Chocolatey Checksums Mismatch in CI Procedures
48 views
Skip to first unread message
Roy Keret
May 28, 2021, 6:34:40 AM5/28/21
to Ansible Project
Hi guys,
In my company, we're using the win_chocolatey module to install several Windows programs as part of the CI process.
Every now and then, a Chocolatey package gets updated while the checksum does not, resulting in the checksums mismatch, the win_chocolatey failing and then failing our entire CI (40 machines?).
To me it seems unmaintainable to allow all the CI to fail due to a temporary Chocolatey issue.
I'm trying to understand how I can mitigate the issue.
I thought of several options:
1. Choose to ignore checksums altogether.
Cons: I guess this isn't best practice, security wise.
2. Specifying a version for the Chocolatey packages.
This is assuming that old versions don't have their checksums change.
Cons: You're not installing latest, then again, do you really care if you're installing latest 7zip or a 2-months old 7zip?
3. Ignoring errors in win_chocolatey
Cons: Doesn't sound feasible, assuming that all of these packages are needed for the CI process.
In my company, we're using the win_chocolatey module to install several Windows programs as part of the CI process.
Every now and then, a Chocolatey package gets updated while the checksum does not, resulting in the checksums mismatch, the win_chocolatey failing and then failing our entire CI (40 machines?).
To me it seems unmaintainable to allow all the CI to fail due to a temporary Chocolatey issue.
I'm trying to understand how I can mitigate the issue.
I thought of several options:
1. Choose to ignore checksums altogether.
Cons: I guess this isn't best practice, security wise.
2. Specifying a version for the Chocolatey packages.
This is assuming that old versions don't have their checksums change.
Cons: You're not installing latest, then again, do you really care if you're installing latest 7zip or a 2-months old 7zip?
3. Ignoring errors in win_chocolatey
Cons: Doesn't sound feasible, assuming that all of these packages are needed for the CI process.
Reply all
Reply to author
Forward
0 new messages