puppet: Add a sha256_file_to.

2023-01-28 00:57:23 +00:00 · 2023-01-28 00:57:23 +00:00 · 5db55c38dc
parent af0ba0b58f
commit 5db55c38dc
3 changed files with 71 additions and 12 deletions
--- a/puppet/zulip/manifests/external_dep.pp
+++ b/puppet/zulip/manifests/external_dep.pp
@ -1,8 +1,9 @@
 define zulip::external_dep(
  String $version,
  String $url,
-  String $tarball_prefix,
+  String $tarball_prefix = '',
  String $sha256 = '',
+  String $mode = '0755',
 ) {
  if $sha256 == '' {
    if $zulip::common::versions[$title]['sha256'] =~ Hash {
@ -19,25 +20,38 @@ define zulip::external_dep(
    $sha256_filled = $sha256
  }

-  $dir = "/srv/zulip-${title}-${version}"
+  $path = "/srv/zulip-${title}-${version}"

+  if $tarball_prefix == '' {
+    zulip::sha256_file_to { $title:
+      url        => $url,
+      sha256     => $sha256_filled,
+      install_to => $path,
+      before     => File[$path],
+    }
+    file { $path:
+      ensure => file,
+      mode   => $mode,
+    }
+  } else {
    zulip::sha256_tarball_to { $title:
      url          => $url,
      sha256       => $sha256_filled,
      install_from => $tarball_prefix,
-    install_to   => $dir,
+      install_to   => $path,
+      before       => File[$path],
+    }
+    file { $path:
+      ensure => directory,
+    }
  }

-  file { $dir:
-    ensure  => present,
-    require => Zulip::Sha256_Tarball_To[$title],
-  }

  tidy { "/srv/zulip-${title}-*":
    path    => '/srv/',
    recurse => 1,
    rmdirs  => true,
    matches => "zulip-${title}-*",
-    require => File[$dir],
+    require => File[$path],
  }
 }
--- a/puppet/zulip/manifests/sha256_file_to.pp
+++ b/puppet/zulip/manifests/sha256_file_to.pp
@ -0,0 +1,13 @@
+# @summary Downloads, verifies hash, and copies the one file out.
+#
+define zulip::sha256_file_to(
+  String $sha256,
+  String $url,
+  String $install_to,
+) {
+  exec { $url:
+    command => "${::zulip_scripts_path}/setup/sha256-file-to ${sha256} ${url} ${install_to}",
+    creates => $install_to,
+    timeout => 600,
+  }
+}
--- a/scripts/setup/sha256-file-to
+++ b/scripts/setup/sha256-file-to
@ -0,0 +1,32 @@
+#!/bin/sh
+
+if [ "$#" -ne 3 ]; then
+    echo "Usage:"
+    echo "  sha256-file-to SHA256 http://FETCH/FROM DST"
+    echo
+    echo "SHA256 is the sha256sum of the file fetched; the file is"
+    echo "placed in DST."
+    exit 1
+fi
+
+set -e
+set -x
+
+SHA256="$1"
+URL="$2"
+DST="$3"
+
+# Work in a tmpdir which we clean up at the end
+tmpdir="$(mktemp -d)"
+trap 'rm -r "$tmpdir"' EXIT
+cd "$tmpdir"
+
+# Fetch to a predictable name, not whatever curl guesses from the URL
+LOCALFILE="output"
+curl -fL --retry 3 -o "$LOCALFILE" "$URL"
+
+# Check the hash against what was passed in
+echo "$SHA256  $LOCALFILE" >"$LOCALFILE.sha256"
+sha256sum -c "$LOCALFILE.sha256"
+
+mv "$LOCALFILE" "$DST"