diff --git a/lib/vagrant/errors.rb b/lib/vagrant/errors.rb index d4009f347..057d6a823 100644 --- a/lib/vagrant/errors.rb +++ b/lib/vagrant/errors.rb @@ -524,6 +524,10 @@ module Vagrant error_key(:provider_cant_install) end + class ProviderChecksumMismatch < VagrantError + error_key(:provider_checksum_mismatch) + end + class ProviderInstallFailed < VagrantError error_key(:provider_install_failed) end diff --git a/plugins/hosts/darwin/cap/provider_install_virtualbox.rb b/plugins/hosts/darwin/cap/provider_install_virtualbox.rb index 62a9f34f5..34f81ef3c 100644 --- a/plugins/hosts/darwin/cap/provider_install_virtualbox.rb +++ b/plugins/hosts/darwin/cap/provider_install_virtualbox.rb @@ -2,6 +2,7 @@ require "pathname" require "tempfile" require "vagrant/util/downloader" +require "vagrant/util/file_checksum" require "vagrant/util/subprocess" module VagrantPlugins @@ -12,6 +13,7 @@ module VagrantPlugins # known-good version to download. URL = "http://download.virtualbox.org/virtualbox/5.0.10/VirtualBox-5.0.10-104061-OSX.dmg".freeze VERSION = "5.0.10".freeze + SHA256SUM = "62f933115498e51ddf5f2dab47dc1eebb42eb78ea1a7665cb91c53edacc847c6".freeze def self.provider_install_virtualbox(env) tf = Tempfile.new("vagrant") @@ -29,6 +31,15 @@ module VagrantPlugins dl = Vagrant::Util::Downloader.new(URL, tf.path, ui: ui) dl.download! + # Validate that the file checksum matches + actual = Vagrant::Util::FileChecksum.new(tf.path, Digest::SHA2).checksum + if actual != SHA256SUM + raise Vagrant::Errors::ProviderChecksumMismatch, + provider: "virtualbox", + actual: actual, + expected: SHA256SUM + end + # Launch it ui.output(I18n.t( "vagrant.hosts.darwin.virtualbox_install_install")) diff --git a/plugins/hosts/windows/cap/provider_install_virtualbox.rb b/plugins/hosts/windows/cap/provider_install_virtualbox.rb index 44ab246c8..2179d2164 100644 --- a/plugins/hosts/windows/cap/provider_install_virtualbox.rb +++ b/plugins/hosts/windows/cap/provider_install_virtualbox.rb @@ -2,6 +2,7 @@ require "pathname" require "tempfile" require "vagrant/util/downloader" +require "vagrant/util/file_checksum" require "vagrant/util/powershell" require "vagrant/util/subprocess" @@ -13,6 +14,7 @@ module VagrantPlugins # known-good version to download. URL = "http://download.virtualbox.org/virtualbox/5.0.10/VirtualBox-5.0.10-104061-Win.exe".freeze VERSION = "5.0.10".freeze + SHA256SUM = "3e5ed8fe4ada6eef8dfb4fe6fd79fcab4b242acf799f7d3ab4a17b43838b1e04".freeze def self.provider_install_virtualbox(env) tf = Tempfile.new("vagrant") @@ -30,6 +32,15 @@ module VagrantPlugins dl = Vagrant::Util::Downloader.new(URL, tf.path, ui: ui) dl.download! + # Validate that the file checksum matches + actual = Vagrant::Util::FileChecksum.new(tf.path, Digest::SHA2).checksum + if actual != SHA256SUM + raise Vagrant::Errors::ProviderChecksumMismatch, + provider: "virtualbox", + actual: actual, + expected: SHA256SUM + end + # Launch it ui.output(I18n.t( "vagrant.hosts.windows.virtualbox_install_install")) diff --git a/templates/locales/en.yml b/templates/locales/en.yml index 2720e9cf4..6d39e9ef4 100755 --- a/templates/locales/en.yml +++ b/templates/locales/en.yml @@ -1015,6 +1015,13 @@ en: This is a limitation of this provider. Please report this as a feature request to the provider in question. To install this provider, you'll have to do so manually. + provider_checksum_mismatch: |- + The checksum of the downloaded provider '%{provider}' did not match the + expected value. If the problem persists, please install the provider + manually. + + Expected: %{expected} + Received: %{actual} provider_install_failed: |- Installation of the provider '%{provider}' failed! The stdout and stderr are shown below. Please read the error output, resolve it,