Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

docker image for splunk 7.1.0 fails file integrity validation #77

Open
skwongg opened this issue Jun 19, 2018 · 1 comment
Open

docker image for splunk 7.1.0 fails file integrity validation #77

skwongg opened this issue Jun 19, 2018 · 1 comment

Comments

@skwongg
Copy link

skwongg commented Jun 19, 2018

I'm not sure if this version is still supported but I found 3 app files are failing file integrity check and yield different sha256 hashes in the docker image vs. direct tar install. The hashes in the manifest file are consistent with the direct tar installation but not with the files from docker. I can suppress the errors for now or edit the manifest, but both of those solutions are not ideal since I don't want to bake these into my cluster management scripts. I've checked on different machines and environments and arrived at the same result (some local, some staging and some live). Thanks!

Docker version:
docker version 18.03.1-ce

Steps to reproduce:
docker pull splunk/splunk:7.1.0
docker run -d -it splunk/splunk:7.1.0
docker exec -it <container_name> bash
./bin/splunk validate files

results in:

File '/opt/splunk/share/splunk/migration/app_contents_SplunkDeploymentMonitor.tar.gz' changed.
File '/opt/splunk/share/splunk/migration/app_contents_unix.tar.gz' changed.
File '/opt/splunk/share/splunk/migration/app_contents_windows.tar.gz' changed.

Compared with the tar.gz downloaded hashes they are different.

run sha256sum against these files:
sha256sum /opt/splunk/share/splunk/migration/app_contents_*

output:
b3f57820ec6af9c62d6685a6a7a7a2ff7f039be2712c04c1f190785afc34fdc4 /opt/splunk/share/splunk/migration/app_contents_SplunkDeploymentMonitor.tar.gz
75728e3fa3b43e7c9214f36df7cb483079d5d14511b754fd14b439bf0d1ad3bd /opt/splunk/share/splunk/migration/app_contents_unix.tar.gz
b141a423f3b7822673465776596fc8278c12e793b6b1f108045b063c975c130f /opt/splunk/share/splunk/migration/app_contents_windows.tar.gz

To grep the manifest file for the hashes it was expecting for these files (run from $SPLUNK_HOME):
grep "app_contents_" splunk-7.1.0-2e75b3406c5b-linux-2.6-x86_64-manifest

which results in:

f 444 splunk splunk splunk/share/splunk/migration/app_contents_SplunkDeploymentMonitor.tar.gz 3478cfae2593f6be92fc084f2d195c27be13e11441d4118116e27010a2a041d5
f 444 splunk splunk splunk/share/splunk/migration/app_contents_unix.tar.gz 98cc648a8a0c6901f7d3bb585e8597f410df628ee81e1c65082c63195794e283
f 444 splunk splunk splunk/share/splunk/migration/app_contents_windows.tar.gz 2ae56598076bee59f46823ae3957eb2f422be83976774493423684ab7281dd3e
@outcoldman
Copy link
Contributor

I saw that too but in case of 7.1.1 I have not seen this issue anymore https://github.com/outcoldman/docker-splunk/tree/splunk_7_1_1
I have not created a PR yet, but feel free to apply this change on top and give it a try outcoldman@a1c2e8e

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@outcoldman @skwongg