Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-10164

Agent incorrectly reporting corrective changes when base64 padding is missing from Content-MD5

    XMLWordPrintable

Details

    • Bug
    • Status: Resolved
    • Normal
    • Resolution: Fixed
    • None
    • PUP 6.16.0
    • None
    • Coremunity
    • Platform Core KANBAN
    • Needs Assessment
    • Bug Fix
    • Hide
      When managing file resources with http(s) source parameters, puppet now leniently parses the Content-MD5 header according to RFC 2045. Previously it strictly parsed the header which caused interoperability problems when the base64 encoded value was not padded.
      Show
      When managing file resources with http(s) source parameters, puppet now leniently parses the Content-MD5 header according to RFC 2045. Previously it strictly parsed the header which caused interoperability problems when the base64 encoded value was not padded.
    • Needs Assessment

    Description

      Puppet Version: 6.11.1
      Puppet Server Version: 6
      OS Name/Version: Centos 

      Reproducing this requires using a file from an https server as the source for a local file. In our case it is things that are secret like /etc/shadow that we don't want committed to our puppet repo. 

      Local Reproducing Steps:

      • run the command below and copy the md5 resulted

      [root@unpaved-song ttt]# printf '%s' "File Data" | md5sum
      		 
      0ee8336a3589503bcb03c7885950c909

      • create a .rb file and copy the following inside to have a server with a get response with "File Data" text and a Content-MD5 header.

       

      # server.rb
      		 
      require 'socket'
      		 
      server = TCPServer.new 5678
      		 
      while session = server.accept
      		 
        request = session.gets
      		 
        puts request 
        session.print "HTTP/1.1 200\r\n"
      		 
        session.print "Content-Type: text/html\r\n"
      		 
        session.print "Content-MD5: 0ee8336a3589503bcb03c7885950c909\r\n"
      		 
        session.print "\r\n"
      		 
        session.print "File Data"
      		 
        session.close
      		 
      end

      • run ruby server.rb to start the server
      • run puppet apply -e 'file {"/file_from_server": source => "http://localhost:5678"}' to get the data form the local server

      [root@unpaved-song ttt]# puppet apply -e 'file {"/file_from_server": source => "http://localhost:5678"}'
      		 
      Notice: Compiled catalog for unpaved-song.delivery.puppetlabs.net in environment production in 0.01 seconds
      		 
      Notice: /Stage[main]/Main/File[/file_from_server]/ensure: defined content as '{md5}f5d7fb75fe1beb6f1bedaefa6bddf7df9e7df797b9ef4d9c'
      		 
      Notice: Applied catalog in 0.07 seconds

      • Running the command again you will get

      Notice: /Stage[main]/Main/File[/file_from_server]/content: content changed '{md5}0ee8336a3589503bcb03c7885950c909' to '{md5}f5d7fb75fe1beb6f1bedaefa6bddf7df9e7df797b9ef4d9c'

       

      Desired Behavior:

      I want the agent to calculate the md5sum correctly when pulling a file from a remote https server. 

      Actual Behavior:

      Agent reports changing content from an MD5 with 128 bits to an 'MD5' with 196 bits. It doesn't change the file as no changes are needed. The 'changed' file's md5sum is the same before and  after the agent runs.

      It seems to be using a 196 bit hash in place of an md5sum and reporting it needs changing as the 128 bit and 196 bit values are not equal.

      Attachments

        Activity

          People

            josh Josh Cooper
            badguyty Tyler Hess
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Zendesk Support