Relevance substitution in download command

racer2991 · September 18, 2020, 6:40am

Hi all,

for our customers we develop code (action script) in a standard DEV-TEST-PROD kind of way and then git the exported bes files.

For the download commands, we use something like:

download http://dev.contoso.local:52311/bfmirror/downloads/CustomRepo/InitializeScripts.ps1

As we migrate through the process, this changes to:

download http://test.contoso.local:52311/bfmirror/downloads/CustomRepo/InitializeScripts.ps1 ->
download http://prod.contoso.local:52311/bfmirror/downloads/CustomRepo/InitializeScripts.ps1

Unfortunately this changes the hash of the exported bes file. We could potentially get around this, but it starts getting tricky in the automation.

I’m trying to use relevance substitution in the download path with something like:

download "{(value of setting "_BESClient_AllowCustomRepoDownloads" of client)}/CustomRepo/InitializeScripts.ps1"

…but I’m getting “Relevance substitution not allowed”.

Does anyone know of a way to get around this one without using “download now/as”?

Thanks,
Simon.

cmcannady · September 18, 2020, 1:07pm

@racer2991, I would strongly advise against utilizing the download command and instead leveraging a prefetch block and add prefetch item for any objects that need to be securely downloaded to your managed endpoints. With this approach you can leverage substitution relevance to specify the required security parameters (i.e. object size, SHA1 and/or SHA256) to ensure the integrity of the payload being delivered to your managed endpoints. For example, the following relevance pulls the required object data from a downloaded text file and creates the necessary add prefetch item for a prefetch block.

add prefetch item {concatenation “; " of (“name=” & following text of last “/” of preceding text of last “/” of tuple string item 1 of it & “_” & following text of last “/” of tuple string item 1 of it & " sha256=” & tuple string item 3 of it & " size=" & tuple string item 2 of it & " url=https://download.server.url" & tuple string item 1 of it) of (concatenation ", " of substrings separated by “;” of it) of lines whose (it starts with “OS-NAME”) of file “MANIFEST-FILE-NAME” of folder “SITE-NAME” of parent folder of client folder of current site}

Please note that the above is a fairly advanced client relevance statement and still requires the prefetch block components as well.

I hope the above is helpful.

Best,
@cmcannady

racer2991 · September 20, 2020, 9:59pm

OK thanks. I will do this.

I also found this post which was useful.