Does Puppet use checksums.json file for some validity check?

asked 2015-10-07 10:59:39 -0600

dannythk gravatar image

Whenever I do a "puppet module build" on my module, it creates a checksums.json file. I really like the facts that it create that file to let me know the checksum of all the files inside that module. Does Puppet master do anything with that checksum file to make sure no one alter any files within the module?

My environment is moving toward r10k and gitlab already, so we know we will be pulling from the designated source already. But after we pull it, is there a gate keeper to make sure no one could alter the module in any shape of form? Sure, it doesn't stop whoever want to alter the module to supply us with a new checksums.json file; but it will just make his/her life a little bit more difficult if he/she decides to change anything outside of our development.

edit retag flag offensive close merge delete