malboxes icon indicating copy to clipboard operation
malboxes copied to clipboard
verified publisher icon GoSecure

choco install fail, checksum missing on dependencywalker and regshot

Open adricnet opened this issue 9 years ago • 8 comments

Hello malboxes team,

Thanks for releasing this as it looks fantastic. Unfortunately, a smoke test of the default configuration fails due to a missing checksum. This has been flagged upstream, but not acknowledged that I can see in the Choco package index page for DepWalker: http://disq.us/p/1drvmde.

Please consider either kludging this security policy in Choco or taking the very useful tool DepWalker out of the sample configs you ship so as to help new users have a good first experience as they follow your documentation and try out the tool.

Thanks, adric

    virtualbox-iso: Failures
    virtualbox-iso: - dependencywalker (exited -1) - Error while running 'C:\ProgramData\chocolatey\lib\dependencywalker\tools\chocolateyInstall.ps1'.
    virtualbox-iso: See log for details.
==> virtualbox-iso: Unregistering and deleting virtual machine...
==> virtualbox-iso: Deleting output directory...
Build 'virtualbox-iso' errored: Script exited with non-zero exit status: 4294967295

==> Some builds didn't complete successfully and had errors:
--> virtualbox-iso: Script exited with non-zero exit status: 4294967295

==> Builds finished but no artifacts were created.
----------------------------------
packer completed with return code: 1
Packer failed. Build failed. Exiting...

Log snippet Gist here

adricnet avatar Dec 07 '16 18:12 adricnet

We will temporarily remove DepWalker from our tools list. Thanks for reporting!

obilodeau avatar Dec 07 '16 19:12 obilodeau

Thank you for such a fast response and being so helpful!

Unfortunately my followup build (edited out depwalker in config.js) hit the same problem with regshot. I'm going to try and dig into choco docs and see what the least bad way around this is generally (as well as trying a build wo regshot or depwalker for good measure).

Cheers, adric

adricnet avatar Dec 07 '16 19:12 adricnet

Ok, new idea: disable checksum checking until all outstanding upstream packages are fixed. This can be achieved via a choco.exe flag.

obilodeau avatar Dec 07 '16 20:12 obilodeau

Yes, that's the general solution, though it is not without risk as I understand it. OTOH, I have a box built and running nicely without those two tools, and can go on about my testing quite pleasantly.

Cheers, thanks, adric

adricnet avatar Dec 07 '16 21:12 adricnet

Ok, if regshot and DepWalker are the only two, I'll avoid installing them for now as a workaround and I'll try to find a way to contribute the checksums upstream. Thanks for your testing!

obilodeau avatar Dec 08 '16 14:12 obilodeau

Found source of packages and submitted two pull requests to fix the issues. Here are the PR to track:

  • MarkRobertJohnson/ChocolateyPackages#13
  • AnthonyMastrean/chocolateypackages#212

obilodeau avatar Dec 08 '16 21:12 obilodeau

Wow, thank you for finding, submitting, and linking those! Leave this one open to track against upstream?

adricnet avatar Dec 08 '16 22:12 adricnet

Leave this one open to track against upstream?

Yes let's do that.

obilodeau avatar Dec 09 '16 18:12 obilodeau