version bump and checksums #2
Conversation
Use these checksums to both prevent re-downloading an existing file, and to validate downloads.
| if checksum != node['ts3']['sha256sum'][arch] | ||
| raise "Downloaded TS3 checksum does not match expected value." | ||
| end | ||
| end |
There was a problem hiding this comment.
This ruby_block is not necessary. Using the checksum on remote_file will check the target file's SHA256 vs the source.
There was a problem hiding this comment.
In my testing, it didn't. It would use the checksum to avoid re-downloading if the file already existed and the checksum matched, but wouldn't validate the checksum on download and fail if it didn't match. (Instead, it would re-download on every run.) Since the download is over http and coming from a mirror, I'd like to validate it.
The ruby_block is based on this, where someone else had a similar problem: http://tech.yipit.com/2013/05/09/pragmatic-chef-verifying-remote-files/
There was a problem hiding this comment.
I trust this particular mirror:
- It's the default one on teamspeak's downloads page
- Teamspeak itself does not run as the
rootuser.
IMO, Verifying the content of a downloaded file is something that should be added to Chef's content management resources. That is, it's a bug that it doesn't currently.
This bumps the TS3 version to the current version, and adds checksum validation for the tarball.