Google Chrome 的 Chocolaty 安装无法通过 HASH 校验

tag-icon tag-icon google-chrome powershell chocolatey
Google Chrome 的 Chocolaty 安装无法通过 HASH 校验

使用 chocolatey 在 powershell 中安装 Google Chrome 浏览器时出现错误。当我解析哈希校验时它可以工作,但是如何确保在 nuget 中修复此问题?

我可以安装其他软件包。

PS C:\Windows\system32> choco install googlechrome
Chocolatey v0.10.11
Installing the following packages:
googlechrome
By installing you accept licenses for the packages.
Progress: Downloading GoogleChrome 71.0.3578.80... 100%

GoogleChrome v71.0.3578.80 [Approved]
googlechrome package files install completed. Performing other installation steps.
The package GoogleChrome wants to run 'chocolateyInstall.ps1'.
Note: If you don't run this script, the installation will fail.
Note: To confirm automatically next time, use '-y' or consider:
choco feature enable -n allowGlobalConfirmation
Do you want to run the script?([Y]es/[N]o/[P]rint): y

Using system proxy server 'server.proxy.com:8081'.
File appears to be downloaded already. Verifying with package checksum to determine if it needs to be redownloaded.
Error - hashes do not match. Actual value was 'E080C523B419D0F706B3633FCBCE37ADA61F983BDEAB1084E3320C69BA2134A4'.
Downloading googlechrome 64 bit
  from 'https://dl.google.com/tag/s/dl/chrome/install/googlechromestandaloneenterprise64.msi'
Using system proxy server 'proxy.jp.sbibits.com:8080'.
Progress: 100% - Completed download of C:\Users\jenkins\AppData\Local\Temp\chocolatey\GoogleChrome\71.0.3578.80\googlechromestandaloneenterprise64.msi (53.85 MB).
Download of googlechromestandaloneenterprise64.msi (53.85 MB) completed.
Error - hashes do not match. Actual value was 'E080C523B419D0F706B3633FCBCE37ADA61F983BDEAB1084E3320C69BA2134A4'.
ERROR: Checksum for 'C:\Users\jenkins\AppData\Local\Temp\chocolatey\GoogleChrome\71.0.3578.80\googlechromestandaloneenterprise64.msi' did not meet 'a4e5e5562b1ef9bd6a3b28ff66f37ddefba2d5b60e6f49f8a9981703bef0587e' for checksum type 'sha256'. Consider passing the actual checksums through with --checksum --checksum64 once you validate the checksums are appropriate. A less secure option is to pass --ignore-checksums if necessary.
The install of googlechrome was NOT successful.
Error while running 'C:\ProgramData\chocolatey\lib\GoogleChrome\tools\chocolateyInstall.ps1'.
 See log for details.

Chocolatey installed 0/1 packages. 1 packages failed.
 See the log for details (C:\ProgramData\chocolatey\logs\chocolatey.log).

答案1

发生这种情况的原因是,Google 只有一个 URL 来下载 Google Chrome 安装程序,并且他们会更新该 URL 后面的版本。

遗憾的是,这意味着引用该 URL(不使用 CDN 或未内化二进制文件)的 Chocolatey 包将出现哈希不匹配。

严格来说,这是一件好事,就好像您期望安装 Chrome v2.0(例如)但却安装了 v16.0(或者有人试图让您安装恶意 MSI),您就无法得到您所请求的内容。

一般解决方法是:

  • 从 CCR 安装最新版本的 Chrome,它应该具有匹配的哈希值
  • 通过在创建时包含二进制文件来使包内部化(然后自己将其托管在存储库中)或者
  • 绕过哈希检查

相关内容