diff options
author | Danilo Bargen <mail@dbrgn.ch> | 2024-06-20 16:55:59 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-06-20 16:55:59 +0200 |
commit | c2c6005842965296ef2c17198c2effc75cb34dfd (patch) | |
tree | d243359a335942c4a4d1f6bc56e76d3ea0238e51 /test | |
parent | ansible-test - Update PyPI and utility container (#83475) (diff) | |
download | ansible-c2c6005842965296ef2c17198c2effc75cb34dfd.tar.xz ansible-c2c6005842965296ef2c17198c2effc75cb34dfd.zip |
get_url: Verify checksum using tmpsrc, not dest (#64092)
Previously, if the checksum of the downloaded file did not match the
specified checksum, the *destination* file was removed. This possibly
leaves the system that is being provisioned in an invalid state.
Instead, the checksum should be calculated on the temporary file only.
If there's a mismatch, delete the *temporary* file, not the destination
file.
This requires checking the checksum before moving the file.
Diffstat (limited to 'test')
-rw-r--r-- | test/integration/targets/get_url/tasks/main.yml | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/test/integration/targets/get_url/tasks/main.yml b/test/integration/targets/get_url/tasks/main.yml index 51cb437b6a..2f50b4366c 100644 --- a/test/integration/targets/get_url/tasks/main.yml +++ b/test/integration/targets/get_url/tasks/main.yml @@ -676,3 +676,46 @@ - name: Test use_netrc=False import_tasks: use_netrc.yml + +# https://github.com/ansible/ansible/pull/64092 +# Calling get_url with bad checksum should not delete the target file +- name: Define test files for checksum verification + set_fact: + checksum_verify_dstfile: "{{ remote_tmp_dir }}/checksum-verify-test.txt" + +- name: Download file + get_url: + url: https://{{ httpbin_host }}/get + dest: "{{ checksum_verify_dstfile}}" + register: result + +- stat: + path: "{{ checksum_verify_dstfile }}" + register: stat_result_checksum_verify + +- name: Assert success + assert: + that: + - result is changed + - '"OK" in result.msg' + - stat_result_checksum_verify.stat.exists + +- name: Download file again, with wrong checksum + get_url: + url: https://{{ httpbin_host }}/get + dest: "{{ checksum_verify_dstfile}}" + checksum: "sha256:18b2a70b53c350ad49e4eafb69560bf77ba2ef4f3c93376b65f18b753c912809" + register: result + failed_when: + - result is successful + +- stat: + path: "{{ checksum_verify_dstfile }}" + register: stat_result_checksum_verify + +- name: Assert destination file was not removed + assert: + that: + - result is not changed + - '"did not match" in result.msg' + - stat_result_checksum_verify.stat.exists |