sha256sum check inside a jenkins pipeline

Question

Here is the piece of code I use in my Jenkinsfile.
The issue is located on the sha256sum check.
It does not work, however the two sha256 are equal.

stage('Validate') {                                                           
    docker.image('alpine:latest').inside("-u root") {                           
      sh '''                                                                    
        apk add make bash curl && \                                             
        export terraform_ver=0.12.7 && \                                        
        export terraform_url=https://releases.hashicorp.com/terraform/${terraform_ver}/terraform_${terraform_ver}_linux_amd64.zip && \
        export terraform_sha256=$(curl https://releases.hashicorp.com/terraform/\${terraform_ver}/terraform_\${terraform_ver}_SHA256SUMS | grep linux_amd64 | awk \'{print \$1}\') && \
        curl -Ls --fail -o /tmp/terraform.zip ${terraform_url} && \             
        sha256sum /tmp/terraform.zip                                            
        echo "${terraform_sha256} /tmp/terraform.zip" | sha256sum -c && \       
        unzip /tmp/terraform.zip -d /usr/local/bin && \                         
        make test-validate                                                      
      '''                                                                       
    }                                                                           
  }

The result in Jenkins is:

+ sha256sum /tmp/terraform.zip
a0fa11217325f76bf1b4f53b0f7a6efb1be1826826ef8024f2f45e60187925e7  /tmp/terraform.zip
+ echo 'a0fa11217325f76bf1b4f53b0f7a6efb1be1826826ef8024f2f45e60187925e7 /tmp/terraform.zip'
+ sha256sum -c
sha256sum: WARNING: 1 of 1 computed checksums did NOT match

I tried to replace

echo "${terraform_sha256} /tmp/terraform.zip" | sha256sum -c

by

echo \"${terraform_sha256} /tmp/terraform.zip\" | sha256sum -c

but it does not work.

I assume the issue is located on this double quote...

The sha256 are equal so I expect the sha256sum check does not fail.

As an aside, unless your `make` command requires these variables, there is no need to `export` them. — tripleee, Aug 29 '19 at 11:58
Using https://hub.docker.com/r/hashicorp/terraform/ as your Docker agent for the pipeline will fix this and be easier to manage too. — Matthew Schuchard, Aug 29 '19 at 14:04

score 0 · Accepted Answer · answered Aug 29 '19 at 11:26

sha256sum expects two spaces between the checksum and the file name. You have to echo this exactly in order for sha256sum -c to succeed.

The double quotes should not be escapesd. Putting quotes around the string ensures that e.g. spaces between the arguments are preserved. See also When to wrap quotes around a shell variable?

(The output from sh -x which you see in the debug output puts single quotes around strings so you can see exactly how they are demarcated.)

sha256sum check inside a jenkins pipeline

1 Answers1