Sensu-email-handler asset hash changed, but no new release?

teutat3s · May 24, 2024, 11:01am

Description of your problem

While setting up a new sensu-backend and testing our email handler with the sensu-email-handler asset, we noticed a hash mismatch. There hasn’t been a new release from what I can see on GitHub. Bonsai states the assets have last been changed on April 25, 2024. We are using this asset declaratively with sensu-flow and the hash 81ffd8095c1a6b489b6eca2eae76b84f9943c59877c28e1191c0acc89055bf58d53b4fba3356ddac6572d5fe5e6a62ff018f15b7cd3ecbc37263d3fdb5a0660d worked fine for us before. Is this a security issue?

EDIT: The hash we used before matches the one published in the release hash list on GitHub.

81ffd8095c1a6b489b6eca2eae76b84f9943c59877c28e1191c0acc89055bf58d53b4fba3356ddac6572d5fe5e6a62ff018f15b7cd3ecbc37263d3fdb5a0660d  sensu-email-handler_1.2.2_linux_amd64.tar.gz

Description of steps you’ve taken to attempt to solve the issue

Environmental information

Operating system information

RHEL (AlmaLinux 9)

Package versions

Sensu Go: 6.11.0+ee
Etcd: built-in
PostgreSQL: n/a

Plugin information

Link to plugin you’re using: Sensu assets | Bonsai asset index - sensu-email-handler Asset
Version of the plugin you’re using: 1.2.2

Service logs, configuration, and environment variables

May 23 15:41:02 sensu1.dc.our.domain sensu-backend[501446]: {
  "check_name": "keepalive",
  "check_namespace": "default",
  "component": "pipeline/legacy",
  "entity_name": "sensu3.dc.our.domain",
  "entity_namespace": "default",
  "error": "could not validate downloaded asset \"sensu-email-handler\" (6.9 MB): sha512 of downloaded asset (4a68f45f34c3e7a6eab100f04b6451e713cc302f7d00a23d619515ffff03295212c3be9d982e4572e9c23b2f5935b11710371378e4191cdd6f846da917a0ea69) does not match specified sha512 in asset definition (81ffd8095c1a6b489b6eca2eae76b84f9943c59877c28e1191c0acc89055bf58d53b4fba3356ddac6572d5fe5e6a62ff018f15b7cd3ecbc37263d3fdb5a0660d)",
  "event_id": "db8b777f-c7cc-4e22-aac4-0503469b2b33",
  "handler_name": "email",
  "handler_namespace": "default",
  "level": "error",
  "msg": "failed to retrieve assets for handler",
  "pipeline": "legacy-pipeline",
  "pipeline_workflow": "legacy-pipeline-workflow-email",
  "time": "2024-05-23T15:41:02Z"
}

justinhenderson · June 11, 2024, 2:47pm

Hey Jhonas, welcome!

The Bonsai asset SHAs match those released on draft 1.2.2, mistakenly released on Bonsai recently. If you look at the page below, it has the same commit as it was released.

Releases · sensu/sensu-email-handler · GitHub.

The engineering team has noted they plan to release a new version with library updates.

justinhenderson · June 28, 2024, 6:30pm

A new vesion of the Sensu Email handler has been released:

https://bonsai.sensu.io/assets/sensu/sensu-email-handler

system · July 28, 2024, 6:31pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Error getting assets for event: sha512 does not match Sensu Go sensu-go , assets	9	1147	December 10, 2020
Sha512 checksum Sensu Go	4	723	February 4, 2021
Debug email asset Getting Started	2	189	September 5, 2023
Updating Assets Sensu Go	2	415	January 18, 2020
New Bonsai Index Update Sensu Plugins	1	518	July 13, 2019