteC
/home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:852
github.com/spf13/cobra.(*Command).Execute
/home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:800
sigs.k8s.io/krew/cmd/krew/cmd.Execute
/home/runner/work/krew/krew/cmd/krew/cmd/root.go:73
main.main
/home/runner/work/krew/krew/cmd/krew/main.go:24
runtime.main
/opt/hostedtoolcache/go/1.13.7/x64/src/runtime/proc.go:203
runtime.goexit
/opt/hostedtoolcache/go/1.13.7/x64/src/runtime/asm_amd64.s:1357
Running into similar issue. Suspect same.
For the work around I grabbed the files from: https://github.com/kubernetes-sigs/krew/releases/download/v0.4.0/krew.tar.gz
- Extracted both the License and krew-windows_amd64.exe.
- Renamed krew-windows_amd64.exe to krew.exe.
- Placed both into USERHOME.krew\store\krew\v0.4.0\
I then ran:
krew install krew
And it worked.
C:\bin>kubectl krew krew is the kubectl plugin manager.
Looks like I would need to do this for each plugin I would want.
We have other windows users reporting it works on their machines with PowerShell running as Administrator. Could there be something controlling fs access such as an antivirus software or corporate machine policy?
It could be, But what is odd, The ingress-nginx gave me the same problem as krew. But change-ns installed without issue.
I need a better answer than "could be". :) If there's an AV program on your system, it's not worth trying to understand why it silently blocks or deletes certain binaries. There's little to none we can do about that.
If there's an AV program on your system, it's not worth trying to understand why it silently blocks or deletes certain binaries.
Regarding my original issue, I'm pretty sure it has to do with file locking, which is much more reasonable than randomly deleting binaries. :)
There's little to none we can do about that.
Well, that's not entirely true, since the workaround is already implemented, just not used. FYI, rustup implemented similar workarounds for the same AV software: https://github.com/rust-lang/rustup/issues/1912 Unfortunately, this particular (and admittedly very annoying) AV software is very popular in corporate environments, where you cannot temporarily disable it or remove it from your machine, which makes it very hard to ignore its existence.
Thanks for pointing it out. It seems the same issue as this one https://github.com/golang/go/issues/36568. Ideally we'd expect this can be handled at a lower level such as the stdlib, but we might reuse a fix (perhaps in a higher level library that offers retries etc).
I meant to point this out. The issue doesnt occur with some of the plug-ins.
I wasn't able to do krew, or the ingress-nginx. But change-ns went in with no complaint. I am not sure how they handle their respective "installs" different. I haven't had a chance to look.
I think an interesting test would be attempting to install every single plugin available (you can put them all in the same krew install command). Then running krew list > out1.txt, nuking everything (delete $HOME.krew) and re-do operation and save krew list > out2.txt and compare the two files.
Since AV is racing with our fs operations, I suspect the lists won't be identical (hence the fixes showing using "sleep" or retry in the code for rename operations).
Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close.
Send feedback to sig-testing, kubernetes/test-infra and/or fejta. /lifecycle stale
Yeah, so to add a little technical colour, some AV implementations hook in post-write, opening and scanning the file after it is written to disk. No implication of TOCTOU race, since they could also have a JIT check in place. But an IO pattern of:
- creat
- write
- close
- rename (either the file or a containing directory)
will race with the AV scanners
- open
- read
- close calls on Windows OS's.
Note that the AV scanner is multi threaded, making many of these calls overlapped: trying to thread the needle between them with high frequency attempts is impossible and just increases CPU utilisation.
To fix that, either: don't perform that IO pattern, or use a retry-with-backoff strategy on the rename. A 10 step Fibonacci sequence retry (in ms, so 1,1,2,3,5,8,13,21,34,55, sum(delay)=143(eep!)) has eliminated reports of this bug for us in Rustup, which drops several hundred MB of HTML on disk in a few seconds - more than enough to cause a backlog for virus scanners that use this particular strategy. Most users get great performance, a few with terrible AV implementations get poor performance. (I say terrible because these files don't need to be scanned immediately - waiting for some indication they are going to be read would be a better strategy, and safe installation idioms like this represent are extremely common on other platforms than Windows - which is why so many non-Windows heritage programs run into this problem.
Tried the upper solution, but still not work. Always say, synlink created failed.....
Is there anyone could help on this? Will be grateful.
I have a similar error:
failed to retrieve plugin indexes: failed to list the remote URL for index default: command execution failure, output="": exit status 1
Is there a possibility to fix this bug?
Meanwhile to not be blocked by this stuff, I made some script for this, providing this script via our company portal and is executed as a local-admin, it will bluntly copy krew into the any available user in C:\Users\$User\.krew
Re-use by your own liking...
#SCRIPT_USER_HOMEDIR="C:\Windows\System32\Config\systemprofile\"
$scriptUserHomedir = $env:USERPROFILE
$krewVersion = "0.4.3"
$krewTargetBinary = "krew-v${krewVersion}.exe"
Function Test-CommandExists
{
Param ($command)
$oldPreference = $ErrorActionPreference
$ErrorActionPreference = ‘stop’
try {if(Get-Command $command){RETURN $true}}
Catch {Write-Host “$command does not exist”; RETURN $false}
Finally {$ErrorActionPreference=$oldPreference}
}
# Get current paths
$currentSystemEnvPaths = (Get-ItemProperty -Path 'Registry::HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment' -Name PATH).path
# Die if git is not installed.
if(!(Test-CommandExists git)) {
Write-Error "Git does not exist, let's die" -ErrorAction Stop
} else {
$gitPath = Get-Command git
Write-Host "Found git: $gitPath"
}
# Store current location
$startLocation = $PWD.Path
# Note: How is the krew.exe binary made available to C:\Krew ?
# If krew-v{krewVersion}.exe does not exist, pull it.
if (-not(Test-Path -Path "${scriptUserHomedir}\${krewTargetBinary}" -PathType Leaf)) {
try {
Invoke-WebRequest -Uri "https://github.com/kubernetes-sigs/krew/releases/download/v${krewVersion}/krew.exe" -OutFile "${scriptUserHomedir}\${krewTargetBinary}"
Write-Host "Pulled krew-v${krewVersion}.exe from github.com, deleting old krew binary"
Remove-Item "${scriptUserHomedir}\krew*.exe" -Exclude $krewTargetBinary
}
catch {
throw $_.Exception.Message
}
# If the file already exists, show the message and do nothing.
}
else {
Write-Host "${krewTargetBinary} already exists, not pulling."
}
# Install Krew & Plugins
Write-Host "Install krew + plugins"
set-location $scriptUserHomedir
Start-Process -FilePath $(".\" + $krewTargetBinary) -ArgumentList "install krew" -Wait -WindowStyle Hidden
Start-Process -FilePath $(".\" + $krewTargetBinary) -ArgumentList "install oidc-login" -Wait -WindowStyle Hidden
Start-Process -FilePath $(".\" + $krewTargetBinary) -ArgumentList "install auth-proxy" -Wait -WindowStyle Hidden
# Krew is installed in the homedirectory of the System user executing this script
$Source = "${scriptUserHomedir}\.krew"
# Krew is then copied to all users
$Destination = 'C:\users\*\.krew'
# Copy krew to all available users on the system, except for the user executing this script
$userfolders=Get-ChildItem c:\users
$fullpath= "c:\users\"+$env:username
ForEach ($userfolder in $userfolders) {
if($userfolder.fullname -ne $fullpath) {
Write-Host "Copy krew to $userfolder"
Copy-Item -Path $Source -Destination "$($userfolder.fullname)" -Recurse -Force
} else {
Write-Host "Don't copy to self ($env:Username)"
}
}
# Add krew to System Environment Variables permanently if it is not set
if(!($currentSystemEnvPaths.Contains("krew"))) {
Write-Host "Adding krew to System Environment Path"
$newSystemPath = "$currentSystemEnvPaths;%USERPROFILE%\.krew\bin"
Set-ItemProperty -Path 'Registry::HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment' -Name PATH -Value $newSystemPath
} else {
Write-Host "Krew already in System Environment Path:\n$currentSystemEnvPaths"
}
refreshenv
set-location $startLocation
Add this to your Powershell profile. Make sure to add it to the correct profile for your Powershell version and adjust accordingly (Powershell 5 = powershell.exe and Powershell 7 = pwsh.exe)
function Test-Administrator {
$currentUser = New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent())
return $currentUser.IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)
}
function krew {
$binaryPath = "D:\5. Program Files (x86)\Kubernetes\krew.exe"
if (Test-Administrator) {
# Run the binary directly since the session is elevated
& $binaryPath @args
} else {
# Notify the user about elevation and start a new PowerShell process with admin rights
Write-Host "This operation requires administrative privileges. We will now run this script as Administrator." -foregroundcolor red
Start-Process -FilePath "pwsh.exe" -Verb RunAs
Exit
}
}
The script basically checks for the command "krew" and if detected, it will check if your current Powershell session is elevated (running as admin) or not. If yes, then it'll just process whatever command you feed to it, e.g. "krew update". If Powershell session is not elevated, it'll prompt you to run Powershell as admin. As the script is added to your Powershell profile, it will load automatically on every new Powershell process that is launched.
@chaoscreater If you're having trouble with the installation because of symbolic links, you should probably just enable developer mode instead. That's much simpler than the script you posted.
If your AV is giving you trouble, as in my original report, elevation does not help at all.
@chaoscreater If you're having trouble with the installation because of symbolic links, you should probably just enable developer mode instead. That's much simpler than the script you posted.
If your AV is giving you trouble, as in my original report, elevation does not help at all.
Just because something is simpler, doesn't mean it's a good solution. If that were the case, there'd be no need for security and Microsoft may as well just enable developer mode for all new WIndows installations by default. There'd be no need for UAC, etc.
Allowing unsigned apps to be installed without any security intervention is bad practice, hence why it's called "developer" mode and not "production" mode.
My script works perfectly fine. It allows UAC elevation when required.
Anyway, for those who wants to try the 'enable developer mode' method, make sure to first delete the .krew folder from your user profile (C:\Users\Your_User_Name). Then run a new instance of Powershell and then you can do krew install krew and krew update to test if it works.
@chaoscreater The same argument can be made against running random processes as elevated even though they don't actually need elevation.
But that's besides the point: I mostly replied to you to point out to anyone who comes across this issue that your script does not fix the problem described in the OP.
@chaoscreater The same argument can be made against running random processes as elevated even though they don't actually need elevation.
But that's besides the point: I mostly replied to you to point out to anyone who comes across this issue that your script does not fix the problem described in the OP.
There have been multiple comments posted in this repo about running Powershell as admin to fix the issue and I can confirm that definitely works. My script simply prompts the user to run elevated Powershell whenever the "krew" command is detected in the console.
Does the app need elevation? Probably not. Does my script change or alter its intended installation behaviour? No. It doesn't change how Powershell works either. The user is only prompted to run as admin temporarily for just that instance of Powershell session.
Your fix on the other hand, changes the entire system permanently, until you decide to toggle that setting to off at least. If you're running this in a sandbox or test environment, that's fine. But in production? That's a bad idea. Again, there's a reason why this is called the developer mode and why it's off by default.
running random processes as elevated even though they don't actually need elevation.
You're making a point about how this app shouldn't require admin rights to run, and yet your solution is to expose your entire system. How ironic. Good job. Let me guess, you probably have all the security related settings on your system turned off, have local administrator account enabled and password set to never expire, never use MFA and also antivirus disabled. Because it makes everything so much "easier". Probably don't even use screen locks either because hey it's one extra step to unlocking the phone.
Before this thread derails any further: I'm not sure what changed in the meantime, but I can no longer reproduce the original issue with the latest version of krew. Somehow, the race described in https://github.com/kubernetes-sigs/krew/issues/631#issuecomment-845786967 no longer seems to block installations, or at least I cannot reproduce the failure anymore. Therefore, I'm closing this issue.
Before this thread derails any further: I'm not sure what changed in the meantime, but I can no longer reproduce the original issue with the latest version of krew. Somehow, the race described in #631 (comment) no longer seems to block installations, or at least I cannot reproduce the failure anymore. Therefore, I'm closing this issue.
Pretty sure you need to re-enable developer mode, then either rename or delete .krew from your C:\Users\username folder, then open Powershell as normal user and try the commands. I can still replicate the issue on the latest krew version. Tested this on a new VM. Either my script or your developer mode fix will work, but the issue is definitely still there without the fix.
I just tried the following, in a regular (non-elevated) pwsh, with developer mode enabled (since I need it to be enabled anyway for my daily development work):
-
rm -r -fo "$env:USERPROFILE\.krew" - Download krew.exe from release v0.4.4
-
.\Downloads\krew.exe install krew - Install further plugins using
kubectl krew install
I cannot exclude the possibility that IT changed our AV configuration in the meantime (I have no insight into that), but I did not run into any errors this time. When I originally opened this issue, the above steps failed consistently.
I just tried the following, in a regular (non-elevated) pwsh, with developer mode enabled (since I need it to be enabled anyway for my daily development work):
rm -r -fo "$env:USERPROFILE\.krew"- Download krew.exe from release v0.4.4
.\Downloads\krew.exe install krew- Install further plugins using
kubectl krew installI cannot exclude the possibility that IT changed our AV configuration in the meantime (I have no insight into that), but I did not run into any errors this time.
How is that even a test? You've mentioned in an earlier comment that you've enabled developer mode and that allows you to use krew without issues. So how is keeping developer mode enabled supposed to help you test whether krew works or not? Of course it's still going to work.
Sorry to be blunt @chaoscreater, but please finally read the first few comments in this thread in their entirety: The issue you're commenting on originally caused the installation to fail even if you could already create symbolic links (thanks to elevation / developer mode). That no longer happens - if you can create symbolic links, the installation now works.
If you think that the fact that symlinks are used in the first place is a bug, please open a new GitHub issue, because this is not the correct thread for that.