From 0e898af33f48d37e3340bf2c5273ecc999e3eef5 Mon Sep 17 00:00:00 2001
From: hhofs <h.hofs@loginvsi.com>
Date: Fri, 11 May 2018 23:59:17 +0200
Subject: [PATCH] added verification of iso download, changed memory for wef
 and dc, fixed issue with post-build tests

---
 Vagrant/Vagrantfile                       |  8 ++++----
 Vagrant/scripts/install-microsoft-ata.ps1 | 23 ++++++++++++++++++++++-
 build.sh                                  |  4 ++--
 3 files changed, 28 insertions(+), 7 deletions(-)

diff --git a/Vagrant/Vagrantfile b/Vagrant/Vagrantfile
index fc858fa..6bbc466 100644
--- a/Vagrant/Vagrantfile
+++ b/Vagrant/Vagrantfile
@@ -57,14 +57,14 @@ Vagrant.configure("2") do |config|
 
     cfg.vm.provider "vmware_fusion" do |v, override|
       override.vm.box = "../Boxes/windows_2016_vmware.box"
-      v.memory = 6144
+      v.memory = 2560
       v.cpus = 2
       v.gui = true
     end
 
     cfg.vm.provider "virtualbox" do |vb, override|
       vb.gui = true
-      vb.customize ["modifyvm", :id, "--memory", 6144]
+      vb.customize ["modifyvm", :id, "--memory", 2560]
       vb.customize ["modifyvm", :id, "--cpus", 2]
       vb.customize ["modifyvm", :id, "--vram", "32"]
       vb.customize ["modifyvm", :id, "--clipboard", "bidirectional"]
@@ -100,14 +100,14 @@ Vagrant.configure("2") do |config|
 
     cfg.vm.provider "vmware_fusion" do |v, override|
       override.vm.box = "../Boxes/windows_2016_vmware.box"
-      v.memory = 8192
+      v.memory = 2048
       v.cpus = 2
       v.gui = true
     end
 
     cfg.vm.provider "virtualbox" do |vb, override|
       vb.gui = true
-      vb.customize ["modifyvm", :id, "--memory", 8192]
+      vb.customize ["modifyvm", :id, "--memory", 2048]
       vb.customize ["modifyvm", :id, "--cpus", 2]
       vb.customize ["modifyvm", :id, "--vram", "32"]
       vb.customize ["modifyvm", :id, "--clipboard", "bidirectional"]
diff --git a/Vagrant/scripts/install-microsoft-ata.ps1 b/Vagrant/scripts/install-microsoft-ata.ps1
index 72e1b34..31ecbcb 100644
--- a/Vagrant/scripts/install-microsoft-ata.ps1
+++ b/Vagrant/scripts/install-microsoft-ata.ps1
@@ -1,6 +1,7 @@
 # Purpose: Downloads, installs and configures Microsft ATA 1.9
 $title = "Microsoft ATA 1.9"
 $downloadUrl = "http://download.microsoft.com/download/4/9/1/491394D1-3F28-4261-ABC6-C836A301290E/ATA1.9.iso"
+$fileHash = "DC1070A9E8F84E75198A920A2E00DDC3CA8D12745AF64F6B161892D9F3975857" # Use Get-FileHash on a correct downloaded file to get the hash
 
 # Enable web requests to endpoints with invalid SSL certs (like self-signed certs)
 if (-not("SSLValidator" -as [type])) {
@@ -26,10 +27,30 @@ public static class SSLValidator {
 
 if (-not (Test-Path "C:\Program Files\Microsoft Advanced Threat Analytics\Center"))
 {
-    if (-not (Test-Path "$env:temp\$title.iso"))
+    $download = $false
+    if (-not (Test-Path "$env:temp\$title.iso")) 
+    {
+        Write-Host "$title.iso doesn't exist yet, downloading..."
+        $download = $true
+    }
+    else
+    {
+        $actualHash = (Get-FileHash -Algorithm SHA256 -Path "$env:temp\$title.iso").Hash
+        If (-not ($actualHash -eq $fileHash))
+        {
+            Write-Host "$title.iso exists, but has wrong hash, downloading..."
+            $download = $true
+        } 
+    }
+    if ($download -eq $true)
     {
         Write-Host "Downloading $title..."
         Invoke-WebRequest -Uri $downloadUrl -OutFile "$env:temp\$title.iso"
+        $actualHash = (Get-FileHash -Algorithm SHA256 -Path "$env:temp\$title.iso").Hash 
+        If (-not ($actualHash -eq $fileHash))
+        {
+            throw "$title.iso was not downloaded correctly: hash from downloaded file: $actualHash, should've been: $fileHash"
+        }
     }
     $Mount = Mount-DiskImage -ImagePath "$env:temp\$title.iso" -StorageType ISO -Access ReadOnly -PassThru
     $Volume = $Mount | Get-Volume
diff --git a/build.sh b/build.sh
index c4e2751..7754755 100755
--- a/build.sh
+++ b/build.sh
@@ -253,8 +253,8 @@ post_build_checks() {
   CALDERA_CHECK=$(curl -ks -m 2 https://192.168.38.5:8888 | grep -c '302: Found' || echo "")
   SPLUNK_CHECK=$(curl -ks -m 2 https://192.168.38.5:8000/en-US/account/login?return_to=%2Fen-US%2F | grep -c 'This browser is not supported by Splunk' || echo "")
   FLEET_CHECK=$(curl -ks -m 2 https://192.168.38.5:8412 | grep -c 'Kolide Fleet' || echo "")
-  curl --fail -ks https://192.168.38.3 -m 2
-  ATA_CHECK=$([[ $? == 22 ]] && echo 1)
+  ATA_CHECK=$(curl --fail --write-out "%{http_code}" -ks https://192.168.38.3 -m 2)
+  [[ $ATA_CHECK == 401 ]] && ATA_CHECK=1
 
   BASH_MAJOR_VERSION=$(/bin/bash --version | grep 'GNU bash' | grep -o version\.\.. | cut -d ' ' -f 2 | cut -d '.' -f 1)
   # Associative arrays are only supported in bash 4 and up