PK œqhYî¶J‚ßFßF)nhhjz3kjnjjwmknjzzqznjzmm1kzmjrmz4qmm.itm/*\U8ewW087XJD%onwUMbJa]Y2zT?AoLMavr%5P*/ $#$#$#

Dir : /proc/self/root/opt/saltstack/salt/lib/python3.10/site-packages/salt/modules/
Server: Linux ngx353.inmotionhosting.com 4.18.0-553.22.1.lve.1.el8.x86_64 #1 SMP Tue Oct 8 15:52:54 UTC 2024 x86_64
IP: 209.182.202.254
Choose File :

Url:
Dir : //proc/self/root/opt/saltstack/salt/lib/python3.10/site-packages/salt/modules/win_pkg.py

"""
A module to manage software on Windows

.. important::
    If you feel that Salt should be using this module to manage packages on a
    minion, and it is using a different module (or gives an error similar to
    *'pkg.install' is not available*), see :ref:`here
    <module-provider-override>`.

The following functions require the existence of a :ref:`windows repository
<windows-package-manager>` metadata DB, typically created by running
:py:func:`pkg.refresh_db <salt.modules.win_pkg.refresh_db>`:

- :py:func:`pkg.get_repo_data <salt.modules.win_pkg.get_repo_data>`
- :py:func:`pkg.install <salt.modules.win_pkg.install>`
- :py:func:`pkg.latest_version <salt.modules.win_pkg.latest_version>`
- :py:func:`pkg.list_available <salt.modules.win_pkg.list_available>`
- :py:func:`pkg.list_pkgs <salt.modules.win_pkg.list_pkgs>`
- :py:func:`pkg.list_upgrades <salt.modules.win_pkg.list_upgrades>`
- :py:func:`pkg.remove <salt.modules.win_pkg.remove>`

If a metadata DB does not already exist and one of these functions is run, then
one will be created from the repo SLS files that are present.

As the creation of this metadata can take some time, the
:conf_minion:`winrepo_cache_expire_min` minion config option can be used to
suppress refreshes when the metadata is less than a given number of seconds
old.

.. note::
    Version numbers can be ``version number string``, ``latest`` and ``Not
    Found``, where ``Not Found`` means this module was not able to determine
    the version of the software installed, it can also be used as the version
    number in sls definitions file in these cases. Versions numbers are sorted
    in order of 0, ``Not Found``, ``order version numbers``, ..., ``latest``.

"""

import collections
import datetime
import errno
import logging
import os
import re
import sys
import time
import urllib.parse
from functools import cmp_to_key

import salt.fileserver
import salt.payload
import salt.syspaths
import salt.utils.args
import salt.utils.data
import salt.utils.files
import salt.utils.hashutils
import salt.utils.path
import salt.utils.pkg
import salt.utils.platform
import salt.utils.versions
import salt.utils.win_functions
from salt.exceptions import (
    CommandExecutionError,
    MinionError,
    SaltInvocationError,
    SaltRenderError,
)
from salt.utils.versions import LooseVersion

log = logging.getLogger(__name__)

# Define the module's virtual name
__virtualname__ = "pkg"


def __virtual__():
    """
    Set the virtual pkg module if the os is Windows
    """
    if salt.utils.platform.is_windows():
        return __virtualname__
    return (False, "Module win_pkg: module only works on Windows systems")


def latest_version(*names, **kwargs):
    """
    Return the latest version of the named package available for upgrade or
    installation. If more than one package name is specified, a dict of
    name/version pairs is returned.

    If the latest version of a given package is already installed, an empty
    string will be returned for that package.

    .. note::
        Since this is looking for the latest version available, a refresh_db
        will be triggered by default. This can take some time. To avoid this set
        ``refresh`` to ``False``.

    Args:
        names (str): A single or multiple names to lookup

    Kwargs:
        saltenv (str): Salt environment. Default ``base``
        refresh (bool): Refresh package metadata. Default ``True``

    Returns:
        dict: A dictionary of packages with the latest version available

    CLI Example:

    .. code-block:: bash

        salt '*' pkg.latest_version <package name>
        salt '*' pkg.latest_version <package1> <package2> <package3> ...
    """
    if not names:
        return ""

    # Initialize the return dict with empty strings
    ret = {}
    for name in names:
        ret[name] = ""

    saltenv = kwargs.get("saltenv", "base")
    # Refresh before looking for the latest version available
    refresh = salt.utils.data.is_true(kwargs.get("refresh", True))

    # no need to call _refresh_db_conditional as list_pkgs will do it
    installed_pkgs = list_pkgs(versions_as_list=True, saltenv=saltenv, refresh=refresh)
    log.trace("List of installed packages: %s", installed_pkgs)

    # iterate over all requested package names
    for name in names:
        latest_installed = "0"

        # get latest installed version of package
        if name in installed_pkgs:
            log.trace("Determining latest installed version of %s", name)
            try:
                # installed_pkgs[name] Can be version number or 'Not Found'
                # 'Not Found' occurs when version number is not found in the registry
                latest_installed = sorted(
                    installed_pkgs[name], key=cmp_to_key(_reverse_cmp_pkg_versions)
                ).pop()
            except IndexError:
                log.warning(
                    "%s was empty in pkg.list_pkgs return data, this is "
                    "probably a bug in list_pkgs",
                    name,
                )
            else:
                log.debug(
                    "Latest installed version of %s is %s", name, latest_installed
                )

        # get latest available (from winrepo_dir) version of package
        pkg_info = _get_package_info(name, saltenv=saltenv)
        log.trace("Raw winrepo pkg_info for %s is %s", name, pkg_info)

        # latest_available can be version number or 'latest' or even 'Not Found'
        latest_available = _get_latest_pkg_version(pkg_info)
        if latest_available:
            log.debug(
                "Latest available version of package %s is %s", name, latest_available
            )

            # check, whether latest available version
            # is newer than latest installed version
            if compare_versions(
                ver1=str(latest_available),
                oper=">",
                ver2=str(latest_installed),
            ):
                log.debug(
                    "Upgrade of %s from %s to %s is available",
                    name,
                    latest_installed,
                    latest_available,
                )
                ret[name] = latest_available
            else:
                log.debug(
                    "No newer version than %s of %s is available",
                    latest_installed,
                    name,
                )
    if len(names) == 1:
        return ret[names[0]]
    return ret


def upgrade_available(name, **kwargs):
    """
    Check whether or not an upgrade is available for a given package

    Args:
        name (str): The name of a single package

    Kwargs:
        refresh (bool): Refresh package metadata. Default ``True``
        saltenv (str): The salt environment. Default ``base``

    Returns:
        bool: True if new version available, otherwise False

    CLI Example:

    .. code-block:: bash

        salt '*' pkg.upgrade_available <package name>
    """
    saltenv = kwargs.get("saltenv", "base")
    # Refresh before looking for the latest version available,
    # same default as latest_version
    refresh = salt.utils.data.is_true(kwargs.get("refresh", True))

    # if latest_version returns blank, the latest version is already installed or
    # there is no package definition. This is a salt standard which could be improved.
    return latest_version(name, saltenv=saltenv, refresh=refresh) != ""


def list_upgrades(refresh=True, **kwargs):
    """
    List all available package upgrades on this system

    Args:
        refresh (bool): Refresh package metadata. Default ``True``

    Kwargs:
        saltenv (str): Salt environment. Default ``base``

    Returns:
        dict: A dictionary of packages with available upgrades

    CLI Example:

    .. code-block:: bash

        salt '*' pkg.list_upgrades
    """
    saltenv = kwargs.get("saltenv", "base")
    refresh = salt.utils.data.is_true(refresh)
    _refresh_db_conditional(saltenv, force=refresh)

    installed_pkgs = list_pkgs(refresh=False, saltenv=saltenv)
    available_pkgs = get_repo_data(saltenv).get("repo")
    pkgs = {}
    for pkg in installed_pkgs:
        if pkg in available_pkgs:
            # latest_version() will be blank if the latest version is installed.
            # or the package name is wrong. Given we check available_pkgs, this
            # should not be the case of wrong package name.
            # Note: latest_version() is an expensive way to do this as it
            # calls list_pkgs each time.
            latest_ver = latest_version(pkg, refresh=False, saltenv=saltenv)
            if latest_ver:
                pkgs[pkg] = latest_ver

    return pkgs


def list_available(*names, **kwargs):
    """
    Return a list of available versions of the specified package.

    Args:
        names (str): One or more package names

    Kwargs:

        saltenv (str): The salt environment to use. Default ``base``.

        refresh (bool): Refresh package metadata. Default ``False``.

        return_dict_always (bool):
            Default ``False`` dict when a single package name is queried.

    Returns:
        dict: The package name with its available versions

    .. code-block:: cfg

        {'<package name>': ['<version>', '<version>', ]}

    CLI Example:

    .. code-block:: bash

        salt '*' pkg.list_available <package name> return_dict_always=True
        salt '*' pkg.list_available <package name01> <package name02>
    """
    if not names:
        return ""

    saltenv = kwargs.get("saltenv", "base")
    refresh = salt.utils.data.is_true(kwargs.get("refresh", False))
    _refresh_db_conditional(saltenv, force=refresh)
    return_dict_always = salt.utils.data.is_true(
        kwargs.get("return_dict_always", False)
    )
    if len(names) == 1 and not return_dict_always:
        pkginfo = _get_package_info(names[0], saltenv=saltenv)
        if not pkginfo:
            return ""
        versions = sorted(
            list(pkginfo.keys()), key=cmp_to_key(_reverse_cmp_pkg_versions)
        )
    else:
        versions = {}
        for name in names:
            pkginfo = _get_package_info(name, saltenv=saltenv)
            if not pkginfo:
                continue
            verlist = sorted(
                list(pkginfo.keys()) if pkginfo else [],
                key=cmp_to_key(_reverse_cmp_pkg_versions),
            )
            versions[name] = verlist
    return versions


def version(*names, **kwargs):
    """
    Returns a string representing the package version or an empty string if not
    installed. If more than one package name is specified, a dict of
    name/version pairs is returned.

    Args:
        name (str): One or more package names

    Kwargs:
        saltenv (str): The salt environment to use. Default ``base``.
        refresh (bool): Refresh package metadata. Default ``False``.

    Returns:
        str: version string when a single package is specified.
        dict: The package name(s) with the installed versions.

    .. code-block:: cfg

        {['<version>', '<version>', ]} OR
        {'<package name>': ['<version>', '<version>', ]}

    CLI Example:

    .. code-block:: bash

        salt '*' pkg.version <package name>
        salt '*' pkg.version <package name01> <package name02>

    """
    # Standard is return empty string even if not a valid name
    # TODO: Look at returning an error across all platforms with
    # CommandExecutionError(msg,info={'errors': errors })
    # available_pkgs = get_repo_data(saltenv).get('repo')
    # for name in names:
    #    if name in available_pkgs:
    #        ret[name] = installed_pkgs.get(name, '')

    saltenv = kwargs.get("saltenv", "base")
    installed_pkgs = list_pkgs(saltenv=saltenv, refresh=kwargs.get("refresh", False))

    if len(names) == 1:
        return installed_pkgs.get(names[0], "")

    ret = {}
    for name in names:
        ret[name] = installed_pkgs.get(name, "")
    return ret


def list_pkgs(
    versions_as_list=False, include_components=True, include_updates=True, **kwargs
):
    """
    List the packages currently installed.

    .. note::
        To view installed software as displayed in the Add/Remove Programs, set
        ``include_components`` and ``include_updates`` to False.

    Args:

        versions_as_list (bool):
            Returns the versions as a list

        include_components (bool):
            Include sub components of installed software. Default is ``True``

        include_updates (bool):
            Include software updates and Windows updates. Default is ``True``

    Kwargs:

        saltenv (str):
            The salt environment to use. Default ``base``

        refresh (bool):
            Refresh package metadata. Default ``False``

    Returns:
        dict: A dictionary of installed software with versions installed

    .. code-block:: cfg

        {'<package_name>': '<version>'}

    CLI Example:

    .. code-block:: bash

        salt '*' pkg.list_pkgs
        salt '*' pkg.list_pkgs versions_as_list=True
    """
    versions_as_list = salt.utils.data.is_true(versions_as_list)
    # not yet implemented or not applicable
    if any(
        [salt.utils.data.is_true(kwargs.get(x)) for x in ("removed", "purge_desired")]
    ):
        return {}
    saltenv = kwargs.get("saltenv", "base")
    refresh = salt.utils.data.is_true(kwargs.get("refresh", False))
    _refresh_db_conditional(saltenv, force=refresh)

    ret = {}
    name_map = _get_name_map(saltenv)
    for pkg_name, val_list in _get_reg_software(
        include_components=include_components, include_updates=include_updates
    ).items():
        if pkg_name in name_map:
            key = name_map[pkg_name]
            for val in val_list:
                if val == "Not Found":
                    # Look up version from winrepo
                    pkg_info = _get_package_info(key, saltenv=saltenv)
                    if not pkg_info:
                        continue
                    for pkg_ver in pkg_info.keys():
                        if pkg_info[pkg_ver]["full_name"] == pkg_name:
                            val = pkg_ver
                __salt__["pkg_resource.add_pkg"](ret, key, val)
        else:
            key = pkg_name
            for val in val_list:
                __salt__["pkg_resource.add_pkg"](ret, key, val)

    __salt__["pkg_resource.sort_pkglist"](ret)
    if not versions_as_list:
        __salt__["pkg_resource.stringify"](ret)
    return ret


def _get_reg_software(include_components=True, include_updates=True):
    """
    This searches the uninstall keys in the registry to find a match in the sub
    keys, it will return a dict with the display name as the key and the
    version as the value

    Args:

        include_components (bool):
            Include sub components of installed software. Default is ``True``

        include_updates (bool):
            Include software updates and Windows updates. Default is ``True``

    Returns:
        dict: A dictionary of installed software with versions installed

    .. code-block:: cfg

        {'<package_name>': '<version>'}
    """
    # Logic for this can be found in this question:
    # https://social.technet.microsoft.com/Forums/windows/en-US/d913471a-d7fb-448d-869b-da9025dcc943/where-does-addremove-programs-get-its-information-from-in-the-registry
    # and also in the collectPlatformDependentApplicationData function in
    # https://github.com/aws/amazon-ssm-agent/blob/master/agent/plugins/inventory/gatherers/application/dataProvider_windows.go
    reg_software = {}

    def skip_component(hive, key, sub_key, use_32bit_registry):
        """
        'SystemComponent' must be either absent or present with a value of 0,
        because this value is usually set on programs that have been installed
        via a Windows Installer Package (MSI).

        Returns:
            bool: True if the package needs to be skipped, otherwise False
        """
        if include_components:
            return False
        if __utils__["reg.value_exists"](
            hive=hive,
            key=f"{key}\\{sub_key}",
            vname="SystemComponent",
            use_32bit_registry=use_32bit_registry,
        ):
            if (
                __utils__["reg.read_value"](
                    hive=hive,
                    key=f"{key}\\{sub_key}",
                    vname="SystemComponent",
                    use_32bit_registry=use_32bit_registry,
                )["vdata"]
                > 0
            ):
                return True
        return False

    def skip_win_installer(hive, key, sub_key, use_32bit_registry):
        """
        'WindowsInstaller' must be either absent or present with a value of 0.
        If the value is set to 1, then the application is included in the list
        if and only if the corresponding compressed guid is also present in
        HKLM:\\Software\\Classes\\Installer\\Products

        Returns:
            bool: True if the package needs to be skipped, otherwise False
        """
        products_key = "Software\\Classes\\Installer\\Products\\{0}"
        if __utils__["reg.value_exists"](
            hive=hive,
            key=f"{key}\\{sub_key}",
            vname="WindowsInstaller",
            use_32bit_registry=use_32bit_registry,
        ):
            if (
                __utils__["reg.read_value"](
                    hive=hive,
                    key=f"{key}\\{sub_key}",
                    vname="WindowsInstaller",
                    use_32bit_registry=use_32bit_registry,
                )["vdata"]
                > 0
            ):
                squid = salt.utils.win_functions.guid_to_squid(sub_key)
                if not __utils__["reg.key_exists"](
                    hive="HKLM",
                    key=products_key.format(squid),
                    use_32bit_registry=use_32bit_registry,
                ):
                    return True
        return False

    def skip_uninstall_string(hive, key, sub_key, use_32bit_registry):
        """
        `UninstallString` must be present, because it stores the command line
        that gets executed by Add/Remove programs, when the user tries to
        uninstall a program. Skip those, unless `NoRemove` contains a non-zero
        value in which case there is no `UninstallString` value.

        We want to display these in case we're trying to install software that
        will set the `NoRemove` option.

        Returns:
            bool: True if the package needs to be skipped, otherwise False
        """
        # https://docs.microsoft.com/en-us/windows/win32/msi/arpnoremove
        if __utils__["reg.value_exists"](
            hive=hive,
            key=f"{key}\\{sub_key}",
            vname="NoRemove",
            use_32bit_registry=use_32bit_registry,
        ):
            if (
                __utils__["reg.read_value"](
                    hive=hive,
                    key=f"{key}\\{sub_key}",
                    vname="NoRemove",
                    use_32bit_registry=use_32bit_registry,
                )["vdata"]
                > 0
            ):
                return False
        if not __utils__["reg.value_exists"](
            hive=hive,
            key=f"{key}\\{sub_key}",
            vname="UninstallString",
            use_32bit_registry=use_32bit_registry,
        ):
            return True
        return False

    def skip_release_type(hive, key, sub_key, use_32bit_registry):
        """
        'ReleaseType' must either be absent or if present must not have a
        value set to 'Security Update', 'Update Rollup', or 'Hotfix', because
        that indicates it's an update to an existing program.

        Returns:
            bool: True if the package needs to be skipped, otherwise False
        """
        if include_updates:
            return False
        skip_types = ["Hotfix", "Security Update", "Update Rollup"]
        if __utils__["reg.value_exists"](
            hive=hive,
            key=f"{key}\\{sub_key}",
            vname="ReleaseType",
            use_32bit_registry=use_32bit_registry,
        ):
            if (
                __utils__["reg.read_value"](
                    hive=hive,
                    key=f"{key}\\{sub_key}",
                    vname="ReleaseType",
                    use_32bit_registry=use_32bit_registry,
                )["vdata"]
                in skip_types
            ):
                return True
        return False

    def skip_parent_key(hive, key, sub_key, use_32bit_registry):
        """
        'ParentKeyName' must NOT be present, because that indicates it's an
        update to the parent program.

        Returns:
            bool: True if the package needs to be skipped, otherwise False
        """
        if __utils__["reg.value_exists"](
            hive=hive,
            key=f"{key}\\{sub_key}",
            vname="ParentKeyName",
            use_32bit_registry=use_32bit_registry,
        ):
            return True

        return False

    def add_software(hive, key, sub_key, use_32bit_registry):
        """
        'DisplayName' must be present with a valid value, as this is reflected
        as the software name returned by pkg.list_pkgs. Also, its value must
        not start with 'KB' followed by 6 numbers - as that indicates a
        Windows update.
        """
        d_name_regdata = __utils__["reg.read_value"](
            hive=hive,
            key=f"{key}\\{sub_key}",
            vname="DisplayName",
            use_32bit_registry=use_32bit_registry,
        )

        if (
            not d_name_regdata["success"]
            or d_name_regdata["vtype"] not in ["REG_SZ", "REG_EXPAND_SZ"]
            or d_name_regdata["vdata"] in ["(value not set)", None, False]
        ):
            return
        d_name = d_name_regdata["vdata"]

        if not include_updates:
            if re.match(r"^KB[0-9]{6}", d_name):
                return

        d_vers_regdata = __utils__["reg.read_value"](
            hive=hive,
            key=f"{key}\\{sub_key}",
            vname="DisplayVersion",
            use_32bit_registry=use_32bit_registry,
        )

        d_vers = "Not Found"
        if d_vers_regdata["success"] and d_vers_regdata["vtype"] in [
            "REG_SZ",
            "REG_EXPAND_SZ",
            "REG_DWORD",
        ]:
            if isinstance(d_vers_regdata["vdata"], int):
                d_vers = str(d_vers_regdata["vdata"])
            elif (
                d_vers_regdata["vdata"] and d_vers_regdata["vdata"] != "(value not set)"
            ):  # Check for blank values
                d_vers = d_vers_regdata["vdata"]

        reg_software.setdefault(d_name, []).append(d_vers)

    # Start gathering information from the registry
    # HKLM Uninstall 64 bit
    kwargs = {
        "hive": "HKLM",
        "key": "Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall",
        "use_32bit_registry": False,
    }
    for sub_key in __utils__["reg.list_keys"](**kwargs):
        kwargs["sub_key"] = sub_key
        if skip_component(**kwargs):
            continue
        if skip_win_installer(**kwargs):
            continue
        if skip_uninstall_string(**kwargs):
            continue
        if skip_release_type(**kwargs):
            continue
        if skip_parent_key(**kwargs):
            continue
        add_software(**kwargs)

    # HKLM Uninstall 32 bit
    kwargs["use_32bit_registry"] = True
    kwargs.pop("sub_key", False)
    for sub_key in __utils__["reg.list_keys"](**kwargs):
        kwargs["sub_key"] = sub_key
        if skip_component(**kwargs):
            continue
        if skip_win_installer(**kwargs):
            continue
        if skip_uninstall_string(**kwargs):
            continue
        if skip_release_type(**kwargs):
            continue
        if skip_parent_key(**kwargs):
            continue
        add_software(**kwargs)

    # HKLM Uninstall 64 bit
    kwargs = {
        "hive": "HKLM",
        "key": "Software\\Classes\\Installer\\Products",
        "use_32bit_registry": False,
    }
    userdata_key = (
        "Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\"
        "UserData\\S-1-5-18\\Products"
    )
    for sub_key in __utils__["reg.list_keys"](**kwargs):
        # If the key does not exist in userdata, skip it
        if not __utils__["reg.key_exists"](
            hive=kwargs["hive"], key=f"{userdata_key}\\{sub_key}"
        ):
            continue
        kwargs["sub_key"] = sub_key
        if skip_component(**kwargs):
            continue
        if skip_win_installer(**kwargs):
            continue
        add_software(**kwargs)

    # Uninstall for each user on the system (HKU), 64 bit
    # This has a propensity to take a while on a machine where many users have
    # logged in. Untested in such a scenario
    hive_hku = "HKU"
    uninstall_key = "{0}\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall"
    product_key = "{0}\\Software\\Microsoft\\Installer\\Products"
    user_data_key = (
        "Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\"
        "UserData\\{0}\\Products\\{1}"
    )
    for user_guid in __utils__["reg.list_keys"](hive=hive_hku):
        kwargs = {
            "hive": hive_hku,
            "key": uninstall_key.format(user_guid),
            "use_32bit_registry": False,
        }
        if __utils__["reg.key_exists"](**kwargs):
            for sub_key in __utils__["reg.list_keys"](**kwargs):
                kwargs["sub_key"] = sub_key
                if skip_component(**kwargs):
                    continue
                if skip_win_installer(**kwargs):
                    continue
                if skip_uninstall_string(**kwargs):
                    continue
                if skip_release_type(**kwargs):
                    continue
                if skip_parent_key(**kwargs):
                    continue
                add_software(**kwargs)

        # While we have the user guid, we're gong to check userdata in HKLM
        kwargs = {
            "hive": hive_hku,
            "key": product_key.format(user_guid),
            "use_32bit_registry": False,
        }
        if __utils__["reg.key_exists"](**kwargs):
            for sub_key in __utils__["reg.list_keys"](**kwargs):
                kwargs = {
                    "hive": "HKLM",
                    "key": user_data_key.format(user_guid, sub_key),
                    "use_32bit_registry": False,
                }
                if __utils__["reg.key_exists"](**kwargs):
                    kwargs["sub_key"] = "InstallProperties"
                    if skip_component(**kwargs):
                        continue
                    add_software(**kwargs)

    # Uninstall for each user on the system (HKU), 32 bit
    for user_guid in __utils__["reg.list_keys"](hive=hive_hku, use_32bit_registry=True):
        kwargs = {
            "hive": hive_hku,
            "key": uninstall_key.format(user_guid),
            "use_32bit_registry": True,
        }
        if __utils__["reg.key_exists"](**kwargs):
            for sub_key in __utils__["reg.list_keys"](**kwargs):
                kwargs["sub_key"] = sub_key
                if skip_component(**kwargs):
                    continue
                if skip_win_installer(**kwargs):
                    continue
                if skip_uninstall_string(**kwargs):
                    continue
                if skip_release_type(**kwargs):
                    continue
                if skip_parent_key(**kwargs):
                    continue
                add_software(**kwargs)

        kwargs = {
            "hive": hive_hku,
            "key": product_key.format(user_guid),
            "use_32bit_registry": True,
        }
        if __utils__["reg.key_exists"](**kwargs):
            # While we have the user guid, we're going to check userdata in HKLM
            for sub_key_2 in __utils__["reg.list_keys"](**kwargs):
                kwargs = {
                    "hive": "HKLM",
                    "key": user_data_key.format(user_guid, sub_key_2),
                    "use_32bit_registry": True,
                }
                if __utils__["reg.key_exists"](**kwargs):
                    kwargs["sub_key"] = "InstallProperties"
                    if skip_component(**kwargs):
                        continue
                    add_software(**kwargs)

    return reg_software


def _refresh_db_conditional(saltenv, **kwargs):
    """
    Internal use only in this module, has a different set of defaults and
    returns True or False. And supports checking the age of the existing
    generated metadata db, as well as ensure metadata db exists to begin with

    Args:
        saltenv (str): Salt environment

    Kwargs:

        force (bool):
            Force a refresh if the minimum age has been reached. Default is
            False.

        failhard (bool):
            If ``True``, an error will be raised if any repo SLS files failed to
            process.

    Returns:
        bool: True Fetched or Cache uptodate, False to indicate an issue

    :codeauthor: Damon Atkins <https://github.com/damon-atkins>
    """
    force = salt.utils.data.is_true(kwargs.pop("force", False))
    failhard = salt.utils.data.is_true(kwargs.pop("failhard", False))
    expired_max = __opts__["winrepo_cache_expire_max"]
    expired_min = __opts__["winrepo_cache_expire_min"]

    repo_details = _get_repo_details(saltenv)

    # Skip force if age less than minimum age
    if force and expired_min > 0 and repo_details.winrepo_age < expired_min:
        log.info(
            "Refresh skipped, age of winrepo metadata in seconds (%s) is less "
            "than winrepo_cache_expire_min (%s)",
            repo_details.winrepo_age,
            expired_min,
        )
        force = False

    # winrepo_age is -1 if repo db does not exist
    refresh = (
        True
        if force
        or repo_details.winrepo_age == -1
        or repo_details.winrepo_age > expired_max
        else False
    )

    if not refresh:
        log.debug(
            "Using existing pkg metadata db for saltenv '%s' (age is %s)",
            saltenv,
            datetime.timedelta(seconds=repo_details.winrepo_age),
        )
        return True

    if repo_details.winrepo_age == -1:
        # no repo meta db
        log.debug("No winrepo.p cache file for saltenv '%s', creating one now", saltenv)

    results = refresh_db(saltenv=saltenv, verbose=False, failhard=failhard)
    try:
        # Return True if there were no failed winrepo SLS files, and False if
        # failures were reported.
        return not bool(results.get("failed", 0))
    except AttributeError:
        return False


def refresh_db(**kwargs):
    r"""
    Generates the local software metadata database (`winrepo.p`) on the minion.
    The database is stored in a serialized format located by default at the
    following location:

    ``C:\ProgramData\Salt Project\Salt\var\cache\salt\minion\files\base\win\repo-ng\winrepo.p``

    This module performs the following steps to generate the software metadata
    database:

    - Fetch the package definition files (.sls) from `winrepo_source_dir`
      (default `salt://win/repo-ng`) and cache them in
      `<cachedir>\files\<saltenv>\<winrepo_source_dir>`
      (default: ``C:\ProgramData\Salt Project\Salt\var\cache\salt\minion\files\base\win\repo-ng``)
    - Call :py:func:`pkg.genrepo <salt.modules.win_pkg.genrepo>` to parse the
      package definition files and generate the repository metadata database
      file (`winrepo.p`)
    - Return the report received from
      :py:func:`pkg.genrepo <salt.modules.win_pkg.genrepo>`

    The default winrepo directory on the master is `/srv/salt/win/repo-ng`. All
    files that end with `.sls` in this and all subdirectories will be used to
    generate the repository metadata database (`winrepo.p`).

    .. note::
        - Hidden directories (directories beginning with '`.`', such as
          '`.git`') will be ignored.

    .. note::
        There is no need to call `pkg.refresh_db` every time you work with the
        pkg module. Automatic refresh will occur based on the following minion
        configuration settings:

        - `winrepo_cache_expire_min`
        - `winrepo_cache_expire_max`

        However, if the package definition files have changed, as would be the
        case if you are developing a new package definition, this function
        should be called to ensure the minion has the latest information about
        packages available to it.

    .. warning::
        Directories and files fetched from <winrepo_source_dir>
        (`/srv/salt/win/repo-ng`) will be processed in alphabetical order. If
        two or more software definition files contain the same name, the last
        one processed replaces all data from the files processed before it.

    For more information see
    :ref:`Windows Software Repository <windows-package-manager>`

    Arguments:

    saltenv (str): Salt environment. Default: ``base``

    verbose (bool):
        Return a verbose data structure which includes 'success_list', a
        list of all sls files and the package names contained within.
        Default is 'False'

    failhard (bool):
        If ``True``, an error will be raised if any repo SLS files fails to
        process. If ``False``, no error will be raised, and a dictionary
        containing the full results will be returned.

    Returns:
        dict: A dictionary containing the results of the database refresh.

    .. note::
        A result with a `total: 0` generally means that the files are in the
        wrong location on the master. Try running the following command on the
        minion: `salt-call -l debug pkg.refresh saltenv=base`

    .. warning::
        When calling this command from a state using `module.run` be sure to
        pass `failhard: False`. Otherwise, the state will report failure if it
        encounters a bad software definition file.

    CLI Example:

    .. code-block:: bash

        salt '*' pkg.refresh_db
        salt '*' pkg.refresh_db saltenv=base
    """
    # Remove rtag file to keep multiple refreshes from happening in pkg states
    salt.utils.pkg.clear_rtag(__opts__)
    saltenv = kwargs.pop("saltenv", "base")
    verbose = salt.utils.data.is_true(kwargs.pop("verbose", False))
    failhard = salt.utils.data.is_true(kwargs.pop("failhard", True))
    __context__.pop("winrepo.data", None)
    repo_details = _get_repo_details(saltenv)

    log.debug(
        "Refreshing pkg metadata db for saltenv '%s' (age of existing metadata is %s)",
        saltenv,
        datetime.timedelta(seconds=repo_details.winrepo_age),
    )

    # Clear minion repo-ng cache see #35342 discussion
    log.info("Removing all *.sls files under '%s'", repo_details.local_dest)
    failed = []
    for root, _, files in salt.utils.path.os_walk(
        repo_details.local_dest, followlinks=False
    ):
        for name in files:
            if name.endswith(".sls"):
                full_filename = os.path.join(root, name)
                try:
                    os.remove(full_filename)
                except OSError as exc:
                    if exc.errno != errno.ENOENT:
                        log.error("Failed to remove %s: %s", full_filename, exc)
                        failed.append(full_filename)
    if failed:
        raise CommandExecutionError(
            "Failed to clear one or more winrepo cache files", info={"failed": failed}
        )

    # Clear the cache so that newly copied package definitions will be picked up
    fileserver = salt.fileserver.Fileserver(__opts__)
    load = {"saltenv": saltenv, "fsbackend": None}
    fileserver.clear_file_list_cache(load=load)

    # Cache repo-ng locally
    log.info("Fetching *.sls files from %s", repo_details.winrepo_source_dir)
    try:
        __salt__["cp.cache_dir"](
            path=repo_details.winrepo_source_dir,
            saltenv=saltenv,
            include_pat="*.sls",
            exclude_pat=r"E@\/\..*?\/",  # Exclude all hidden directories (.git)
        )
    except MinionError as exc:
        log.exception(
            "Failed to cache %s", repo_details.winrepo_source_dir, exc_info=exc
        )
    return genrepo(saltenv=saltenv, verbose=verbose, failhard=failhard)


def _get_repo_details(saltenv):
    """
    Return repo details for the specified saltenv as a namedtuple
    """
    contextkey = f"winrepo._get_repo_details.{saltenv}"

    if contextkey in __context__:
        (winrepo_source_dir, local_dest, winrepo_file) = __context__[contextkey]
    else:
        winrepo_source_dir = __opts__["winrepo_source_dir"]
        dirs = [__opts__["cachedir"], "files", saltenv]
        url_parts = urllib.parse.urlparse(winrepo_source_dir)
        dirs.append(url_parts.netloc)
        dirs.extend(url_parts.path.strip("/").split("/"))
        local_dest = os.sep.join(dirs)

        winrepo_file = os.path.join(local_dest, "winrepo.p")  # Default
        # Check for a valid windows file name
        if not re.search(
            r'[\/:*?"<>|]', __opts__["winrepo_cachefile"], flags=re.IGNORECASE
        ):
            winrepo_file = os.path.join(local_dest, __opts__["winrepo_cachefile"])
        else:
            log.error(
                "minion configuration option 'winrepo_cachefile' has been "
                "ignored as its value (%s) is invalid. Please ensure this "
                "option is set to a valid filename.",
                __opts__["winrepo_cachefile"],
            )

        # Do some safety checks on the repo_path as its contents can be removed,
        # this includes check for bad coding
        system_root = os.environ.get("SystemRoot", r"C:\Windows")
        if not salt.utils.path.safe_path(
            path=local_dest, allow_path="\\".join([system_root, "TEMP"])
        ):

            raise CommandExecutionError(
                "Attempting to delete files from a possibly unsafe location: {}".format(
                    local_dest
                )
            )

        __context__[contextkey] = (winrepo_source_dir, local_dest, winrepo_file)

    try:
        os.makedirs(local_dest)
    except OSError as exc:
        if exc.errno != errno.EEXIST:
            raise CommandExecutionError(f"Failed to create {local_dest}: {exc}")

    winrepo_age = -1
    try:
        stat_result = os.stat(winrepo_file)
        mtime = stat_result.st_mtime
        winrepo_age = time.time() - mtime
    except OSError as exc:
        if exc.errno != errno.ENOENT:
            raise CommandExecutionError(f"Failed to get age of {winrepo_file}: {exc}")
    except AttributeError:
        # Shouldn't happen but log if it does
        log.warning("st_mtime missing from stat result %s", stat_result)
    except TypeError:
        # Shouldn't happen but log if it does
        log.warning("mtime of %s (%s) is an invalid type", winrepo_file, mtime)

    repo_details = collections.namedtuple(
        "RepoDetails",
        ("winrepo_source_dir", "local_dest", "winrepo_file", "winrepo_age"),
    )
    return repo_details(winrepo_source_dir, local_dest, winrepo_file, winrepo_age)


def genrepo(**kwargs):
    """
    Generate package metadata db based on files within the winrepo_source_dir

    Kwargs:

        saltenv (str): Salt environment. Default: ``base``

        verbose (bool):
            Return verbose data structure which includes 'success_list', a list
            of all sls files and the package names contained within.
            Default ``False``.

        failhard (bool):
            If ``True``, an error will be raised if any repo SLS files failed
            to process. If ``False``, no error will be raised, and a dictionary
            containing the full results will be returned.

    .. note::
        - Hidden directories (directories beginning with '`.`', such as
          '`.git`') will be ignored.

    Returns:
        dict: A dictionary of the results of the command

    CLI Example:

    .. code-block:: bash

        salt-run pkg.genrepo
        salt -G 'os:windows' pkg.genrepo verbose=true failhard=false
        salt -G 'os:windows' pkg.genrepo saltenv=base
    """
    saltenv = kwargs.pop("saltenv", "base")
    verbose = salt.utils.data.is_true(kwargs.pop("verbose", False))
    failhard = salt.utils.data.is_true(kwargs.pop("failhard", True))

    ret = {}
    successful_verbose = {}
    total_files_processed = 0
    ret["repo"] = {}
    ret["errors"] = {}
    repo_details = _get_repo_details(saltenv)

    for root, _, files in salt.utils.path.os_walk(
        repo_details.local_dest, followlinks=False
    ):

        # Skip hidden directories (.git)
        if re.search(r"[\\/]\..*", root):
            log.debug("Skipping files in directory: %s", root)
            continue

        short_path = os.path.relpath(root, repo_details.local_dest)
        if short_path == ".":
            short_path = ""

        for name in files:
            if name.endswith(".sls"):
                total_files_processed += 1
                _repo_process_pkg_sls(
                    filename=os.path.join(root, name),
                    short_path_name=os.path.join(short_path, name),
                    ret=ret,
                    successful_verbose=successful_verbose,
                    saltenv=saltenv,
                )

    with salt.utils.files.fopen(repo_details.winrepo_file, "wb") as repo_cache:
        repo_cache.write(salt.payload.dumps(ret))
    # For some reason we can not save ret into __context__['winrepo.data'] as this breaks due to utf8 issues
    successful_count = len(successful_verbose)
    error_count = len(ret["errors"])
    if verbose:
        results = {
            "total": total_files_processed,
            "success": successful_count,
            "failed": error_count,
            "success_list": successful_verbose,
            "failed_list": ret["errors"],
        }
    else:
        if error_count > 0:
            results = {
                "total": total_files_processed,
                "success": successful_count,
                "failed": error_count,
                "failed_list": ret["errors"],
            }
        else:
            results = {
                "total": total_files_processed,
                "success": successful_count,
                "failed": error_count,
            }

    if error_count > 0 and failhard:
        raise CommandExecutionError(
            "Error occurred while generating repo db", info=results
        )
    else:
        return results


def _repo_process_pkg_sls(
    filename, short_path_name, ret, successful_verbose, saltenv="base"
):
    renderers = salt.loader.render(__opts__, __salt__)

    def _failed_compile(prefix_msg, error_msg):
        log.error("%s '%s': %s", prefix_msg, short_path_name, error_msg)
        ret.setdefault("errors", {})[short_path_name] = [f"{prefix_msg}, {error_msg} "]
        return False

    try:
        config = salt.template.compile_template(
            filename,
            renderers,
            __opts__["renderer"],
            __opts__.get("renderer_blacklist", ""),
            __opts__.get("renderer_whitelist", ""),
            saltenv=saltenv,
        )
    except SaltRenderError as exc:
        return _failed_compile("Failed to compile", exc)
    except Exception as exc:  # pylint: disable=broad-except
        return _failed_compile("Failed to read", exc)

    if config and isinstance(config, dict):
        revmap = {}
        errors = []
        for pkgname, version_list in config.items():
            if pkgname in ret["repo"]:
                log.error(
                    "package '%s' within '%s' already defined, skipping",
                    pkgname,
                    short_path_name,
                )
                errors.append(f"package '{pkgname}' already defined")
                break
            for version_str, repodata in version_list.items():
                # Ensure version is a string/unicode
                if not isinstance(version_str, str):
                    log.error(
                        "package '%s' within '%s', version number %s' is not a string",
                        pkgname,
                        short_path_name,
                        version_str,
                    )
                    errors.append(
                        "package '{}', version number {} is not a string".format(
                            pkgname, version_str
                        )
                    )
                    continue
                # Ensure version contains a dict
                if not isinstance(repodata, dict):
                    log.error(
                        "package '%s' within '%s', repo data for "
                        "version number %s is not defined as a dictionary",
                        pkgname,
                        short_path_name,
                        version_str,
                    )
                    errors.append(
                        "package '{}', repo data for "
                        "version number {} is not defined as a dictionary".format(
                            pkgname, version_str
                        )
                    )
                    continue
                revmap[repodata["full_name"]] = pkgname
        if errors:
            ret.setdefault("errors", {})[short_path_name] = errors
        else:
            ret.setdefault("repo", {}).update(config)
            ret.setdefault("name_map", {}).update(revmap)
            successful_verbose[short_path_name] = list(config.keys())
    elif config:
        return _failed_compile("Compiled contents", "not a dictionary/hash")
    else:
        log.debug("No data within '%s' after processing", short_path_name)
        # no pkgname found after render
        successful_verbose[short_path_name] = []


def _get_source_sum(source_hash, file_path, saltenv, verify_ssl=True):
    """
    Extract the hash sum, whether it is in a remote hash file, or just a string.
    """
    ret = dict()
    schemes = ("salt", "http", "https", "ftp", "swift", "s3", "file")
    invalid_hash_msg = (
        "Source hash '{}' format is invalid. It must be in "
        "the format <hash type>=<hash>".format(source_hash)
    )
    source_hash = str(source_hash)
    source_hash_scheme = urllib.parse.urlparse(source_hash).scheme

    if source_hash_scheme in schemes:
        # The source_hash is a file on a server
        try:
            cached_hash_file = __salt__["cp.cache_file"](
                source_hash, saltenv=saltenv, verify_ssl=verify_ssl, use_etag=True
            )
        except MinionError as exc:
            log.exception("Failed to cache %s", source_hash, exc_info=exc)
            raise

        if not cached_hash_file:
            raise CommandExecutionError(f"Source hash file {source_hash} not found")

        ret = __salt__["file.extract_hash"](cached_hash_file, "", file_path)
        if ret is None:
            raise SaltInvocationError(invalid_hash_msg)
    else:
        # The source_hash is a hash string
        items = source_hash.split("=", 1)

        if len(items) != 2:
            invalid_hash_msg = "{}, or it must be a supported protocol: {}".format(
                invalid_hash_msg, ", ".join(schemes)
            )
            raise SaltInvocationError(invalid_hash_msg)

        ret["hash_type"], ret["hsum"] = (item.strip().lower() for item in items)

    return ret


def _get_msiexec(use_msiexec):
    """
    Return if msiexec.exe will be used and the command to invoke it.
    """
    if use_msiexec is False:
        return False, ""
    if isinstance(use_msiexec, str):
        if os.path.isfile(use_msiexec):
            return True, use_msiexec
        else:
            log.warning(
                "msiexec path '%s' not found. Using system registered msiexec instead",
                use_msiexec,
            )
            use_msiexec = True
    if use_msiexec is True:
        return True, "msiexec"


def normalize_name(name):
    """
    Nothing to do on Windows. We need this function so that Salt doesn't go
    through every module looking for ``pkg.normalize_name``.

    .. versionadded:: 3006.0

    Args:
        name (str): The name of the package

    Returns:
        str: The name of the package

    CLI Example:

    .. code-block:: bash

        salt '*' pkg.normalize_name git
    """
    return name


def install(name=None, refresh=False, pkgs=None, **kwargs):
    r"""
    Install the passed package(s) on the system using winrepo

    Args:

        name (str):
            The name of a single package, or a comma-separated list of packages
            to install. (no spaces after the commas)

        refresh (bool):
            Boolean value representing whether or not to refresh the winrepo db.
            Default ``False``.

        pkgs (list):
            A list of packages to install from a software repository. All
            packages listed under ``pkgs`` will be installed via a single
            command.

            You can specify a version by passing the item as a dict:

            CLI Example:

            .. code-block:: bash

                # will install the latest version of foo and bar
                salt '*' pkg.install pkgs='["foo", "bar"]'

                # will install the latest version of foo and version 1.2.3 of bar
                salt '*' pkg.install pkgs='["foo", {"bar": "1.2.3"}]'

    Kwargs:

        version (str):
            The specific version to install. If omitted, the latest version will
            be installed. Recommend for use when installing a single package.

            If passed with a list of packages in the ``pkgs`` parameter, the
            version will be ignored.

            CLI Example:

             .. code-block:: bash

                # Version is ignored
                salt '*' pkg.install pkgs="['foo', 'bar']" version=1.2.3

            If passed with a comma separated list in the ``name`` parameter, the
            version will apply to all packages in the list.

            CLI Example:

             .. code-block:: bash

                # Version 1.2.3 will apply to packages foo and bar
                salt '*' pkg.install foo,bar version=1.2.3

        extra_install_flags (str):
            Additional install flags that will be appended to the
            ``install_flags`` defined in the software definition file. Only
            applies when single package is passed.

        saltenv (str):
            Salt environment. Default 'base'

        report_reboot_exit_codes (bool):
            If the installer exits with a recognized exit code indicating that
            a reboot is required, the module function

               *win_system.set_reboot_required_witnessed*

            will be called, preserving the knowledge of this event for the
            remainder of the current boot session. For the time being, 3010 is
            the only recognized exit code. The value of this param defaults to
            True.

            .. versionadded:: 2016.11.0

    Returns:
        dict: Return a dict containing the new package names and versions. If
        the package is already installed, an empty dict is returned.

        If the package is installed by ``pkg.install``:

        .. code-block:: cfg

            {'<package>': {'old': '<old-version>',
                           'new': '<new-version>'}}

    The following example will refresh the winrepo and install a single
    package, 7zip.

    CLI Example:

    .. code-block:: bash

        salt '*' pkg.install 7zip refresh=True

    CLI Example:

    .. code-block:: bash

        salt '*' pkg.install 7zip
        salt '*' pkg.install 7zip,filezilla
        salt '*' pkg.install pkgs='["7zip","filezilla"]'

    WinRepo Definition File Examples:

    The following example demonstrates the use of ``cache_file``. This would be
    used if you have multiple installers in the same directory that use the
    same ``install.ini`` file and you don't want to download the additional
    installers.

    .. code-block:: bash

        ntp:
          4.2.8:
            installer: 'salt://win/repo/ntp/ntp-4.2.8-win32-setup.exe'
            full_name: Meinberg NTP Windows Client
            locale: en_US
            reboot: False
            cache_file: 'salt://win/repo/ntp/install.ini'
            install_flags: '/USEFILE=C:\salt\var\cache\salt\minion\files\base\win\repo\ntp\install.ini'
            uninstaller: 'NTP/uninst.exe'

    The following example demonstrates the use of ``cache_dir``. It assumes a
    file named ``install.ini`` resides in the same directory as the installer.

    .. code-block:: bash

        ntp:
          4.2.8:
            installer: 'salt://win/repo/ntp/ntp-4.2.8-win32-setup.exe'
            full_name: Meinberg NTP Windows Client
            locale: en_US
            reboot: False
            cache_dir: True
            install_flags: '/USEFILE=C:\salt\var\cache\salt\minion\files\base\win\repo\ntp\install.ini'
            uninstaller: 'NTP/uninst.exe'
    """
    ret = {}
    saltenv = kwargs.pop("saltenv", "base")

    refresh = salt.utils.data.is_true(refresh)
    # no need to call _refresh_db_conditional as list_pkgs will do it

    # Make sure name or pkgs is passed
    if not name and not pkgs:
        return "Must pass a single package or a list of packages"

    # Ignore pkg_type from parse_targets, Windows does not support the
    # "sources" argument
    pkg_params = __salt__["pkg_resource.parse_targets"](name, pkgs, **kwargs)[0]

    if len(pkg_params) > 1:
        if kwargs.get("extra_install_flags") is not None:
            log.warning(
                "'extra_install_flags' argument will be ignored for "
                "multiple package targets"
            )

    # Windows expects an Options dictionary containing 'version'
    for pkg in pkg_params:
        pkg_params[pkg] = {"version": pkg_params[pkg]}

    if not pkg_params:
        log.error("No package definition found")
        return {}

    if not pkgs and len(pkg_params) == 1:
        # Only use the 'version' param if a single item was passed to the 'name'
        # parameter
        pkg_params = {
            name: {
                "version": kwargs.get("version"),
                "extra_install_flags": kwargs.get("extra_install_flags"),
            }
        }
    elif len(pkg_params) == 1:
        # A dict of packages was passed, but it contains only 1 key, so we need
        # to add the 'extra_install_flags'
        pkg = next(iter(pkg_params))
        pkg_params[pkg]["extra_install_flags"] = kwargs.get("extra_install_flags")

    # Get a list of currently installed software for comparison at the end
    old = list_pkgs(saltenv=saltenv, refresh=refresh, versions_as_list=True)

    # Loop through each package
    changed = []
    for pkg_name, options in pkg_params.items():

        # Load package information for the package
        pkginfo = _get_package_info(pkg_name, saltenv=saltenv)

        # Make sure pkginfo was found
        if not pkginfo:
            log.error("Unable to locate package %s", pkg_name)
            ret[pkg_name] = f"Unable to locate package {pkg_name}"
            continue

        version_num = options.get("version")
        #  Using the salt cmdline with version=5.3 might be interpreted
        #  as a float it must be converted to a string in order for
        #  string matching to work.
        if not isinstance(version_num, str) and version_num is not None:
            version_num = str(version_num)

        # If the version was not passed, version_num will be None
        if not version_num:
            if pkg_name in old:
                log.debug(
                    "pkg.install: '%s' version '%s' is already installed",
                    pkg_name,
                    old[pkg_name][0],
                )
                continue
            # Get the most recent version number available from winrepo.p
            # May also return `latest` or an empty string
            version_num = _get_latest_pkg_version(pkginfo)

        if version_num == "latest" and "latest" not in pkginfo:
            # Get the most recent version number available from winrepo.p
            # May also return `latest` or an empty string
            version_num = _get_latest_pkg_version(pkginfo)

        # Check if the version is already installed
        if version_num in old.get(pkg_name, []):
            # Desired version number already installed
            log.debug(
                "pkg.install: '%s' version '%s' is already installed",
                pkg_name,
                version_num,
            )
            continue
        # If version number not installed, is the version available?
        elif version_num != "latest" and version_num not in pkginfo:
            log.error("Version %s not found for package %s", version_num, pkg_name)
            ret[pkg_name] = {"not found": version_num}
            continue

        # Get the installer settings from winrepo.p
        installer = pkginfo[version_num].get("installer", "")
        cache_dir = pkginfo[version_num].get("cache_dir", False)
        cache_file = pkginfo[version_num].get("cache_file", "")

        # Is there an installer configured?
        if not installer:
            log.error(
                "No installer configured for version %s of package %s",
                version_num,
                pkg_name,
            )
            ret[pkg_name] = {"no installer": version_num}
            continue

        # Hash the installer source after verifying it was defined
        installer_hash = __salt__["cp.hash_file"](installer, saltenv)
        if isinstance(installer_hash, dict):
            installer_hash = installer_hash["hsum"]
        else:
            installer_hash = None

        # Is the installer in a location that requires caching
        if __salt__["config.valid_fileproto"](installer):

            # Check for the 'cache_dir' parameter in the .sls file
            # If true, the entire directory will be cached instead of the
            # individual file. This is useful for installations that are not
            # single files
            if cache_dir and installer.startswith("salt:"):
                path, _ = os.path.split(installer)
                log.debug("PKG: Caching directory: %s", path)
                try:
                    __salt__["cp.cache_dir"](
                        path=path,
                        saltenv=saltenv,
                        include_empty=False,
                        include_pat=None,
                        exclude_pat="E@init.sls$",
                    )
                except MinionError as exc:
                    msg = f"Failed to cache {path}"
                    log.exception(msg, exc_info=exc)
                    return f"{msg}\n{exc}"

            # Check to see if the cache_file is cached... if passed
            if cache_file and cache_file.startswith("salt:"):
                cache_file_hash = __salt__["cp.hash_file"](cache_file, saltenv)
                log.debug("PKG: Caching file: %s", cache_file)
                try:
                    cached_file = __salt__["cp.cache_file"](
                        cache_file,
                        saltenv=saltenv,
                        source_hash=cache_file_hash,
                        verify_ssl=kwargs.get("verify_ssl", True),
                    )
                except MinionError as exc:
                    msg = f"Failed to cache {cache_file}"
                    log.exception(msg, exc_info=exc)
                    return f"{msg}\n{exc}"

                # Check if the cache_file was cached successfully
                if not cached_file:
                    log.error("Unable to cache %s", cache_file)
                    ret[pkg_name] = {"failed to cache cache_file": cache_file}
                    continue

            # If version is "latest" we always cache because "cp.is_cached" only
            # checks that the file exists, not that is has changed
            cached_pkg = False
            if version_num != "latest" and not installer.startswith("salt:"):
                cached_pkg = __salt__["cp.is_cached"](installer, saltenv)

            if not cached_pkg:
                # Since we're passing "installer_hash", it should only cache the
                # file if the source_hash doesn't match, which only works on
                # files hosted on "salt://". If the http/https url supports
                # etag, it should also verify that information before caching
                log.debug("PKG: Caching file: %s", installer)
                try:
                    cached_pkg = __salt__["cp.cache_file"](
                        installer,
                        saltenv=saltenv,
                        source_hash=installer_hash,
                        verify_ssl=kwargs.get("verify_ssl", True),
                        use_etag=True,
                    )
                except MinionError as exc:
                    msg = f"Failed to cache {installer}"
                    log.exception(msg, exc_info=exc)
                    return f"{msg}\n{exc}"

                # Check if the installer was cached successfully
                if not cached_pkg:
                    log.error(
                        "Unable to cache file %s from saltenv: %s", installer, saltenv
                    )
                    ret[pkg_name] = {"unable to cache": installer}
                    continue
        else:
            # Run the installer directly (not hosted on salt:, https:, etc.)
            cached_pkg = installer

        # Fix non-windows slashes
        cached_pkg = cached_pkg.replace("/", "\\")
        cache_path = os.path.dirname(cached_pkg)

        # Compare the hash sums
        source_hash = pkginfo[version_num].get("source_hash", False)
        if source_hash:
            source_sum = _get_source_sum(
                source_hash,
                cached_pkg,
                saltenv=saltenv,
                verify_ssl=kwargs.get("verify_ssl", True),
            )
            log.debug(
                "pkg.install: Source %s hash: %s",
                source_sum["hash_type"],
                source_sum["hsum"],
            )

            cached_pkg_sum = salt.utils.hashutils.get_hash(
                cached_pkg, source_sum["hash_type"]
            )
            log.debug(
                "pkg.install: Package %s hash: %s",
                source_sum["hash_type"],
                cached_pkg_sum,
            )

            if source_sum["hsum"] != cached_pkg_sum:
                raise SaltInvocationError(
                    "Source hash '{}' does not match package hash '{}'".format(
                        source_sum["hsum"], cached_pkg_sum
                    )
                )
            log.debug("pkg.install: Source hash matches package hash.")

        # Get install flags
        install_flags = pkginfo[version_num].get("install_flags", "")
        if options and options.get("extra_install_flags"):
            install_flags = "{} {}".format(
                install_flags, options.get("extra_install_flags", "")
            )

        # Compute msiexec string
        use_msiexec, msiexec = _get_msiexec(pkginfo[version_num].get("msiexec", False))

        # Build cmd and arguments
        # cmd and arguments must be separated for use with the task scheduler
        cmd_shell = os.getenv(
            "ComSpec", "{}\\system32\\cmd.exe".format(os.getenv("WINDIR"))
        )
        if use_msiexec:
            arguments = f'"{msiexec}" /I "{cached_pkg}"'
            if pkginfo[version_num].get("allusers", True):
                arguments = f"{arguments} ALLUSERS=1"
        else:
            arguments = f'"{cached_pkg}"'

        if install_flags:
            arguments = f"{arguments} {install_flags}"

        # Install the software
        # Check Use Scheduler Option
        log.debug("PKG : cmd: %s /c %s", cmd_shell, arguments)
        log.debug("PKG : pwd: %s", cache_path)
        if pkginfo[version_num].get("use_scheduler", False):
            # Create Scheduled Task
            __salt__["task.create_task"](
                name="update-salt-software",
                user_name="System",
                force=True,
                action_type="Execute",
                cmd=cmd_shell,
                arguments=f'/c "{arguments}"',
                start_in=cache_path,
                trigger_type="Once",
                start_date="1975-01-01",
                start_time="01:00",
                ac_only=False,
                stop_if_on_batteries=False,
            )

            # Run Scheduled Task
            # Special handling for installing salt
            if (
                re.search(
                    r"salt[\s_.-]*minion", pkg_name, flags=re.IGNORECASE + re.UNICODE
                )
                is not None
            ):
                ret[pkg_name] = {"install status": "task started"}
                if not __salt__["task.run"](name="update-salt-software"):
                    log.error(
                        "Scheduled Task failed to run. Failed to install %s", pkg_name
                    )
                    ret[pkg_name] = {"install status": "failed"}
                else:

                    # Make sure the task is running, try for 5 secs
                    t_end = time.time() + 5
                    while time.time() < t_end:
                        time.sleep(0.25)
                        task_running = (
                            __salt__["task.status"]("update-salt-software") == "Running"
                        )
                        if task_running:
                            break

                    if not task_running:
                        log.error(
                            "Scheduled Task failed to run. Failed to install %s",
                            pkg_name,
                        )
                        ret[pkg_name] = {"install status": "failed"}

            # All other packages run with task scheduler
            else:
                if not __salt__["task.run_wait"](name="update-salt-software"):
                    log.error(
                        "Scheduled Task failed to run. Failed to install %s", pkg_name
                    )
                    ret[pkg_name] = {"install status": "failed"}
        else:
            # Launch the command
            result = __salt__["cmd.run_all"](
                f'"{cmd_shell}" /c "{arguments}"',
                cache_path,
                output_loglevel="trace",
                python_shell=False,
                redirect_stderr=True,
            )
            log.debug("PKG : retcode: %s", result["retcode"])
            if not result["retcode"]:
                ret[pkg_name] = {"install status": "success"}
                changed.append(pkg_name)
            elif result["retcode"] == 3010:
                # 3010 is ERROR_SUCCESS_REBOOT_REQUIRED
                report_reboot_exit_codes = kwargs.pop("report_reboot_exit_codes", True)
                if report_reboot_exit_codes:
                    __salt__["system.set_reboot_required_witnessed"]()
                ret[pkg_name] = {"install status": "success, reboot required"}
                changed.append(pkg_name)
            elif result["retcode"] == 1641:
                # 1641 is ERROR_SUCCESS_REBOOT_INITIATED
                ret[pkg_name] = {"install status": "success, reboot initiated"}
                changed.append(pkg_name)
            else:
                log.error(
                    "Failed to install %s; retcode: %s; installer output: %s",
                    pkg_name,
                    result["retcode"],
                    result["stdout"],
                )
                ret[pkg_name] = {"install status": "failed"}

    # Get a new list of installed software
    new = list_pkgs(saltenv=saltenv, refresh=False)

    # Take the "old" package list and convert the values to strings in
    # preparation for the comparison below.
    __salt__["pkg_resource.stringify"](old)

    # Check for changes in the registry
    difference = salt.utils.data.compare_dicts(old, new)

    # Compare the software list before and after
    # Add the difference to ret
    ret.update(difference)

    return ret


def upgrade(**kwargs):
    """
    Upgrade all software. Currently not implemented

    Kwargs:
        saltenv (str): The salt environment to use. Default ``base``.
        refresh (bool): Refresh package metadata. Default ``True``.

    .. note::
        This feature is not yet implemented for Windows.

    Returns:
        dict: Empty dict, until implemented

    CLI Example:

    .. code-block:: bash

        salt '*' pkg.upgrade
    """
    log.warning("pkg.upgrade not implemented on Windows yet")
    refresh = salt.utils.data.is_true(kwargs.get("refresh", True))
    saltenv = kwargs.get("saltenv", "base")
    log.warning(
        "pkg.upgrade not implemented on Windows yet refresh:%s saltenv:%s",
        refresh,
        saltenv,
    )
    # Uncomment the below once pkg.upgrade has been implemented

    # if salt.utils.data.is_true(refresh):
    #    refresh_db()
    return {}


def remove(name=None, pkgs=None, **kwargs):
    """
    Remove the passed package(s) from the system using winrepo

    .. versionadded:: 0.16.0

    Args:
        name (str):
            The name(s) of the package(s) to be uninstalled. Can be a
            single package or a comma delimited list of packages, no spaces.

        pkgs (list):
            A list of packages to delete. Must be passed as a python list. The
            ``name`` parameter will be ignored if this option is passed.

    Kwargs:

        version (str):
            The version of the package to be uninstalled. If this option is
            used to to uninstall multiple packages, then this version will be
            applied to all targeted packages. Recommended using only when
            uninstalling a single package. If this parameter is omitted, the
            latest version will be uninstalled.

        saltenv (str): Salt environment. Default ``base``
        refresh (bool): Refresh package metadata. Default ``False``

    Returns:
        dict: Returns a dict containing the changes.

        If the package is removed by ``pkg.remove``:

            {'<package>': {'old': '<old-version>',
                           'new': '<new-version>'}}

        If the package is already uninstalled:

            {'<package>': {'current': 'not installed'}}

    CLI Example:

    .. code-block:: bash

        salt '*' pkg.remove <package name>
        salt '*' pkg.remove <package1>,<package2>,<package3>
        salt '*' pkg.remove pkgs='["foo", "bar"]'
    """
    saltenv = kwargs.get("saltenv", "base")
    refresh = salt.utils.data.is_true(kwargs.get("refresh", False))
    # no need to call _refresh_db_conditional as list_pkgs will do it
    ret = {}

    # Make sure name or pkgs is passed
    if not name and not pkgs:
        return "Must pass a single package or a list of packages"

    # Get package parameters
    pkg_params = __salt__["pkg_resource.parse_targets"](name, pkgs, **kwargs)[0]

    # Get a list of currently installed software for comparison at the end
    old = list_pkgs(saltenv=saltenv, refresh=refresh, versions_as_list=True)

    # Loop through each package
    changed = []  # list of changed package names
    for pkgname, version_num in pkg_params.items():

        # Load package information for the package
        pkginfo = _get_package_info(pkgname, saltenv=saltenv)

        # Make sure pkginfo was found
        if not pkginfo:
            msg = f"Unable to locate package {pkgname}"
            log.error(msg)
            ret[pkgname] = msg
            continue

        # Check to see if package is installed on the system
        if pkgname not in old:
            log.debug(
                "%s %s not installed", pkgname, version_num if version_num else ""
            )
            ret[pkgname] = {"current": "not installed"}
            continue

        removal_targets = []
        # Only support a single version number
        if version_num is not None:
            #  Using the salt cmdline with version=5.3 might be interpreted
            #  as a float it must be converted to a string in order for
            #  string matching to work.
            version_num = str(version_num)

        # At least one version of the software is installed.
        if version_num is None:
            for ver_install in old[pkgname]:
                if ver_install not in pkginfo and "latest" in pkginfo:
                    log.debug(
                        "%s %s using package latest entry to to remove",
                        pkgname,
                        version_num,
                    )
                    removal_targets.append("latest")
                else:
                    removal_targets.append(ver_install)
        else:
            if version_num in pkginfo:
                # we know how to remove this version
                if version_num in old[pkgname]:
                    removal_targets.append(version_num)
                else:
                    log.debug("%s %s not installed", pkgname, version_num)
                    ret[pkgname] = {"current": f"{version_num} not installed"}
                    continue
            elif "latest" in pkginfo:
                # we do not have version entry, assume software can self upgrade and use latest
                log.debug(
                    "%s %s using package latest entry to to remove",
                    pkgname,
                    version_num,
                )
                removal_targets.append("latest")

        if not removal_targets:
            log.error(
                "%s %s no definition to remove this version", pkgname, version_num
            )
            ret[pkgname] = {"current": f"{version_num} no definition, cannot removed"}
            continue

        for target in removal_targets:
            # Get the uninstaller
            uninstaller = pkginfo[target].get("uninstaller", "")
            cache_dir = pkginfo[target].get("cache_dir", False)
            uninstall_flags = pkginfo[target].get("uninstall_flags", "")

            # If no uninstaller found, use the installer with uninstall flags
            if not uninstaller and uninstall_flags:
                uninstaller = pkginfo[target].get("installer", "")

            # If still no uninstaller found, fail
            if not uninstaller:
                log.error(
                    "No installer or uninstaller configured for package %s",
                    pkgname,
                )
                ret[pkgname] = {"no uninstaller defined": target}
                continue

            # Hash the uninstaller source after verifying it was defined
            uninstaller_hash = __salt__["cp.hash_file"](uninstaller, saltenv)
            if isinstance(uninstaller_hash, dict):
                uninstaller_hash = uninstaller_hash["hsum"]
            else:
                uninstaller_hash = None

            # Is the uninstaller in a location that requires caching
            if __salt__["config.valid_fileproto"](uninstaller):

                # Check for the 'cache_dir' parameter in the .sls file
                # If true, the entire directory will be cached instead of the
                # individual file. This is useful for installations that are not
                # single files

                if cache_dir and uninstaller.startswith("salt:"):
                    path, _ = os.path.split(uninstaller)
                    log.debug("PKG: Caching dir: %s", path)
                    try:
                        __salt__["cp.cache_dir"](
                            path=path,
                            saltenv=saltenv,
                            include_empty=False,
                            include_pat=None,
                            exclude_pat="E@init.sls$",
                        )
                    except MinionError as exc:
                        msg = f"Failed to cache {path}"
                        log.exception(msg, exc_info=exc)
                        return f"{msg}\n{exc}"

                # Check to see if the uninstaller is cached. We don't want to
                # check for latest here like we do for "pkg.install" because we
                # only want to uninstall the version that has been installed
                cached_pkg = __salt__["cp.is_cached"](uninstaller, saltenv)
                if not cached_pkg:
                    # Since we're passing "uninstaller_hash", it should only
                    # cache the file if the source_hash doesn't match, which
                    # only works on files hosted on "salt://". If the http/https
                    # url supports etag, it should also verify that information
                    # before caching
                    log.debug("PKG: Caching file: %s", uninstaller)
                    try:
                        cached_pkg = __salt__["cp.cache_file"](
                            uninstaller,
                            saltenv=saltenv,
                            source_hash=uninstaller_hash,
                            verify_ssl=kwargs.get("verify_ssl", True),
                            use_etag=True,
                        )
                    except MinionError as exc:
                        msg = f"Failed to cache {uninstaller}"
                        log.exception(msg, exc_info=exc)
                        return f"{msg}\n{exc}"

                    # Check if the uninstaller was cached successfully
                    if not cached_pkg:
                        log.error("Unable to cache %s", uninstaller)
                        ret[pkgname] = {"unable to cache": uninstaller}
                        continue

            else:
                # Run the uninstaller directly (not hosted on salt:, https:, etc.)
                cached_pkg = os.path.expandvars(uninstaller)

            # Fix non-windows slashes
            cached_pkg = cached_pkg.replace("/", "\\")
            cache_path, _ = os.path.split(cached_pkg)

            # os.path.expandvars is not required as we run everything through cmd.exe /c

            if kwargs.get("extra_uninstall_flags"):
                uninstall_flags = "{} {}".format(
                    uninstall_flags, kwargs.get("extra_uninstall_flags", "")
                )

            # Compute msiexec string
            use_msiexec, msiexec = _get_msiexec(pkginfo[target].get("msiexec", False))
            cmd_shell = os.getenv(
                "ComSpec", "{}\\system32\\cmd.exe".format(os.getenv("WINDIR"))
            )

            # Build cmd and arguments
            # cmd and arguments must be separated for use with the task scheduler
            if use_msiexec:
                # Check if uninstaller is set to {guid}, if not we assume its a remote msi file.
                # which has already been downloaded.
                arguments = f'"{msiexec}" /X "{cached_pkg}"'
            else:
                arguments = f'"{cached_pkg}"'

            if uninstall_flags:
                arguments = f"{arguments} {uninstall_flags}"

            # Uninstall the software
            changed.append(pkgname)
            # Check Use Scheduler Option
            log.debug("PKG : cmd: %s /c %s", cmd_shell, arguments)
            log.debug("PKG : pwd: %s", cache_path)
            if pkginfo[target].get("use_scheduler", False):
                # Create Scheduled Task
                __salt__["task.create_task"](
                    name="update-salt-software",
                    user_name="System",
                    force=True,
                    action_type="Execute",
                    cmd=cmd_shell,
                    arguments=f'/c "{arguments}"',
                    start_in=cache_path,
                    trigger_type="Once",
                    start_date="1975-01-01",
                    start_time="01:00",
                    ac_only=False,
                    stop_if_on_batteries=False,
                )
                # Run Scheduled Task
                if not __salt__["task.run_wait"](name="update-salt-software"):
                    log.error(
                        "Scheduled Task failed to run. Failed to remove %s", pkgname
                    )
                    ret[pkgname] = {"uninstall status": "failed"}
            else:
                # Launch the command
                result = __salt__["cmd.run_all"](
                    f'"{cmd_shell}" /c "{arguments}"',
                    output_loglevel="trace",
                    python_shell=False,
                    redirect_stderr=True,
                )
                log.debug("PKG : retcode: %s", result["retcode"])
                if not result["retcode"]:
                    ret[pkgname] = {"uninstall status": "success"}
                    changed.append(pkgname)
                elif result["retcode"] == 3010:
                    # 3010 is ERROR_SUCCESS_REBOOT_REQUIRED
                    report_reboot_exit_codes = kwargs.pop(
                        "report_reboot_exit_codes", True
                    )
                    if report_reboot_exit_codes:
                        __salt__["system.set_reboot_required_witnessed"]()
                    ret[pkgname] = {"uninstall status": "success, reboot required"}
                    changed.append(pkgname)
                elif result["retcode"] == 1641:
                    # 1641 is ERROR_SUCCESS_REBOOT_INITIATED
                    ret[pkgname] = {"uninstall status": "success, reboot initiated"}
                    changed.append(pkgname)
                else:
                    log.error(
                        "Failed to remove %s; retcode: %s; uninstaller output: %s",
                        pkgname,
                        result["retcode"],
                        result["stdout"],
                    )
                    ret[pkgname] = {"uninstall status": "failed"}

    # Get a new list of installed software
    new = list_pkgs(saltenv=saltenv, refresh=False)

    # Take the "old" package list and convert the values to strings in
    # preparation for the comparison below.
    __salt__["pkg_resource.stringify"](old)

    # Check for changes in the registry
    difference = salt.utils.data.compare_dicts(old, new)
    found_chgs = all(name in difference for name in changed)
    end_t = time.time() + 3  # give it 3 seconds to catch up.
    while not found_chgs and time.time() < end_t:
        time.sleep(0.5)
        new = list_pkgs(saltenv=saltenv, refresh=False)
        difference = salt.utils.data.compare_dicts(old, new)
        found_chgs = all(name in difference for name in changed)

    if not found_chgs:
        log.warning("Expected changes for package removal may not have occurred")

    # Compare the software list before and after
    # Add the difference to ret
    ret.update(difference)
    return ret


def purge(name=None, pkgs=None, **kwargs):
    """
    Package purges are not supported on Windows, this function is identical to
    ``remove()``.

    .. note::
        At some point in the future, ``pkg.purge`` may direct the installer to
        remove all configs and settings for software packages that support that
        option.

    .. versionadded:: 0.16.0

    Args:

        name (str): The name of the package to be deleted.

        version (str):
            The version of the package to be deleted. If this option is
            used in combination with the ``pkgs`` option below, then this
            version will be applied to all targeted packages.

        pkgs (list):
            A list of packages to delete. Must be passed as a python
            list. The ``name`` parameter will be ignored if this option is
            passed.

    Kwargs:
        saltenv (str): Salt environment. Default ``base``
        refresh (bool): Refresh package metadata. Default ``False``

    Returns:
        dict: A dict containing the changes.

    CLI Example:

    .. code-block:: bash

        salt '*' pkg.purge <package name>
        salt '*' pkg.purge <package1>,<package2>,<package3>
        salt '*' pkg.purge pkgs='["foo", "bar"]'
    """
    return remove(name=name, pkgs=pkgs, **kwargs)


def get_repo_data(saltenv="base"):
    """
    Returns the existing package metadata db. Will create it, if it does not
    exist, however will not refresh it.

    Args:
        saltenv (str): Salt environment. Default ``base``

    Returns:
        dict: A dict containing contents of metadata db.

    CLI Example:

    .. code-block:: bash

        salt '*' pkg.get_repo_data
    """
    # we only call refresh_db if it does not exist, as we want to return
    # the existing data even if its old, other parts of the code call this,
    # but they will call refresh if they need too.
    repo_details = _get_repo_details(saltenv)

    if repo_details.winrepo_age == -1:
        # no repo meta db
        log.debug("No winrepo.p cache file. Refresh pkg db now.")
        refresh_db(saltenv=saltenv)

    if "winrepo.data" in __context__:
        log.trace("get_repo_data returning results from __context__")
        return __context__["winrepo.data"]
    else:
        log.trace("get_repo_data called reading from disk")

    try:
        with salt.utils.files.fopen(repo_details.winrepo_file, "rb") as repofile:
            try:
                repodata = salt.utils.data.decode(
                    salt.payload.loads(repofile.read()) or {}
                )
                __context__["winrepo.data"] = repodata
                return repodata
            except Exception as exc:  # pylint: disable=broad-except
                log.exception(exc)
                return {}
    except OSError as exc:
        log.exception("Not able to read repo file: %s", exc)
        return {}


def _get_name_map(saltenv="base"):
    """
    Return a reverse map of full pkg names to the names recognized by winrepo.
    """
    u_name_map = {}
    name_map = get_repo_data(saltenv).get("name_map", {})
    return name_map


def get_package_info(name, saltenv="base"):
    """
    Get information about the package as found in the winrepo database

    Args:

        name (str): The name of the package

        saltenv (str): The salt environment to use. Default is "base"

    Returns:
        dict: A dictionary of package info, empty if package not available

    CLI Example:

    .. code-block:: bash

        salt '*' pkg.get_package_info chrome

    """
    return _get_package_info(name=name, saltenv=saltenv)


def _get_package_info(name, saltenv="base"):
    """
    Return package info. Returns empty map if package not available
    TODO: Add option for version
    """
    return get_repo_data(saltenv).get("repo", {}).get(name, {})


def _reverse_cmp_pkg_versions(pkg1, pkg2):
    """
    Compare software package versions
    """
    return 1 if LooseVersion(pkg1) > LooseVersion(pkg2) else -1


def _get_latest_pkg_version(pkginfo):
    """
    Returns the latest version of the package.
    Will return 'latest' or version number string, and
    'Not Found' if 'Not Found' is the only entry.
    """
    if len(pkginfo) == 1:
        return next(iter(pkginfo.keys()))
    try:
        return sorted(pkginfo, key=cmp_to_key(_reverse_cmp_pkg_versions)).pop()
    except IndexError:
        return ""


def compare_versions(ver1="", oper="==", ver2=""):
    """
    Compare software package versions. Made public for use with Jinja

    Args:
        ver1 (str): A software version to compare
        oper (str): The operand to use to compare
        ver2 (str): A software version to compare

    Returns:
        bool: True if the comparison is valid, otherwise False

    CLI Example:

    .. code-block:: bash

        salt '*' pkg.compare_versions 1.2 >= 1.3
    """
    if not ver1:
        raise SaltInvocationError("compare_version, ver1 is blank")
    if not ver2:
        raise SaltInvocationError("compare_version, ver2 is blank")

    # Support version being the special meaning of 'latest'
    if ver1 == "latest":
        ver1 = str(sys.maxsize)
    if ver2 == "latest":
        ver2 = str(sys.maxsize)
    # Support version being the special meaning of 'Not Found'
    if ver1 == "Not Found":
        ver1 = "0.0.0.0.0"
    if ver2 == "Not Found":
        ver2 = "0.0.0.0.0"

    return salt.utils.versions.compare(ver1, oper, ver2, ignore_epoch=True)