Running Chocolatey CLI with an expired Chocolatey License can result in non-commercial commands failing to run

[steviecoaster]

What You Are Seeing?

If you're running a licensed edition, and your license expires it is expected that Chocolatey falls back to FOSS operational mode. We raised and fixed this issue in #1500, but it looks like we need to backport some of that work into the open source codebase.

What is Expected?

An expired license should not prevent choco install etc to fail

[ferventcoder]

This could just need new Rhino.Licensing. The fix was in there IIRC.

[corbob]

So I've been able to reproduce this issue with the following steps:

1. Create two packages: test and test2
2. Remove all contents from ChocolateyInstall.ps1
3. Add Start-Sleep -seconds 300
4. Set test2 to depend on test
5. choco pack both of these packages
6. Set the clock on your computer to be 2 or 3 minutes before midnight UTC for when your Chocolatey License expires
7. Run choco install test2 -s . -y and let it run to completion.
8. You should see test complete successfully, but test2 fail:
   

To make it a little easier to test, I've created a gist: https://gist.github.com/5d21047ad9aef5367b953a88db8d9990

You can test with the gist by running the following (this assumes you have both Chocolatey and git installed):

git clone https://gist.github.com/5d21047ad9aef5367b953a88db8d9990.git
cd 5d21047ad9aef5367b953a88db8d9990
choco pack .\test.nuspec
choco pack .\test2.nuspec
[xml]$a = gc C:\programdata\Chocolatey\license\chocolatey.license.xml
Set-TimeZone -Id UTC
set-date (get-date $a.license.expiration).AddMinutes(-3)
choco install test2 -s . -y

Of particular interest is that this test2 package doesn't seem to be able to be installed until you replace the license with a non-expired one or remove the license entirely, but all other packages seem to install just fine.

After getting test2 to install without any license installed, reinstalled the license and tried to force install. This also failed. Immediately installed putty which was successful.

[corbob]

I'm not able to update Rhino.Licensing to the latest we have internally as it's built on framework 4.8, dotnet standard 2, and dotnet core 3 so trying to reference it fails to build.

I have been able to trace the code to this pipeline.Invoke(): https://github.com/chocolatey/choco/blob/master/src/chocolatey/infrastructure.app/services/PowershellService.cs#L635 But then sometime while it's running, it seems the Rhino.Licensing license check Task returns and throws an exception. Looking at the source for Rhino.Licensing, it looks like the disabling of the license check is in there, but I can't tell if it's actually being set properly.

[corbob]

Ok, this has taken some digging, but basically what appears to be happening: When we do a license check, Rhino.Licensing sets a timer that fires every 5 minutes to revalidate the license. We attempt to disable the future license checks, but it's not guaranteed to happen. Further to that, when the license is expired, Rhino.Licensing throws an Invalid License Exception before it disables the check, so the timer is still active and throws an exception when it fires next.

So when we first start up, we check the license. Rhino.Licensing sets the license check timer, then it checks if the license is valid. When the license is invalid because it's expired it throws an exception, but leaves the timer active. If whatever task Chocolatey is doing takes longer than 5 minutes it will encounter an unhandled exception coming from Rhino.Licensing.

Based on this, I'll open an issue in https://github.com/chocolatey/rhino-licensing to address both the potential that the timer doesn't get removed, and that the exception is thrown before disabling the timer. Once the issue is created I'll update this issue so they can be linked together.

[corbob]

Issue 4 opened on Rhino.Licensing repository.