Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

get_url: Verify checksum using tmpsrc, not dest #64092

Open
wants to merge 1 commit into
base: devel
Choose a base branch
from

Conversation

dbrgn
Copy link
Contributor

@dbrgn dbrgn commented Oct 30, 2019

SUMMARY

Previously, if the checksum of the downloaded file did not match the
specified checksum, the destination file was removed. This possibly
leaves the system that is being provisioned in an invalid state.

Instead, the checksum should be calculated on the temporary file only.
If there's a mismatch, delete the temporary file, not the destination
file.

This requires checking the checksum before moving the file.

ISSUE TYPE
  • Bugfix Pull Request
COMPONENT NAME

get_url

ADDITIONAL INFORMATION

Steps to reproduce:

  1. Download a file using the get_url module using the correct checksum. Ensure that the file was downloaded successfully.
  2. Now change the checksum so that it's invalid and re-run the get_url module
  3. Even though the module failed, the previously downloaded file was removed

@dbrgn dbrgn force-pushed the get-url-checksum-tmpsrc branch from 3c75e4c to 34a2b64 Compare Oct 30, 2019
@ansibot
Copy link
Contributor

@ansibot ansibot commented Oct 30, 2019

@ansibot ansibot added affects_2.10 bug core_review module needs_triage net_tools support:core labels Oct 30, 2019
@dbrgn
Copy link
Contributor Author

@dbrgn dbrgn commented Oct 30, 2019

I'll provide an integration test in a few minutes.

@dbrgn dbrgn force-pushed the get-url-checksum-tmpsrc branch from 34a2b64 to b5370b2 Compare Oct 30, 2019
@dbrgn
Copy link
Contributor Author

@dbrgn dbrgn commented Oct 30, 2019

I'll provide an integration test in a few minutes.

Done, commit was updated!

@samdoran samdoran requested a review from sivel Oct 31, 2019
@samdoran samdoran added needs_verified P3 and removed needs_triage labels Oct 31, 2019
@ansibot ansibot added the stale_ci label Nov 8, 2019
Copy link
Member

@sivel sivel left a comment

This PR also needs a changelog fragment in changelogs/fragments

lib/ansible/modules/net_tools/basics/get_url.py Outdated Show resolved Hide resolved
Previously, if the checksum of the downloaded file did not match the
specified checksum, the *destination* file was removed. This possibly
leaves the system that is being provisioned in an invalid state.

Instead, the checksum should be calculated on the temporary file only.
If there's a mismatch, delete the *temporary* file, not the destination
file.

This requires checking the checksum before moving the file.
@dbrgn dbrgn force-pushed the get-url-checksum-tmpsrc branch from b5370b2 to 0a719af Compare Mar 18, 2020
@dbrgn
Copy link
Contributor Author

@dbrgn dbrgn commented Mar 18, 2020

@sivel changelog fragment was added.

@ansibot ansibot added support:community and removed stale_ci labels Mar 18, 2020
@ansibot ansibot added needs_revision stale_ci stale_review and removed core_review labels Mar 28, 2020
@ansibot ansibot added needs_rebase and removed stale_review labels May 16, 2020
@ansibot ansibot removed the stale_ci label Dec 5, 2020
@ansibot ansibot added the pre_azp label Dec 5, 2020
@ansibot ansibot removed the support:community label Mar 4, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
affects_2.10 bug module needs_rebase needs_revision needs_verified net_tools P3 pre_azp support:core
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

4 participants