Downloading DMGs via HTTP

Puppet downloads should happen over HTTPS where possible to ensure that are installing the correct files.

https://github.com/boxen/puppet-chrome/blob/master/manifests/init.pp#L9

/cc https://github.com/github/security/issues/74

This seems to be systemic across the puppet-* repos. Is there any way to specify a hash of the packages to ensure they are valid? Alternatively, a lot of these providers should have HTTPS download urls as well.

@mastahyeti It'd be cool to switch to https wherever we can. We hash-verify anything that comes in via Homebrew, but most of the other app stuff is essentially somebody automating the action they'd take in their browser: Go to a URL, download it.

Seems like a lot of repos using HTTP:

➜  boxen_repos  grep -r http:// ./  | grep source
.//boxen.github.com/GEMFILE:source "http://rubygems.org"
.//boxen.github.com/index-2.html:          the <a href="http://opensource.org/licenses/MIT">MIT
.//puppet-alfred/manifests/init.pp:    source   => 'http://cachefly.alfredapp.com/alfred_1.3.1_261.dmg'
.//puppet-alfred/spec/classes/alfred_spec.rb:      :source   => 'http://cachefly.alfredapp.com/alfred_1.3.1_261.dmg',
.//puppet-alfred/spec/fixtures/modules/alfred/manifests/init.pp:    source   => 'http://cachefly.alfredapp.com/alfred_1.3.1_261.dmg'
.//puppet-arq/manifests/init.pp:    source   => 'http://www.haystacksoftware.com/arq/Arq.zip',
.//puppet-arq/spec/classes/arq_spec.rb:      :source   => 'http://www.haystacksoftware.com/arq/Arq.zip',
.//puppet-arq/spec/fixtures/modules/arq/manifests/init.pp:    source   => 'http://www.haystacksoftware.com/arq/Arq.zip',
.//puppet-caffeine/manifests/init.pp:    source   => 'http://lightheadsw.com/files/releases/com.lightheadsw.Caffeine/Caffeine1.1.1.zip'
.//puppet-caffeine/spec/classes/caffeine_spec.rb:      :source   => 'http://lightheadsw.com/files/releases/com.lightheadsw.Caffeine/Caffeine1.1.1.zip',
.//puppet-caffeine/spec/fixtures/modules/caffeine/manifests/init.pp:    source   => 'http://lightheadsw.com/files/releases/com.lightheadsw.Caffeine/Caffeine1.1.1.zip'
.//puppet-chrome/spec/classes/chrome_dev_spec.rb:      :source   => 'http://dl.google.com/chrome/mac/dev/GoogleChrome.dmg',
.//puppet-chrome/spec/classes/chrome_spec.rb:      :source   => 'http://dl.google.com/chrome/mac/stable/GoogleChrome.dmg',
.//puppet-colloquy/manifests/init.pp:    source   => 'http://colloquy.info/downloads/colloquy-latest.zip',
.//puppet-colloquy/spec/classes/colloquy_spec.rb:      :source   => 'http://colloquy.info/downloads/colloquy-latest.zip',
.//puppet-colloquy/spec/fixtures/modules/colloquy/manifests/init.pp:    source   => 'http://colloquy.info/downloads/colloquy-latest.zip',
.//puppet-divvy/manifests/init.pp:    source   => 'http://mizage.com/downloads/Divvy.zip',
.//puppet-divvy/spec/classes/divvy_spec.rb:      :source   => 'http://mizage.com/downloads/Divvy.zip',
.//puppet-divvy/spec/fixtures/modules/divvy/manifests/init.pp:    source   => 'http://mizage.com/downloads/Divvy.zip',
.//puppet-fitbit/manifests/init.pp:    source   => 'http://cache.fitbit.com/uploader/Install_Fitbit-1.8.2.10.dmg'
.//puppet-fitbit/spec/classes/fitbit_spec.rb:      :source   => 'http://cache.fitbit.com/uploader/Install_Fitbit-1.8.2.10.dmg',
.//puppet-fitbit/spec/fixtures/modules/fitbit/manifests/init.pp:    source   => 'http://cache.fitbit.com/uploader/Install_Fitbit-1.8.2.10.dmg'
.//puppet-gitx/manifests/init.pp:    source   => 'http://frim.frim.nl/GitXStable.app.zip',
.//puppet-gitx/spec/classes/gitx_spec.rb:      :source   => 'http://frim.frim.nl/GitXStable.app.zip',
.//puppet-gitx/spec/fixtures/modules/gitx/manifests/init.pp:    source   => 'http://frim.frim.nl/GitXStable.app.zip',
.//puppet-handbrake/manifests/init.pp:    source   => "http://sourceforge.net/projects/handbrake/files/${version}/HandBrake-${version}-MacOSX.6_GUI_x86_64.dmg",
.//puppet-handbrake/spec/classes/handbrake_spec.rb:      :source   => 'http://sourceforge.net/projects/handbrake/files/0.9.8/HandBrake-0.9.8-MacOSX.6_GUI_x86_64.dmg',
.//puppet-handbrake/spec/fixtures/modules/handbrake/manifests/init.pp:    source   => "http://sourceforge.net/projects/handbrake/files/${version}/HandBrake-${version}-MacOSX.6_GUI_x86_64.dmg",
.//puppet-imagemagick/files/brews/little-cms.rb:  url 'http://sourceforge.net/projects/lcms/files/lcms/1.19/lcms-1.19.tar.gz'
.//puppet-istatmenus3/manifests/init.pp:    source   => "http://s3.amazonaws.com/bjango/files/istatmenus3/istatmenus3.25.zip",
.//puppet-istatmenus3/spec/classes/istatmenus3_spec.rb:      :source   => 'http://s3.amazonaws.com/bjango/files/istatmenus3/istatmenus3.25.zip',
.//puppet-istatmenus3/spec/fixtures/modules/istatmenus3/manifests/init.pp:    source   => "http://s3.amazonaws.com/bjango/files/istatmenus3/istatmenus3.25.zip",
.//puppet-istatmenus4/manifests/init.pp:    source   => "http://s3.amazonaws.com/bjango/files/istatmenus4/istatmenus4.02.zip",
.//puppet-istatmenus4/spec/classes/istatmenus4_spec.rb:      :source   => 'http://s3.amazonaws.com/bjango/files/istatmenus4/istatmenus4.02.zip',
.//puppet-istatmenus4/spec/fixtures/modules/istatmenus4/manifests/init.pp:    source   => "http://s3.amazonaws.com/bjango/files/istatmenus4/istatmenus4.02.zip",
.//puppet-iterm2/manifests/dev.pp:    source   => 'http://iterm2.googlecode.com/files/iTerm2-1_0_0_20120726.zip',
.//puppet-iterm2/manifests/stable.pp:    source   => 'http://iterm2.googlecode.com/files/iTerm2_v1_0_0.zip',
.//puppet-minecraft/manifests/init.pp:    source   => 'http://s3.amazonaws.com/MinecraftDownload/launcher/Minecraft.zip',
.//puppet-minecraft/spec/classes/minecraft_spec.rb:      :source   => 'http://s3.amazonaws.com/MinecraftDownload/launcher/Minecraft.zip',
.//puppet-notational_velocity/manifests/init.pp:    source   => 'http://notational.net/NotationalVelocity.zip',
.//puppet-postgresql/files/brews/postgresql.rb:  url 'http://ftp.postgresql.org/pub/source/v9.1.4/postgresql-9.1.4.tar.bz2'
.//puppet-propane/manifests/init.pp:    source   => 'http://propaneapp.com/appcast/Propane.zip',
.//puppet-propane/spec/classes/propane_spec.rb:      :source   => 'http://propaneapp.com/appcast/Propane.zip',
.//puppet-propane/spec/fixtures/modules/propane/manifests/init.pp:    source   => 'http://propaneapp.com/appcast/Propane.zip',
.//puppet-python/files/brews/python-distribute.rb:  url 'http://pypi.python.org/packages/source/d/distribute/distribute-0.6.30.tar.gz'
.//puppet-python/files/brews/python-pip.rb:  url 'http://pypi.python.org/packages/source/p/pip/pip-1.2.1.tar.gz'
.//puppet-python/spec/fixtures/modules/python/files/brews/python-distribute.rb:  url 'http://pypi.python.org/packages/source/d/distribute/distribute-0.6.30.tar.gz'
.//puppet-python/spec/fixtures/modules/python/files/brews/python-pip.rb:  url 'http://pypi.python.org/packages/source/p/pip/pip-1.2.1.tar.gz'
.//puppet-qt/files/brews/qt.rb:  url 'http://releases.qt-project.org/qt4/source/qt-everywhere-opensource-src-4.8.4.tar.gz'
.//puppet-rdio/manifests/init.pp:    source   => 'http://www.rdio.com/media/static/desktop/mac/Rdio.dmg'
.//puppet-rdio/spec/classes/rdio_spec.rb:      :source   => 'http://www.rdio.com/media/static/desktop/mac/Rdio.dmg'
.//puppet-rdio/spec/fixtures/modules/rdio/manifests/init.pp:    source   => 'http://www.rdio.com/media/static/desktop/mac/Rdio.dmg'
.//puppet-scons/files/brews/scons.rb:  url 'http://downloads.sourceforge.net/scons/scons-2.2.0.tar.gz'
.//puppet-sizeup/manifests/init.pp:    source   => 'http://www.irradiatedsoftware.com/download/SizeUp.zip',
.//puppet-sizeup/spec/classes/sizeup_spec.rb:      :source   => 'http://www.irradiatedsoftware.com/download/SizeUp.zip',
.//puppet-sizeup/spec/fixtures/modules/sizeup/manifests/init.pp:    source   => 'http://www.irradiatedsoftware.com/download/SizeUp.zip',
.//puppet-skype/manifests/init.pp:    source   => 'http://www.skype.com/go/getskype-macosx.dmg',
.//puppet-skype/spec/classes/skype_spec.rb:      :source   => 'http://www.skype.com/go/getskype-macosx.dmg',
.//puppet-skype/spec/fixtures/modules/skype/manifests/init.pp:    source   => 'http://www.skype.com/go/getskype-macosx.dmg',
.//puppet-sparrow/manifests/init.pp:    source   => 'http://download.sparrowmailapp.com/appcast/Sparrow-latest.dmg'
.//puppet-sparrow/spec/classes/sparrow_spec.rb:      :source   => 'http://download.sparrowmailapp.com/appcast/Sparrow-latest.dmg'
.//puppet-sparrow/spec/fixtures/modules/sparrow/manifests/init.pp:    source   => 'http://download.sparrowmailapp.com/appcast/Sparrow-latest.dmg'
.//puppet-spotify/manifests/init.pp:    source   => "http://download.spotify.com/SpotifyInstaller.zip",
.//puppet-spotify/spec/classes/spotify_spec.rb:      :source   => 'http://download.spotify.com/SpotifyInstaller.zip',
.//puppet-spotify/spec/fixtures/modules/spotify/manifests/init.pp:    source   => "http://download.spotify.com/SpotifyInstaller.zip",
.//puppet-sublime_text_2/manifests/init.pp:    source   => 'http://c758482.r82.cf2.rackcdn.com/Sublime%20Text%202.0.1.dmg';
.//puppet-sublime_text_2/spec/classes/sublime_text_2_spec.rb:      :source   => 'http://c758482.r82.cf2.rackcdn.com/Sublime%20Text%202.0.1.dmg'
.//puppet-sublime_text_2/spec/fixtures/modules/sublime_text_2/manifests/init.pp:    source   => 'http://c758482.r82.cf2.rackcdn.com/Sublime%20Text%202.0.1.dmg';
.//puppet-textmate/manifests/init.pp:    source   => 'http://download.macromates.com/TextMate_1.5.11_r1635.zip',
.//puppet-textmate/spec/classes/textmate_spec.rb:      :source   => 'http://download.macromates.com/TextMate_1.5.11_r1635.zip',
.//puppet-textmate/spec/fixtures/modules/textmate/manifests/init.pp:    source   => 'http://download.macromates.com/TextMate_1.5.11_r1635.zip',
.//puppet-things/manifests/init.pp:    source   => 'http://culturedcode.cachefly.net/things/Things_2.1.zip',
.//puppet-things/spec/classes/things_spec.rb:      :source   => 'http://culturedcode.cachefly.net/things/Things_2.1.zip',
.//puppet-things/spec/fixtures/modules/things/manifests/init.pp:    source   => 'http://culturedcode.cachefly.net/things/Things_2.1.zip',
.//puppet-virtualbox/manifests/init.pp:    source   => 'http://download.virtualbox.org/virtualbox/4.1.20/VirtualBox-4.1.20-80170-OSX.dmg'
.//puppet-viscosity/manifests/init.pp:    source   => 'http://www.thesparklabs.com/downloads/Viscosity.dmg'
.//puppet-viscosity/spec/classes/viscosity_spec.rb:      :source   => 'http://www.thesparklabs.com/downloads/Viscosity.dmg'
.//puppet-viscosity/spec/fixtures/modules/viscosity/manifests/init.pp:    source   => 'http://www.thesparklabs.com/downloads/Viscosity.dmg'
.//puppet-vlc/manifests/init.pp:    source   => "http://sourceforge.net/projects/vlc/files/${version}/macosx/vlc-${version}.dmg",
.//puppet-vlc/spec/classes/vlc_spec.rb:      :source   => 'http://sourceforge.net/projects/vlc/files/2.0.3/macosx/vlc-2.0.3.dmg/download',
.//puppet-vlc/spec/fixtures/modules/vlc/manifests/init.pp:    source   => "http://sourceforge.net/projects/vlc/files/${version}/macosx/vlc-${version}.dmg",
.//puppet-watts/manifests/init.pp:    source   => "http://www.matchingbrackets.com/abatt/customer/Watts-48.dmg",
.//puppet-watts/spec/classes/watts_spec.rb:      :source   => 'http://www.matchingbrackets.com/abatt/customer/Watts-48.dmg',
.//puppet-watts/spec/fixtures/modules/watts/manifests/init.pp:    source   => "http://www.matchingbrackets.com/abatt/customer/Watts-48.dmg",
.//puppet-xquartz/manifests/init.pp:    source   => 'http://xquartz.macosforge.org/downloads/SL/XQuartz-2.7.2.dmg',
.//puppet-xquartz/spec/classes/xquartz_spec.rb:      :source   => 'http://static.macosforge.org/xquartz/downloads/SL/XQuartz-2.7.2.dmg'
.//puppet-xquartz/spec/fixtures/modules/xquartz/manifests/init.pp:    source   => 'http://xquartz.macosforge.org/downloads/SL/XQuartz-2.7.2.dmg',

Sweet, thanks for the list. I'll go through these and see which ones we can replace with https.

On Wed, Feb 13, 2013 at 10:39 AM, Ben Toews notifications@github.comwrote:

Seems like a lot of repos using HTTP:

➜ boxen_repos grep -r http:// ./ | grep source .//boxen.github.com/GEMFILE:source "http://rubygems.org" .//boxen.github.com/index-2.html: the MIT .//puppet-alfred/manifests/init.pp: source => 'http://cachefly.alfredapp.com/alfred_1.3.1_261.dmg' .//puppet-alfred/spec/classes/alfred_spec.rb: :source => 'http://cachefly.alfredapp.com/alfred_1.3.1_261.dmg', .//puppet-alfred/spec/fixtures/modules/alfred/manifests/init.pp: source => 'http://cachefly.alfredapp.com/alfred_1.3.1_261.dmg' .//puppet-arq/manifests/init.pp: source => 'http://www.haystacksoftware.com/arq/Arq.zip', .//puppet-arq/spec/classes/arq_spec.rb: :source => 'http://www.haystacksoftware.com/arq/Arq.zip', .//puppet-arq/spec/fixtures/modules/arq/manifests/init.pp: source => 'http://www.haystacksoftware.com/arq/Arq.zip', .//puppet-caffeine/manifests/init.pp: source => 'http://lightheadsw.com/files/releases/com.lightheadsw.Caffeine/Caffeine1.1.1.zip' .//puppet-caffeine/spec/classes/caffeine_spec.rb: :source => 'http://lightheadsw.com/files/releases/com.lightheadsw.Caffeine/Caffeine1.1.1.zip', .//puppet-caffeine/spec/fixtures/modules/caffeine/manifests/init.pp: source => 'http://lightheadsw.com/files/releases/com.lightheadsw.Caffeine/Caffeine1.1.1.zip' .//puppet-chrome/spec/classes/chrome_dev_spec.rb: :source => 'http://dl.google.com/chrome/mac/dev/GoogleChrome.dmg', .//puppet-chrome/spec/classes/chrome_spec.rb: :source => 'http://dl.google.com/chrome/mac/stable/GoogleChrome.dmg', .//puppet-colloquy/manifests/init.pp: source => 'http://colloquy.info/downloads/colloquy-latest.zip', .//puppet-colloquy/spec/classes/colloquy_spec.rb: :source => 'http://colloquy.info/downloads/colloquy-latest.zip', .//puppet-colloquy/spec/fixtures/modules/colloquy/manifests/init.pp: source => 'http://colloquy.info/downloads/colloquy-latest.zip', .//puppet-divvy/manifests/init.pp: source => 'http://mizage.com/downloads/Divvy.zip', .//puppet-divvy/spec/classes/divvy_spec.rb: :source => 'http://mizage.com/downloads/Divvy.zip', .//puppet-divvy/spec/fixtures/modules/divvy/manifests/init.pp: source => 'http://mizage.com/downloads/Divvy.zip', .//puppet-fitbit/manifests/init.pp: source => 'http://cache.fitbit.com/uploader/Install_Fitbit-1.8.2.10.dmg' .//puppet-fitbit/spec/classes/fitbit_spec.rb: :source => 'http://cache.fitbit.com/uploader/Install_Fitbit-1.8.2.10.dmg', .//puppet-fitbit/spec/fixtures/modules/fitbit/manifests/init.pp: source => 'http://cache.fitbit.com/uploader/Install_Fitbit-1.8.2.10.dmg' .//puppet-gitx/manifests/init.pp: source => 'http://frim.frim.nl/GitXStable.app.zip', .//puppet-gitx/spec/classes/gitx_spec.rb: :source => 'http://frim.frim.nl/GitXStable.app.zip', .//puppet-gitx/spec/fixtures/modules/gitx/manifests/init.pp: source => 'http://frim.frim.nl/GitXStable.app.zip', .//puppet-handbrake/manifests/init.pp: source => "http://sourceforge.net/projects/handbrake/files/${version}/HandBrake-${version}-MacOSX.6_GUI_x86_64.dmg", .//puppet-handbrake/spec/classes/handbrake_spec.rb: :source => 'http://sourceforge.net/projects/handbrake/files/0.9.8/HandBrake-0.9.8-MacOSX.6_GUI_x86_64.dmg', .//puppet-handbrake/spec/fixtures/modules/handbrake/manifests/init.pp: source => "http://sourceforge.net/projects/handbrake/files/${version}/HandBrake-${version}-MacOSX.6_GUI_x86_64.dmg", .//puppet-imagemagick/files/brews/little-cms.rb: url 'http://sourceforge.net/projects/lcms/files/lcms/1.19/lcms-1.19.tar.gz' .//puppet-istatmenus3/manifests/init.pp: source => "http://s3.amazonaws.com/bjango/files/istatmenus3/istatmenus3.25.zip", .//puppet-istatmenus3/spec/classes/istatmenus3_spec.rb: :source => 'http://s3.amazonaws.com/bjango/files/istatmenus3/istatmenus3.25.zip', .//puppet-istatmenus3/spec/fixtures/modules/istatmenus3/manifests/init.pp: source => "http://s3.amazonaws.com/bjango/files/istatmenus3/istatmenus3.25.zip", .//puppet-istatmenus4/manifests/init.pp: source => "http://s3.amazonaws.com/bjango/files/istatmenus4/istatmenus4.02.zip", .//puppet-istatmenus4/spec/classes/istatmenus4_spec.rb: :source => 'http://s3.amazonaws.com/bjango/files/istatmenus4/istatmenus4.02.zip', .//puppet-istatmenus4/spec/fixtures/modules/istatmenus4/manifests/init.pp: source => "http://s3.amazonaws.com/bjango/files/istatmenus4/istatmenus4.02.zip", .//puppet-iterm2/manifests/dev.pp: source => 'http://iterm2.googlecode.com/files/iTerm2-1_0_0_20120726.zip', .//puppet-iterm2/manifests/stable.pp: source => 'http://iterm2.googlecode.com/files/iTerm2_v1_0_0.zip', .//puppet-minecraft/manifests/init.pp: source => 'http://s3.amazonaws.com/MinecraftDownload/launcher/Minecraft.zip', .//puppet-minecraft/spec/classes/minecraft_spec.rb: :source => 'http://s3.amazonaws.com/MinecraftDownload/launcher/Minecraft.zip', .//puppet-notational_velocity/manifests/init.pp: source => 'http://notational.net/NotationalVelocity.zip', .//puppet-postgresql/files/brews/postgresql.rb: url 'http://ftp.postgresql.org/pub/source/v9.1.4/postgresql-9.1.4.tar.bz2' .//puppet-propane/manifests/init.pp: source => 'http://propaneapp.com/appcast/Propane.zip', .//puppet-propane/spec/classes/propane_spec.rb: :source => 'http://propaneapp.com/appcast/Propane.zip', .//puppet-propane/spec/fixtures/modules/propane/manifests/init.pp: source => 'http://propaneapp.com/appcast/Propane.zip', .//puppet-python/files/brews/python-distribute.rb: url 'http://pypi.python.org/packages/source/d/distribute/distribute-0.6.30.tar.gz' .//puppet-python/files/brews/python-pip.rb: url 'http://pypi.python.org/packages/source/p/pip/pip-1.2.1.tar.gz' .//puppet-python/spec/fixtures/modules/python/files/brews/python-distribute.rb: url 'http://pypi.python.org/packages/source/d/distribute/distribute-0.6.30.tar.gz' .//puppet-python/spec/fixtures/modules/python/files/brews/python-pip.rb: url 'http://pypi.python.org/packages/source/p/pip/pip-1.2.1.tar.gz' .//puppet-qt/files/brews/qt.rb: url 'http://releases.qt-project.org/qt4/source/qt-everywhere-opensource-src-4.8.4.tar.gz' .//puppet-rdio/manifests/init.pp: source => 'http://www.rdio.com/media/static/desktop/mac/Rdio.dmg' .//puppet-rdio/spec/classes/rdio_spec.rb: :source => 'http://www.rdio.com/media/static/desktop/mac/Rdio.dmg' .//puppet-rdio/spec/fixtures/modules/rdio/manifests/init.pp: source => 'http://www.rdio.com/media/static/desktop/mac/Rdio.dmg' .//puppet-scons/files/brews/scons.rb: url 'http://downloads.sourceforge.net/scons/scons-2.2.0.tar.gz' .//puppet-sizeup/manifests/init.pp: source => 'http://www.irradiatedsoftware.com/download/SizeUp.zip', .//puppet-sizeup/spec/classes/sizeup_spec.rb: :source => 'http://www.irradiatedsoftware.com/download/SizeUp.zip', .//puppet-sizeup/spec/fixtures/modules/sizeup/manifests/init.pp: source => 'http://www.irradiatedsoftware.com/download/SizeUp.zip', .//puppet-skype/manifests/init.pp: source => 'http://www.skype.com/go/getskype-macosx.dmg', .//puppet-skype/spec/classes/skype_spec.rb: :source => 'http://www.skype.com/go/getskype-macosx.dmg', .//puppet-skype/spec/fixtures/modules/skype/manifests/init.pp: source => 'http://www.skype.com/go/getskype-macosx.dmg', .//puppet-sparrow/manifests/init.pp: source => 'http://download.sparrowmailapp.com/appcast/Sparrow-latest.dmg' .//puppet-sparrow/spec/classes/sparrow_spec.rb: :source => 'http://download.sparrowmailapp.com/appcast/Sparrow-latest.dmg' .//puppet-sparrow/spec/fixtures/modules/sparrow/manifests/init.pp: source => 'http://download.sparrowmailapp.com/appcast/Sparrow-latest.dmg' .//puppet-spotify/manifests/init.pp: source => "http://download.spotify.com/SpotifyInstaller.zip", .//puppet-spotify/spec/classes/spotify_spec.rb: :source => 'http://download.spotify.com/SpotifyInstaller.zip', .//puppet-spotify/spec/fixtures/modules/spotify/manifests/init.pp: source => "http://download.spotify.com/SpotifyInstaller.zip", .//puppet-sublime_text_2/manifests/init.pp: source => 'http://c758482.r82.cf2.rackcdn.com/Sublime%20Text%202.0.1.dmg'; .//puppet-sublime_text_2/spec/classes/sublime_text_2_spec.rb: :source => 'http://c758482.r82.cf2.rackcdn.com/Sublime%20Text%202.0.1.dmg' .//puppet-sublime_text_2/spec/fixtures/modules/sublime_text_2/manifests/init.pp: source => 'http://c758482.r82.cf2.rackcdn.com/Sublime%20Text%202.0.1.dmg'; .//puppet-textmate/manifests/init.pp: source => 'http://download.macromates.com/TextMate_1.5.11_r1635.zip', .//puppet-textmate/spec/classes/textmate_spec.rb: :source => 'http://download.macromates.com/TextMate_1.5.11_r1635.zip', .//puppet-textmate/spec/fixtures/modules/textmate/manifests/init.pp: source => 'http://download.macromates.com/TextMate_1.5.11_r1635.zip', .//puppet-things/manifests/init.pp: source => 'http://culturedcode.cachefly.net/things/Things_2.1.zip', .//puppet-things/spec/classes/things_spec.rb: :source => 'http://culturedcode.cachefly.net/things/Things_2.1.zip', .//puppet-things/spec/fixtures/modules/things/manifests/init.pp: source => 'http://culturedcode.cachefly.net/things/Things_2.1.zip', .//puppet-virtualbox/manifests/init.pp: source => 'http://download.virtualbox.org/virtualbox/4.1.20/VirtualBox-4.1.20-80170-OSX.dmg' .//puppet-viscosity/manifests/init.pp: source => 'http://www.thesparklabs.com/downloads/Viscosity.dmg' .//puppet-viscosity/spec/classes/viscosity_spec.rb: :source => 'http://www.thesparklabs.com/downloads/Viscosity.dmg' .//puppet-viscosity/spec/fixtures/modules/viscosity/manifests/init.pp: source => 'http://www.thesparklabs.com/downloads/Viscosity.dmg' .//puppet-vlc/manifests/init.pp: source => "http://sourceforge.net/projects/vlc/files/${version}/macosx/vlc-${version}.dmg", .//puppet-vlc/spec/classes/vlc_spec.rb: :source => 'http://sourceforge.net/projects/vlc/files/2.0.3/macosx/vlc-2.0.3.dmg/download', .//puppet-vlc/spec/fixtures/modules/vlc/manifests/init.pp: source => "http://sourceforge.net/projects/vlc/files/${version}/macosx/vlc-${version}.dmg", .//puppet-watts/manifests/init.pp: source => "http://www.matchingbrackets.com/abatt/customer/Watts-48.dmg", .//puppet-watts/spec/classes/watts_spec.rb: :source => 'http://www.matchingbrackets.com/abatt/customer/Watts-48.dmg', .//puppet-watts/spec/fixtures/modules/watts/manifests/init.pp: source => "http://www.matchingbrackets.com/abatt/customer/Watts-48.dmg", .//puppet-xquartz/manifests/init.pp: source => 'http://xquartz.macosforge.org/downloads/SL/XQuartz-2.7.2.dmg', .//puppet-xquartz/spec/classes/xquartz_spec.rb: :source => 'http://static.macosforge.org/xquartz/downloads/SL/XQuartz-2.7.2.dmg' .//puppet-xquartz/spec/fixtures/modules/xquartz/manifests/init.pp: source => 'http://xquartz.macosforge.org/downloads/SL/XQuartz-2.7.2.dmg',

— Reply to this email directly or view it on GitHubhttps://github.com/boxen/puppet-chrome/issues/1#issuecomment-13509870.

Yo @wfarr, the provider doesn't have any built-in support for checksumming does it?

On Wed, Feb 13, 2013 at 10:40 AM, John Barnette jbarnette@github.comwrote:

Sweet, thanks for the list. I'll go through these and see which ones we can replace with https.

On Wed, Feb 13, 2013 at 10:39 AM, Ben Toews notifications@github.comwrote:

Seems like a lot of repos using HTTP:

➜ boxen_repos grep -r http:// ./ | grep source .//boxen.github.com/GEMFILE:source "http://rubygems.org" .//boxen.github.com/index-2.html: the MIT .//puppet-alfred/manifests/init.pp: source => 'http://cachefly.alfredapp.com/alfred_1.3.1_261.dmg' .//puppet-alfred/spec/classes/alfred_spec.rb: :source => 'http://cachefly.alfredapp.com/alfred_1.3.1_261.dmg', .//puppet-alfred/spec/fixtures/modules/alfred/manifests/init.pp: source => 'http://cachefly.alfredapp.com/alfred_1.3.1_261.dmg' .//puppet-arq/manifests/init.pp: source => 'http://www.haystacksoftware.com/arq/Arq.zip', .//puppet-arq/spec/classes/arq_spec.rb: :source => 'http://www.haystacksoftware.com/arq/Arq.zip', .//puppet-arq/spec/fixtures/modules/arq/manifests/init.pp: source => 'http://www.haystacksoftware.com/arq/Arq.zip', .//puppet-caffeine/manifests/init.pp: source => 'http://lightheadsw.com/files/releases/com.lightheadsw.Caffeine/Caffeine1.1.1.zip' .//puppet-caffeine/spec/classes/caffeine_spec.rb: :source => 'http://lightheadsw.com/files/releases/com.lightheadsw.Caffeine/Caffeine1.1.1.zip', .//puppet-caffeine/spec/fixtures/modules/caffeine/manifests/init.pp: source => 'http://lightheadsw.com/files/releases/com.lightheadsw.Caffeine/Caffeine1.1.1.zip' .//puppet-chrome/spec/classes/chrome_dev_spec.rb: :source => 'http://dl.google.com/chrome/mac/dev/GoogleChrome.dmg', .//puppet-chrome/spec/classes/chrome_spec.rb: :source => 'http://dl.google.com/chrome/mac/stable/GoogleChrome.dmg', .//puppet-colloquy/manifests/init.pp: source => 'http://colloquy.info/downloads/colloquy-latest.zip', .//puppet-colloquy/spec/classes/colloquy_spec.rb: :source => 'http://colloquy.info/downloads/colloquy-latest.zip', .//puppet-colloquy/spec/fixtures/modules/colloquy/manifests/init.pp: source => 'http://colloquy.info/downloads/colloquy-latest.zip', .//puppet-divvy/manifests/init.pp: source => 'http://mizage.com/downloads/Divvy.zip', .//puppet-divvy/spec/classes/divvy_spec.rb: :source => 'http://mizage.com/downloads/Divvy.zip', .//puppet-divvy/spec/fixtures/modules/divvy/manifests/init.pp: source => 'http://mizage.com/downloads/Divvy.zip', .//puppet-fitbit/manifests/init.pp: source => 'http://cache.fitbit.com/uploader/Install_Fitbit-1.8.2.10.dmg' .//puppet-fitbit/spec/classes/fitbit_spec.rb: :source => 'http://cache.fitbit.com/uploader/Install_Fitbit-1.8.2.10.dmg', .//puppet-fitbit/spec/fixtures/modules/fitbit/manifests/init.pp: source => 'http://cache.fitbit.com/uploader/Install_Fitbit-1.8.2.10.dmg' .//puppet-gitx/manifests/init.pp: source => 'http://frim.frim.nl/GitXStable.app.zip', .//puppet-gitx/spec/classes/gitx_spec.rb: :source => 'http://frim.frim.nl/GitXStable.app.zip', .//puppet-gitx/spec/fixtures/modules/gitx/manifests/init.pp: source => 'http://frim.frim.nl/GitXStable.app.zip', .//puppet-handbrake/manifests/init.pp: source => "http://sourceforge.net/projects/handbrake/files/${version}/HandBrake-${version}-MacOSX.6_GUI_x86_64.dmg", .//puppet-handbrake/spec/classes/handbrake_spec.rb: :source => 'http://sourceforge.net/projects/handbrake/files/0.9.8/HandBrake-0.9.8-MacOSX.6_GUI_x86_64.dmg', .//puppet-handbrake/spec/fixtures/modules/handbrake/manifests/init.pp: source => "http://sourceforge.net/projects/handbrake/files/${version}/HandBrake-${version}-MacOSX.6_GUI_x86_64.dmg", .//puppet-imagemagick/files/brews/little-cms.rb: url 'http://sourceforge.net/projects/lcms/files/lcms/1.19/lcms-1.19.tar.gz' .//puppet-istatmenus3/manifests/init.pp: source => "http://s3.amazonaws.com/bjango/files/istatmenus3/istatmenus3.25.zip", .//puppet-istatmenus3/spec/classes/istatmenus3_spec.rb: :source => 'http://s3.amazonaws.com/bjango/files/istatmenus3/istatmenus3.25.zip', .//puppet-istatmenus3/spec/fixtures/modules/istatmenus3/manifests/init.pp: source => "http://s3.amazonaws.com/bjango/files/istatmenus3/istatmenus3.25.zip", .//puppet-istatmenus4/manifests/init.pp: source => "http://s3.amazonaws.com/bjango/files/istatmenus4/istatmenus4.02.zip", .//puppet-istatmenus4/spec/classes/istatmenus4_spec.rb: :source => 'http://s3.amazonaws.com/bjango/files/istatmenus4/istatmenus4.02.zip', .//puppet-istatmenus4/spec/fixtures/modules/istatmenus4/manifests/init.pp: source => "http://s3.amazonaws.com/bjango/files/istatmenus4/istatmenus4.02.zip", .//puppet-iterm2/manifests/dev.pp: source => 'http://iterm2.googlecode.com/files/iTerm2-1_0_0_20120726.zip', .//puppet-iterm2/manifests/stable.pp: source => 'http://iterm2.googlecode.com/files/iTerm2_v1_0_0.zip', .//puppet-minecraft/manifests/init.pp: source => 'http://s3.amazonaws.com/MinecraftDownload/launcher/Minecraft.zip', .//puppet-minecraft/spec/classes/minecraft_spec.rb: :source => 'http://s3.amazonaws.com/MinecraftDownload/launcher/Minecraft.zip', .//puppet-notational_velocity/manifests/init.pp: source => 'http://notational.net/NotationalVelocity.zip', .//puppet-postgresql/files/brews/postgresql.rb: url 'http://ftp.postgresql.org/pub/source/v9.1.4/postgresql-9.1.4.tar.bz2' .//puppet-propane/manifests/init.pp: source => 'http://propaneapp.com/appcast/Propane.zip', .//puppet-propane/spec/classes/propane_spec.rb: :source => 'http://propaneapp.com/appcast/Propane.zip', .//puppet-propane/spec/fixtures/modules/propane/manifests/init.pp: source => 'http://propaneapp.com/appcast/Propane.zip', .//puppet-python/files/brews/python-distribute.rb: url 'http://pypi.python.org/packages/source/d/distribute/distribute-0.6.30.tar.gz' .//puppet-python/files/brews/python-pip.rb: url 'http://pypi.python.org/packages/source/p/pip/pip-1.2.1.tar.gz' .//puppet-python/spec/fixtures/modules/python/files/brews/python-distribute.rb: url 'http://pypi.python.org/packages/source/d/distribute/distribute-0.6.30.tar.gz' .//puppet-python/spec/fixtures/modules/python/files/brews/python-pip.rb: url 'http://pypi.python.org/packages/source/p/pip/pip-1.2.1.tar.gz' .//puppet-qt/files/brews/qt.rb: url 'http://releases.qt-project.org/qt4/source/qt-everywhere-opensource-src-4.8.4.tar.gz' .//puppet-rdio/manifests/init.pp: source => 'http://www.rdio.com/media/static/desktop/mac/Rdio.dmg' .//puppet-rdio/spec/classes/rdio_spec.rb: :source => 'http://www.rdio.com/media/static/desktop/mac/Rdio.dmg' .//puppet-rdio/spec/fixtures/modules/rdio/manifests/init.pp: source => 'http://www.rdio.com/media/static/desktop/mac/Rdio.dmg' .//puppet-scons/files/brews/scons.rb: url 'http://downloads.sourceforge.net/scons/scons-2.2.0.tar.gz' .//puppet-sizeup/manifests/init.pp: source => 'http://www.irradiatedsoftware.com/download/SizeUp.zip', .//puppet-sizeup/spec/classes/sizeup_spec.rb: :source => 'http://www.irradiatedsoftware.com/download/SizeUp.zip', .//puppet-sizeup/spec/fixtures/modules/sizeup/manifests/init.pp: source => 'http://www.irradiatedsoftware.com/download/SizeUp.zip', .//puppet-skype/manifests/init.pp: source => 'http://www.skype.com/go/getskype-macosx.dmg', .//puppet-skype/spec/classes/skype_spec.rb: :source => 'http://www.skype.com/go/getskype-macosx.dmg', .//puppet-skype/spec/fixtures/modules/skype/manifests/init.pp: source => 'http://www.skype.com/go/getskype-macosx.dmg', .//puppet-sparrow/manifests/init.pp: source => 'http://download.sparrowmailapp.com/appcast/Sparrow-latest.dmg' .//puppet-sparrow/spec/classes/sparrow_spec.rb: :source => 'http://download.sparrowmailapp.com/appcast/Sparrow-latest.dmg' .//puppet-sparrow/spec/fixtures/modules/sparrow/manifests/init.pp: source => 'http://download.sparrowmailapp.com/appcast/Sparrow-latest.dmg' .//puppet-spotify/manifests/init.pp: source => "http://download.spotify.com/SpotifyInstaller.zip", .//puppet-spotify/spec/classes/spotify_spec.rb: :source => 'http://download.spotify.com/SpotifyInstaller.zip', .//puppet-spotify/spec/fixtures/modules/spotify/manifests/init.pp: source => "http://download.spotify.com/SpotifyInstaller.zip", .//puppet-sublime_text_2/manifests/init.pp: source => 'http://c758482.r82.cf2.rackcdn.com/Sublime%20Text%202.0.1.dmg'; .//puppet-sublime_text_2/spec/classes/sublime_text_2_spec.rb: :source => 'http://c758482.r82.cf2.rackcdn.com/Sublime%20Text%202.0.1.dmg' .//puppet-sublime_text_2/spec/fixtures/modules/sublime_text_2/manifests/init.pp: source => 'http://c758482.r82.cf2.rackcdn.com/Sublime%20Text%202.0.1.dmg'; .//puppet-textmate/manifests/init.pp: source => 'http://download.macromates.com/TextMate_1.5.11_r1635.zip', .//puppet-textmate/spec/classes/textmate_spec.rb: :source => 'http://download.macromates.com/TextMate_1.5.11_r1635.zip', .//puppet-textmate/spec/fixtures/modules/textmate/manifests/init.pp: source => 'http://download.macromates.com/TextMate_1.5.11_r1635.zip', .//puppet-things/manifests/init.pp: source => 'http://culturedcode.cachefly.net/things/Things_2.1.zip', .//puppet-things/spec/classes/things_spec.rb: :source => 'http://culturedcode.cachefly.net/things/Things_2.1.zip', .//puppet-things/spec/fixtures/modules/things/manifests/init.pp: source => 'http://culturedcode.cachefly.net/things/Things_2.1.zip', .//puppet-virtualbox/manifests/init.pp: source => 'http://download.virtualbox.org/virtualbox/4.1.20/VirtualBox-4.1.20-80170-OSX.dmg' .//puppet-viscosity/manifests/init.pp: source => 'http://www.thesparklabs.com/downloads/Viscosity.dmg' .//puppet-viscosity/spec/classes/viscosity_spec.rb: :source => 'http://www.thesparklabs.com/downloads/Viscosity.dmg' .//puppet-viscosity/spec/fixtures/modules/viscosity/manifests/init.pp: source => 'http://www.thesparklabs.com/downloads/Viscosity.dmg' .//puppet-vlc/manifests/init.pp: source => "http://sourceforge.net/projects/vlc/files/${version}/macosx/vlc-${version}.dmg", .//puppet-vlc/spec/classes/vlc_spec.rb: :source => 'http://sourceforge.net/projects/vlc/files/2.0.3/macosx/vlc-2.0.3.dmg/download', .//puppet-vlc/spec/fixtures/modules/vlc/manifests/init.pp: source => "http://sourceforge.net/projects/vlc/files/${version}/macosx/vlc-${version}.dmg", .//puppet-watts/manifests/init.pp: source => "http://www.matchingbrackets.com/abatt/customer/Watts-48.dmg", .//puppet-watts/spec/classes/watts_spec.rb: :source => 'http://www.matchingbrackets.com/abatt/customer/Watts-48.dmg', .//puppet-watts/spec/fixtures/modules/watts/manifests/init.pp: source => "http://www.matchingbrackets.com/abatt/customer/Watts-48.dmg", .//puppet-xquartz/manifests/init.pp: source => 'http://xquartz.macosforge.org/downloads/SL/XQuartz-2.7.2.dmg', .//puppet-xquartz/spec/classes/xquartz_spec.rb: :source => 'http://static.macosforge.org/xquartz/downloads/SL/XQuartz-2.7.2.dmg' .//puppet-xquartz/spec/fixtures/modules/xquartz/manifests/init.pp: source => 'http://xquartz.macosforge.org/downloads/SL/XQuartz-2.7.2.dmg',

— Reply to this email directly or view it on GitHubhttps://github.com/boxen/puppet-chrome/issues/1#issuecomment-13509870.

Nope. The Puppet package type assumes all sources are trusted. No checksumming is done at all.

We can hack our custom package provider for compressed apps to support getting a hash from the install_options parameter, and causing it to fail out if we get a bad checksum, if necessary.

On Wed, Feb 13, 2013 at 10:41 AM, John Barnette notifications@github.comwrote:

Yo @wfarr, the provider doesn't have any built-in support for checksumming does it?

On Wed, Feb 13, 2013 at 10:40 AM, John Barnette jbarnette@github.comwrote:

Sweet, thanks for the list. I'll go through these and see which ones we can replace with https.

On Wed, Feb 13, 2013 at 10:39 AM, Ben Toews notifications@github.comwrote:

Seems like a lot of repos using HTTP:

➜ boxen_repos grep -r http:// ./ | grep source .//boxen.github.com/GEMFILE:source "http://rubygems.org" .//boxen.github.com/index-2.html: the MIT .//puppet-alfred/manifests/init.pp: source => ' http://cachefly.alfredapp.com/alfred_1.3.1_261.dmg' .//puppet-alfred/spec/classes/alfred_spec.rb: :source => ' http://cachefly.alfredapp.com/alfred_1.3.1_261.dmg', .//puppet-alfred/spec/fixtures/modules/alfred/manifests/init.pp: source => 'http://cachefly.alfredapp.com/alfred_1.3.1_261.dmg' .//puppet-arq/manifests/init.pp: source => ' http://www.haystacksoftware.com/arq/Arq.zip', .//puppet-arq/spec/classes/arq_spec.rb: :source => ' http://www.haystacksoftware.com/arq/Arq.zip', .//puppet-arq/spec/fixtures/modules/arq/manifests/init.pp: source => ' http://www.haystacksoftware.com/arq/Arq.zip', .//puppet-caffeine/manifests/init.pp: source => ' http://lightheadsw.com/files/releases/com.lightheadsw.Caffeine/Caffeine1.1.1.zip'

.//puppet-caffeine/spec/classes/caffeine_spec.rb: :source => ' http://lightheadsw.com/files/releases/com.lightheadsw.Caffeine/Caffeine1.1.1.zip',

.//puppet-caffeine/spec/fixtures/modules/caffeine/manifests/init.pp: source => ' http://lightheadsw.com/files/releases/com.lightheadsw.Caffeine/Caffeine1.1.1.zip'

.//puppet-chrome/spec/classes/chrome_dev_spec.rb: :source => ' http://dl.google.com/chrome/mac/dev/GoogleChrome.dmg', .//puppet-chrome/spec/classes/chrome_spec.rb: :source => ' http://dl.google.com/chrome/mac/stable/GoogleChrome.dmg', .//puppet-colloquy/manifests/init.pp: source => ' http://colloquy.info/downloads/colloquy-latest.zip', .//puppet-colloquy/spec/classes/colloquy_spec.rb: :source => ' http://colloquy.info/downloads/colloquy-latest.zip', .//puppet-colloquy/spec/fixtures/modules/colloquy/manifests/init.pp: source => 'http://colloquy.info/downloads/colloquy-latest.zip', .//puppet-divvy/manifests/init.pp: source => ' http://mizage.com/downloads/Divvy.zip', .//puppet-divvy/spec/classes/divvy_spec.rb: :source => ' http://mizage.com/downloads/Divvy.zip', .//puppet-divvy/spec/fixtures/modules/divvy/manifests/init.pp: source => 'http://mizage.com/downloads/Divvy.zip', .//puppet-fitbit/manifests/init.pp: source => ' http://cache.fitbit.com/uploader/Install_Fitbit-1.8.2.10.dmg' .//puppet-fitbit/spec/classes/fitbit_spec.rb: :source => ' http://cache.fitbit.com/uploader/Install_Fitbit-1.8.2.10.dmg', .//puppet-fitbit/spec/fixtures/modules/fitbit/manifests/init.pp: source => 'http://cache.fitbit.com/uploader/Install_Fitbit-1.8.2.10.dmg' .//puppet-gitx/manifests/init.pp: source => ' http://frim.frim.nl/GitXStable.app.zip', .//puppet-gitx/spec/classes/gitx_spec.rb: :source => ' http://frim.frim.nl/GitXStable.app.zip', .//puppet-gitx/spec/fixtures/modules/gitx/manifests/init.pp: source => ' http://frim.frim.nl/GitXStable.app.zip', .//puppet-handbrake/manifests/init.pp: source => " http://sourceforge.net/projects/handbrake/files/${version}/HandBrake-${version}-MacOSX.6_GUI_x86_64.dmg",

.//puppet-handbrake/spec/classes/handbrake_spec.rb: :source => ' http://sourceforge.net/projects/handbrake/files/0.9.8/HandBrake-0.9.8-MacOSX.6_GUI_x86_64.dmg',

.//puppet-handbrake/spec/fixtures/modules/handbrake/manifests/init.pp: source => " http://sourceforge.net/projects/handbrake/files/${version}/HandBrake-${version}-MacOSX.6_GUI_x86_64.dmg",

.//puppet-imagemagick/files/brews/little-cms.rb: url ' http://sourceforge.net/projects/lcms/files/lcms/1.19/lcms-1.19.tar.gz' .//puppet-istatmenus3/manifests/init.pp: source => " http://s3.amazonaws.com/bjango/files/istatmenus3/istatmenus3.25.zip", .//puppet-istatmenus3/spec/classes/istatmenus3_spec.rb: :source => ' http://s3.amazonaws.com/bjango/files/istatmenus3/istatmenus3.25.zip',

.//puppet-istatmenus3/spec/fixtures/modules/istatmenus3/manifests/init.pp: source => " http://s3.amazonaws.com/bjango/files/istatmenus3/istatmenus3.25.zip", .//puppet-istatmenus4/manifests/init.pp: source => " http://s3.amazonaws.com/bjango/files/istatmenus4/istatmenus4.02.zip", .//puppet-istatmenus4/spec/classes/istatmenus4_spec.rb: :source => ' http://s3.amazonaws.com/bjango/files/istatmenus4/istatmenus4.02.zip',

.//puppet-istatmenus4/spec/fixtures/modules/istatmenus4/manifests/init.pp: source => " http://s3.amazonaws.com/bjango/files/istatmenus4/istatmenus4.02.zip", .//puppet-iterm2/manifests/dev.pp: source => ' http://iterm2.googlecode.com/files/iTerm2-1_0_0_20120726.zip', .//puppet-iterm2/manifests/stable.pp: source => ' http://iterm2.googlecode.com/files/iTerm2_v1_0_0.zip', .//puppet-minecraft/manifests/init.pp: source => ' http://s3.amazonaws.com/MinecraftDownload/launcher/Minecraft.zip', .//puppet-minecraft/spec/classes/minecraft_spec.rb: :source => ' http://s3.amazonaws.com/MinecraftDownload/launcher/Minecraft.zip', .//puppet-notational_velocity/manifests/init.pp: source => ' http://notational.net/NotationalVelocity.zip', .//puppet-postgresql/files/brews/postgresql.rb: url ' http://ftp.postgresql.org/pub/source/v9.1.4/postgresql-9.1.4.tar.bz2' .//puppet-propane/manifests/init.pp: source => ' http://propaneapp.com/appcast/Propane.zip', .//puppet-propane/spec/classes/propane_spec.rb: :source => ' http://propaneapp.com/appcast/Propane.zip', .//puppet-propane/spec/fixtures/modules/propane/manifests/init.pp: source => 'http://propaneapp.com/appcast/Propane.zip', .//puppet-python/files/brews/python-distribute.rb: url ' http://pypi.python.org/packages/source/d/distribute/distribute-0.6.30.tar.gz'

.//puppet-python/files/brews/python-pip.rb: url ' http://pypi.python.org/packages/source/p/pip/pip-1.2.1.tar.gz'

.//puppet-python/spec/fixtures/modules/python/files/brews/python-distribute.rb: url ' http://pypi.python.org/packages/source/d/distribute/distribute-0.6.30.tar.gz'

.//puppet-python/spec/fixtures/modules/python/files/brews/python-pip.rb: url 'http://pypi.python.org/packages/source/p/pip/pip-1.2.1.tar.gz' .//puppet-qt/files/brews/qt.rb: url ' http://releases.qt-project.org/qt4/source/qt-everywhere-opensource-src-4.8.4.tar.gz'

.//puppet-rdio/manifests/init.pp: source => ' http://www.rdio.com/media/static/desktop/mac/Rdio.dmg' .//puppet-rdio/spec/classes/rdio_spec.rb: :source => ' http://www.rdio.com/media/static/desktop/mac/Rdio.dmg' .//puppet-rdio/spec/fixtures/modules/rdio/manifests/init.pp: source => ' http://www.rdio.com/media/static/desktop/mac/Rdio.dmg' .//puppet-scons/files/brews/scons.rb: url ' http://downloads.sourceforge.net/scons/scons-2.2.0.tar.gz' .//puppet-sizeup/manifests/init.pp: source => ' http://www.irradiatedsoftware.com/download/SizeUp.zip', .//puppet-sizeup/spec/classes/sizeup_spec.rb: :source => ' http://www.irradiatedsoftware.com/download/SizeUp.zip', .//puppet-sizeup/spec/fixtures/modules/sizeup/manifests/init.pp: source => 'http://www.irradiatedsoftware.com/download/SizeUp.zip', .//puppet-skype/manifests/init.pp: source => ' http://www.skype.com/go/getskype-macosx.dmg', .//puppet-skype/spec/classes/skype_spec.rb: :source => ' http://www.skype.com/go/getskype-macosx.dmg', .//puppet-skype/spec/fixtures/modules/skype/manifests/init.pp: source => 'http://www.skype.com/go/getskype-macosx.dmg', .//puppet-sparrow/manifests/init.pp: source => ' http://download.sparrowmailapp.com/appcast/Sparrow-latest.dmg' .//puppet-sparrow/spec/classes/sparrow_spec.rb: :source => ' http://download.sparrowmailapp.com/appcast/Sparrow-latest.dmg' .//puppet-sparrow/spec/fixtures/modules/sparrow/manifests/init.pp: source => 'http://download.sparrowmailapp.com/appcast/Sparrow-latest.dmg' .//puppet-spotify/manifests/init.pp: source => " http://download.spotify.com/SpotifyInstaller.zip", .//puppet-spotify/spec/classes/spotify_spec.rb: :source => ' http://download.spotify.com/SpotifyInstaller.zip', .//puppet-spotify/spec/fixtures/modules/spotify/manifests/init.pp: source => "http://download.spotify.com/SpotifyInstaller.zip", .//puppet-sublime_text_2/manifests/init.pp: source => ' http://c758482.r82.cf2.rackcdn.com/Sublime%20Text%202.0.1.dmg'; .//puppet-sublime_text_2/spec/classes/sublime_text_2_spec.rb: :source => 'http://c758482.r82.cf2.rackcdn.com/Sublime%20Text%202.0.1.dmg'

.//puppet-sublime_text_2/spec/fixtures/modules/sublime_text_2/manifests/init.pp: source => 'http://c758482.r82.cf2.rackcdn.com/Sublime%20Text%202.0.1.dmg';

.//puppet-textmate/manifests/init.pp: source => ' http://download.macromates.com/TextMate_1.5.11_r1635.zip', .//puppet-textmate/spec/classes/textmate_spec.rb: :source => ' http://download.macromates.com/TextMate_1.5.11_r1635.zip', .//puppet-textmate/spec/fixtures/modules/textmate/manifests/init.pp: source => 'http://download.macromates.com/TextMate_1.5.11_r1635.zip', .//puppet-things/manifests/init.pp: source => ' http://culturedcode.cachefly.net/things/Things_2.1.zip', .//puppet-things/spec/classes/things_spec.rb: :source => ' http://culturedcode.cachefly.net/things/Things_2.1.zip', .//puppet-things/spec/fixtures/modules/things/manifests/init.pp: source => 'http://culturedcode.cachefly.net/things/Things_2.1.zip', .//puppet-virtualbox/manifests/init.pp: source => ' http://download.virtualbox.org/virtualbox/4.1.20/VirtualBox-4.1.20-80170-OSX.dmg'

.//puppet-viscosity/manifests/init.pp: source => ' http://www.thesparklabs.com/downloads/Viscosity.dmg' .//puppet-viscosity/spec/classes/viscosity_spec.rb: :source => ' http://www.thesparklabs.com/downloads/Viscosity.dmg' .//puppet-viscosity/spec/fixtures/modules/viscosity/manifests/init.pp: source => 'http://www.thesparklabs.com/downloads/Viscosity.dmg' .//puppet-vlc/manifests/init.pp: source => " http://sourceforge.net/projects/vlc/files/${version}/macosx/vlc-${version}.dmg",

.//puppet-vlc/spec/classes/vlc_spec.rb: :source => ' http://sourceforge.net/projects/vlc/files/2.0.3/macosx/vlc-2.0.3.dmg/download',

.//puppet-vlc/spec/fixtures/modules/vlc/manifests/init.pp: source => " http://sourceforge.net/projects/vlc/files/${version}/macosx/vlc-${version}.dmg",

.//puppet-watts/manifests/init.pp: source => " http://www.matchingbrackets.com/abatt/customer/Watts-48.dmg", .//puppet-watts/spec/classes/watts_spec.rb: :source => ' http://www.matchingbrackets.com/abatt/customer/Watts-48.dmg', .//puppet-watts/spec/fixtures/modules/watts/manifests/init.pp: source => "http://www.matchingbrackets.com/abatt/customer/Watts-48.dmg", .//puppet-xquartz/manifests/init.pp: source => ' http://xquartz.macosforge.org/downloads/SL/XQuartz-2.7.2.dmg', .//puppet-xquartz/spec/classes/xquartz_spec.rb: :source => ' http://static.macosforge.org/xquartz/downloads/SL/XQuartz-2.7.2.dmg' .//puppet-xquartz/spec/fixtures/modules/xquartz/manifests/init.pp: source => 'http://xquartz.macosforge.org/downloads/SL/XQuartz-2.7.2.dmg',

— Reply to this email directly or view it on GitHub< https://github.com/boxen/puppet-chrome/issues/1#issuecomment-13509870>.

— Reply to this email directly or view it on GitHubhttps://github.com/boxen/puppet-chrome/issues/1#issuecomment-13509996.

Anyone know why this url isn't working

class webstorm {
  package { 'webstorm':
    provider => 'appdmg',
    source   => 'https://docs.google.com/uc?export=download&confirm=no_antivirus&id=0Bx6l5GmEYzJJWXhwUVZVell5Mlk',
  }
}

boxen / puppet-chrome

Downloading DMGs via HTTP #1