Jira (PUP-9909) Use file_sha256 to verify module tarballs

Issue Type:	Improvement
Assignee:	Unassigned
Created:	2019/07/18 10:01 AM
Priority:	Normal
Reporter:	Josh Cooper

The forge api recently added file_sha256 for module downloads, see ~~FORGE-360~~. The PMT should prefer that digest always. If the digest is missing and fips is enabled, it should raise like it does now. If fips is not enabled, then it should fall back to md5.

This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93)

Jesse Scott (JIRA)

unread,

Jul 18, 2019, 1:31:02 PM7/18/19

to puppe...@googlegroups.com

Jesse Scott commented on

Re: Use file_sha256 to verify module tarballs

To save someone some spelunking, I think most of the changes will be in lib/puppet/forge.rb

Josh Cooper (JIRA)

unread,

Jul 19, 2019, 7:13:03 PM7/19/19

to puppe...@googlegroups.com

Josh Cooper updated an issue

Puppet /

Change By:	Josh Cooper
Fix Version/s:	PUP 6.y

Josh Cooper (JIRA)

unread,

Jul 19, 2019, 7:14:03 PM7/19/19

to puppe...@googlegroups.com

Josh Cooper updated an issue

Puppet /

Change By:	Josh Cooper
Sprint:	Coremunity Hopper

Josh Cooper (JIRA)

unread,

Jul 22, 2019, 12:50:04 PM7/22/19

to puppe...@googlegroups.com

Josh Cooper assigned an issue to Josh Cooper

Puppet /

Change By:	Josh Cooper
Assignee:	Josh Cooper

Josh Cooper (JIRA)

unread,

Jul 22, 2019, 12:50:04 PM7/22/19

to puppe...@googlegroups.com

Josh Cooper updated an issue

Puppet /

Change By:	Josh Cooper
Sprint:	Coremunity Hopper Platform Core KANBAN

Josh Cooper (JIRA)

unread,

Jul 23, 2019, 12:34:02 PM7/23/19

to puppe...@googlegroups.com

Josh Cooper commented on

Re: Use file_sha256 to verify module tarballs

Merged to master in https://github.com/puppetlabs/puppet/commit/c8bc473aa2dd2eb7571487fd0c06e38b6bc341a5

Josh Cooper (JIRA)

unread,

Jul 23, 2019, 12:47:03 PM7/23/19

to puppe...@googlegroups.com

Josh Cooper updated an issue

Puppet /