Vcpkg fails to install anything - File does not have the expected hash #4663
Comments
parsa
changed the title
|
That's annoyhing, I just tried the above command on a clean machine and was unable to reproduce the issue. Does it still repro? I ask only because it could have been an intermittent issue in the nuget service that is now resolved so it worked for me but not for you earlier. |
|
same here |
|
I'm experiencing the same issue. Tried |
|
This can be temporarily and foolishly 'fixed' by replacing the hash value in vcpkg/scripts/vcpkgTools (tool name="7zip" os="windows") with the actual hash. I'm pretty sure that it such an act ranks highly in the list of security sins. |
|
I can confirm, same problem, on a clean Windows 10 x64 machine. @hjabird Instead of changing the hash, probably a better idea is to bump the version to 18.05 which is the latest stable version and solves some Windows 10 bugs. |
|
@Rastaban tried again on a clean VM and it does still reproduce. Same exact hashes. Also I my machine I just changed the hash in |
|
I can confirm the same failure as well. To work around this I copied the original This doesn't help though if you can't get your hands on the right file... |
|
Thank you everyone for quickly jumping in and reporting this! I've just pushed 068032b to master, which downgrades the version of 7-zip to a previous version while we work on some internal changes to fix this more permanently for 18.1.0. The root cause of the issue is that NuGet.org decided to modify the existing published nupkg files and inject signature files into them, which changes their hash. Our system to protect users from malicious files detected this change and correctly refused to use the un-validated executable. Unfortunately, it isn't as simple as changing the expected hash, because existing users will still have the older file downloaded. We also can't just rename the file, because As mentioned above, we're working on fixing this properly as a high priority, but 068032b will fix the issue for now. Thanks again! |
|
Since applying the hotfix I'm seeing a new problem This didn't make sense to me because the file it's looking for exists. I dug into the code and discovered that I created a brand new local C++ project and verified the same result, not just for the executable, but for all the files in the archive. However, if I wiped the folder and then re-extracted the files using WinRAR, the files suddenly visible as far as Something about the 16 version of 7zip is setting file attributes so that even though they're visible in the command line, can be executed, and visible in explorer, the C++ library's |
|
Thanks for the further investigation. I was able to confirm some strange behavior (though not this particular issue) when using the old 7zip as well. I've pushed a different workaround (273b8ce) that's a bit more permanent by mapping the new hash in the tool back to the old hash. The reason to map the new hash to the old hash is to improve compatibility for existing users which might A proper fix is still desirable, but this particular duct tape should hold for longer since it's using the same (latest available) version of 7zip as before. |
|
This issue still appears for anyone who has not ran Why not increase the vcpkg version? |
|
@ras0219-msft @Farwaykorse Yes, the version should be increased so at least a message to run @ras0219-msft The nuget versioning is wacky, 7zip versioning is format |
|
Hello, I have the same issue, I am trying to run .\bootstrap-vcpkg.bat but it failed due to toolsrc/ folder not existing. I got vcpkg 1.50 through VS 2017 Nuget Package Manager and by this way you don't get the toolsrc/ folder... Thank you in advance. |
PhoebeHui
added
the
category:vcpkg-bug
|
This seems to be an issue especially when going back in time to get earlier versions of libraries. |
|
This issue is still present in 2020.01 version |
|
For me it was solved by running the command with admin privileges... |
|
updating vcpkg to 2020.06.15- fixes the problem to me |
Thank you. This helped a lot!!! @derekseiple |
This issue has been long solved for me, and I don't think the follow-ups describe the same issue. If my opinion as the person who opened this issue counts, this issue can be closed. |
|
I agree, thank you parsa for your response! closing this issue now. |
|
I solve the preblem |
and others
Steps to reproduce:
vcpkg install --triplet x64-windows boost(or any other package)Expected outcome: Boost (or any other package) would install
Actual outcome: An error message complaining about hash mismatch for the installed 7-zip is displayed
Output:
Detail:
Full Output:
The text was updated successfully, but these errors were encountered: