search

mandiant / flare-vm

A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering environment on a VM.
Apache License 2.0
6.55k stars 915 forks source link

Package Update Errors #437

Closed tuttimann closed 1 year ago

tuttimann commented 1 year ago

Hi all, when I want to update the installed packages in my FlareVM with command cup all I am getting error messages for some packages where it says "Unable to find a version of 'xxx' that is compatible with 'xxx 1.2.3'. I attached a screenshot for all the failures I got during my last update process. flare

mr-tz commented 1 year ago

Huh, @Ana06 or @MalwareMechanic do you know where these failure come from?

MalwareMechanic commented 1 year ago

Just taking a guess here, but these look like some of our metapackages. I think since we locked the versions in the metapackage's nuspec file, that when a dependency package is trying to update Chocolatey fails it since that would break the locked version. So, really it's not an error if this is what's happening -- the metapackages need updating to point to the newer dependency version.

We can check though. @tuttimann can you run choco list -l -r -all

tuttimann commented 1 year ago

This is the output from the command:

autohotkey.install|1.1.36.02 autohotkey.portable|2.0.2 autopsy|4.19.3 Boxstarter|3.0.0 Boxstarter.Chocolatey|3.0.0 Boxstarter.HyperV|3.0.0 chocolatey|1.2.1 chocolatey-compatibility.extension|1.0.0 chocolatey-core.extension|1.4.0 chocolatey-visualstudio.extension|1.10.2 Cmder|1.3.20 Cygwin|3.2.0 dependencywalker|2.2.6000.9 dependencywalker.vm|2.2.6000 dnspyex|6.2.0 dotnetfx|4.8.0.20220524 exiftool|12.55 fiddler|5.0.20211.51073 flarevm.installer.vm|0.0.0.20221201 floss.vm|2.1.0 glogg|1.1.4 hashmyfiles.vm|0.0.0.20220113 hollowshunter.vm|0.3.5 hxd|2.5.0.0 javaruntime|8.0.231 jre8|8.0.351 KB2919355|1.0.20160915 KB2919442|1.0.20160915 KB2999226|1.0.20181019 KB3033929|1.0.5 KB3035131|1.0.3 libraries.python2.vm|0.0.0.20221203 libraries.python3.vm|0.0.0.20230118 map.vm|12.20.21 notepadplusplus|8.4.8 notepadplusplus.install|8.4.8 openjdk11|11.0.16.20220913 python2|2.7.18 python3|3.9.13 regshot.vm|1.9.1 rundotnetdll.vm|2.2 sysinternals|2022.11.28 Temurin11|11.0.18.1000 vcredist140|14.34.31931 vcredist2010|10.0.40219.32503 vcredist2015|14.0.24215.20170201 visualstudio-installer|2.0.3 visualstudio2017-workload-vctools|1.3.3 visualstudio2017buildtools|15.9.50.0 wireshark|4.0.2 yara|4.2.3

tuttimann commented 1 year ago

Any thoughts on this?

mr-tz commented 1 year ago

I think Blaine's idea is correct. There are new versions available (like cygwin 3.4.3, but the VM-Packages are pinned to an older version (like cygwin 3.2.0).

MalwareMechanic commented 1 year ago

Odd, I see you have the package cygwin installed, but I don't see cygwin.vm installed.

Based on https://github.com/mandiant/VM-Packages/blob/main/packages/cygwin.vm/cygwin.vm.nuspec we are currently pinned at version 3.2.0.

Let me do a fresh install and then try to cup all, I'll report back

tuttimann commented 1 year ago

Let me do a fresh install and then try to cup all, I'll report back

@MalwareMechanic did you try the command after a fresh install?

MalwareMechanic commented 1 year ago

Alright, yep it seems this is due to the dependency version locking we're doing. So if we see these, it means we need to update our packages. We have a script that should find these and try to auto-update: https://github.com/mandiant/VM-Packages/blob/main/scripts/utils/update_package.py I believe the script runs once a week, but we can also manually update the packages

mr-tz commented 1 year ago

@tuttimann we've updated some dependencies, do you still see the above errors, e.g., for Cygwin, etc.?

tuttimann commented 1 year ago

Thanks, I don't see these errors anymore and it updates the packages.

MalwareMechanic commented 1 year ago

Awesome! Thanks for helping us figure this out 😄