Checksum error in installing software using chocolatey

Question

    # Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass  (Before running the script execute the command in terminal for admin rights)


# Step 1) install Chocolatey when needed

#if (-not (Test-Path -Path "$env:ProgramData\Chocolatey\choco.exe" -PathType Leaf)) 
#{
#   from https://chocolatey.org/install
#   Set-ExecutionPolicy Bypass -Scope Process -Force
#   [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072
#   Invoke-Expression ((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1')) 
#}


if (-not (Test-Path -Path "$env:ProgramData\Chocolatey\choco.exe" -PathType Leaf)) 
{
    Set-ExecutionPolicy Bypass -Scope Process -Force;
    [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072;
    iex ((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1'))

}


# Step 2) define the array of packages you are offering

$Packages = 'googlechrome',

            'firefox',

            'codeblocks',

            'windbg',

            'nasm',

            'explorersuite',

            'pestudio',

            'vscode',

            'sysinternals',

            'python',

            'ccleaner',

            'anaconda3',

            'wireshark',

            'sublimetext3',  
            
            'google earth',

            'notepadplusplus',

            'iTunes'

             
                

            




# Step 3) define the Show-Menu function


function Show-Menu
 {
    Clear-Host
    Write-Host "**********************************************"
    Write-Host "LIST OF SOFTWARES"

    # write the options using the array of packages

    for ($i = 0; $i -lt $Packages.Count; $i++) 
    {
        # {0,10} means right align with spaces to max 2 characters
        Write-Host ('{0,10}. {1}' -f ($i + 1), $Packages[$i])
    }

    
    Write-Host " q. Exit the script"
    Write-Host "*************************************************"
    Write-Host
}




# Step 4) enter an endless loop you only exit if the user enters 'q'


while ($true) 
{
    Show-Menu

    $UserInput = Read-Host "Enter the software number to be installed"

    # test if the user wants to quit and if so, break the loop

    if ($UserInput -eq 'q') { break }

    # test if the user entered a number between 1 and the total number of packages (inclusive)

    if ([int]::TryParse($UserInput,[ref]$null) -and 1..$Packages.Count -contains [int]$UserInput) 
    {
        # here you install the chosen package using the array index number (= user input number minus 1)
        $packageIndex = [int]$UserInput - 1
        Write-Host "Installing $($Packages[$packageIndex])"
        choco install $Packages[$packageIndex] -y
        
        
    }

    else 
    {
        $availableOptions = 1..$Packages.Count -join ','
        Write-Host "Error in selection, choose $availableOptions or q" -ForegroundColor Red
    }

     $null = Read-Host "Press Enter to continue"
}





   

The script is working correct all softwares are getting installed properly, but when i try to install some softwares like nasm, pestudio i am getting checksum error,i.e the hash value of the downloaded file is not matching with the package maintainer hash value so i am getting checksum error. I came to know that the checksum error can be ignored. The syntax for ignoring the checksum is choco install SoftwareName --ignore-checksums
but where should i put this statement in my script can anyone put this statement in my script i tried to put but it is not reflecting. please can anyone edit my script. Thanks in advance.

Answer 1

You've already answered your own question:

The syntax for ignoring the checksum is choco install SoftwareName --ignore-checksums

So add --ignore-checksums to get things working for now. The best long-term solution would be to either:

1. Search for the package on https://chocolatey.org and contact the package maintainers about the mismatched checksums, so they can push an update.
2. Maintain your own nuget feed and packages for the software you need. This is the most recommended approach in a business setting.

Answer 2

I would recommend the --checksum command line argument, way safer than --ignore-checksums

This requires a bit little extra work compared to just ignoring. You have three options how to get the correct checksum, safest a), then b) then least safe is c)

• a) go to the original source of download, (I mean, where the package author also intend to download the installable) and if there is a checksum information use that.

• b) go to the original source of download, download yourself, then check it with virustotal. This servers two purpose: you got a trust/no trust picture, and secondly, the hash what virustotal calculates is exactly what choco expects. So if you decide to trust in the downloaded stuff based on virustotal, then you can instantly use that virustotal hash in your --checksum command line argument.

• c) use the checksum in the choco install error message