From a893e8bf2bcaae7fb1bbb62af5f888a9562da26b Mon Sep 17 00:00:00 2001 From: Yu Ming Zhu Date: Jun 24 2020 12:42:00 +0000 Subject: a wrapper ignoring FIPS for hashlib.md5 --- diff --git a/cli/koji_cli/commands.py b/cli/koji_cli/commands.py index 949dd63..e5594f8 100644 --- a/cli/koji_cli/commands.py +++ b/cli/koji_cli/commands.py @@ -2,7 +2,6 @@ from __future__ import absolute_import, division import ast import fnmatch -import hashlib import itertools import json import logging @@ -24,7 +23,7 @@ import six.moves.xmlrpc_client from six.moves import filter, map, range, zip import koji -from koji.util import base64encode, to_list +from koji.util import base64encode, md5_constructor, to_list from koji_cli.lib import ( _, _list_tasks, @@ -1500,7 +1499,7 @@ def handle_import_sig(goptions, session, args): previous = session.queryRPMSigs(rpm_id=rinfo['id'], sigkey=sigkey) assert len(previous) <= 1 if previous: - sighash = hashlib.md5(sighdr).hexdigest() + sighash = md5_constructor(sighdr).hexdigest() if previous[0]['sighash'] == sighash: print(_("Signature already imported: %s") % path) continue diff --git a/cli/koji_cli/lib.py b/cli/koji_cli/lib.py index 325ad94..a85e537 100644 --- a/cli/koji_cli/lib.py +++ b/cli/koji_cli/lib.py @@ -18,7 +18,7 @@ from six.moves import range import koji # import parse_arches to current namespace for backward compatibility from koji import parse_arches -from koji.util import to_list +from koji.util import md5_constructor, to_list try: import krbV @@ -612,7 +612,7 @@ def download_archive(build, archive, topurl, quiet=False, noprogress=False): # check checksum/checksum_type if archive['checksum_type'] == koji.CHECKSUM_TYPES['md5']: - hash = hashlib.md5() + hash = md5_constructor() elif archive['checksum_type'] == koji.CHECKSUM_TYPES['sha1']: hash = hashlib.sha1() elif archive['checksum_type'] == koji.CHECKSUM_TYPES['sha256']: diff --git a/hub/kojihub.py b/hub/kojihub.py index 9f3d3ca..fd808ad 100644 --- a/hub/kojihub.py +++ b/hub/kojihub.py @@ -64,6 +64,7 @@ from koji.util import ( decode_bytes, dslice, joinpath, + md5_constructor, move_and_symlink, multi_fnmatch, safer_move, @@ -6641,7 +6642,7 @@ class CG_Importer(object): # until we change the way we handle checksums, we have to limit this to md5 raise koji.GenericError("Unsupported checksum type: %(checksum_type)s" % fileinfo) with open(path, 'rb') as fp: - m = hashlib.md5() + m = md5_constructor() while True: contents = fp.read(8192) if not contents: @@ -7226,7 +7227,7 @@ def import_archive_internal(filepath, buildinfo, type, typeInfo, buildroot_id=No # trust values computed on hub (CG_Importer.prep_outputs) if not fileinfo or not fileinfo.get('hub.checked_md5'): with open(filepath, 'rb') as archivefp: - m = hashlib.md5() + m = md5_constructor() while True: contents = archivefp.read(8192) if not contents: @@ -7367,7 +7368,7 @@ def _generate_maven_metadata(mavendir): continue if not os.path.isfile('%s/%s' % (mavendir, mavenfile)): continue - for ext, sum_constr in (('.md5', hashlib.md5), ('.sha1', hashlib.sha1)): + for ext, sum_constr in (('.md5', md5_constructor), ('.sha1', hashlib.sha1)): sumfile = mavenfile + ext if sumfile not in mavenfiles: sum = sum_constr() @@ -7417,7 +7418,7 @@ def add_rpm_sig(an_rpm, sighdr): # we use the sigkey='' to represent unsigned in the db (so that uniqueness works) else: sigkey = koji.get_sigpacket_key_id(sigkey) - sighash = hashlib.md5(sighdr).hexdigest() + sighash = md5_constructor(sighdr).hexdigest() rpm_id = rinfo['id'] # - db entry q = """SELECT sighash FROM rpmsigs WHERE rpm_id=%(rpm_id)i AND sigkey=%(sigkey)s""" @@ -14636,7 +14637,7 @@ def get_upload_path(reldir, name, create=False, volume=None): def get_verify_class(verify): if verify == 'md5': - return hashlib.md5 + return md5_constructor elif verify == 'adler32': return koji.util.adler32_constructor elif verify: diff --git a/koji/__init__.py b/koji/__init__.py index 1d0d8b3..f956244 100644 --- a/koji/__init__.py +++ b/koji/__init__.py @@ -27,7 +27,6 @@ from __future__ import absolute_import, division import base64 import datetime import errno -import hashlib import imp import logging import logging.handlers @@ -3110,7 +3109,7 @@ class ClientSession(object): fo = open(localfile, "rb") # specify bufsize? totalsize = os.path.getsize(localfile) ofs = 0 - md5sum = hashlib.md5() + md5sum = util.md5_constructor() debug = self.opts.get('debug', False) if callback: callback(0, totalsize, 0, 0, 0) @@ -3127,7 +3126,7 @@ class ClientSession(object): sz = ofs else: offset = ofs - digest = hashlib.md5(contents).hexdigest() + digest = util.md5_constructor(contents).hexdigest() sz = size del contents tries = 0 diff --git a/koji/daemon.py b/koji/daemon.py index 9a77f20..08611ab 100644 --- a/koji/daemon.py +++ b/koji/daemon.py @@ -23,7 +23,6 @@ from __future__ import absolute_import, division import errno -import hashlib import logging import os import signal @@ -44,6 +43,7 @@ from koji.util import ( adler32_constructor, base64encode, dslice, + md5_constructor, parseStatus, to_list, joinpath, @@ -69,7 +69,7 @@ def incremental_upload(session, fname, fd, path, retries=5, logger=None): break data = base64encode(contents) - digest = hashlib.md5(contents).hexdigest() + digest = md5_constructor(contents).hexdigest() del contents tries = 0 diff --git a/koji/util.py b/koji/util.py index f2f4c34..803ec36 100644 --- a/koji/util.py +++ b/koji/util.py @@ -45,6 +45,17 @@ import koji from koji.xmlrpcplus import DateTime +# BEGIN kojikamid dup # + +def md5_constructor(*args, **kwargs): + if hasattr(hashlib._hashlib, 'get_fips_mode') and hashlib._hashlib.get_fips_mode(): + # do not care about FIPS + kwargs['usedforsecurity'] = False + return hashlib.md5(*args, **kwargs) + +# END kojikamid dup # + + # imported from kojiweb and kojihub def deprecated(message): """Print deprecation warning""" @@ -583,7 +594,7 @@ def check_sigmd5(filename): f.seek(o) # compute md5 of rest of file - md5 = hashlib.md5() + md5 = md5_constructor() while True: d = f.read(1024**2) if not d: diff --git a/vm/fix_kojikamid.sh b/vm/fix_kojikamid.sh index f0063a7..12c3acd 100755 --- a/vm/fix_kojikamid.sh +++ b/vm/fix_kojikamid.sh @@ -2,7 +2,7 @@ awk '/^# INSERT kojikamid dup #/ {exit} {print $0}' kojikamid.py -for fn in ../koji/__init__.py ../koji/daemon.py +for fn in ../koji/__init__.py ../koji/daemon.py ../koji/util.py do awk '/^# END kojikamid dup #/ {p=0} p {print $0} /^# BEGIN kojikamid dup #/ {p=1}' $fn done diff --git a/vm/kojikamid.py b/vm/kojikamid.py index 7bd9dec..96046a7 100755 --- a/vm/kojikamid.py +++ b/vm/kojikamid.py @@ -333,7 +333,7 @@ class WindowsBuild(object): elif checksum_type == 'sha256': checksum = hashlib.sha256() elif checksum_type == 'md5': - checksum = hashlib.md5() + checksum = md5_constructor.md5() # noqa: F821 else: raise BuildError('Unknown checksum type %s for %s' % ( # noqa: F821 checksum_type, diff --git a/vm/kojivmd b/vm/kojivmd index de06624..6ef6c8f 100755 --- a/vm/kojivmd +++ b/vm/kojivmd @@ -795,7 +795,7 @@ class VMExecTask(BaseTaskHandler): if algo == 'sha1': sum = hashlib.sha1() elif algo == 'md5': - sum = hashlib.md5() + sum = koji.util.md5_constructor() elif algo == 'sha256': sum == hashlib.sha256() else: