Details
-
Bug
-
Status: Resolved
-
Normal
-
Resolution: Fixed
-
None
-
None
-
Coremunity
-
Platform Core KANBAN
-
Needs Assessment
-
Bug Fix
-
If a file resource has a desired checksum type and value, but the file downloaded from the remote source doesn't match, then puppet will now raise an error that they mismatch, and will not update the file on the local system.
-
Needs Assessment
Description
Puppet Version: all
OS Name/Version: all
When using a File resource with an http(s) source type and a checksum_value, Puppet does not validate that the content it downloads and puts into place matches the mandated checksum. This can cause Puppet to repeatedly re-download the file on every run, constantly reporting success, when in fact it is failing to retrieve the expected content.
Assume the following manifest.
file { '/tmp/file':
|
ensure => file,
|
source => 'http://httpstat.us/200',
|
checksum => 'sha256',
|
checksum_value => 'ea8fac7c65fb589b0d53560f5251f74f9e9b243478dcb6b3ea79b5e36449c8d9',
|
#checksum_value => 'f9bafc82ba5f8fb02b25020d66f396860604f496ca919480147fa525cb505d88',
|
}
|
Let the commented-out f9bafc8 checksum be correct, and ea8fac7 be incorrect.
Desired Behavior:
When Puppet applies this manifest and downloads f9bafc8 from http://httpstat.us/200, it should report failure. The content does not match the checksum_value parameter ea8fac7.
Actual Behavior:
When Puppet applies this manifest, it saves the f9bafc8 file and reports success. On subsequent runs it observes that the f9bafc8 content is present, does not match the required ea8fac7, re-downloads the f9bafc8 content from http://httpstat.us/200, and reports a successful change. It incorrectly reports that it changed the file content to ea8fac7.
The current behavior for three consecutive Puppet runs is shown below.
[reidmv@reids-mbp:~/Workspace/tmp/puppet-code/] % puppet apply test.pp
|
Notice: Compiled catalog for reids-macbook-pro.local in environment production in 0.02 seconds
|
Notice: /Stage[main]/Main/File[/tmp/file]/ensure: created
|
Notice: Applied catalog in 0.50 seconds
|
[reidmv@reids-mbp:~/Workspace/tmp/puppet-code/] % puppet apply test.pp
|
Notice: Compiled catalog for reids-macbook-pro.local in environment production in 0.02 seconds
|
Notice: /Stage[main]/Main/File[/tmp/file]/checksum_value: checksum_value changed 'f9bafc8...' to 'ea8fac7...'
|
Notice: Applied catalog in 0.67 seconds
|
[reidmv@reids-mbp:~/Workspace/tmp/puppet-code/] % puppet apply test.pp
|
Notice: Compiled catalog for reids-macbook-pro.local in environment production in 0.02 seconds
|
Notice: /Stage[main]/Main/File[/tmp/file]/checksum_value: checksum_value changed 'f9bafc8...' to 'ea8fac7...'
|
Notice: Applied catalog in 0.52 seconds
|
Attachments
Issue Links
- is duplicated by
-
-
- Resolved
-
-
-
- Closed
-
- relates to
-
-
- Closed
-
