how to require a md5sum before installing?
90 views
Skip to first unread message
Andy Spiegl
Feb 14, 2014, 10:38:03 AM2/14/14
to puppet...@googlegroups.com
Hi,
I've got several modules which grab installer files from a network
share. The share is readonly and as well protected as possibly.
But still, I have a bad feeling about it and would like to introduce
an extra layer of security. Like checking the md5sum of the file
before running the installer.
I thought about have a require line similar to
require => md5['cdfb294489a14305ca729cc13fe10d52'],
Any ideas?
Thanks,
Andy.
--
It is no coincidence that in no known language
does the phrase 'As pretty as an Airport' appear.
(Douglas Adams)
I've got several modules which grab installer files from a network
share. The share is readonly and as well protected as possibly.
But still, I have a bad feeling about it and would like to introduce
an extra layer of security. Like checking the md5sum of the file
before running the installer.
I thought about have a require line similar to
require => md5['cdfb294489a14305ca729cc13fe10d52'],
Any ideas?
Thanks,
Andy.
--
It is no coincidence that in no known language
does the phrase 'As pretty as an Airport' appear.
(Douglas Adams)
Klavs Klavsen
Feb 17, 2014, 2:21:01 AM2/17/14
to puppet...@googlegroups.com, puppe...@spiegl.de
My solution to that, has been to use a packaging system. RPM etc. all check md5sum (and PGP check against upstream signature) - so I insist on rolling everything binary, on as packages, and use only 1 packaging system per host (ie. gems etc. get repackaged to rpm, deb or whatever).
Andy Spiegl
Feb 17, 2014, 5:52:04 AM2/17/14
to puppet...@googlegroups.com
> My solution to that, has been to use a packaging system.
Thanks, that's a good solution!
For my windows clients I need something different, though. :-(
Apparently there is no solution yet. How would I go about writing a
plugin myself? Unfortunately I'm still too new to puppet...
Thanks,
Andy.
--
Did you know: Women blink nearly twice as much as men.
Rafael Cristaldo
Feb 17, 2014, 12:32:55 PM2/17/14
to puppet...@googlegroups.com, puppe...@spiegl.de
Hi Andy!
I know a module that download packages (tar.gz) for example, and make MD5 check on it!.
Maybe you may download it and analyse the manifests to understand how to do MD5 on your modules!
http://forge.puppetlabs.com/gini/archive
I have used it! with my módules, create my packages and the MD5 of them..and it works!
Andy Spiegl
Feb 19, 2014, 12:32:20 PM2/19/14
to puppet...@googlegroups.com, Rafael Cristaldo
Hi Rafael,
> http://forge.puppetlabs.com/gini/archive
Thanks, I'll try that! Sounds promising.
Now I only have to find a way to securely get md5sum.exe onto the
machines, uhm...
Thanks!
Andy.
--
Every generation laughs at the old fashions
but religiously follows the new. (Henry David Thoreau, US philosopher)
> http://forge.puppetlabs.com/gini/archive
Thanks, I'll try that! Sounds promising.
Now I only have to find a way to securely get md5sum.exe onto the
machines, uhm...
Thanks!
Andy.
--
Every generation laughs at the old fashions
but religiously follows the new. (Henry David Thoreau, US philosopher)
Rafael Cristaldo
Feb 20, 2014, 5:32:46 AM2/20/14
to puppet...@googlegroups.com, Rafael Cristaldo
Hi Andy..
Tell me more about your goal!
What you really need!?Tell me more about your goal!
--
Rafael Cristaldo
Rafael Cristaldo
Analísta de Suporte
FPTI - Parque Tecnológico Itaipu
LPIC-3 Senior Level Linux Certification
LPIC-3 Senior Level Linux Certification
LPI ID; LPI000238085 Cod: 4ackegjqlx
Andy Spiegl
Feb 21, 2014, 12:54:03 PM2/21/14
to puppet...@googlegroups.com, Rafael Cristaldo
> Tell me more about your goal!
>
> What you really need!?
>
> Are your client Windows or Linux ?
Most of them are Linux, but many user workstations are Windows.
>
> What you really need!?
>
> Are your client Windows or Linux ?
I am trying to set up puppet to update the most security crucial
programs on these Windows machines: Java, Flash, Firefox, Thunderbird,
putty, vlc and puppet itself of course.
I've got a separate module for each which grab installer files from a
samba share. The share is readonly but we have a bad feeling about it
and would like to introduce an extra layer of security. Like checking
the md5sum of the file before running the installer on the clients.
The module you mentioned (gini-archive) sounds very practical, but if
I distribute md5sum.exe to the windows clients using the same puppet
method, I don't really gain security. :-)
Thanks,
Andy.
--
If you take USABLE from UNSTABLE you get NT.
Rafael Cristaldo
Feb 21, 2014, 1:05:38 PM2/21/14
to puppet...@googlegroups.com, Rafael Cristaldo
Hi Andy...
I think i got your idea....Andy Spiegl
Feb 21, 2014, 1:19:07 PM2/21/14
to puppet...@googlegroups.com, Rafael Cristaldo
Hi Rafael,
> It download the tarball, extract it to the target /usr/local , check
> with MD5 and install my ERP.
Windows doesn't have md5sum functionality built in. I have to get
md5sum.exe to the machine somehow.
The ARCHIVE module uses curl, rm, tar, unzip, ...
Lots of unix tools. :-(
Thanks,
Andy.
--
It's like shearing a pig – lots of screams but little wool. (Putin, 2013)
> It download the tarball, extract it to the target /usr/local , check
> with MD5 and install my ERP.
md5sum.exe to the machine somehow.
The ARCHIVE module uses curl, rm, tar, unzip, ...
Lots of unix tools. :-(
Thanks,
Andy.
--
It's like shearing a pig – lots of screams but little wool. (Putin, 2013)
Reply all
Reply to author
Forward
0 new messages