a wrapper ignoring FIPS for hashlib.md5
This commit is contained in:
Yu Ming Zhu
Tomas Kopecek
parent
0a61104280
commit
a893e8bf2b
9 changed files with 29 additions and 19 deletions
|
|
@ -2,7 +2,6 @@ from __future__ import absolute_import, division
|
|||
|
||||
import ast
|
||||
import fnmatch
|
||||
import hashlib
|
||||
import itertools
|
||||
import json
|
||||
import logging
|
||||
|
|
@ -24,7 +23,7 @@ import six.moves.xmlrpc_client
|
|||
from six.moves import filter, map, range, zip
|
||||
|
||||
import koji
|
||||
from koji.util import base64encode, to_list
|
||||
from koji.util import base64encode, md5_constructor, to_list
|
||||
from koji_cli.lib import (
|
||||
_,
|
||||
_list_tasks,
|
||||
|
|
@ -1500,7 +1499,7 @@ def handle_import_sig(goptions, session, args):
|
|||
previous = session.queryRPMSigs(rpm_id=rinfo['id'], sigkey=sigkey)
|
||||
assert len(previous) <= 1
|
||||
if previous:
|
||||
sighash = hashlib.md5(sighdr).hexdigest()
|
||||
sighash = md5_constructor(sighdr).hexdigest()
|
||||
if previous[0]['sighash'] == sighash:
|
||||
print(_("Signature already imported: %s") % path)
|
||||
continue
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@ from six.moves import range
|
|||
import koji
|
||||
# import parse_arches to current namespace for backward compatibility
|
||||
from koji import parse_arches
|
||||
from koji.util import to_list
|
||||
from koji.util import md5_constructor, to_list
|
||||
|
||||
try:
|
||||
import krbV
|
||||
|
|
@ -612,7 +612,7 @@ def download_archive(build, archive, topurl, quiet=False, noprogress=False):
|
|||
|
||||
# check checksum/checksum_type
|
||||
if archive['checksum_type'] == koji.CHECKSUM_TYPES['md5']:
|
||||
hash = hashlib.md5()
|
||||
hash = md5_constructor()
|
||||
elif archive['checksum_type'] == koji.CHECKSUM_TYPES['sha1']:
|
||||
hash = hashlib.sha1()
|
||||
elif archive['checksum_type'] == koji.CHECKSUM_TYPES['sha256']:
|
||||
|
|
|
|||
|
|
@ -64,6 +64,7 @@ from koji.util import (
|
|||
decode_bytes,
|
||||
dslice,
|
||||
joinpath,
|
||||
md5_constructor,
|
||||
move_and_symlink,
|
||||
multi_fnmatch,
|
||||
safer_move,
|
||||
|
|
@ -6641,7 +6642,7 @@ class CG_Importer(object):
|
|||
# until we change the way we handle checksums, we have to limit this to md5
|
||||
raise koji.GenericError("Unsupported checksum type: %(checksum_type)s" % fileinfo)
|
||||
with open(path, 'rb') as fp:
|
||||
m = hashlib.md5()
|
||||
m = md5_constructor()
|
||||
while True:
|
||||
contents = fp.read(8192)
|
||||
if not contents:
|
||||
|
|
@ -7226,7 +7227,7 @@ def import_archive_internal(filepath, buildinfo, type, typeInfo, buildroot_id=No
|
|||
# trust values computed on hub (CG_Importer.prep_outputs)
|
||||
if not fileinfo or not fileinfo.get('hub.checked_md5'):
|
||||
with open(filepath, 'rb') as archivefp:
|
||||
m = hashlib.md5()
|
||||
m = md5_constructor()
|
||||
while True:
|
||||
contents = archivefp.read(8192)
|
||||
if not contents:
|
||||
|
|
@ -7367,7 +7368,7 @@ def _generate_maven_metadata(mavendir):
|
|||
continue
|
||||
if not os.path.isfile('%s/%s' % (mavendir, mavenfile)):
|
||||
continue
|
||||
for ext, sum_constr in (('.md5', hashlib.md5), ('.sha1', hashlib.sha1)):
|
||||
for ext, sum_constr in (('.md5', md5_constructor), ('.sha1', hashlib.sha1)):
|
||||
sumfile = mavenfile + ext
|
||||
if sumfile not in mavenfiles:
|
||||
sum = sum_constr()
|
||||
|
|
@ -7417,7 +7418,7 @@ def add_rpm_sig(an_rpm, sighdr):
|
|||
# we use the sigkey='' to represent unsigned in the db (so that uniqueness works)
|
||||
else:
|
||||
sigkey = koji.get_sigpacket_key_id(sigkey)
|
||||
sighash = hashlib.md5(sighdr).hexdigest()
|
||||
sighash = md5_constructor(sighdr).hexdigest()
|
||||
rpm_id = rinfo['id']
|
||||
# - db entry
|
||||
q = """SELECT sighash FROM rpmsigs WHERE rpm_id=%(rpm_id)i AND sigkey=%(sigkey)s"""
|
||||
|
|
@ -14636,7 +14637,7 @@ def get_upload_path(reldir, name, create=False, volume=None):
|
|||
|
||||
def get_verify_class(verify):
|
||||
if verify == 'md5':
|
||||
return hashlib.md5
|
||||
return md5_constructor
|
||||
elif verify == 'adler32':
|
||||
return koji.util.adler32_constructor
|
||||
elif verify:
|
||||
|
|
|
|||
|
|
@ -27,7 +27,6 @@ from __future__ import absolute_import, division
|
|||
import base64
|
||||
import datetime
|
||||
import errno
|
||||
import hashlib
|
||||
import imp
|
||||
import logging
|
||||
import logging.handlers
|
||||
|
|
@ -3110,7 +3109,7 @@ class ClientSession(object):
|
|||
fo = open(localfile, "rb") # specify bufsize?
|
||||
totalsize = os.path.getsize(localfile)
|
||||
ofs = 0
|
||||
md5sum = hashlib.md5()
|
||||
md5sum = util.md5_constructor()
|
||||
debug = self.opts.get('debug', False)
|
||||
if callback:
|
||||
callback(0, totalsize, 0, 0, 0)
|
||||
|
|
@ -3127,7 +3126,7 @@ class ClientSession(object):
|
|||
sz = ofs
|
||||
else:
|
||||
offset = ofs
|
||||
digest = hashlib.md5(contents).hexdigest()
|
||||
digest = util.md5_constructor(contents).hexdigest()
|
||||
sz = size
|
||||
del contents
|
||||
tries = 0
|
||||
|
|
|
|||
|
|
@ -23,7 +23,6 @@
|
|||
from __future__ import absolute_import, division
|
||||
|
||||
import errno
|
||||
import hashlib
|
||||
import logging
|
||||
import os
|
||||
import signal
|
||||
|
|
@ -44,6 +43,7 @@ from koji.util import (
|
|||
adler32_constructor,
|
||||
base64encode,
|
||||
dslice,
|
||||
md5_constructor,
|
||||
parseStatus,
|
||||
to_list,
|
||||
joinpath,
|
||||
|
|
@ -69,7 +69,7 @@ def incremental_upload(session, fname, fd, path, retries=5, logger=None):
|
|||
break
|
||||
|
||||
data = base64encode(contents)
|
||||
digest = hashlib.md5(contents).hexdigest()
|
||||
digest = md5_constructor(contents).hexdigest()
|
||||
del contents
|
||||
|
||||
tries = 0
|
||||
|
|
|
|||
13
koji/util.py
13
koji/util.py
|
|
@ -45,6 +45,17 @@ import koji
|
|||
from koji.xmlrpcplus import DateTime
|
||||
|
||||
|
||||
# BEGIN kojikamid dup #
|
||||
|
||||
def md5_constructor(*args, **kwargs):
|
||||
if hasattr(hashlib._hashlib, 'get_fips_mode') and hashlib._hashlib.get_fips_mode():
|
||||
# do not care about FIPS
|
||||
kwargs['usedforsecurity'] = False
|
||||
return hashlib.md5(*args, **kwargs)
|
||||
|
||||
# END kojikamid dup #
|
||||
|
||||
|
||||
# imported from kojiweb and kojihub
|
||||
def deprecated(message):
|
||||
"""Print deprecation warning"""
|
||||
|
|
@ -583,7 +594,7 @@ def check_sigmd5(filename):
|
|||
f.seek(o)
|
||||
|
||||
# compute md5 of rest of file
|
||||
md5 = hashlib.md5()
|
||||
md5 = md5_constructor()
|
||||
while True:
|
||||
d = f.read(1024**2)
|
||||
if not d:
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
awk '/^# INSERT kojikamid dup #/ {exit} {print $0}' kojikamid.py
|
||||
|
||||
for fn in ../koji/__init__.py ../koji/daemon.py
|
||||
for fn in ../koji/__init__.py ../koji/daemon.py ../koji/util.py
|
||||
do
|
||||
awk '/^# END kojikamid dup #/ {p=0} p {print $0} /^# BEGIN kojikamid dup #/ {p=1}' $fn
|
||||
done
|
||||
|
|
|
|||
|
|
@ -333,7 +333,7 @@ class WindowsBuild(object):
|
|||
elif checksum_type == 'sha256':
|
||||
checksum = hashlib.sha256()
|
||||
elif checksum_type == 'md5':
|
||||
checksum = hashlib.md5()
|
||||
checksum = md5_constructor.md5() # noqa: F821
|
||||
else:
|
||||
raise BuildError('Unknown checksum type %s for %s' % ( # noqa: F821
|
||||
checksum_type,
|
||||
|
|
|
|||
|
|
@ -795,7 +795,7 @@ class VMExecTask(BaseTaskHandler):
|
|||
if algo == 'sha1':
|
||||
sum = hashlib.sha1()
|
||||
elif algo == 'md5':
|
||||
sum = hashlib.md5()
|
||||
sum = koji.util.md5_constructor()
|
||||
elif algo == 'sha256':
|
||||
sum == hashlib.sha256()
|
||||
else:
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue