Open vsl-iil opened 6 months ago
Ana06
commented
6 months ago This code is in the installer packages and it also affect Commando VM. So It should be reported in VM-Packages. I remember discussing/mentioning this problem in another issue, but I am not able to find it. @mandiant/vms does someone remember this issue? Opinions on modifying this code?
day1player
commented
6 months ago @Ana06 yes this is an issue with the package likely not using our latest signature checking function.. as MSF installers are refreshed I think weekly the hash breaks every week and this was one of the packages we wanted to create that function for.. Agreed that this should be mentioned in https://github.com/Mandiant/vm-packages
Also agreed that it would be a good QoL improvement to also implement a feature for this in the installer in case any other issues come up.. Might be difficult though, maybe a counter? we need to make sure it's a 404 and not a timeout I would think
Details
While it makes sense to keep trying to install some packages that failed to install the first time, redownloading packages that failed hash check after each reboot seems excessive to me. The same goes for 404s, though they are not as time-consuming as downloading the 300MB Metasploit package every time the system restarts during installation. Is it possible to exclude such failed packages from the list so that the script won't try redownloading them? Maybe as an option?