I'm following option 2B to install SIFT into WSL:
https://www.sans.org/tools/sift-workstation/

I'm seeing an issue with the install where the hashes are not matching:

Error: Hashes for sift-saltstack-v2022.01.22.tar.gz do not match. Expected: 12d4be3e4b31690c17ed7675b11540c77b25d1c8b5a1bd5a8a15122f51984b9e  /tmp/sift-saltstack-v2022.01.22.tar.gz
, Actual: 965fec26ed59639aef325526e0f27e65c20c68d431abbe9b1b1acdc9fad0d139  /tmp/sift-saltstack-v2022.01.22.tar.gz

What's odd is that I've manually downloaded the tar.gz file from 3 different systems and on all 3 systems, the sha256sum I see matches the "Actual" version not the "Expected".

I repeated this step for every version in 2021-2022 and experienced the same result. Namely, sift-cli installer errors due to hash mismatches. However, when I inspect the hash manually (on 3 systems on 3 different networks), I see the Actual hash reported and not the Expected.

Hi @wilczekj , are you perhaps operating behind a proxy or appliance which could interfere with unauthorized file types (ie antivirus appliance of the like)?

This is the most common reason for the hashes not matching, as the file may be incomplete or blocked from completing a successful download.

If you are operating behind a proxy, can you retry the process by either adding an exception or pass thru, or try it on a machine not behind the proxy?

Hello @digitalsleuth. I understand the issues that could be caused by proxies or other inline network appliances. However, I tested the download from 3 different locations, 3 different networks and none are behind a proxy or any appliance that could inspect/modify the traffic.

There is a known issue currently with GitHub archives not matching hashes. They are rolling back the change.

Hi @wilczekj , I've confirmed the hash value for the release on several machines and devices and they all come back with the expected value.

Can you tell me which version of the CLI you're using to install? Also, could it be possible you're experiencing network connectivity issues? One hash failure would be reasonable, but for your downloads to be the wrong hash from that many different machines seems extraordinary.

The releases are all hashed and signed prior to upload, then the CLI pulls down the release and signature and compares the download to the signature. It would be one thing for the CLI to fail, but I fear there may be a system or network issue at play here.

@digitalsleuth did you see the response from @ekristen ?

I'm using the latest version of the CLI v1.14.0-rc1

I don't think there was any way its network connectivity related. Three different networks, three different computers, two different time zones all experiencing network connectivity issues at the roughly same time? All three reporting the EXACT same hash of the tar.gz downloaded (which didn't match)?

No I hadn't seen it. The post just came in on my phone with your reply just now. Since there is an issue on GitHub's end, that makes much more sense.

I think this was all related to the GitHub Archive issue. Please also note that sift-cli is being deprecated in favor of cast once teamdfir/sift-saltstack#80 is closed.