Commit
…or file resources Without this patch, file resources will always try to checksum themselves using MD5. On FIPS 140-2 compliant hosts, this will fail. This patch adds sha256 as a permissible value for the File resource's checksum parameter, and makes the checksum parameter default to using the digest_algorithm, as set in the puppet.conf.
- Loading branch information
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -613,7 +613,9 @@ def recurse_remote(children) | |
end | ||
children[meta.relative_path] ||= newchild(meta.relative_path) | ||
children[meta.relative_path][:source] = meta.source | ||
children[meta.relative_path][:checksum] = :md5 if meta.ftype == "file" | ||
algo = Puppet[:digest_algorithm] || 'md5' | ||
This comment has been minimized.
Sorry, something went wrong.
This comment has been minimized.
Sorry, something went wrong.
jaredjennings
Author
Owner
|
||
algo = algo.intern unless algo.is_a? Symbol | ||
This comment has been minimized.
Sorry, something went wrong.
adrienthebo
|
||
children[meta.relative_path][:checksum] = algo if meta.ftype == "file" | ||
|
||
children[meta.relative_path].parameter(:source).metadata = meta | ||
end | ||
|
When is it possible for
Puppet[:digest_algorithm]
to be unset?