Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Option to skip 404'd or invalid hash packages #577

Open
vsl-iil opened this issue Mar 9, 2024 · 2 comments
Open

Option to skip 404'd or invalid hash packages #577

vsl-iil opened this issue Mar 9, 2024 · 2 comments
Labels
❔ discussion Further discussion is needed

Comments

@vsl-iil
Copy link

vsl-iil commented Mar 9, 2024

Details

While it makes sense to keep trying to install some packages that failed to install the first time, redownloading packages that failed hash check after each reboot seems excessive to me. The same goes for 404s, though they are not as time-consuming as downloading the 300MB Metasploit package every time the system restarts during installation. Is it possible to exclude such failed packages from the list so that the script won't try redownloading them? Maybe as an option?

@Ana06
Copy link
Member

Ana06 commented Mar 22, 2024

This code is in the installer packages and it also affect Commando VM. So It should be reported in VM-Packages. I remember discussing/mentioning this problem in another issue, but I am not able to find it. @mandiant/vms does someone remember this issue? Opinions on modifying this code?

@Ana06 Ana06 added the ❔ discussion Further discussion is needed label Mar 22, 2024
@day1player
Copy link

@Ana06 yes this is an issue with the package likely not using our latest signature checking function.. as MSF installers are refreshed I think weekly the hash breaks every week and this was one of the packages we wanted to create that function for.. Agreed that this should be mentioned in https://github.com/Mandiant/vm-packages

Also agreed that it would be a good QoL improvement to also implement a feature for this in the installer in case any other issues come up.. Might be difficult though, maybe a counter? we need to make sure it's a 404 and not a timeout I would think

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
❔ discussion Further discussion is needed
Projects
None yet
Development

No branches or pull requests

3 participants