On November 9th, we happily launched Icinga for Windows 1.7.0 and mentioned all the new things within our release blog-post. With this version, we also included a fix for the repository hash calculator, ensuring that always the correct hash was used for validating the repository files.
What Happened?
While the fix worked flawlessly, we accidentally made the entire repositories as secure as possible, as we always included the index repository file within the hash calculation. By updating the repository index with the new hash, the file hash also changed, resulting in a different repository hash again. You could argue this is not a bug, but a feature – we would however want you to be able to sync repositories with Icinga for Windows. The fix we applied right now, is only to include the .zip and .msi files which we use within the repository itself for the hash generation.
How Does It Affect you?
You are only affected in case you are using the function Sync-IcingaRepository, to clone https://packages.icinga.com/IcingaForWindows/ or your internal repositories to separate locations. Installing or updating components directly from a public or custom repository is not causing any issues, as only file hashes for the packages itself are validated in this case and not the entire repository.
How To Resolve The Issue?
Before you can upgrade to v1.7.0 or v1.7.1 and you are using the repository sync and repositories, you will have to sync the repository by using the -ForceTrust argument first, as otherwise the older versions will fail on the same step by validating the hashes. If you want to stay secure and do not wish to force the trust of the repository, you can manually apply the patch for the Icinga for Windows environment you want to run the sync from. Once applied, simply run the following command
icinga -RebuildCache;
and start the sync process from this new shell.
Anything Else?
While we were at it, we also fixed two smaller issues, allowing the repository functions to now use the Icinga for Windows WebRequest feature, allowing the usage of proxies as well as some unwanted outputs of the new developer tools inside the console.
We hope you will enjoy the new release and have a chance to use the newly introduced developer tools and features for yourself!