Skip to content

APP-9928 verify UpdateBinary behavior when checksum fails #161

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

APP-9928 verify UpdateBinary behavior when checksum fails #161

wants to merge 2 commits into from

Conversation

@abe-winter
Copy link
Member

Safety follow-up to #158.

What changed

This doesn't change any prod behavior other than adding a warning log.

It adds 2 tests, ensuring that:

  • when the checksum is wrong at the top of UpdateBinary, it redownloads
  • when the checksum is wrong after a download, UpdateBinary errors

Why

Now that we have partial download support, it's plausible that we'll have corrupt downloads. The 'bad checksum' case is more important to test for.

Questions

  1. UpdateBinary doesn't delete a download with a bad checksum. Do we like this behavior? It returns an error, so in theory we won't use this bad binary, but why keep it around?
    • Is this to protect against the case where you update (currentVersion -> new), it fails, you update (new -> currentVersion), UpdateBinary gets called, and the current agent executable gets deleted because it somehow has a bad hash?
  2. Out of scope for this PR, but I think the UpdateBinary logic will loop endlessly if the cloud has a bad checksum for a URL. I think we shouldn't protect against this case, but surfacing it in case others have thoughts.

benjirewis
benjirewis reviewed Oct 29, 2025
View reviewed changes
version_control_test.go
test.That(t, err.Error(), test.ShouldContainSubstring, "sha256")

// Note: we leave the bad file there rather than deleting it when the checksum fails.
// The agent event loop should prevent it from being used because the cache isn't saved?
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm unclear what this Note means, but I do think we should be cleaning up a downloaded file with a bad checksum right?

Copy link
Member Author

@abe-winter abe-winter Oct 29, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes -- would like to delete the bad file.

I'm guessing this is okay for now (it won't delete the failed-checksum download, but it also won't use it); can I ticket this change but not do it right away?

slightly worried this is load bearing in some way.

(before merging I'll recheck that I'm right about it not using the bad download)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@benjirewis benjirewis benjirewis left review comments

@jmatth jmatth Awaiting requested review from jmatth

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@abe-winter @benjirewis