ENT-13005: Added integrity check to cf-remote remote installation#174
ENT-13005: Added integrity check to cf-remote remote installation#174victormlg wants to merge 1 commit intocfengine:masterfrom
Conversation
victormlg
force-pushed
the
improved-remote-download
branch
from
6c48260 to
f43babf
Compare
victormlg
force-pushed
the
improved-remote-download
branch
from
f43babf to
c52900a
Compare
larsewi
left a comment
larsewi
left a comment
There was a problem hiding this comment.
Remember to test the script 😉
victormlg
force-pushed
the
improved-remote-download
branch
from
c52900a to
b680be0
Compare
larsewi
left a comment
larsewi
left a comment
There was a problem hiding this comment.
Most of these checks can be done before you actually download the file. Maybe do these checks first, and then download.
victormlg
force-pushed
the
improved-remote-download
branch
from
b680be0 to
8cb770f
Compare
olehermanse
left a comment
olehermanse
left a comment
There was a problem hiding this comment.
Please expand nt-discovery.sh and then do the error checking as early as possible (as fast as possible). This way you can detect errors right after running nt-discovery.sh, without having to transfer over another script.
victormlg
force-pushed
the
improved-remote-download
branch
2 times, most recently
from
3e755d9 to
ea263af
Compare
Ticket: ENT-13005 Signed-off-by: Victor Moene <victor.moene@northern.tech>
victormlg
force-pushed
the
improved-remote-download
branch
from
ea263af to
ca9da21
Compare
| if insecure: | ||
| log.warning(ret) | ||
|
|
||
| log.debug("Successfully remotely installed package on host") |
There was a problem hiding this comment.
The script only downloads, it does not install?
| log.debug("Successfully remotely installed package on host") | |
| log.debug("Successfully remotely downloaded package on host") |
| ): | ||
|
|
||
| if not pkg_binary: | ||
| return None |
There was a problem hiding this comment.
Should there be an error message here?
| return package | ||
|
|
||
| def _remote_download( | ||
| host, package, artifact, pkg_binary, insecure=False, connection=None |
There was a problem hiding this comment.
A doc string explaining the arguments would be very helpful
| if ret is None: | ||
| return None | ||
| if insecure: | ||
| log.warning(ret) |
There was a problem hiding this comment.
What is logged here? The return code? The entire SSH output?
| cleanup() { | ||
| rm -f "$tmpfile" | ||
| } | ||
| trap cleanup EXIT QUIT TERM |
There was a problem hiding this comment.
Should INT be included to clean up on Ctrl+C?
|
|
||
| if [ "$HAS_WGET" -eq 1 ]; then | ||
| wget -nv -O "$tmpfile" "$PACKAGE" | ||
| else |
|
|
||
| print("Downloading '%s' on '%s' using curl" % (package, host)) | ||
| r = ssh_cmd( | ||
| cmd="curl --fail -O {}".format(package), connection=connection, errors=True |
There was a problem hiding this comment.
This code preferred curl. Why is wget preferred now?
3 participants
No description provided.