diff --git a/changelogs/fragments/74502-get_url-filx-checksum-binary.yml b/changelogs/fragments/74502-get_url-filx-checksum-binary.yml new file mode 100644 index 00000000000..76ee656bba9 --- /dev/null +++ b/changelogs/fragments/74502-get_url-filx-checksum-binary.yml @@ -0,0 +1,2 @@ +bugfixes: + - get_url - Fixed checksum validation for binary files (leading asterisk) in checksum files (https://github.com/ansible/ansible/pull/74502). diff --git a/lib/ansible/modules/get_url.py b/lib/ansible/modules/get_url.py index 572c12c9a63..314f7e1d40e 100644 --- a/lib/ansible/modules/get_url.py +++ b/lib/ansible/modules/get_url.py @@ -511,14 +511,21 @@ def main(): os.remove(checksum_tmpsrc) checksum_map = [] for line in lines: - parts = line.split(None, 1) + # Split by one whitespace to keep the leading type char ' ' (whitespace) for text and '*' for binary + parts = line.split(" ", 1) if len(parts) == 2: - checksum_map.append((parts[0], parts[1])) + # Remove the leading type char, we expect + if parts[1].startswith((" ", "*",)): + parts[1] = parts[1][1:] + + # Append checksum and path without potential leading './' + checksum_map.append((parts[0], parts[1].lstrip("./"))) + filename = url_filename(url) # Look through each line in the checksum file for a hash corresponding to # the filename in the url, returning the first hash that is found. - for cksum in (s for (s, f) in checksum_map if f.strip('./') == filename): + for cksum in (s for (s, f) in checksum_map if f == filename): checksum = cksum break else: diff --git a/test/integration/targets/get_url/tasks/main.yml b/test/integration/targets/get_url/tasks/main.yml index a85a55871bc..32da1d51183 100644 --- a/test/integration/targets/get_url/tasks/main.yml +++ b/test/integration/targets/get_url/tasks/main.yml @@ -367,6 +367,15 @@ 30949cc401e30ac494d695ab8764a9f76aae17c5d73c67f65e9b558f47eff892 ./not_target1.txt d0dbfc1945bc83bf6606b770e442035f2c4e15c886ee0c22fb3901ba19900b5b ./not_target2.txt +- name: create sha256 checksum file of src with a * leading path + copy: + dest: '{{ files_dir }}/sha256sum_with_asterisk.txt' + content: | + b1b6ce5073c8fac263a8fc5edfffdbd5dec1980c784e09c5bc69f8fb6056f006. *27617.txt + b1b6ce5073c8fac263a8fc5edfffdbd5dec1980c784e09c5bc69f8fb6056f006. *71420.txt + 30949cc401e30ac494d695ab8764a9f76aae17c5d73c67f65e9b558f47eff892 *not_target1.txt + d0dbfc1945bc83bf6606b770e442035f2c4e15c886ee0c22fb3901ba19900b5b *not_target2.txt + - copy: src: "testserver.py" dest: "{{ remote_tmp_dir }}/testserver.py" @@ -423,6 +432,17 @@ path: "{{ remote_tmp_dir }}/27617sha256_with_dot.txt" register: stat_result_sha256_with_dot +- name: download src with sha256 checksum url with asterisk leading paths + get_url: + url: 'http://localhost:{{ http_port }}/27617.txt' + dest: '{{ remote_tmp_dir }}/27617sha256_with_asterisk.txt' + checksum: 'sha256:http://localhost:{{ http_port }}/sha256sum_with_asterisk.txt' + register: result_sha256_with_asterisk + +- stat: + path: "{{ remote_tmp_dir }}/27617sha256_with_asterisk.txt" + register: stat_result_sha256_with_asterisk + - name: download src with sha256 checksum url with file scheme get_url: url: 'http://localhost:{{ http_port }}/27617.txt' @@ -467,6 +487,17 @@ path: "{{ remote_tmp_dir }}/71420sha256_with_dot.txt" register: stat_result_sha256_with_dot_71420 +- name: download 71420.txt with sha256 checksum url with asterisk leading paths + get_url: + url: 'http://localhost:{{ http_port }}/71420.txt' + dest: '{{ remote_tmp_dir }}/71420sha256_with_asterisk.txt' + checksum: 'sha256:http://localhost:{{ http_port }}/sha256sum_with_asterisk.txt' + register: result_sha256_with_asterisk_71420 + +- stat: + path: "{{ remote_tmp_dir }}/71420sha256_with_asterisk.txt" + register: stat_result_sha256_with_asterisk_71420 + - name: download 71420.txt with sha256 checksum url with file scheme get_url: url: 'http://localhost:{{ http_port }}/71420.txt' @@ -485,18 +516,22 @@ - result_sha1 is changed - result_sha256 is changed - result_sha256_with_dot is changed + - result_sha256_with_asterisk is changed - result_sha256_with_file_scheme is changed - "stat_result_sha1.stat.exists == true" - "stat_result_sha256.stat.exists == true" - "stat_result_sha256_with_dot.stat.exists == true" + - "stat_result_sha256_with_asterisk.stat.exists == true" - "stat_result_sha256_with_file_scheme.stat.exists == true" - result_sha1_71420 is changed - result_sha256_71420 is changed - result_sha256_with_dot_71420 is changed + - result_sha256_with_asterisk_71420 is changed - result_sha256_with_file_scheme_71420 is changed - "stat_result_sha1_71420.stat.exists == true" - "stat_result_sha256_71420.stat.exists == true" - "stat_result_sha256_with_dot_71420.stat.exists == true" + - "stat_result_sha256_with_asterisk_71420.stat.exists == true" - "stat_result_sha256_with_file_scheme_71420.stat.exists == true" #https://github.com/ansible/ansible/issues/16191