Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Checksum not being verified #484

Open
deric opened this issue Jan 10, 2023 · 1 comment
Open

Checksum not being verified #484

deric opened this issue Jan 10, 2023 · 1 comment

Comments

@deric
Copy link

deric commented Jan 10, 2023

I'm trying to ensure specific version when being installed from an tar archive. However the installation is performed only when the binary is missing.

Affected Puppet, Ruby, OS and module versions/distributions

  • Puppet: 7.21.0
  • Ruby: 2.7.4
  • Distribution: Debian
  • Module version: 6.0.2

How to reproduce (e.g Puppet code you use)

  archive { '/tmp/k9s.tar.gz':
    source          => 'https://github.com/derailed/k9s/releases/download/v0.26.7/k9s_Linux_x86_64.tar.gz',
    checksum_type   => 'f774bb75045e361e17a4f267491c5ec66f41db7bffd996859ffb1465420af249',
    checksum        => 'sha256',
    checksum_verify => true,
    extract         => true,
    extract_path    => '/usr/bin/',
    temp_dir        => '/tmp',
    extract_command => 'tar xfz %s k9s',
    cleanup         => false,
    creates         => ['/usr/bin/k9s'],
  }

What are you seeing

sha256sum doesn't match expected sum

$ sha256sum k9s_Linux_x86_64.tar.gz
9a4dbb8e339423b3c7cd587f4abdd20351c01af15c8f1546b99f4557199e2c74  k9s_Linux_x86_64.tar.gz

What behaviour did you expect instead

I'm expecting the binary to match the provided checksum

$ sha256sum k9s_Linux_x86_64.tar.gz
f774bb75045e361e17a4f267491c5ec66f41db7bffd996859ffb1465420af249  k9s_Linux_x86_64.tar.gz

It would be nice to have possibility to specify the checksum of the target binary instead. But none of the checksum doesn't seems to be checked when creates => ['/usr/bin/k9s'] exists.
@jjarokergc
Copy link

I notice the same behavior: the archive doesn't check the checksum before extracting the files.

Puppet version: 8.2.0
Archive module: 7.0.0
Ubuntu 22.04

      # Download file
      archive { $archive_name:
        path          => $path,
        username      => $user,
        password      => $password,
        source        => $source,
        extract       => true,
        checksum_type => $checksum_type,
        checksum      => $checksum,
        extract_path  => $install_path,
        creates       => "${install_path}/${creates}",
        cleanup       => false,
      } # Download File

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@deric @jjarokergc