pupistry 0.0.8 → 0.0.9
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/bin/pupistry +15 -1
- data/lib/pupistry/artifact.rb +19 -4
- metadata +1 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 2a46ac7b30671451d7bee3ad1e7d70b20d1fa9f5
|
4
|
+
data.tar.gz: 72e76d1cf0041bdb783eb246a3844126f9a7f36b
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 2e177835938370c964858fbc42261072f950fee59c20bbddc1e43b793517f14ecb943aa3d4b619c0e456511822d741029db8ccf81c09c127e6f83f120434f0e1
|
7
|
+
data.tar.gz: ff3eff835449d84597e95807c6cd304e187420a86ea72bf2b7faebdfa545b5917c7f972cb32bbf9ec31b0f6b517f561bdf86d1a0b56897ae6ddf9fe91df115a7
|
data/bin/pupistry
CHANGED
@@ -62,15 +62,24 @@ class CLI < Thor
|
|
62
62
|
artifact = Pupistry::Artifact.new
|
63
63
|
artifact.checksum = artifact.fetch_latest
|
64
64
|
|
65
|
+
unless artifact.checksum
|
66
|
+
$logger.error "There is no current artifact available for download, no steps can be taken."
|
67
|
+
exit 0
|
68
|
+
end
|
69
|
+
|
65
70
|
artifact_installed = Pupistry::Artifact.new
|
66
71
|
artifact_installed.checksum = artifact_installed.fetch_installed
|
67
72
|
|
73
|
+
if artifact_installed.checksum
|
74
|
+
$logger.debug "Currently on #{artifact_installed.checksum}"
|
75
|
+
else
|
76
|
+
$logger.debug "No currently installed artifact - blank slate!"
|
77
|
+
end
|
68
78
|
|
69
79
|
# Download the new artifact if one has changed. If we already have this
|
70
80
|
# version, then we should skip downloading and go straight to running
|
71
81
|
# Puppet - unless the user runs with --force (eg to fix a corrupted
|
72
82
|
# artifact).
|
73
|
-
$logger.debug "Currently on #{artifact_installed.checksum}"
|
74
83
|
|
75
84
|
if artifact.checksum != artifact_installed.checksum or options[:force]
|
76
85
|
if options[:force]
|
@@ -218,6 +227,11 @@ class CLI < Thor
|
|
218
227
|
|
219
228
|
artifact_current.fetch_artifact
|
220
229
|
|
230
|
+
# Are they the same version?
|
231
|
+
if artifact_current.checksum == artifact_upstream.checksum
|
232
|
+
$logger.info "Current version and upstream version are the same, no diff"
|
233
|
+
end
|
234
|
+
|
221
235
|
# Unpack the archives
|
222
236
|
artifact_current.unpack
|
223
237
|
artifact_upstream.unpack
|
data/lib/pupistry/artifact.rb
CHANGED
@@ -82,7 +82,22 @@ module Pupistry
|
|
82
82
|
manifest = YAML::load(contents)
|
83
83
|
|
84
84
|
if defined? manifest['version']
|
85
|
-
|
85
|
+
# We have a manifest version supplied, however since the manifest
|
86
|
+
# isn't signed, there's risk of an exploited S3 bucket replacing
|
87
|
+
# the version with injections designed to attack the shell commands
|
88
|
+
# we call from Pupistry.
|
89
|
+
#
|
90
|
+
# Therefore we need to make sure the manifest version matches a
|
91
|
+
# regex suitable for a checksum.
|
92
|
+
|
93
|
+
if /^[A-Za-z0-9]{32}$/.match(manifest['version'])
|
94
|
+
return manifest['version']
|
95
|
+
else
|
96
|
+
$logger.error "Manifest version returned from S3 manifest.latest.yaml did not match expected regex of MD5."
|
97
|
+
$logger.error "Possible bug or security incident, investigate with care!"
|
98
|
+
$logger.error "Returned version string was: \"#{manifest['version']}\""
|
99
|
+
exit 0
|
100
|
+
end
|
86
101
|
else
|
87
102
|
return false
|
88
103
|
end
|
@@ -107,7 +122,7 @@ module Pupistry
|
|
107
122
|
@checksum = manifest['version']
|
108
123
|
else
|
109
124
|
$logger.error "No artifact has been built yet. You need to run pupistry build first?"
|
110
|
-
return
|
125
|
+
return false
|
111
126
|
end
|
112
127
|
end
|
113
128
|
|
@@ -118,7 +133,7 @@ module Pupistry
|
|
118
133
|
# Make sure the Puppetcode install directory exists
|
119
134
|
unless Dir.exists?($config["agent"]["puppetcode"])
|
120
135
|
$logger.warn "The destination path of #{$config["agent"]["puppetcode"]} does not appear to exist or is not readable"
|
121
|
-
return
|
136
|
+
return false
|
122
137
|
end
|
123
138
|
|
124
139
|
# Look for a manifest file in the directory and read the version from it.
|
@@ -128,7 +143,7 @@ module Pupistry
|
|
128
143
|
return manifest['version']
|
129
144
|
else
|
130
145
|
$logger.warn "No current version installed"
|
131
|
-
return
|
146
|
+
return false
|
132
147
|
end
|
133
148
|
end
|
134
149
|
|