search

voxpupuli / puppet-archive

Compressed archive file download and extraction with native types/providers for Windows and Unix
https://forge.puppet.com/puppet/archive
Apache License 2.0
59 stars 176 forks source link

Checksum not being verified #484

Open deric opened 1 year ago

deric commented 1 year ago

I'm trying to ensure specific version when being installed from an tar archive. However the installation is performed only when the binary is missing.

Affected Puppet, Ruby, OS and module versions/distributions

How to reproduce (e.g Puppet code you use)

  archive { '/tmp/k9s.tar.gz':
    source          => 'https://github.com/derailed/k9s/releases/download/v0.26.7/k9s_Linux_x86_64.tar.gz',
    checksum_type   => 'f774bb75045e361e17a4f267491c5ec66f41db7bffd996859ffb1465420af249',
    checksum        => 'sha256',
    checksum_verify => true,
    extract         => true,
    extract_path    => '/usr/bin/',
    temp_dir        => '/tmp',
    extract_command => 'tar xfz %s k9s',
    cleanup         => false,
    creates         => ['/usr/bin/k9s'],
  }

What are you seeing

sha256sum doesn't match expected sum

$ sha256sum k9s_Linux_x86_64.tar.gz
9a4dbb8e339423b3c7cd587f4abdd20351c01af15c8f1546b99f4557199e2c74  k9s_Linux_x86_64.tar.gz

What behaviour did you expect instead

I'm expecting the binary to match the provided checksum

$ sha256sum k9s_Linux_x86_64.tar.gz
f774bb75045e361e17a4f267491c5ec66f41db7bffd996859ffb1465420af249  k9s_Linux_x86_64.tar.gz

It would be nice to have possibility to specify the checksum of the target binary instead. But none of the checksum doesn't seems to be checked when creates => ['/usr/bin/k9s'] exists.

jjarokergc commented 10 months ago

I notice the same behavior: the archive doesn't check the checksum before extracting the files.

Puppet version: 8.2.0 Archive module: 7.0.0 Ubuntu 22.04

      # Download file
      archive { $archive_name:
        path          => $path,
        username      => $user,
        password      => $password,
        source        => $source,
        extract       => true,
        checksum_type => $checksum_type,
        checksum      => $checksum,
        extract_path  => $install_path,
        creates       => "${install_path}/${creates}",
        cleanup       => false,
      } # Download File