Open philsnow opened 6 years ago
:+1: :shipit:
Note, checksum
will throw an error if there is a checksum mismatch.
Note,
checksum
will throw an error if there is a checksum mismatch.
I can't find the code that raises any such error in chef 12.12 or HEAD. The description of checksum
re remote_file
on https://docs.chef.io/resource_remote_file.html says
The SHA-256 checksum of the file. Use to prevent a file from being re-downloaded. When the local file matches the checksum, the chef-client does not download it.
I'd be very interested if you can point out where in chef there's an error thrown if the listed checksum doesn't match the checksum of the bytes that get downloaded by the remote_file
resource.
After fetching this URI the recipe runs it as root. Short of verifying the integrity of the installer in some way, the installer should be downloaded over HTTPS at the least.
Note that there's a
checksum
directive in theremote_file
, but that doesn't do what you might think it does: instead of verifying that the downloaded artifact has the expected checksum, it just uses the checksum as a hint to tell whether to re-download the file.