ENT-13005: Added integrity check to cf-remote remote installation by victormlg · Pull Request #174 · cfengine/cf-remote

victormlg · 2026-02-24T15:54:21Z

No description provided.

cf_remote/remote-download.sh

cf_remote/remote.py

MANIFEST.in

larsewi

Remember to test the script 😉

cf_remote/remote-download.sh

larsewi · 2026-03-03T09:22:13Z

cf_remote/remote-download.sh

+
+if [ -z "$HAS_SHA256SUM" ]; then
+    if [ "$INSECURE" -eq 0 ]; then
+        echo "Cannot check file integrity. sha256sum is not installed on host. Run with --insecure to skip"


The flag is -I but it says to use --insecure

Suggested change

echo "Cannot check file integrity. sha256sum is not installed on host. Run with --insecure to skip"

echo "Cannot check file integrity. sha256sum is not installed on host. Run with -I to skip"

The output of the script is printed by cf-remote. On cf-remote, the flag is --insecure, that's why I kept it like that

cf_remote/remote-download.sh

larsewi

Most of these checks can be done before you actually download the file. Maybe do these checks first, and then download.

Ticket: ENT-13005 Signed-off-by: Victor Moene <[email protected]>

olehermanse

Please expand nt-discovery.sh and then do the error checking as early as possible (as fast as possible). This way you can detect errors right after running nt-discovery.sh, without having to transfer over another script.

olehermanse · 2026-03-03T22:53:42Z

cf_remote/remote.py

+            "wget",
+            "sha256sum",
+        ]:
            path = discovery.get("NTD_{}".format(bin.upper()))


@victormlg AFAICT nt-discovery.sh won't check for these so, you won't have any data about then in the discovery dict. Need to expand nt-discovery.sh to look for wget and sha256sum

victormlg force-pushed the improved-remote-download branch from 6c48260 to f43babf Compare February 24, 2026 16:06

victormlg requested a review from larsewi March 2, 2026 08:51

larsewi requested changes Mar 2, 2026

View reviewed changes

victormlg force-pushed the improved-remote-download branch from f43babf to c52900a Compare March 2, 2026 13:12

victormlg requested a review from larsewi March 2, 2026 13:14

larsewi requested changes Mar 3, 2026

View reviewed changes

victormlg force-pushed the improved-remote-download branch from c52900a to b680be0 Compare March 3, 2026 11:44

victormlg requested a review from larsewi March 3, 2026 11:49

larsewi requested changes Mar 3, 2026

View reviewed changes

Added integrity check to cf-remote remote installation

8cb770f

Ticket: ENT-13005 Signed-off-by: Victor Moene <[email protected]>

victormlg force-pushed the improved-remote-download branch from b680be0 to 8cb770f Compare March 3, 2026 14:15

victormlg requested a review from larsewi March 3, 2026 15:24

olehermanse requested changes Mar 3, 2026

View reviewed changes

	echo "Cannot check file integrity. sha256sum is not installed on host. Run with --insecure to skip"
	echo "Cannot check file integrity. sha256sum is not installed on host. Run with -I to skip"

Conversation

victormlg commented Feb 24, 2026

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

larsewi left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

larsewi Mar 3, 2026

Choose a reason for hiding this comment

Uh oh!

victormlg Mar 3, 2026

Choose a reason for hiding this comment

Uh oh!

Uh oh!

larsewi left a comment

Choose a reason for hiding this comment

Uh oh!

olehermanse left a comment

Choose a reason for hiding this comment

Uh oh!

olehermanse Mar 3, 2026

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Milestone

Development

Uh oh!

3 participants