From 385ba4cface1870c3fa2113a87d07303366d9869 Mon Sep 17 00:00:00 2001
From: Lucas Bajolet <lucas.bajolet@hashicorp.com>
Date: Thu, 14 Mar 2024 15:48:13 -0400
Subject: [PATCH] plugins: ensure valid checksum before exec

When Packer discovers binary a bunch of checks are performed, which
ultimately end with a checksum match check.

This however should be the very first thing we do, even before
attempting to run `describe' on the plugin binary we're discovering.

So this commit moves this checksum match to the top of the discovery
process for binaries.
---
 packer/plugin-getter/plugins.go | 42 ++++++++++++++++-----------------
 1 file changed, 21 insertions(+), 21 deletions(-)

diff --git a/packer/plugin-getter/plugins.go b/packer/plugin-getter/plugins.go
index fdfeaae7c..e38c4e97e 100644
--- a/packer/plugin-getter/plugins.go
+++ b/packer/plugin-getter/plugins.go
@@ -131,6 +131,27 @@ func (pr Requirement) ListInstallations(opts ListInstallationsOptions) (InstallL
 			continue
 		}
 
+		checksumOk := false
+		for _, checksummer := range opts.Checksummers {
+
+			cs, err := checksummer.GetCacheChecksumOfFile(path)
+			if err != nil {
+				log.Printf("[TRACE] GetChecksumOfFile(%q) failed: %v", path, err)
+				continue
+			}
+
+			if err := checksummer.ChecksumFile(cs, path); err != nil {
+				log.Printf("[TRACE] ChecksumFile(%q) failed: %v", path, err)
+				continue
+			}
+			checksumOk = true
+			break
+		}
+		if !checksumOk {
+			log.Printf("[TRACE] No checksum found for %q ignoring possibly unsafe binary", path)
+			continue
+		}
+
 		// base name could look like packer-plugin-amazon_v1.2.3_x5.1_darwin_amd64.exe
 		versionsStr := strings.TrimPrefix(fname, FilenamePrefix)
 		versionsStr = strings.TrimSuffix(versionsStr, filenameSuffix)
@@ -207,27 +228,6 @@ func (pr Requirement) ListInstallations(opts ListInstallationsOptions) (InstallL
 			continue
 		}
 
-		checksumOk := false
-		for _, checksummer := range opts.Checksummers {
-
-			cs, err := checksummer.GetCacheChecksumOfFile(path)
-			if err != nil {
-				log.Printf("[TRACE] GetChecksumOfFile(%q) failed: %v", path, err)
-				continue
-			}
-
-			if err := checksummer.ChecksumFile(cs, path); err != nil {
-				log.Printf("[TRACE] ChecksumFile(%q) failed: %v", path, err)
-				continue
-			}
-			checksumOk = true
-			break
-		}
-		if !checksumOk {
-			log.Printf("[TRACE] No checksum found for %q ignoring possibly unsafe binary", path)
-			continue
-		}
-
 		res = append(res, &Installation{
 			BinaryPath: path,
 			Version:    pluginVersionStr,