The downloading twice issue is PUP-3916 and is due to the way puppet determines if a resource is insync and if so, enforces compliance. The file diff is calculated in the first step, because we want to show what would happen when running in noop mode, as step 2 never happens. Puppet has always worked this way, but is only a hard failure due to PUP-10368, as puppet strictly enforces that the file it is about to commit matches the desired checksum, either specified in the manifest or retrieved from the source via file_metadata. Previously puppet was "lenient". Since puppet makes two requests for metadata and content, there is always a race condition where the content can change in between. I'd argue that setting the checksum type to mtime is probably the correct thing here, since you can't definitively say what the md5/sha256 checksum is. |