puppet-archive
puppet-archive copied to clipboard
Published
20 hours ago •
voxpupuli
voxpupuli
Checksum not being verified
I'm trying to ensure specific version when being installed from an tar archive. However the installation is performed only when the binary is missing.
Affected Puppet, Ruby, OS and module versions/distributions
- Puppet: 7.21.0
- Ruby: 2.7.4
- Distribution: Debian
- Module version: 6.0.2
How to reproduce (e.g Puppet code you use)
archive { '/tmp/k9s.tar.gz':
source => 'https://github.com/derailed/k9s/releases/download/v0.26.7/k9s_Linux_x86_64.tar.gz',
checksum_type => 'f774bb75045e361e17a4f267491c5ec66f41db7bffd996859ffb1465420af249',
checksum => 'sha256',
checksum_verify => true,
extract => true,
extract_path => '/usr/bin/',
temp_dir => '/tmp',
extract_command => 'tar xfz %s k9s',
cleanup => false,
creates => ['/usr/bin/k9s'],
}
What are you seeing
sha256sum doesn't match expected sum
$ sha256sum k9s_Linux_x86_64.tar.gz
9a4dbb8e339423b3c7cd587f4abdd20351c01af15c8f1546b99f4557199e2c74 k9s_Linux_x86_64.tar.gz
What behaviour did you expect instead
I'm expecting the binary to match the provided checksum
$ sha256sum k9s_Linux_x86_64.tar.gz
f774bb75045e361e17a4f267491c5ec66f41db7bffd996859ffb1465420af249 k9s_Linux_x86_64.tar.gz
It would be nice to have possibility to specify the checksum of the target binary instead. But none of the checksum doesn't seems to be checked when creates => ['/usr/bin/k9s'] exists.
I notice the same behavior: the archive doesn't check the checksum before extracting the files.
Puppet version: 8.2.0 Archive module: 7.0.0 Ubuntu 22.04
# Download file
archive { $archive_name:
path => $path,
username => $user,
password => $password,
source => $source,
extract => true,
checksum_type => $checksum_type,
checksum => $checksum,
extract_path => $install_path,
creates => "${install_path}/${creates}",
cleanup => false,
} # Download File
