Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DEPLOY : Audit SHAxxx is case sensitive #559

Open
2 tasks done
doudz opened this issue Oct 10, 2024 · 6 comments
Open
2 tasks done

DEPLOY : Audit SHAxxx is case sensitive #559

doudz opened this issue Oct 10, 2024 · 6 comments

Comments

@doudz
Copy link

doudz commented Oct 10, 2024
edited
Loading

Code of Conduct

  • I agree to follow this project's Code of Conduct

Is there an existing issue for this?

  • I have searched the existing issues

GLPI Version

10.0.16

Plugin version

1.3.5

Bug description

When deploying a package, the hash comparison is case sensitive during audit and it should not.
It only works with lower case

For example for the same file
the following match
981684f7d16e978260008d93a2e0c355883fddeb542366bdfb4cf95ca4c56ea011c55b759ab5563be0dcf5a0ec58137de03275e448b31e9aa508a9cf78d1dfd6

and the following doesn't
981684F7D16E978260008D93A2E0C355883FDDEB542366BDFB4CF95CA4C56EA011C55B759AB5563BE0DCF5A0EC58137DE03275E448B31E9AA508A9CF78D1DFD6

Relevant log output

No response

Page URL

No response

Steps To reproduce

No response

Your GLPI setup information

No response

Anything else?

No response
@stonebuzz
Copy link
Collaborator

Hi @doudz

First of all, please retry with latest version (1.4.0)

@doudz
Copy link
Author

doudz commented Oct 11, 2024

test with 1.4.0 : same problem
This problem exists since years...

image

@github-actions GitHub Actions
Copy link

There has been no activity on this issue for some time and therefore it is considered stale and will be closed automatically in 7 days.

If this issue is related to a bug, please try to reproduce on latest release. If the problem persist, feel free to add a comment to revive this issue.

You may also consider taking a subscription to get professionnal support or contact GLPI editor team directly.

@github-actions github-actions bot added the Stale label Dec 11, 2024
@trasher trasher removed the Stale label Dec 11, 2024
@stonebuzz
Copy link
Collaborator

@g-bougard

can you check ? I have the impression that the audit is done on the agent’s side.

FileSHA512.pm (success function)

    $self->on_failure($self->{path} . " has wrong sha512 file hash, found $sha512");
    return ( $sha512 eq $expected );

@g-bougard
Copy link
Member

Hi @stonebuzz

yes, the check is really done there. But as far as know, a hex-digest should just be in lower case and this is what provides perl api. I mean this is probably just an agreement so we should probably just keep it, check it and so forcing lower casing.

I'll change glpi-agent code to force lower-case on that check and on FileSHA512Mismatch.pm case too. But the plugin can also send that expectation in lower-case.

g-bougard added a commit to glpi-project/glpi-agent that referenced this issue Dec 11, 2024
@g-bougard
fix: Fix file digest check to lower case provided value before compar…
999066d 
…ing them

Closes glpi-project/glpi-inventory-plugin#559
@g-bougard
Copy link
Member

Digest checking won't be case-sensitive in next glpi-agent version.

@doudz You'll be able to validate with next glpi-agent nightly build if you want.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@trasher @doudz @stonebuzz @g-bougard