upstream/packer
1
0
Fork 0
mirror of https://github.com/hashicorp/packer.git synced 2026-06-09 08:42:33 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

plugins: ensure valid checksum before exec

Browse source 
When Packer discovers binary a bunch of checks are performed, which
ultimately end with a checksum match check.

This however should be the very first thing we do, even before
attempting to run `describe' on the plugin binary we're discovering.

So this commit moves this checksum match to the top of the discovery
process for binaries.
This commit is contained in:
Lucas Bajolet 2024-03-14 15:48:13 -04:00 committed by Lucas Bajolet
parent 0d66848578
commit 385ba4cfac
1 changed files with 21 additions and 21 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

42
packer/plugin-getter/plugins.go
View file

@ -131,6 +131,27 @@ func (pr Requirement) ListInstallations(opts ListInstallationsOptions) (InstallL
continue
}
checksumOk := false
for _, checksummer := range opts.Checksummers {
cs, err := checksummer.GetCacheChecksumOfFile(path)
if err != nil {
log.Printf("[TRACE] GetChecksumOfFile(%q) failed: %v", path, err)
continue
}
if err := checksummer.ChecksumFile(cs, path); err != nil {
log.Printf("[TRACE] ChecksumFile(%q) failed: %v", path, err)
continue
}
checksumOk = true
break
}
if !checksumOk {
log.Printf("[TRACE] No checksum found for %q ignoring possibly unsafe binary", path)
continue
}
// base name could look like packer-plugin-amazon_v1.2.3_x5.1_darwin_amd64.exe
versionsStr := strings.TrimPrefix(fname, FilenamePrefix)
versionsStr = strings.TrimSuffix(versionsStr, filenameSuffix)
@ -207,27 +228,6 @@ func (pr Requirement) ListInstallations(opts ListInstallationsOptions) (InstallL
continue
}
checksumOk := false
for _, checksummer := range opts.Checksummers {
cs, err := checksummer.GetCacheChecksumOfFile(path)
if err != nil {
log.Printf("[TRACE] GetChecksumOfFile(%q) failed: %v", path, err)
continue
}
if err := checksummer.ChecksumFile(cs, path); err != nil {
log.Printf("[TRACE] ChecksumFile(%q) failed: %v", path, err)
continue
}
checksumOk = true
break
}
if !checksumOk {
log.Printf("[TRACE] No checksum found for %q ignoring possibly unsafe binary", path)
continue
}
res = append(res, &Installation{
BinaryPath: path,
Version: pluginVersionStr,