search

splunk / docker-splunk-legacy

Docker Splunk *** LEGACY IMAGES - PLEASE SEE https://github.com/splunk/docker-splunk INSTEAD ***
https://www.splunk.com
Apache License 2.0
308 stars 262 forks source link

docker image for splunk 7.1.0 fails file integrity validation #77

Open skwongg opened 6 years ago

skwongg commented 6 years ago

I'm not sure if this version is still supported but I found 3 app files are failing file integrity check and yield different sha256 hashes in the docker image vs. direct tar install. The hashes in the manifest file are consistent with the direct tar installation but not with the files from docker. I can suppress the errors for now or edit the manifest, but both of those solutions are not ideal since I don't want to bake these into my cluster management scripts. I've checked on different machines and environments and arrived at the same result (some local, some staging and some live). Thanks!

Docker version: docker version 18.03.1-ce

Steps to reproduce: docker pull splunk/splunk:7.1.0 docker run -d -it splunk/splunk:7.1.0 docker exec -it bash ./bin/splunk validate files

results in:

File '/opt/splunk/share/splunk/migration/app_contents_SplunkDeploymentMonitor.tar.gz' changed. File '/opt/splunk/share/splunk/migration/app_contents_unix.tar.gz' changed. File '/opt/splunk/share/splunk/migration/app_contents_windows.tar.gz' changed.

Compared with the tar.gz downloaded hashes they are different.

run sha256sum against these files: sha256sum /opt/splunk/share/splunk/migration/appcontents*

output: b3f57820ec6af9c62d6685a6a7a7a2ff7f039be2712c04c1f190785afc34fdc4 /opt/splunk/share/splunk/migration/app_contents_SplunkDeploymentMonitor.tar.gz 75728e3fa3b43e7c9214f36df7cb483079d5d14511b754fd14b439bf0d1ad3bd /opt/splunk/share/splunk/migration/app_contents_unix.tar.gz b141a423f3b7822673465776596fc8278c12e793b6b1f108045b063c975c130f /opt/splunk/share/splunk/migration/app_contents_windows.tar.gz

To grep the manifest file for the hashes it was expecting for these files (run from $SPLUNK_HOME): grep "appcontents" splunk-7.1.0-2e75b3406c5b-linux-2.6-x86_64-manifest

which results in:

f 444 splunk splunk splunk/share/splunk/migration/app_contents_SplunkDeploymentMonitor.tar.gz 3478cfae2593f6be92fc084f2d195c27be13e11441d4118116e27010a2a041d5 f 444 splunk splunk splunk/share/splunk/migration/app_contents_unix.tar.gz 98cc648a8a0c6901f7d3bb585e8597f410df628ee81e1c65082c63195794e283 f 444 splunk splunk splunk/share/splunk/migration/app_contents_windows.tar.gz 2ae56598076bee59f46823ae3957eb2f422be83976774493423684ab7281dd3e

outcoldman commented 6 years ago

I saw that too but in case of 7.1.1 I have not seen this issue anymore https://github.com/outcoldman/docker-splunk/tree/splunk_7_1_1 I have not created a PR yet, but feel free to apply this change on top and give it a try https://github.com/outcoldman/docker-splunk/commit/a1c2e8e36f2620f3ad454622c8a57682c90d3931