plugins: ensure valid checksum before exec

When Packer discovers binary a bunch of checks are performed, which ultimately end with a checksum match check. This however should be the very first thing we do, even before attempting to run `describe' on the plugin binary we're discovering. So this commit moves this checksum match to the top of the discovery process for binaries.
2 years ago · 385ba4cfac
parent 0d66848578
commit 385ba4cfac
1 changed files with 21 additions and 21 deletions
--- a/packer/plugin-getter/plugins.go
+++ b/packer/plugin-getter/plugins.go
@ -131,6 +131,27 @@ func (pr Requirement) ListInstallations(opts ListInstallationsOptions) (InstallL
 			continue
 		}

+		checksumOk := false
+		for _, checksummer := range opts.Checksummers {
+
+			cs, err := checksummer.GetCacheChecksumOfFile(path)
+			if err != nil {
+				log.Printf("[TRACE] GetChecksumOfFile(%q) failed: %v", path, err)
+				continue
+			}
+
+			if err := checksummer.ChecksumFile(cs, path); err != nil {
+				log.Printf("[TRACE] ChecksumFile(%q) failed: %v", path, err)
+				continue
+			}
+			checksumOk = true
+			break
+		}
+		if !checksumOk {
+			log.Printf("[TRACE] No checksum found for %q ignoring possibly unsafe binary", path)
+			continue
+		}
+
 		// base name could look like packer-plugin-amazon_v1.2.3_x5.1_darwin_amd64.exe
 		versionsStr := strings.TrimPrefix(fname, FilenamePrefix)
 		versionsStr = strings.TrimSuffix(versionsStr, filenameSuffix)
@ -207,27 +228,6 @@ func (pr Requirement) ListInstallations(opts ListInstallationsOptions) (InstallL
 			continue
 		}

-		checksumOk := false
-		for _, checksummer := range opts.Checksummers {
-
-			cs, err := checksummer.GetCacheChecksumOfFile(path)
-			if err != nil {
-				log.Printf("[TRACE] GetChecksumOfFile(%q) failed: %v", path, err)
-				continue
-			}
-
-			if err := checksummer.ChecksumFile(cs, path); err != nil {
-				log.Printf("[TRACE] ChecksumFile(%q) failed: %v", path, err)
-				continue
-			}
-			checksumOk = true
-			break
-		}
-		if !checksumOk {
-			log.Printf("[TRACE] No checksum found for %q ignoring possibly unsafe binary", path)
-			continue
-		}
-
 		res = append(res, &Installation{
 			BinaryPath: path,
 			Version:    pluginVersionStr,