win_package improvements

melo936 · melo936 · commit baaa655d82e2 · 2025-07-02T12:53:29.000+04:00
- add download and download-path args
- add cert key usage check
diff --git a/src/lib/core/performance/performance_service.dart b/src/lib/core/performance/performance_service.dart
@@ -124,15 +124,11 @@ class PerformanceService {
   }
 
   Future<void> enableMemoryCompression() async {
-    await _shell.run(
-      'PowerShell -NonInteractive -NoLogo -NoProfile -Command "Enable-MMAgent -mc"',
-    );
+    await runPSCommand('Enable-MMAgent -mc');
   }
 
   Future<void> disableMemoryCompression() async {
-    await _shell.run(
-      'PowerShell -NonInteractive -NoLogo -NoProfile -Command "Disable-MMAgent -mc"',
-    );
+    await runPSCommand('Disable-MMAgent -mc');
   }
 
   bool get statusIntelTSX {
diff --git a/src/lib/core/security/security_command.dart b/src/lib/core/security/security_command.dart
@@ -3,13 +3,11 @@ import 'dart:io';
 
 import 'package:args/command_runner.dart';
 
-import 'package:process_run/shell_run.dart';
 import 'package:revitool/core/security/security_service.dart';
 import 'package:revitool/utils.dart';
 
 class SecurityCommand extends Command<String> {
   static final _securityService = SecurityService();
-  static final _shell = Shell();
   String get tag => "[Security - Defender]";
 
   @override
@@ -71,8 +69,8 @@ Virus and Threat Protections Status: ${_securityService.statusDefenderProtection
       }
 
       if (!_securityService.statusDefenderProtectionTamper) {
-        await _shell.run(
-          'PowerShell -EP Unrestricted -NonInteractive -NoLogo -NoP Set-MpPreference -DisableRealtimeMonitoring \$true',
+        await runPSCommand(
+          'Set-MpPreference -DisableRealtimeMonitoring \$true',
         );
         break;
       }
diff --git a/src/lib/core/security/security_service.dart b/src/lib/core/security/security_service.dart
@@ -324,8 +324,8 @@ class SecurityService {
       );
 
       if (File(_mpCmdRunString).existsSync()) {
-        await _shell.run(
-          "PowerShell -EP Unrestricted -NonInteractive -NoLogo -NoP -C 'Start-Process -FilePath \"$_mpCmdRunString\" -ArgumentList \"-RemoveDefinitions -All\" -NoNewWindow -Wait'",
+        await runPSCommand(
+          'Start-Process -FilePath "$_mpCmdRunString" -ArgumentList "-RemoveDefinitions -All" -NoNewWindow -Wait',
         );
       }
 
diff --git a/src/lib/core/winsxs/win_package_command.dart b/src/lib/core/winsxs/win_package_command.dart
@@ -2,17 +2,16 @@ import 'dart:async';
 import 'dart:io';
 
 import 'package:args/command_runner.dart';
-import 'package:process_run/shell_run.dart';
 import 'package:revitool/core/ms_store/ms_store_command.dart';
 import 'package:revitool/core/security/security_service.dart';
 import 'package:revitool/core/winsxs/win_package_service.dart';
 import 'package:revitool/shared/win_registry_service.dart';
+import 'package:revitool/utils.dart';
 
 class WindowsPackageCommand extends Command<String> {
   static final _winPackageService = WinPackageService();
   static final _msStoreCommand = MSStoreCommand();
   static final _securityService = SecurityService();
-  static final _shell = Shell();
 
   static const tag = "[Windows Package]";
 
@@ -23,6 +22,21 @@ class WindowsPackageCommand extends Command<String> {
   String get name => 'winpackage';
 
   WindowsPackageCommand() {
+    argParser.addOption(
+      'download',
+      help: 'Downloads a package',
+
+      allowed: const [
+        'system-components-removal',
+        'defender-removal',
+        'ai-removal',
+      ],
+    );
+    argParser.addOption(
+      'download-path',
+      help: 'Custom download path for packages',
+      defaultsTo: WinPackageService.cabPath,
+    );
     argParser.addOption(
       'install',
       help: 'Install a package',
@@ -48,7 +62,12 @@ class WindowsPackageCommand extends Command<String> {
     final installOption = argResults?.option('install');
     final uninstallOption = argResults?.option('uninstall');
 
-    if (installOption != null) {
+    final downloadOption = argResults?.option('download');
+    final downloadPath = argResults?.option('download-path');
+
+    if (downloadOption != null) {
+      await _downloadPackage(downloadOption, downloadPath);
+    } else if (installOption != null) {
       await _installPackage(installOption);
     } else if (uninstallOption != null) {
       await _uninstallPackage(getPackageType(uninstallOption));
@@ -71,6 +90,23 @@ class WindowsPackageCommand extends Command<String> {
     }
   }
 
+  Future<void> _downloadPackage(
+    final String parameter,
+    final String? path,
+  ) async {
+    try {
+      final mode = getPackageType(parameter);
+      stdout.writeln('$tag Downloading package: ${mode.packageName}');
+      final packagePath = await _winPackageService.downloadPackage(
+        mode,
+        path: path,
+      );
+      stdout.writeln(packagePath);
+    } catch (e) {
+      stderr.writeln('$tag $e');
+    }
+  }
+
   Future<void> _installPackage(final String parameter) async {
     try {
       final mode = getPackageType(parameter);
@@ -89,11 +125,11 @@ class WindowsPackageCommand extends Command<String> {
       if (mode == WinPackageType.aiRemoval) {
         WinRegistryService.hidePageVisibilitySettings("aicomponents");
         WinRegistryService.hidePageVisibilitySettings("privacy-systemaimodels");
-        await _shell.run(
-          'PowerShell -EP Unrestricted -NonInteractive -NoLogo -NoP -C "Disable-WindowsOptionalFeature -Online -FeatureName Recall -NoRestart"',
+        await runPSCommand(
+          'Disable-WindowsOptionalFeature -Online -FeatureName Recall -NoRestart',
         );
-        await _shell.run(
-          'PowerShell -EP Unrestricted -NonInteractive -NoLogo -NoP -C "Get-AppxPackage -AllUsers Microsoft.Copilot* | Remove-AppxPackage"',
+        await runPSCommand(
+          'Get-AppxPackage -AllUsers Microsoft.Copilot* | Remove-AppxPackage',
         );
       }
     } catch (e) {
@@ -111,8 +147,8 @@ class WindowsPackageCommand extends Command<String> {
     if (packageType == WinPackageType.aiRemoval) {
       WinRegistryService.unhidePageVisibilitySettings("aicomponents");
       WinRegistryService.unhidePageVisibilitySettings("privacy-systemaimodels");
-      await _shell.run(
-        'PowerShell -EP Unrestricted -NonInteractive -NoLogo -NoP -C "Enable-WindowsOptionalFeature -Online -FeatureName Recall -NoRestart"',
+      await runPSCommand(
+        'Enable-WindowsOptionalFeature -Online -FeatureName Recall -NoRestart',
       );
       await _msStoreCommand.installPackage(
         id: "9nht9rb2f4hd",
diff --git a/src/lib/core/winsxs/win_package_service.dart b/src/lib/core/winsxs/win_package_service.dart
@@ -1,9 +1,9 @@
 import 'dart:io';
 import 'package:collection/collection.dart';
 import 'package:path/path.dart' as p;
-import 'package:process_run/shell.dart';
 import 'package:revitool/shared/network_service.dart';
 import 'package:revitool/shared/win_registry_service.dart';
+import 'package:revitool/utils.dart';
 
 import 'package:win32_registry/win32_registry.dart';
 
@@ -25,7 +25,6 @@ class WinPackageService {
   const WinPackageService._private();
 
   static final _networkService = NetworkService();
-  static final _shell = Shell();
 
   static final cabPath = p.join(
     Directory.systemTemp.path,
@@ -65,15 +64,13 @@ class WinPackageService {
         lastError == null;
   }
 
-  Future<String> downloadPackage(final WinPackageType packageType) async {
-    final cabPath = p.join(Directory.systemTemp.path, 'Revision-Tool', 'CAB');
-    if (await Directory(cabPath).exists()) {
-      try {
-        await Directory(cabPath).delete(recursive: true);
-      } catch (e) {
-        stderr.writeln('Failed to delete CAB directory: $e');
-      }
-    }
+  Future<String> downloadPackage(
+    final WinPackageType packageType, {
+    String? path,
+  }) async {
+    final downloadPath = path ?? cabPath;
+
+    Directory(downloadPath).createSync(recursive: true);
 
     final List<dynamic> assests = (await _networkService.getGHLatestRelease(
       ApiEndpoints.cabPackages,
@@ -90,30 +87,44 @@ class WinPackageService {
       throw 'No matching package found for ${packageType.packageName} with architecture ${WinRegistryService.cpuArch}';
     }
 
-    final downloadPath = "$cabPath\\$name";
-    await _networkService.downloadFile(downloadUrl, downloadPath);
-    if (!File(downloadPath).existsSync()) {
+    final filePath = p.join(downloadPath, name);
+
+    await _networkService.downloadFile(downloadUrl, filePath);
+    if (!File(filePath).existsSync()) {
       throw 'Failed to download package: $name';
     }
 
-    return downloadPath;
+    return filePath;
   }
 
   Future<void> installPackage(final String packagePath) async {
+    if (!File(packagePath).existsSync()) {
+      throw 'Package file does not exist: $packagePath';
+    }
+
+    String certValue = await runPSCommand(
+      '(Get-AuthenticodeSignature -FilePath "$packagePath").SignerCertificate.Extensions.EnhancedKeyUsages.Value',
+    );
+
+    if (certValue.isEmpty || certValue != '1.3.6.1.4.1.311.10.3.6') {
+      throw '[win_package] invalid signature: $packagePath';
+    }
+
     WinRegistryService.createKey(
       Registry.localMachine,
       r'Software\Microsoft\SystemCertificates\ROOT\Certificates\8A334AA8052DD244A647306A76B8178FA215F344',
     );
 
     // running it via TrustedInstaller causes 'Win32 internal error "Access is denied" 0x5 occurred while reading the console output buffer'
-    await _shell.run(
-      "powershell -EP Unrestricted -NoLogo -NonInteractive -NoP -C \"Add-WindowsPackage -Online -NoRestart -IgnoreCheck -PackagePath '$packagePath'\"",
+    await runPSCommand(
+      'Add-WindowsPackage -Online -NoRestart -IgnoreCheck -PackagePath "$packagePath"',
     );
+    await File(packagePath).delete();
   }
 
   Future<void> uninstallPackage(final WinPackageType packageType) async {
-    await _shell.run(
-      'PowerShell -EP Unrestricted -NonInteractive -NoLogo -NoP -C "Get-WindowsPackage -Online -PackageName \'${packageType.packageName}*\' | Remove-WindowsPackage -Online -NoRestart"',
+    await runPSCommand(
+      'Get-WindowsPackage -Online -PackageName "${packageType.packageName}*" | Remove-WindowsPackage -Online -NoRestart',
     );
   }
 }
diff --git a/src/lib/utils.dart b/src/lib/utils.dart
@@ -82,3 +82,21 @@ bool isProcessRunning(String name) {
 
   return result == 1;
 }
+
+/// PowerShell helper for executing commands with faster startup time
+Future<String> runPSCommand(String command) async {
+  final result = await Process.run('powershell', [
+    '-EP Unrestricted',
+    '-NoProfile',
+    '-NonInteractive',
+    '-NoLogo',
+    '-Command',
+    command,
+  ], runInShell: true);
+
+  if (result.exitCode != 0) {
+    throw Exception('PowerShell command failed: ${result.stderr}');
+  }
+
+  return result.stdout.toString();
+}

Original file line number	Diff line number	Diff line change
`@@ -124,15 +124,11 @@ class PerformanceService {`
`124`	`124`	`}`
`125`	`125`
`126`	`126`	`Future<void> enableMemoryCompression() async {`
`127`		`- await _shell.run(`
`128`		`- 'PowerShell -NonInteractive -NoLogo -NoProfile -Command "Enable-MMAgent -mc"',`
`129`		`- );`
	`127`	`+ await runPSCommand('Enable-MMAgent -mc');`
`130`	`128`	`}`
`131`	`129`
`132`	`130`	`Future<void> disableMemoryCompression() async {`
`133`		`- await _shell.run(`
`134`		`- 'PowerShell -NonInteractive -NoLogo -NoProfile -Command "Disable-MMAgent -mc"',`
`135`		`- );`
	`131`	`+ await runPSCommand('Disable-MMAgent -mc');`
`136`	`132`	`}`
`137`	`133`
`138`	`134`	`bool get statusIntelTSX {`
Original file line number	Diff line number	Diff line change
`@@ -324,8 +324,8 @@ class SecurityService {`
`324`	`324`	`);`
`325`	`325`
`326`	`326`	`if (File(_mpCmdRunString).existsSync()) {`
`327`		`- await _shell.run(`
`328`		`- "PowerShell -EP Unrestricted -NonInteractive -NoLogo -NoP -C 'Start-Process -FilePath \"$_mpCmdRunString\" -ArgumentList \"-RemoveDefinitions -All\" -NoNewWindow -Wait'",`
	`327`	`+ await runPSCommand(`
	`328`	`+ 'Start-Process -FilePath "$_mpCmdRunString" -ArgumentList "-RemoveDefinitions -All" -NoNewWindow -Wait',`
`329`	`329`	`);`
`330`	`330`	`}`
`331`	`331`