pupistry 0.0.8 → 0.0.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/bin/pupistry +15 -1
- data/lib/pupistry/artifact.rb +19 -4
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 2a46ac7b30671451d7bee3ad1e7d70b20d1fa9f5
|
|
4
|
+
data.tar.gz: 72e76d1cf0041bdb783eb246a3844126f9a7f36b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 2e177835938370c964858fbc42261072f950fee59c20bbddc1e43b793517f14ecb943aa3d4b619c0e456511822d741029db8ccf81c09c127e6f83f120434f0e1
|
|
7
|
+
data.tar.gz: ff3eff835449d84597e95807c6cd304e187420a86ea72bf2b7faebdfa545b5917c7f972cb32bbf9ec31b0f6b517f561bdf86d1a0b56897ae6ddf9fe91df115a7
|
data/bin/pupistry
CHANGED
|
@@ -62,15 +62,24 @@ class CLI < Thor
|
|
|
62
62
|
artifact = Pupistry::Artifact.new
|
|
63
63
|
artifact.checksum = artifact.fetch_latest
|
|
64
64
|
|
|
65
|
+
unless artifact.checksum
|
|
66
|
+
$logger.error "There is no current artifact available for download, no steps can be taken."
|
|
67
|
+
exit 0
|
|
68
|
+
end
|
|
69
|
+
|
|
65
70
|
artifact_installed = Pupistry::Artifact.new
|
|
66
71
|
artifact_installed.checksum = artifact_installed.fetch_installed
|
|
67
72
|
|
|
73
|
+
if artifact_installed.checksum
|
|
74
|
+
$logger.debug "Currently on #{artifact_installed.checksum}"
|
|
75
|
+
else
|
|
76
|
+
$logger.debug "No currently installed artifact - blank slate!"
|
|
77
|
+
end
|
|
68
78
|
|
|
69
79
|
# Download the new artifact if one has changed. If we already have this
|
|
70
80
|
# version, then we should skip downloading and go straight to running
|
|
71
81
|
# Puppet - unless the user runs with --force (eg to fix a corrupted
|
|
72
82
|
# artifact).
|
|
73
|
-
$logger.debug "Currently on #{artifact_installed.checksum}"
|
|
74
83
|
|
|
75
84
|
if artifact.checksum != artifact_installed.checksum or options[:force]
|
|
76
85
|
if options[:force]
|
|
@@ -218,6 +227,11 @@ class CLI < Thor
|
|
|
218
227
|
|
|
219
228
|
artifact_current.fetch_artifact
|
|
220
229
|
|
|
230
|
+
# Are they the same version?
|
|
231
|
+
if artifact_current.checksum == artifact_upstream.checksum
|
|
232
|
+
$logger.info "Current version and upstream version are the same, no diff"
|
|
233
|
+
end
|
|
234
|
+
|
|
221
235
|
# Unpack the archives
|
|
222
236
|
artifact_current.unpack
|
|
223
237
|
artifact_upstream.unpack
|
data/lib/pupistry/artifact.rb
CHANGED
|
@@ -82,7 +82,22 @@ module Pupistry
|
|
|
82
82
|
manifest = YAML::load(contents)
|
|
83
83
|
|
|
84
84
|
if defined? manifest['version']
|
|
85
|
-
|
|
85
|
+
# We have a manifest version supplied, however since the manifest
|
|
86
|
+
# isn't signed, there's risk of an exploited S3 bucket replacing
|
|
87
|
+
# the version with injections designed to attack the shell commands
|
|
88
|
+
# we call from Pupistry.
|
|
89
|
+
#
|
|
90
|
+
# Therefore we need to make sure the manifest version matches a
|
|
91
|
+
# regex suitable for a checksum.
|
|
92
|
+
|
|
93
|
+
if /^[A-Za-z0-9]{32}$/.match(manifest['version'])
|
|
94
|
+
return manifest['version']
|
|
95
|
+
else
|
|
96
|
+
$logger.error "Manifest version returned from S3 manifest.latest.yaml did not match expected regex of MD5."
|
|
97
|
+
$logger.error "Possible bug or security incident, investigate with care!"
|
|
98
|
+
$logger.error "Returned version string was: \"#{manifest['version']}\""
|
|
99
|
+
exit 0
|
|
100
|
+
end
|
|
86
101
|
else
|
|
87
102
|
return false
|
|
88
103
|
end
|
|
@@ -107,7 +122,7 @@ module Pupistry
|
|
|
107
122
|
@checksum = manifest['version']
|
|
108
123
|
else
|
|
109
124
|
$logger.error "No artifact has been built yet. You need to run pupistry build first?"
|
|
110
|
-
return
|
|
125
|
+
return false
|
|
111
126
|
end
|
|
112
127
|
end
|
|
113
128
|
|
|
@@ -118,7 +133,7 @@ module Pupistry
|
|
|
118
133
|
# Make sure the Puppetcode install directory exists
|
|
119
134
|
unless Dir.exists?($config["agent"]["puppetcode"])
|
|
120
135
|
$logger.warn "The destination path of #{$config["agent"]["puppetcode"]} does not appear to exist or is not readable"
|
|
121
|
-
return
|
|
136
|
+
return false
|
|
122
137
|
end
|
|
123
138
|
|
|
124
139
|
# Look for a manifest file in the directory and read the version from it.
|
|
@@ -128,7 +143,7 @@ module Pupistry
|
|
|
128
143
|
return manifest['version']
|
|
129
144
|
else
|
|
130
145
|
$logger.warn "No current version installed"
|
|
131
|
-
return
|
|
146
|
+
return false
|
|
132
147
|
end
|
|
133
148
|
end
|
|
134
149
|
|