search

SecurityWeekly / vulhub-lab

49 stars 17 forks source link

Win10 recipe: Vagrant Installer not found due to Revision Number on Semantic Version #4

Open stellarpower opened 1 year ago

stellarpower commented 1 year ago

From the Dockerfile

$ curl -s https://checkpoint-api.hashicorp.com/v1/check/vagrant  | jq -r -M '.current_version'
2.3.4

https://releases.hashicorp.com/vagrant/2.3.4/:

[vagrant_2.3.4_SHA256SUMS](https://releases.hashicorp.com/vagrant/2.3.4/vagrant_2.3.4_SHA256SUMS)
[vagrant_2.3.4_SHA256SUMS.72D7468F.sig](https://releases.hashicorp.com/vagrant/2.3.4/vagrant_2.3.4_SHA256SUMS.72D7468F.sig)
[vagrant_2.3.4_SHA256SUMS.sig](https://releases.hashicorp.com/vagrant/2.3.4/vagrant_2.3.4_SHA256SUMS.sig)
[vagrant-2.3.4-1-x86_64.pkg.tar.zst](https://releases.hashicorp.com/vagrant/2.3.4/vagrant-2.3.4-1-x86_64.pkg.tar.zst)
[vagrant-2.3.4-1.i686.rpm](https://releases.hashicorp.com/vagrant/2.3.4/vagrant-2.3.4-1.i686.rpm)
[vagrant-2.3.4-1.x86_64.rpm](https://releases.hashicorp.com/vagrant/2.3.4/vagrant-2.3.4-1.x86_64.rpm)
[vagrant_2.3.4-1_amd64.deb](https://releases.hashicorp.com/vagrant/2.3.4/vagrant_2.3.4-1_amd64.deb)
[vagrant_2.3.4-1_i686.deb](https://releases.hashicorp.com/vagrant/2.3.4/vagrant_2.3.4-1_i686.deb)
[vagrant_2.3.4_darwin_amd64.dmg](https://releases.hashicorp.com/vagrant/2.3.4/vagrant_2.3.4_darwin_amd64.dmg)
[vagrant_2.3.4_linux_amd64.zip](https://releases.hashicorp.com/vagrant/2.3.4/vagrant_2.3.4_linux_amd64.zip)
[vagrant_2.3.4_windows_amd64.msi](https://releases.hashicorp.com/vagrant/2.3.4/vagrant_2.3.4_windows_amd64.msi)
[vagrant_2.3.4_windows_i686.msi](https://releases.hashicorp.com/vagrant/2.3.4/vagrant_2.3.4_windows_i686.msi)

The installer fails as the Debian package is bumped to 2.3.4-1, not "2.3.4". The web page I see does look parseable, i.e the links above are tagged with the architecture, Os, version, etc., so it would be possible to extract with a quick one-liner in nokogiri or something.

stellarpower commented 1 year ago

Also, the architecture should be "amd64" not "x86_64", and that last call to jq might as well be replaced by a wildcard :).

Also I now it's common practice on many occasions, but Dockerfiles where everything is just crammed onto one line to save image space are harder and much more frustrating to debug, especially when something bails right at the end and you now lose all the work that happened prior to that. Might be worth considering breaking it out into separate RUN instructions.